diff --git a/1.29/_gen/projectcontour/main.libsonnet b/1.29/_gen/projectcontour/main.libsonnet new file mode 100644 index 0000000..0333191 --- /dev/null +++ b/1.29/_gen/projectcontour/main.libsonnet @@ -0,0 +1,6 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='projectcontour', url='', help=''), + v1: (import 'v1/main.libsonnet'), + v1alpha1: (import 'v1alpha1/main.libsonnet'), +} diff --git a/1.29/_gen/projectcontour/v1/httpProxy.libsonnet b/1.29/_gen/projectcontour/v1/httpProxy.libsonnet new file mode 100644 index 0000000..f6bc728 --- /dev/null +++ b/1.29/_gen/projectcontour/v1/httpProxy.libsonnet @@ -0,0 +1,1019 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='httpProxy', url='', help='"HTTPProxy is an Ingress CRD specification."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of HTTPProxy', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'projectcontour.io/v1', + kind: 'HTTPProxy', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"HTTPProxySpec defines the spec of the CRD."'), + spec: { + '#includes':: d.obj(help='"Includes allow for specific routing configuration to be included from another HTTPProxy,\\npossibly in another namespace."'), + includes: { + '#conditions':: d.obj(help='"Conditions are a set of rules that are applied to included HTTPProxies.\\nIn effect, they are added onto the Conditions of included HTTPProxy Route\\nstructs.\\nWhen applied, they are merged using AND, with one exception:\\nThere can be only one Prefix MatchCondition per Conditions slice.\\nMore than one Prefix, or contradictory Conditions, will make the\\ninclude invalid. Exact and Regex match conditions are not allowed\\non includes."'), + conditions: { + '#header':: d.obj(help='"Header specifies the header condition to match."'), + header: { + '#withContains':: d.fn(help='"Contains specifies a substring that must be present in\\nthe header value."', args=[d.arg(name='contains', type=d.T.string)]), + withContains(contains): { header+: { contains: contains } }, + '#withExact':: d.fn(help='"Exact specifies a string that the header value must be equal to."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { header+: { exact: exact } }, + '#withIgnoreCase':: d.fn(help='"IgnoreCase specifies that string matching should be case insensitive.\\nNote that this has no effect on the Regex parameter."', args=[d.arg(name='ignoreCase', type=d.T.boolean)]), + withIgnoreCase(ignoreCase): { header+: { ignoreCase: ignoreCase } }, + '#withName':: d.fn(help='"Name is the name of the header to match against. Name is required.\\nHeader names are case insensitive."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { header+: { name: name } }, + '#withNotcontains':: d.fn(help='"NotContains specifies a substring that must not be present\\nin the header value."', args=[d.arg(name='notcontains', type=d.T.string)]), + withNotcontains(notcontains): { header+: { notcontains: notcontains } }, + '#withNotexact':: d.fn(help='"NoExact specifies a string that the header value must not be\\nequal to. The condition is true if the header has any other value."', args=[d.arg(name='notexact', type=d.T.string)]), + withNotexact(notexact): { header+: { notexact: notexact } }, + '#withNotpresent':: d.fn(help='"NotPresent specifies that condition is true when the named header\\nis not present. Note that setting NotPresent to false does not\\nmake the condition true if the named header is present."', args=[d.arg(name='notpresent', type=d.T.boolean)]), + withNotpresent(notpresent): { header+: { notpresent: notpresent } }, + '#withPresent':: d.fn(help='"Present specifies that condition is true when the named header\\nis present, regardless of its value. Note that setting Present\\nto false does not make the condition true if the named header\\nis absent."', args=[d.arg(name='present', type=d.T.boolean)]), + withPresent(present): { header+: { present: present } }, + '#withRegex':: d.fn(help='"Regex specifies a regular expression pattern that must match the header\\nvalue."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { header+: { regex: regex } }, + '#withTreatMissingAsEmpty':: d.fn(help='"TreatMissingAsEmpty specifies if the header match rule specified header\\ndoes not exist, this header value will be treated as empty. Defaults to false.\\nUnlike the underlying Envoy implementation this is **only** supported for\\nnegative matches (e.g. NotContains, NotExact)."', args=[d.arg(name='treatMissingAsEmpty', type=d.T.boolean)]), + withTreatMissingAsEmpty(treatMissingAsEmpty): { header+: { treatMissingAsEmpty: treatMissingAsEmpty } }, + }, + '#queryParameter':: d.obj(help='"QueryParameter specifies the query parameter condition to match."'), + queryParameter: { + '#withContains':: d.fn(help='"Contains specifies a substring that must be present in\\nthe query parameter value."', args=[d.arg(name='contains', type=d.T.string)]), + withContains(contains): { queryParameter+: { contains: contains } }, + '#withExact':: d.fn(help='"Exact specifies a string that the query parameter value must be equal to."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { queryParameter+: { exact: exact } }, + '#withIgnoreCase':: d.fn(help='"IgnoreCase specifies that string matching should be case insensitive.\\nNote that this has no effect on the Regex parameter."', args=[d.arg(name='ignoreCase', type=d.T.boolean)]), + withIgnoreCase(ignoreCase): { queryParameter+: { ignoreCase: ignoreCase } }, + '#withName':: d.fn(help='"Name is the name of the query parameter to match against. Name is required.\\nQuery parameter names are case insensitive."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { queryParameter+: { name: name } }, + '#withPrefix':: d.fn(help='"Prefix defines a prefix match for the query parameter value."', args=[d.arg(name='prefix', type=d.T.string)]), + withPrefix(prefix): { queryParameter+: { prefix: prefix } }, + '#withPresent':: d.fn(help='"Present specifies that condition is true when the named query parameter\\nis present, regardless of its value. Note that setting Present\\nto false does not make the condition true if the named query parameter\\nis absent."', args=[d.arg(name='present', type=d.T.boolean)]), + withPresent(present): { queryParameter+: { present: present } }, + '#withRegex':: d.fn(help='"Regex specifies a regular expression pattern that must match the query\\nparameter value."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { queryParameter+: { regex: regex } }, + '#withSuffix':: d.fn(help='"Suffix defines a suffix match for a query parameter value."', args=[d.arg(name='suffix', type=d.T.string)]), + withSuffix(suffix): { queryParameter+: { suffix: suffix } }, + }, + '#withExact':: d.fn(help='"Exact defines a exact match for a request.\\nThis field is not allowed in include match conditions."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { exact: exact }, + '#withPrefix':: d.fn(help='"Prefix defines a prefix match for a request."', args=[d.arg(name='prefix', type=d.T.string)]), + withPrefix(prefix): { prefix: prefix }, + '#withRegex':: d.fn(help='"Regex defines a regex match for a request.\\nThis field is not allowed in include match conditions."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { regex: regex }, + }, + '#withConditions':: d.fn(help='"Conditions are a set of rules that are applied to included HTTPProxies.\\nIn effect, they are added onto the Conditions of included HTTPProxy Route\\nstructs.\\nWhen applied, they are merged using AND, with one exception:\\nThere can be only one Prefix MatchCondition per Conditions slice.\\nMore than one Prefix, or contradictory Conditions, will make the\\ninclude invalid. Exact and Regex match conditions are not allowed\\non includes."', args=[d.arg(name='conditions', type=d.T.array)]), + withConditions(conditions): { conditions: if std.isArray(v=conditions) then conditions else [conditions] }, + '#withConditionsMixin':: d.fn(help='"Conditions are a set of rules that are applied to included HTTPProxies.\\nIn effect, they are added onto the Conditions of included HTTPProxy Route\\nstructs.\\nWhen applied, they are merged using AND, with one exception:\\nThere can be only one Prefix MatchCondition per Conditions slice.\\nMore than one Prefix, or contradictory Conditions, will make the\\ninclude invalid. Exact and Regex match conditions are not allowed\\non includes."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='conditions', type=d.T.array)]), + withConditionsMixin(conditions): { conditions+: if std.isArray(v=conditions) then conditions else [conditions] }, + '#withName':: d.fn(help='"Name of the HTTPProxy"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNamespace':: d.fn(help='"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { namespace: namespace }, + }, + '#routes':: d.obj(help='"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."'), + routes: { + '#authPolicy':: d.obj(help='"AuthPolicy updates the authorization policy that was set\\non the root HTTPProxy object for client requests that\\nmatch this route."'), + authPolicy: { + '#withContext':: d.fn(help='"Context is a set of key/value pairs that are sent to the\\nauthentication server in the check request. If a context\\nis provided at an enclosing scope, the entries are merged\\nsuch that the inner scope overrides matching keys from the\\nouter scope."', args=[d.arg(name='context', type=d.T.object)]), + withContext(context): { authPolicy+: { context: context } }, + '#withContextMixin':: d.fn(help='"Context is a set of key/value pairs that are sent to the\\nauthentication server in the check request. If a context\\nis provided at an enclosing scope, the entries are merged\\nsuch that the inner scope overrides matching keys from the\\nouter scope."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='context', type=d.T.object)]), + withContextMixin(context): { authPolicy+: { context+: context } }, + '#withDisabled':: d.fn(help='"When true, this field disables client request authentication\\nfor the scope of the policy."', args=[d.arg(name='disabled', type=d.T.boolean)]), + withDisabled(disabled): { authPolicy+: { disabled: disabled } }, + }, + '#conditions':: d.obj(help='"Conditions are a set of rules that are applied to a Route.\\nWhen applied, they are merged using AND, with one exception:\\nThere can be only one Prefix, Exact or Regex MatchCondition\\nper Conditions slice. More than one of these condition types,\\nor contradictory Conditions, will make the route invalid."'), + conditions: { + '#header':: d.obj(help='"Header specifies the header condition to match."'), + header: { + '#withContains':: d.fn(help='"Contains specifies a substring that must be present in\\nthe header value."', args=[d.arg(name='contains', type=d.T.string)]), + withContains(contains): { header+: { contains: contains } }, + '#withExact':: d.fn(help='"Exact specifies a string that the header value must be equal to."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { header+: { exact: exact } }, + '#withIgnoreCase':: d.fn(help='"IgnoreCase specifies that string matching should be case insensitive.\\nNote that this has no effect on the Regex parameter."', args=[d.arg(name='ignoreCase', type=d.T.boolean)]), + withIgnoreCase(ignoreCase): { header+: { ignoreCase: ignoreCase } }, + '#withName':: d.fn(help='"Name is the name of the header to match against. Name is required.\\nHeader names are case insensitive."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { header+: { name: name } }, + '#withNotcontains':: d.fn(help='"NotContains specifies a substring that must not be present\\nin the header value."', args=[d.arg(name='notcontains', type=d.T.string)]), + withNotcontains(notcontains): { header+: { notcontains: notcontains } }, + '#withNotexact':: d.fn(help='"NoExact specifies a string that the header value must not be\\nequal to. The condition is true if the header has any other value."', args=[d.arg(name='notexact', type=d.T.string)]), + withNotexact(notexact): { header+: { notexact: notexact } }, + '#withNotpresent':: d.fn(help='"NotPresent specifies that condition is true when the named header\\nis not present. Note that setting NotPresent to false does not\\nmake the condition true if the named header is present."', args=[d.arg(name='notpresent', type=d.T.boolean)]), + withNotpresent(notpresent): { header+: { notpresent: notpresent } }, + '#withPresent':: d.fn(help='"Present specifies that condition is true when the named header\\nis present, regardless of its value. Note that setting Present\\nto false does not make the condition true if the named header\\nis absent."', args=[d.arg(name='present', type=d.T.boolean)]), + withPresent(present): { header+: { present: present } }, + '#withRegex':: d.fn(help='"Regex specifies a regular expression pattern that must match the header\\nvalue."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { header+: { regex: regex } }, + '#withTreatMissingAsEmpty':: d.fn(help='"TreatMissingAsEmpty specifies if the header match rule specified header\\ndoes not exist, this header value will be treated as empty. Defaults to false.\\nUnlike the underlying Envoy implementation this is **only** supported for\\nnegative matches (e.g. NotContains, NotExact)."', args=[d.arg(name='treatMissingAsEmpty', type=d.T.boolean)]), + withTreatMissingAsEmpty(treatMissingAsEmpty): { header+: { treatMissingAsEmpty: treatMissingAsEmpty } }, + }, + '#queryParameter':: d.obj(help='"QueryParameter specifies the query parameter condition to match."'), + queryParameter: { + '#withContains':: d.fn(help='"Contains specifies a substring that must be present in\\nthe query parameter value."', args=[d.arg(name='contains', type=d.T.string)]), + withContains(contains): { queryParameter+: { contains: contains } }, + '#withExact':: d.fn(help='"Exact specifies a string that the query parameter value must be equal to."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { queryParameter+: { exact: exact } }, + '#withIgnoreCase':: d.fn(help='"IgnoreCase specifies that string matching should be case insensitive.\\nNote that this has no effect on the Regex parameter."', args=[d.arg(name='ignoreCase', type=d.T.boolean)]), + withIgnoreCase(ignoreCase): { queryParameter+: { ignoreCase: ignoreCase } }, + '#withName':: d.fn(help='"Name is the name of the query parameter to match against. Name is required.\\nQuery parameter names are case insensitive."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { queryParameter+: { name: name } }, + '#withPrefix':: d.fn(help='"Prefix defines a prefix match for the query parameter value."', args=[d.arg(name='prefix', type=d.T.string)]), + withPrefix(prefix): { queryParameter+: { prefix: prefix } }, + '#withPresent':: d.fn(help='"Present specifies that condition is true when the named query parameter\\nis present, regardless of its value. Note that setting Present\\nto false does not make the condition true if the named query parameter\\nis absent."', args=[d.arg(name='present', type=d.T.boolean)]), + withPresent(present): { queryParameter+: { present: present } }, + '#withRegex':: d.fn(help='"Regex specifies a regular expression pattern that must match the query\\nparameter value."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { queryParameter+: { regex: regex } }, + '#withSuffix':: d.fn(help='"Suffix defines a suffix match for a query parameter value."', args=[d.arg(name='suffix', type=d.T.string)]), + withSuffix(suffix): { queryParameter+: { suffix: suffix } }, + }, + '#withExact':: d.fn(help='"Exact defines a exact match for a request.\\nThis field is not allowed in include match conditions."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { exact: exact }, + '#withPrefix':: d.fn(help='"Prefix defines a prefix match for a request."', args=[d.arg(name='prefix', type=d.T.string)]), + withPrefix(prefix): { prefix: prefix }, + '#withRegex':: d.fn(help='"Regex defines a regex match for a request.\\nThis field is not allowed in include match conditions."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { regex: regex }, + }, + '#cookieRewritePolicies':: d.obj(help='"The policies for rewriting Set-Cookie header attributes. Note that\\nrewritten cookie names must be unique in this list. Order rewrite\\npolicies are specified in does not matter."'), + cookieRewritePolicies: { + '#domainRewrite':: d.obj(help='"DomainRewrite enables rewriting the Set-Cookie Domain element.\\nIf not set, Domain will not be rewritten."'), + domainRewrite: { + '#withValue':: d.fn(help='"Value is the value to rewrite the Domain attribute to.\\nFor now this is required."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { domainRewrite+: { value: value } }, + }, + '#pathRewrite':: d.obj(help='"PathRewrite enables rewriting the Set-Cookie Path element.\\nIf not set, Path will not be rewritten."'), + pathRewrite: { + '#withValue':: d.fn(help='"Value is the value to rewrite the Path attribute to.\\nFor now this is required."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { pathRewrite+: { value: value } }, + }, + '#withName':: d.fn(help='"Name is the name of the cookie for which attributes will be rewritten."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withSameSite':: d.fn(help='"SameSite enables rewriting the Set-Cookie SameSite element.\\nIf not set, SameSite attribute will not be rewritten."', args=[d.arg(name='sameSite', type=d.T.string)]), + withSameSite(sameSite): { sameSite: sameSite }, + '#withSecure':: d.fn(help='"Secure enables rewriting the Set-Cookie Secure element.\\nIf not set, Secure attribute will not be rewritten."', args=[d.arg(name='secure', type=d.T.boolean)]), + withSecure(secure): { secure: secure }, + }, + '#directResponsePolicy':: d.obj(help='"DirectResponsePolicy returns an arbitrary HTTP response directly."'), + directResponsePolicy: { + '#withBody':: d.fn(help='"Body is the content of the response body.\\nIf this setting is omitted, no body is included in the generated response.\\nNote: Body is not recommended to set too long\\notherwise it can have significant resource usage impacts."', args=[d.arg(name='body', type=d.T.string)]), + withBody(body): { directResponsePolicy+: { body: body } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP response status to be returned."', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { directResponsePolicy+: { statusCode: statusCode } }, + }, + '#healthCheckPolicy':: d.obj(help='"The health check policy for this route."'), + healthCheckPolicy: { + '#expectedStatuses':: d.obj(help='"The ranges of HTTP response statuses considered healthy. Follow half-open\\nsemantics, i.e. for each range the start is inclusive and the end is exclusive.\\nMust be within the range [100,600). If not specified, only a 200 response status\\nis considered healthy."'), + expectedStatuses: { + '#withEnd':: d.fn(help='"The end (exclusive) of a range of HTTP status codes."', args=[d.arg(name='end', type=d.T.integer)]), + withEnd(end): { end: end }, + '#withStart':: d.fn(help='"The start (inclusive) of a range of HTTP status codes."', args=[d.arg(name='start', type=d.T.integer)]), + withStart(start): { start: start }, + }, + '#withExpectedStatuses':: d.fn(help='"The ranges of HTTP response statuses considered healthy. Follow half-open\\nsemantics, i.e. for each range the start is inclusive and the end is exclusive.\\nMust be within the range [100,600). If not specified, only a 200 response status\\nis considered healthy."', args=[d.arg(name='expectedStatuses', type=d.T.array)]), + withExpectedStatuses(expectedStatuses): { healthCheckPolicy+: { expectedStatuses: if std.isArray(v=expectedStatuses) then expectedStatuses else [expectedStatuses] } }, + '#withExpectedStatusesMixin':: d.fn(help='"The ranges of HTTP response statuses considered healthy. Follow half-open\\nsemantics, i.e. for each range the start is inclusive and the end is exclusive.\\nMust be within the range [100,600). If not specified, only a 200 response status\\nis considered healthy."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='expectedStatuses', type=d.T.array)]), + withExpectedStatusesMixin(expectedStatuses): { healthCheckPolicy+: { expectedStatuses+: if std.isArray(v=expectedStatuses) then expectedStatuses else [expectedStatuses] } }, + '#withHealthyThresholdCount':: d.fn(help='"The number of healthy health checks required before a host is marked healthy"', args=[d.arg(name='healthyThresholdCount', type=d.T.integer)]), + withHealthyThresholdCount(healthyThresholdCount): { healthCheckPolicy+: { healthyThresholdCount: healthyThresholdCount } }, + '#withHost':: d.fn(help='"The value of the host header in the HTTP health check request.\\nIf left empty (default value), the name \\"contour-envoy-healthcheck\\"\\nwill be used."', args=[d.arg(name='host', type=d.T.string)]), + withHost(host): { healthCheckPolicy+: { host: host } }, + '#withIntervalSeconds':: d.fn(help='"The interval (seconds) between health checks"', args=[d.arg(name='intervalSeconds', type=d.T.integer)]), + withIntervalSeconds(intervalSeconds): { healthCheckPolicy+: { intervalSeconds: intervalSeconds } }, + '#withPath':: d.fn(help='"HTTP endpoint used to perform health checks on upstream service"', args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { healthCheckPolicy+: { path: path } }, + '#withTimeoutSeconds':: d.fn(help='"The time to wait (seconds) for a health check response"', args=[d.arg(name='timeoutSeconds', type=d.T.integer)]), + withTimeoutSeconds(timeoutSeconds): { healthCheckPolicy+: { timeoutSeconds: timeoutSeconds } }, + '#withUnhealthyThresholdCount':: d.fn(help='"The number of unhealthy health checks required before a host is marked unhealthy"', args=[d.arg(name='unhealthyThresholdCount', type=d.T.integer)]), + withUnhealthyThresholdCount(unhealthyThresholdCount): { healthCheckPolicy+: { unhealthyThresholdCount: unhealthyThresholdCount } }, + }, + '#internalRedirectPolicy':: d.obj(help='"The policy to define when to handle redirects responses internally."'), + internalRedirectPolicy: { + '#withAllowCrossSchemeRedirect':: d.fn(help='"AllowCrossSchemeRedirect Allow internal redirect to follow a target URI with a different scheme\\nthan the value of x-forwarded-proto.\\nSafeOnly allows same scheme redirect and safe cross scheme redirect, which means if the downstream\\nscheme is HTTPS, both HTTPS and HTTP redirect targets are allowed, but if the downstream scheme\\nis HTTP, only HTTP redirect targets are allowed."', args=[d.arg(name='allowCrossSchemeRedirect', type=d.T.string)]), + withAllowCrossSchemeRedirect(allowCrossSchemeRedirect): { internalRedirectPolicy+: { allowCrossSchemeRedirect: allowCrossSchemeRedirect } }, + '#withDenyRepeatedRouteRedirect':: d.fn(help='"If DenyRepeatedRouteRedirect is true, rejects redirect targets that are pointing to a route that has\\nbeen followed by a previous redirect from the current route."', args=[d.arg(name='denyRepeatedRouteRedirect', type=d.T.boolean)]), + withDenyRepeatedRouteRedirect(denyRepeatedRouteRedirect): { internalRedirectPolicy+: { denyRepeatedRouteRedirect: denyRepeatedRouteRedirect } }, + '#withMaxInternalRedirects':: d.fn(help='"MaxInternalRedirects An internal redirect is not handled, unless the number of previous internal\\nredirects that a downstream request has encountered is lower than this value."', args=[d.arg(name='maxInternalRedirects', type=d.T.integer)]), + withMaxInternalRedirects(maxInternalRedirects): { internalRedirectPolicy+: { maxInternalRedirects: maxInternalRedirects } }, + '#withRedirectResponseCodes':: d.fn(help='"RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect.\\nOnly 301, 302, 303, 307 and 308 are valid values."', args=[d.arg(name='redirectResponseCodes', type=d.T.array)]), + withRedirectResponseCodes(redirectResponseCodes): { internalRedirectPolicy+: { redirectResponseCodes: if std.isArray(v=redirectResponseCodes) then redirectResponseCodes else [redirectResponseCodes] } }, + '#withRedirectResponseCodesMixin':: d.fn(help='"RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect.\\nOnly 301, 302, 303, 307 and 308 are valid values."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='redirectResponseCodes', type=d.T.array)]), + withRedirectResponseCodesMixin(redirectResponseCodes): { internalRedirectPolicy+: { redirectResponseCodes+: if std.isArray(v=redirectResponseCodes) then redirectResponseCodes else [redirectResponseCodes] } }, + }, + '#ipAllowPolicy':: d.obj(help='"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be allowed. All other requests will be denied.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here override any rules set on the root HTTPProxy."'), + ipAllowPolicy: { + '#withCidr':: d.fn(help='"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\\na bare IP address (without a mask) to filter on exactly one address."', args=[d.arg(name='cidr', type=d.T.string)]), + withCidr(cidr): { cidr: cidr }, + '#withSource':: d.fn(help='"Source indicates how to determine the ip address to filter on, and can be\\none of two values:\\n - `Remote` filters on the ip address of the client, accounting for PROXY and\\n X-Forwarded-For as needed.\\n - `Peer` filters on the ip of the network request, ignoring PROXY and\\n X-Forwarded-For."', args=[d.arg(name='source', type=d.T.string)]), + withSource(source): { source: source }, + }, + '#ipDenyPolicy':: d.obj(help='"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be denied. All other requests will be allowed.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here override any rules set on the root HTTPProxy."'), + ipDenyPolicy: { + '#withCidr':: d.fn(help='"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\\na bare IP address (without a mask) to filter on exactly one address."', args=[d.arg(name='cidr', type=d.T.string)]), + withCidr(cidr): { cidr: cidr }, + '#withSource':: d.fn(help='"Source indicates how to determine the ip address to filter on, and can be\\none of two values:\\n - `Remote` filters on the ip address of the client, accounting for PROXY and\\n X-Forwarded-For as needed.\\n - `Peer` filters on the ip of the network request, ignoring PROXY and\\n X-Forwarded-For."', args=[d.arg(name='source', type=d.T.string)]), + withSource(source): { source: source }, + }, + '#jwtVerificationPolicy':: d.obj(help='"The policy for verifying JWTs for requests to this route."'), + jwtVerificationPolicy: { + '#withDisabled':: d.fn(help='"Disabled defines whether to disable all JWT verification for this\\nroute. This can be used to opt specific routes out of the default\\nJWT provider for the HTTPProxy. At most one of this field or the\\n\\"require\\" field can be specified."', args=[d.arg(name='disabled', type=d.T.boolean)]), + withDisabled(disabled): { jwtVerificationPolicy+: { disabled: disabled } }, + '#withRequire':: d.fn(help='"Require names a specific JWT provider (defined in the virtual host)\\nto require for the route. If specified, this field overrides the\\ndefault provider if one exists. If this field is not specified,\\nthe default provider will be required if one exists. At most one of\\nthis field or the \\"disabled\\" field can be specified."', args=[d.arg(name='require', type=d.T.string)]), + withRequire(require): { jwtVerificationPolicy+: { require: require } }, + }, + '#loadBalancerPolicy':: d.obj(help='"The load balancing policy for this route."'), + loadBalancerPolicy: { + '#requestHashPolicies':: d.obj(help='"RequestHashPolicies contains a list of hash policies to apply when the\\n`RequestHash` load balancing strategy is chosen. If an element of the\\nsupplied list of hash policies is invalid, it will be ignored. If the\\nlist of hash policies is empty after validation, the load balancing\\nstrategy will fall back to the default `RoundRobin`."'), + requestHashPolicies: { + '#headerHashOptions':: d.obj(help='"HeaderHashOptions should be set when request header hash based load\\nbalancing is desired. It must be the only hash option field set,\\notherwise this request hash policy object will be ignored."'), + headerHashOptions: { + '#withHeaderName':: d.fn(help='"HeaderName is the name of the HTTP request header that will be used to\\ncalculate the hash key. If the header specified is not present on a\\nrequest, no hash will be produced."', args=[d.arg(name='headerName', type=d.T.string)]), + withHeaderName(headerName): { headerHashOptions+: { headerName: headerName } }, + }, + '#queryParameterHashOptions':: d.obj(help='"QueryParameterHashOptions should be set when request query parameter hash based load\\nbalancing is desired. It must be the only hash option field set,\\notherwise this request hash policy object will be ignored."'), + queryParameterHashOptions: { + '#withParameterName':: d.fn(help='"ParameterName is the name of the HTTP request query parameter that will be used to\\ncalculate the hash key. If the query parameter specified is not present on a\\nrequest, no hash will be produced."', args=[d.arg(name='parameterName', type=d.T.string)]), + withParameterName(parameterName): { queryParameterHashOptions+: { parameterName: parameterName } }, + }, + '#withHashSourceIP':: d.fn(help='"HashSourceIP should be set to true when request source IP hash based\\nload balancing is desired. It must be the only hash option field set,\\notherwise this request hash policy object will be ignored."', args=[d.arg(name='hashSourceIP', type=d.T.boolean)]), + withHashSourceIP(hashSourceIP): { hashSourceIP: hashSourceIP }, + '#withTerminal':: d.fn(help='"Terminal is a flag that allows for short-circuiting computing of a hash\\nfor a given request. If set to true, and the request attribute specified\\nin the attribute hash options is present, no further hash policies will\\nbe used to calculate a hash for the request."', args=[d.arg(name='terminal', type=d.T.boolean)]), + withTerminal(terminal): { terminal: terminal }, + }, + '#withRequestHashPolicies':: d.fn(help='"RequestHashPolicies contains a list of hash policies to apply when the\\n`RequestHash` load balancing strategy is chosen. If an element of the\\nsupplied list of hash policies is invalid, it will be ignored. If the\\nlist of hash policies is empty after validation, the load balancing\\nstrategy will fall back to the default `RoundRobin`."', args=[d.arg(name='requestHashPolicies', type=d.T.array)]), + withRequestHashPolicies(requestHashPolicies): { loadBalancerPolicy+: { requestHashPolicies: if std.isArray(v=requestHashPolicies) then requestHashPolicies else [requestHashPolicies] } }, + '#withRequestHashPoliciesMixin':: d.fn(help='"RequestHashPolicies contains a list of hash policies to apply when the\\n`RequestHash` load balancing strategy is chosen. If an element of the\\nsupplied list of hash policies is invalid, it will be ignored. If the\\nlist of hash policies is empty after validation, the load balancing\\nstrategy will fall back to the default `RoundRobin`."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='requestHashPolicies', type=d.T.array)]), + withRequestHashPoliciesMixin(requestHashPolicies): { loadBalancerPolicy+: { requestHashPolicies+: if std.isArray(v=requestHashPolicies) then requestHashPolicies else [requestHashPolicies] } }, + '#withStrategy':: d.fn(help='"Strategy specifies the policy used to balance requests\\nacross the pool of backend pods. Valid policy names are\\n`Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`,\\nand `RequestHash`. If an unknown strategy name is specified\\nor no policy is supplied, the default `RoundRobin` policy\\nis used."', args=[d.arg(name='strategy', type=d.T.string)]), + withStrategy(strategy): { loadBalancerPolicy+: { strategy: strategy } }, + }, + '#pathRewritePolicy':: d.obj(help='"The policy for rewriting the path of the request URL\\nafter the request has been routed to a Service."'), + pathRewritePolicy: { + '#replacePrefix':: d.obj(help='"ReplacePrefix describes how the path prefix should be replaced."'), + replacePrefix: { + '#withPrefix':: d.fn(help='"Prefix specifies the URL path prefix to be replaced.\\nIf Prefix is specified, it must exactly match the MatchCondition\\nprefix that is rendered by the chain of including HTTPProxies\\nand only that path prefix will be replaced by Replacement.\\nThis allows HTTPProxies that are included through multiple\\nroots to only replace specific path prefixes, leaving others\\nunmodified.\\nIf Prefix is not specified, all routing prefixes rendered\\nby the include chain will be replaced."', args=[d.arg(name='prefix', type=d.T.string)]), + withPrefix(prefix): { prefix: prefix }, + '#withReplacement':: d.fn(help='"Replacement is the string that the routing path prefix\\nwill be replaced with. This must not be empty."', args=[d.arg(name='replacement', type=d.T.string)]), + withReplacement(replacement): { replacement: replacement }, + }, + '#withReplacePrefix':: d.fn(help='"ReplacePrefix describes how the path prefix should be replaced."', args=[d.arg(name='replacePrefix', type=d.T.array)]), + withReplacePrefix(replacePrefix): { pathRewritePolicy+: { replacePrefix: if std.isArray(v=replacePrefix) then replacePrefix else [replacePrefix] } }, + '#withReplacePrefixMixin':: d.fn(help='"ReplacePrefix describes how the path prefix should be replaced."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='replacePrefix', type=d.T.array)]), + withReplacePrefixMixin(replacePrefix): { pathRewritePolicy+: { replacePrefix+: if std.isArray(v=replacePrefix) then replacePrefix else [replacePrefix] } }, + }, + '#rateLimitPolicy':: d.obj(help='"The policy for rate limiting on the route."'), + rateLimitPolicy: { + '#global':: d.obj(help='"Global defines global rate limiting parameters, i.e. parameters\\ndefining descriptors that are sent to an external rate limit\\nservice (RLS) for a rate limit decision on each request."'), + global: { + '#descriptors':: d.obj(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."'), + descriptors: { + '#entries':: d.obj(help='"Entries is the list of key-value pair generators."'), + entries: { + '#genericKey':: d.obj(help='"GenericKey defines a descriptor entry with a static key and value."'), + genericKey: { + '#withKey':: d.fn(help='"Key defines the key of the descriptor entry. If not set, the\\nkey is set to \\"generic_key\\"."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { genericKey+: { key: key } }, + '#withValue':: d.fn(help='"Value defines the value of the descriptor entry."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { genericKey+: { value: value } }, + }, + '#requestHeader':: d.obj(help="\"RequestHeader defines a descriptor entry that's populated only if\\na given header is present on the request. The descriptor key is static,\\nand the descriptor value is equal to the value of the header.\""), + requestHeader: { + '#withDescriptorKey':: d.fn(help='"DescriptorKey defines the key to use on the descriptor entry."', args=[d.arg(name='descriptorKey', type=d.T.string)]), + withDescriptorKey(descriptorKey): { requestHeader+: { descriptorKey: descriptorKey } }, + '#withHeaderName':: d.fn(help='"HeaderName defines the name of the header to look for on the request."', args=[d.arg(name='headerName', type=d.T.string)]), + withHeaderName(headerName): { requestHeader+: { headerName: headerName } }, + }, + '#requestHeaderValueMatch':: d.obj(help="\"RequestHeaderValueMatch defines a descriptor entry that's populated\\nif the request's headers match a set of 1+ match criteria. The\\ndescriptor key is \\\"header_match\\\", and the descriptor value is static.\""), + requestHeaderValueMatch: { + '#headers':: d.obj(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."'), + headers: { + '#withContains':: d.fn(help='"Contains specifies a substring that must be present in\\nthe header value."', args=[d.arg(name='contains', type=d.T.string)]), + withContains(contains): { contains: contains }, + '#withExact':: d.fn(help='"Exact specifies a string that the header value must be equal to."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { exact: exact }, + '#withIgnoreCase':: d.fn(help='"IgnoreCase specifies that string matching should be case insensitive.\\nNote that this has no effect on the Regex parameter."', args=[d.arg(name='ignoreCase', type=d.T.boolean)]), + withIgnoreCase(ignoreCase): { ignoreCase: ignoreCase }, + '#withName':: d.fn(help='"Name is the name of the header to match against. Name is required.\\nHeader names are case insensitive."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNotcontains':: d.fn(help='"NotContains specifies a substring that must not be present\\nin the header value."', args=[d.arg(name='notcontains', type=d.T.string)]), + withNotcontains(notcontains): { notcontains: notcontains }, + '#withNotexact':: d.fn(help='"NoExact specifies a string that the header value must not be\\nequal to. The condition is true if the header has any other value."', args=[d.arg(name='notexact', type=d.T.string)]), + withNotexact(notexact): { notexact: notexact }, + '#withNotpresent':: d.fn(help='"NotPresent specifies that condition is true when the named header\\nis not present. Note that setting NotPresent to false does not\\nmake the condition true if the named header is present."', args=[d.arg(name='notpresent', type=d.T.boolean)]), + withNotpresent(notpresent): { notpresent: notpresent }, + '#withPresent':: d.fn(help='"Present specifies that condition is true when the named header\\nis present, regardless of its value. Note that setting Present\\nto false does not make the condition true if the named header\\nis absent."', args=[d.arg(name='present', type=d.T.boolean)]), + withPresent(present): { present: present }, + '#withRegex':: d.fn(help='"Regex specifies a regular expression pattern that must match the header\\nvalue."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { regex: regex }, + '#withTreatMissingAsEmpty':: d.fn(help='"TreatMissingAsEmpty specifies if the header match rule specified header\\ndoes not exist, this header value will be treated as empty. Defaults to false.\\nUnlike the underlying Envoy implementation this is **only** supported for\\nnegative matches (e.g. NotContains, NotExact)."', args=[d.arg(name='treatMissingAsEmpty', type=d.T.boolean)]), + withTreatMissingAsEmpty(treatMissingAsEmpty): { treatMissingAsEmpty: treatMissingAsEmpty }, + }, + '#withExpectMatch':: d.fn(help='"ExpectMatch defines whether the request must positively match the match\\ncriteria in order to generate a descriptor entry (i.e. true), or not\\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\\nThe default is true."', args=[d.arg(name='expectMatch', type=d.T.boolean)]), + withExpectMatch(expectMatch): { requestHeaderValueMatch+: { expectMatch: expectMatch } }, + '#withHeaders':: d.fn(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { requestHeaderValueMatch+: { headers: if std.isArray(v=headers) then headers else [headers] } }, + '#withHeadersMixin':: d.fn(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { requestHeaderValueMatch+: { headers+: if std.isArray(v=headers) then headers else [headers] } }, + '#withValue':: d.fn(help='"Value defines the value of the descriptor entry."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { requestHeaderValueMatch+: { value: value } }, + }, + '#withRemoteAddress':: d.fn(help="\"RemoteAddress defines a descriptor entry with a key of \\\"remote_address\\\"\\nand a value equal to the client's IP address (from x-forwarded-for).\"", args=[d.arg(name='remoteAddress', type=d.T.object)]), + withRemoteAddress(remoteAddress): { remoteAddress: remoteAddress }, + '#withRemoteAddressMixin':: d.fn(help="\"RemoteAddress defines a descriptor entry with a key of \\\"remote_address\\\"\\nand a value equal to the client's IP address (from x-forwarded-for).\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='remoteAddress', type=d.T.object)]), + withRemoteAddressMixin(remoteAddress): { remoteAddress+: remoteAddress }, + }, + '#withEntries':: d.fn(help='"Entries is the list of key-value pair generators."', args=[d.arg(name='entries', type=d.T.array)]), + withEntries(entries): { entries: if std.isArray(v=entries) then entries else [entries] }, + '#withEntriesMixin':: d.fn(help='"Entries is the list of key-value pair generators."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='entries', type=d.T.array)]), + withEntriesMixin(entries): { entries+: if std.isArray(v=entries) then entries else [entries] }, + }, + '#withDescriptors':: d.fn(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."', args=[d.arg(name='descriptors', type=d.T.array)]), + withDescriptors(descriptors): { rateLimitPolicy+: { global+: { descriptors: if std.isArray(v=descriptors) then descriptors else [descriptors] } } }, + '#withDescriptorsMixin':: d.fn(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='descriptors', type=d.T.array)]), + withDescriptorsMixin(descriptors): { rateLimitPolicy+: { global+: { descriptors+: if std.isArray(v=descriptors) then descriptors else [descriptors] } } }, + '#withDisabled':: d.fn(help='"Disabled configures the HTTPProxy to not use\\nthe default global rate limit policy defined by the Contour configuration."', args=[d.arg(name='disabled', type=d.T.boolean)]), + withDisabled(disabled): { rateLimitPolicy+: { global+: { disabled: disabled } } }, + }, + '#local':: d.obj(help='"Local defines local rate limiting parameters, i.e. parameters\\nfor rate limiting that occurs within each Envoy pod as requests\\nare handled."'), + 'local': { + '#responseHeadersToAdd':: d.obj(help='"ResponseHeadersToAdd is an optional list of response headers to\\nset when a request is rate-limited."'), + responseHeadersToAdd: { + '#withName':: d.fn(help='"Name represents a key of a header"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value represents the value of a header specified by a key"', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withBurst':: d.fn(help='"Burst defines the number of requests above the requests per\\nunit that should be allowed within a short period of time."', args=[d.arg(name='burst', type=d.T.integer)]), + withBurst(burst): { rateLimitPolicy+: { 'local'+: { burst: burst } } }, + '#withRequests':: d.fn(help='"Requests defines how many requests per unit of time should\\nbe allowed before rate limiting occurs."', args=[d.arg(name='requests', type=d.T.integer)]), + withRequests(requests): { rateLimitPolicy+: { 'local'+: { requests: requests } } }, + '#withResponseHeadersToAdd':: d.fn(help='"ResponseHeadersToAdd is an optional list of response headers to\\nset when a request is rate-limited."', args=[d.arg(name='responseHeadersToAdd', type=d.T.array)]), + withResponseHeadersToAdd(responseHeadersToAdd): { rateLimitPolicy+: { 'local'+: { responseHeadersToAdd: if std.isArray(v=responseHeadersToAdd) then responseHeadersToAdd else [responseHeadersToAdd] } } }, + '#withResponseHeadersToAddMixin':: d.fn(help='"ResponseHeadersToAdd is an optional list of response headers to\\nset when a request is rate-limited."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='responseHeadersToAdd', type=d.T.array)]), + withResponseHeadersToAddMixin(responseHeadersToAdd): { rateLimitPolicy+: { 'local'+: { responseHeadersToAdd+: if std.isArray(v=responseHeadersToAdd) then responseHeadersToAdd else [responseHeadersToAdd] } } }, + '#withResponseStatusCode':: d.fn(help='"ResponseStatusCode is the HTTP status code to use for responses\\nto rate-limited requests. Codes must be in the 400-599 range\\n(inclusive). If not specified, the Envoy default of 429 (Too\\nMany Requests) is used."', args=[d.arg(name='responseStatusCode', type=d.T.integer)]), + withResponseStatusCode(responseStatusCode): { rateLimitPolicy+: { 'local'+: { responseStatusCode: responseStatusCode } } }, + '#withUnit':: d.fn(help='"Unit defines the period of time within which requests\\nover the limit will be rate limited. Valid values are\\n\\"second\\", \\"minute\\" and \\"hour\\"."', args=[d.arg(name='unit', type=d.T.string)]), + withUnit(unit): { rateLimitPolicy+: { 'local'+: { unit: unit } } }, + }, + }, + '#requestHeadersPolicy':: d.obj(help='"The policy for managing request headers during proxying.\\nYou may dynamically rewrite the Host header to be forwarded\\nupstream to the content of a request header using\\nthe below format \\"%REQ(X-Header-Name)%\\". If the value of the header\\nis empty, it is ignored.\\n*NOTE: Pay attention to the potential security implications of using this option.\\nProvided header must come from trusted source.\\n**NOTE: The header rewrite is only done while forwarding and has no bearing\\non the routing decision."'), + requestHeadersPolicy: { + '#set':: d.obj(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."'), + set: { + '#withName':: d.fn(help='"Name represents a key of a header"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value represents the value of a header specified by a key"', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withRemove':: d.fn(help='"Remove specifies a list of HTTP header names to remove."', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeadersPolicy+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove specifies a list of HTTP header names to remove."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeadersPolicy+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeadersPolicy+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeadersPolicy+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#requestRedirectPolicy':: d.obj(help='"RequestRedirectPolicy defines an HTTP redirection."'), + requestRedirectPolicy: { + '#withHostname':: d.fn(help='"Hostname is the precise hostname to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the hostname of the request is used.\\nNo wildcards are allowed."', args=[d.arg(name='hostname', type=d.T.string)]), + withHostname(hostname): { requestRedirectPolicy+: { hostname: hostname } }, + '#withPath':: d.fn(help='"Path allows for redirection to a different path from the\\noriginal on the request. The path must start with a\\nleading slash.\\nNote: Only one of Path or Prefix can be defined."', args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { requestRedirectPolicy+: { path: path } }, + '#withPort':: d.fn(help='"Port is the port to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, port (if specified) of the request is used."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { requestRedirectPolicy+: { port: port } }, + '#withPrefix':: d.fn(help='"Prefix defines the value to swap the matched prefix or path with.\\nThe prefix must start with a leading slash.\\nNote: Only one of Path or Prefix can be defined."', args=[d.arg(name='prefix', type=d.T.string)]), + withPrefix(prefix): { requestRedirectPolicy+: { prefix: prefix } }, + '#withScheme':: d.fn(help='"Scheme is the scheme to be used in the value of the `Location`\\nheader in the response.\\nWhen empty, the scheme of the request is used."', args=[d.arg(name='scheme', type=d.T.string)]), + withScheme(scheme): { requestRedirectPolicy+: { scheme: scheme } }, + '#withStatusCode':: d.fn(help='"StatusCode is the HTTP status code to be used in response."', args=[d.arg(name='statusCode', type=d.T.integer)]), + withStatusCode(statusCode): { requestRedirectPolicy+: { statusCode: statusCode } }, + }, + '#responseHeadersPolicy':: d.obj(help="\"The policy for managing response headers during proxying.\\nRewriting the 'Host' header is not supported.\""), + responseHeadersPolicy: { + '#set':: d.obj(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."'), + set: { + '#withName':: d.fn(help='"Name represents a key of a header"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value represents the value of a header specified by a key"', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withRemove':: d.fn(help='"Remove specifies a list of HTTP header names to remove."', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeadersPolicy+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove specifies a list of HTTP header names to remove."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeadersPolicy+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeadersPolicy+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeadersPolicy+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#retryPolicy':: d.obj(help='"The retry policy for this route."'), + retryPolicy: { + '#withCount':: d.fn(help='"NumRetries is maximum allowed number of retries.\\nIf set to -1, then retries are disabled.\\nIf set to 0 or not supplied, the value is set\\nto the Envoy default of 1."', args=[d.arg(name='count', type=d.T.integer)]), + withCount(count): { retryPolicy+: { count: count } }, + '#withPerTryTimeout':: d.fn(help='"PerTryTimeout specifies the timeout per retry attempt.\\nIgnored if NumRetries is not supplied."', args=[d.arg(name='perTryTimeout', type=d.T.string)]), + withPerTryTimeout(perTryTimeout): { retryPolicy+: { perTryTimeout: perTryTimeout } }, + '#withRetriableStatusCodes':: d.fn(help='"RetriableStatusCodes specifies the HTTP status codes that should be retried.\\nThis field is only respected when you include `retriable-status-codes` in the `RetryOn` field."', args=[d.arg(name='retriableStatusCodes', type=d.T.array)]), + withRetriableStatusCodes(retriableStatusCodes): { retryPolicy+: { retriableStatusCodes: if std.isArray(v=retriableStatusCodes) then retriableStatusCodes else [retriableStatusCodes] } }, + '#withRetriableStatusCodesMixin':: d.fn(help='"RetriableStatusCodes specifies the HTTP status codes that should be retried.\\nThis field is only respected when you include `retriable-status-codes` in the `RetryOn` field."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='retriableStatusCodes', type=d.T.array)]), + withRetriableStatusCodesMixin(retriableStatusCodes): { retryPolicy+: { retriableStatusCodes+: if std.isArray(v=retriableStatusCodes) then retriableStatusCodes else [retriableStatusCodes] } }, + '#withRetryOn':: d.fn(help='"RetryOn specifies the conditions on which to retry a request.\\nSupported [HTTP conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on):\\n- `5xx`\\n- `gateway-error`\\n- `reset`\\n- `connect-failure`\\n- `retriable-4xx`\\n- `refused-stream`\\n- `retriable-status-codes`\\n- `retriable-headers`\\nSupported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on):\\n- `cancelled`\\n- `deadline-exceeded`\\n- `internal`\\n- `resource-exhausted`\\n- `unavailable`"', args=[d.arg(name='retryOn', type=d.T.array)]), + withRetryOn(retryOn): { retryPolicy+: { retryOn: if std.isArray(v=retryOn) then retryOn else [retryOn] } }, + '#withRetryOnMixin':: d.fn(help='"RetryOn specifies the conditions on which to retry a request.\\nSupported [HTTP conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on):\\n- `5xx`\\n- `gateway-error`\\n- `reset`\\n- `connect-failure`\\n- `retriable-4xx`\\n- `refused-stream`\\n- `retriable-status-codes`\\n- `retriable-headers`\\nSupported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on):\\n- `cancelled`\\n- `deadline-exceeded`\\n- `internal`\\n- `resource-exhausted`\\n- `unavailable`"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='retryOn', type=d.T.array)]), + withRetryOnMixin(retryOn): { retryPolicy+: { retryOn+: if std.isArray(v=retryOn) then retryOn else [retryOn] } }, + }, + '#services':: d.obj(help='"Services are the services to proxy traffic."'), + services: { + '#cookieRewritePolicies':: d.obj(help='"The policies for rewriting Set-Cookie header attributes."'), + cookieRewritePolicies: { + '#domainRewrite':: d.obj(help='"DomainRewrite enables rewriting the Set-Cookie Domain element.\\nIf not set, Domain will not be rewritten."'), + domainRewrite: { + '#withValue':: d.fn(help='"Value is the value to rewrite the Domain attribute to.\\nFor now this is required."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { domainRewrite+: { value: value } }, + }, + '#pathRewrite':: d.obj(help='"PathRewrite enables rewriting the Set-Cookie Path element.\\nIf not set, Path will not be rewritten."'), + pathRewrite: { + '#withValue':: d.fn(help='"Value is the value to rewrite the Path attribute to.\\nFor now this is required."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { pathRewrite+: { value: value } }, + }, + '#withName':: d.fn(help='"Name is the name of the cookie for which attributes will be rewritten."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withSameSite':: d.fn(help='"SameSite enables rewriting the Set-Cookie SameSite element.\\nIf not set, SameSite attribute will not be rewritten."', args=[d.arg(name='sameSite', type=d.T.string)]), + withSameSite(sameSite): { sameSite: sameSite }, + '#withSecure':: d.fn(help='"Secure enables rewriting the Set-Cookie Secure element.\\nIf not set, Secure attribute will not be rewritten."', args=[d.arg(name='secure', type=d.T.boolean)]), + withSecure(secure): { secure: secure }, + }, + '#requestHeadersPolicy':: d.obj(help='"The policy for managing request headers during proxying."'), + requestHeadersPolicy: { + '#set':: d.obj(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."'), + set: { + '#withName':: d.fn(help='"Name represents a key of a header"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value represents the value of a header specified by a key"', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withRemove':: d.fn(help='"Remove specifies a list of HTTP header names to remove."', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeadersPolicy+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove specifies a list of HTTP header names to remove."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeadersPolicy+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeadersPolicy+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeadersPolicy+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#responseHeadersPolicy':: d.obj(help="\"The policy for managing response headers during proxying.\\nRewriting the 'Host' header is not supported.\""), + responseHeadersPolicy: { + '#set':: d.obj(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."'), + set: { + '#withName':: d.fn(help='"Name represents a key of a header"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value represents the value of a header specified by a key"', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withRemove':: d.fn(help='"Remove specifies a list of HTTP header names to remove."', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeadersPolicy+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove specifies a list of HTTP header names to remove."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeadersPolicy+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeadersPolicy+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeadersPolicy+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#slowStartPolicy':: d.obj(help='"Slow start will gradually increase amount of traffic to a newly added endpoint."'), + slowStartPolicy: { + '#withAggression':: d.fn(help='"The speed of traffic increase over the slow start window.\\nDefaults to 1.0, so that endpoint would get linearly increasing amount of traffic.\\nWhen increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly.\\nThe value of aggression parameter should be greater than 0.0.\\nMore info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start"', args=[d.arg(name='aggression', type=d.T.string)]), + withAggression(aggression): { slowStartPolicy+: { aggression: aggression } }, + '#withMinWeightPercent':: d.fn(help='"The minimum or starting percentage of traffic to send to new endpoints.\\nA non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window.\\nIf not specified, the default is 10%."', args=[d.arg(name='minWeightPercent', type=d.T.integer)]), + withMinWeightPercent(minWeightPercent): { slowStartPolicy+: { minWeightPercent: minWeightPercent } }, + '#withWindow':: d.fn(help='"The duration of slow start window.\\nDuration is expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\\nValid time units are \\"ns\\", \\"us\\" (or \\"µs\\"), \\"ms\\", \\"s\\", \\"m\\", \\"h\\"."', args=[d.arg(name='window', type=d.T.string)]), + withWindow(window): { slowStartPolicy+: { window: window } }, + }, + '#validation':: d.obj(help="\"UpstreamValidation defines how to verify the backend service's certificate\""), + validation: { + '#withCaSecret':: d.fn(help='"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\\nThe secret must contain key named ca.crt.\\nThe name can be optionally prefixed with namespace \\"namespace/name\\".\\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)"', args=[d.arg(name='caSecret', type=d.T.string)]), + withCaSecret(caSecret): { validation+: { caSecret: caSecret } }, + '#withSubjectName':: d.fn(help="\"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\\nDeprecated: migrate to using the plural field subjectNames.\"", args=[d.arg(name='subjectName', type=d.T.string)]), + withSubjectName(subjectName): { validation+: { subjectName: subjectName } }, + '#withSubjectNames':: d.fn(help="\"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\\npresented certificate.\"", args=[d.arg(name='subjectNames', type=d.T.array)]), + withSubjectNames(subjectNames): { validation+: { subjectNames: if std.isArray(v=subjectNames) then subjectNames else [subjectNames] } }, + '#withSubjectNamesMixin':: d.fn(help="\"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\\npresented certificate.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='subjectNames', type=d.T.array)]), + withSubjectNamesMixin(subjectNames): { validation+: { subjectNames+: if std.isArray(v=subjectNames) then subjectNames else [subjectNames] } }, + }, + '#withCookieRewritePolicies':: d.fn(help='"The policies for rewriting Set-Cookie header attributes."', args=[d.arg(name='cookieRewritePolicies', type=d.T.array)]), + withCookieRewritePolicies(cookieRewritePolicies): { cookieRewritePolicies: if std.isArray(v=cookieRewritePolicies) then cookieRewritePolicies else [cookieRewritePolicies] }, + '#withCookieRewritePoliciesMixin':: d.fn(help='"The policies for rewriting Set-Cookie header attributes."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='cookieRewritePolicies', type=d.T.array)]), + withCookieRewritePoliciesMixin(cookieRewritePolicies): { cookieRewritePolicies+: if std.isArray(v=cookieRewritePolicies) then cookieRewritePolicies else [cookieRewritePolicies] }, + '#withHealthPort':: d.fn(help='"HealthPort is the port for this service healthcheck.\\nIf not specified, Port is used for service healthchecks."', args=[d.arg(name='healthPort', type=d.T.integer)]), + withHealthPort(healthPort): { healthPort: healthPort }, + '#withMirror':: d.fn(help='"If Mirror is true the Service will receive a read only mirror of the traffic for this route.\\nIf Mirror is true, then fractional mirroring can be enabled by optionally setting the Weight\\nfield. Legal values for Weight are 1-100. Omitting the Weight field will result in 100% mirroring.\\nNOTE: Setting Weight explicitly to 0 will unexpectedly result in 100% traffic mirroring. This\\noccurs since we cannot distinguish omitted fields from those explicitly set to their default\\nvalues"', args=[d.arg(name='mirror', type=d.T.boolean)]), + withMirror(mirror): { mirror: mirror }, + '#withName':: d.fn(help='"Name is the name of Kubernetes service to proxy traffic.\\nNames defined here will be used to look up corresponding endpoints which contain the ips to route."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port (defined as Integer) to proxy traffic to since a service can have multiple defined."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol may be used to specify (or override) the protocol used to reach this Service.\\nValues may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations."', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + '#withWeight':: d.fn(help='"Weight defines percentage of traffic to balance traffic"', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#timeoutPolicy':: d.obj(help='"The timeout policy for this route."'), + timeoutPolicy: { + '#withIdle':: d.fn(help='"Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2).\\nTimeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests.\\nIf not specified, there is no per-route idle timeout, though a connection manager-wide\\nstream_idle_timeout default of 5m still applies."', args=[d.arg(name='idle', type=d.T.string)]), + withIdle(idle): { timeoutPolicy+: { idle: idle } }, + '#withIdleConnection':: d.fn(help="\"Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests.\\nIf not supplied, Envoy's default value of 1h applies.\"", args=[d.arg(name='idleConnection', type=d.T.string)]), + withIdleConnection(idleConnection): { timeoutPolicy+: { idleConnection: idleConnection } }, + '#withResponse':: d.fn(help="\"Timeout for receiving a response from the server after processing a request from client.\\nIf not supplied, Envoy's default value of 15s applies.\"", args=[d.arg(name='response', type=d.T.string)]), + withResponse(response): { timeoutPolicy+: { response: response } }, + }, + '#withConditions':: d.fn(help='"Conditions are a set of rules that are applied to a Route.\\nWhen applied, they are merged using AND, with one exception:\\nThere can be only one Prefix, Exact or Regex MatchCondition\\nper Conditions slice. More than one of these condition types,\\nor contradictory Conditions, will make the route invalid."', args=[d.arg(name='conditions', type=d.T.array)]), + withConditions(conditions): { conditions: if std.isArray(v=conditions) then conditions else [conditions] }, + '#withConditionsMixin':: d.fn(help='"Conditions are a set of rules that are applied to a Route.\\nWhen applied, they are merged using AND, with one exception:\\nThere can be only one Prefix, Exact or Regex MatchCondition\\nper Conditions slice. More than one of these condition types,\\nor contradictory Conditions, will make the route invalid."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='conditions', type=d.T.array)]), + withConditionsMixin(conditions): { conditions+: if std.isArray(v=conditions) then conditions else [conditions] }, + '#withCookieRewritePolicies':: d.fn(help='"The policies for rewriting Set-Cookie header attributes. Note that\\nrewritten cookie names must be unique in this list. Order rewrite\\npolicies are specified in does not matter."', args=[d.arg(name='cookieRewritePolicies', type=d.T.array)]), + withCookieRewritePolicies(cookieRewritePolicies): { cookieRewritePolicies: if std.isArray(v=cookieRewritePolicies) then cookieRewritePolicies else [cookieRewritePolicies] }, + '#withCookieRewritePoliciesMixin':: d.fn(help='"The policies for rewriting Set-Cookie header attributes. Note that\\nrewritten cookie names must be unique in this list. Order rewrite\\npolicies are specified in does not matter."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='cookieRewritePolicies', type=d.T.array)]), + withCookieRewritePoliciesMixin(cookieRewritePolicies): { cookieRewritePolicies+: if std.isArray(v=cookieRewritePolicies) then cookieRewritePolicies else [cookieRewritePolicies] }, + '#withEnableWebsockets':: d.fn(help='"Enables websocket support for the route."', args=[d.arg(name='enableWebsockets', type=d.T.boolean)]), + withEnableWebsockets(enableWebsockets): { enableWebsockets: enableWebsockets }, + '#withIpAllowPolicy':: d.fn(help='"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be allowed. All other requests will be denied.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here override any rules set on the root HTTPProxy."', args=[d.arg(name='ipAllowPolicy', type=d.T.array)]), + withIpAllowPolicy(ipAllowPolicy): { ipAllowPolicy: if std.isArray(v=ipAllowPolicy) then ipAllowPolicy else [ipAllowPolicy] }, + '#withIpAllowPolicyMixin':: d.fn(help='"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be allowed. All other requests will be denied.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here override any rules set on the root HTTPProxy."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ipAllowPolicy', type=d.T.array)]), + withIpAllowPolicyMixin(ipAllowPolicy): { ipAllowPolicy+: if std.isArray(v=ipAllowPolicy) then ipAllowPolicy else [ipAllowPolicy] }, + '#withIpDenyPolicy':: d.fn(help='"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be denied. All other requests will be allowed.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here override any rules set on the root HTTPProxy."', args=[d.arg(name='ipDenyPolicy', type=d.T.array)]), + withIpDenyPolicy(ipDenyPolicy): { ipDenyPolicy: if std.isArray(v=ipDenyPolicy) then ipDenyPolicy else [ipDenyPolicy] }, + '#withIpDenyPolicyMixin':: d.fn(help='"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be denied. All other requests will be allowed.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here override any rules set on the root HTTPProxy."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ipDenyPolicy', type=d.T.array)]), + withIpDenyPolicyMixin(ipDenyPolicy): { ipDenyPolicy+: if std.isArray(v=ipDenyPolicy) then ipDenyPolicy else [ipDenyPolicy] }, + '#withPermitInsecure':: d.fn(help='"Allow this path to respond to insecure requests over HTTP which are normally\\nnot permitted when a `virtualhost.tls` block is present."', args=[d.arg(name='permitInsecure', type=d.T.boolean)]), + withPermitInsecure(permitInsecure): { permitInsecure: permitInsecure }, + '#withServices':: d.fn(help='"Services are the services to proxy traffic."', args=[d.arg(name='services', type=d.T.array)]), + withServices(services): { services: if std.isArray(v=services) then services else [services] }, + '#withServicesMixin':: d.fn(help='"Services are the services to proxy traffic."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='services', type=d.T.array)]), + withServicesMixin(services): { services+: if std.isArray(v=services) then services else [services] }, + }, + '#tcpproxy':: d.obj(help='"TCPProxy holds TCP proxy information."'), + tcpproxy: { + '#healthCheckPolicy':: d.obj(help='"The health check policy for this tcp proxy"'), + healthCheckPolicy: { + '#withHealthyThresholdCount':: d.fn(help='"The number of healthy health checks required before a host is marked healthy"', args=[d.arg(name='healthyThresholdCount', type=d.T.integer)]), + withHealthyThresholdCount(healthyThresholdCount): { spec+: { tcpproxy+: { healthCheckPolicy+: { healthyThresholdCount: healthyThresholdCount } } } }, + '#withIntervalSeconds':: d.fn(help='"The interval (seconds) between health checks"', args=[d.arg(name='intervalSeconds', type=d.T.integer)]), + withIntervalSeconds(intervalSeconds): { spec+: { tcpproxy+: { healthCheckPolicy+: { intervalSeconds: intervalSeconds } } } }, + '#withTimeoutSeconds':: d.fn(help='"The time to wait (seconds) for a health check response"', args=[d.arg(name='timeoutSeconds', type=d.T.integer)]), + withTimeoutSeconds(timeoutSeconds): { spec+: { tcpproxy+: { healthCheckPolicy+: { timeoutSeconds: timeoutSeconds } } } }, + '#withUnhealthyThresholdCount':: d.fn(help='"The number of unhealthy health checks required before a host is marked unhealthy"', args=[d.arg(name='unhealthyThresholdCount', type=d.T.integer)]), + withUnhealthyThresholdCount(unhealthyThresholdCount): { spec+: { tcpproxy+: { healthCheckPolicy+: { unhealthyThresholdCount: unhealthyThresholdCount } } } }, + }, + '#include':: d.obj(help='"Include specifies that this tcpproxy should be delegated to another HTTPProxy."'), + include: { + '#withName':: d.fn(help='"Name of the child HTTPProxy"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { tcpproxy+: { include+: { name: name } } } }, + '#withNamespace':: d.fn(help='"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { tcpproxy+: { include+: { namespace: namespace } } } }, + }, + '#includes':: d.obj(help='"IncludesDeprecated allow for specific routing configuration to be appended to another HTTPProxy in another namespace.\\nExists due to a mistake when developing HTTPProxy and the field was marked plural\\nwhen it should have been singular. This field should stay to not break backwards compatibility to v1 users."'), + includes: { + '#withName':: d.fn(help='"Name of the child HTTPProxy"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { tcpproxy+: { includes+: { name: name } } } }, + '#withNamespace':: d.fn(help='"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { tcpproxy+: { includes+: { namespace: namespace } } } }, + }, + '#loadBalancerPolicy':: d.obj(help='"The load balancing policy for the backend services. Note that the\\n`Cookie` and `RequestHash` load balancing strategies cannot be used\\nhere."'), + loadBalancerPolicy: { + '#requestHashPolicies':: d.obj(help='"RequestHashPolicies contains a list of hash policies to apply when the\\n`RequestHash` load balancing strategy is chosen. If an element of the\\nsupplied list of hash policies is invalid, it will be ignored. If the\\nlist of hash policies is empty after validation, the load balancing\\nstrategy will fall back to the default `RoundRobin`."'), + requestHashPolicies: { + '#headerHashOptions':: d.obj(help='"HeaderHashOptions should be set when request header hash based load\\nbalancing is desired. It must be the only hash option field set,\\notherwise this request hash policy object will be ignored."'), + headerHashOptions: { + '#withHeaderName':: d.fn(help='"HeaderName is the name of the HTTP request header that will be used to\\ncalculate the hash key. If the header specified is not present on a\\nrequest, no hash will be produced."', args=[d.arg(name='headerName', type=d.T.string)]), + withHeaderName(headerName): { headerHashOptions+: { headerName: headerName } }, + }, + '#queryParameterHashOptions':: d.obj(help='"QueryParameterHashOptions should be set when request query parameter hash based load\\nbalancing is desired. It must be the only hash option field set,\\notherwise this request hash policy object will be ignored."'), + queryParameterHashOptions: { + '#withParameterName':: d.fn(help='"ParameterName is the name of the HTTP request query parameter that will be used to\\ncalculate the hash key. If the query parameter specified is not present on a\\nrequest, no hash will be produced."', args=[d.arg(name='parameterName', type=d.T.string)]), + withParameterName(parameterName): { queryParameterHashOptions+: { parameterName: parameterName } }, + }, + '#withHashSourceIP':: d.fn(help='"HashSourceIP should be set to true when request source IP hash based\\nload balancing is desired. It must be the only hash option field set,\\notherwise this request hash policy object will be ignored."', args=[d.arg(name='hashSourceIP', type=d.T.boolean)]), + withHashSourceIP(hashSourceIP): { hashSourceIP: hashSourceIP }, + '#withTerminal':: d.fn(help='"Terminal is a flag that allows for short-circuiting computing of a hash\\nfor a given request. If set to true, and the request attribute specified\\nin the attribute hash options is present, no further hash policies will\\nbe used to calculate a hash for the request."', args=[d.arg(name='terminal', type=d.T.boolean)]), + withTerminal(terminal): { terminal: terminal }, + }, + '#withRequestHashPolicies':: d.fn(help='"RequestHashPolicies contains a list of hash policies to apply when the\\n`RequestHash` load balancing strategy is chosen. If an element of the\\nsupplied list of hash policies is invalid, it will be ignored. If the\\nlist of hash policies is empty after validation, the load balancing\\nstrategy will fall back to the default `RoundRobin`."', args=[d.arg(name='requestHashPolicies', type=d.T.array)]), + withRequestHashPolicies(requestHashPolicies): { spec+: { tcpproxy+: { loadBalancerPolicy+: { requestHashPolicies: if std.isArray(v=requestHashPolicies) then requestHashPolicies else [requestHashPolicies] } } } }, + '#withRequestHashPoliciesMixin':: d.fn(help='"RequestHashPolicies contains a list of hash policies to apply when the\\n`RequestHash` load balancing strategy is chosen. If an element of the\\nsupplied list of hash policies is invalid, it will be ignored. If the\\nlist of hash policies is empty after validation, the load balancing\\nstrategy will fall back to the default `RoundRobin`."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='requestHashPolicies', type=d.T.array)]), + withRequestHashPoliciesMixin(requestHashPolicies): { spec+: { tcpproxy+: { loadBalancerPolicy+: { requestHashPolicies+: if std.isArray(v=requestHashPolicies) then requestHashPolicies else [requestHashPolicies] } } } }, + '#withStrategy':: d.fn(help='"Strategy specifies the policy used to balance requests\\nacross the pool of backend pods. Valid policy names are\\n`Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`,\\nand `RequestHash`. If an unknown strategy name is specified\\nor no policy is supplied, the default `RoundRobin` policy\\nis used."', args=[d.arg(name='strategy', type=d.T.string)]), + withStrategy(strategy): { spec+: { tcpproxy+: { loadBalancerPolicy+: { strategy: strategy } } } }, + }, + '#services':: d.obj(help='"Services are the services to proxy traffic"'), + services: { + '#cookieRewritePolicies':: d.obj(help='"The policies for rewriting Set-Cookie header attributes."'), + cookieRewritePolicies: { + '#domainRewrite':: d.obj(help='"DomainRewrite enables rewriting the Set-Cookie Domain element.\\nIf not set, Domain will not be rewritten."'), + domainRewrite: { + '#withValue':: d.fn(help='"Value is the value to rewrite the Domain attribute to.\\nFor now this is required."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { domainRewrite+: { value: value } }, + }, + '#pathRewrite':: d.obj(help='"PathRewrite enables rewriting the Set-Cookie Path element.\\nIf not set, Path will not be rewritten."'), + pathRewrite: { + '#withValue':: d.fn(help='"Value is the value to rewrite the Path attribute to.\\nFor now this is required."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { pathRewrite+: { value: value } }, + }, + '#withName':: d.fn(help='"Name is the name of the cookie for which attributes will be rewritten."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withSameSite':: d.fn(help='"SameSite enables rewriting the Set-Cookie SameSite element.\\nIf not set, SameSite attribute will not be rewritten."', args=[d.arg(name='sameSite', type=d.T.string)]), + withSameSite(sameSite): { sameSite: sameSite }, + '#withSecure':: d.fn(help='"Secure enables rewriting the Set-Cookie Secure element.\\nIf not set, Secure attribute will not be rewritten."', args=[d.arg(name='secure', type=d.T.boolean)]), + withSecure(secure): { secure: secure }, + }, + '#requestHeadersPolicy':: d.obj(help='"The policy for managing request headers during proxying."'), + requestHeadersPolicy: { + '#set':: d.obj(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."'), + set: { + '#withName':: d.fn(help='"Name represents a key of a header"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value represents the value of a header specified by a key"', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withRemove':: d.fn(help='"Remove specifies a list of HTTP header names to remove."', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { requestHeadersPolicy+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove specifies a list of HTTP header names to remove."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { requestHeadersPolicy+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { requestHeadersPolicy+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { requestHeadersPolicy+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#responseHeadersPolicy':: d.obj(help="\"The policy for managing response headers during proxying.\\nRewriting the 'Host' header is not supported.\""), + responseHeadersPolicy: { + '#set':: d.obj(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."'), + set: { + '#withName':: d.fn(help='"Name represents a key of a header"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value represents the value of a header specified by a key"', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withRemove':: d.fn(help='"Remove specifies a list of HTTP header names to remove."', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { responseHeadersPolicy+: { remove: if std.isArray(v=remove) then remove else [remove] } }, + '#withRemoveMixin':: d.fn(help='"Remove specifies a list of HTTP header names to remove."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { responseHeadersPolicy+: { remove+: if std.isArray(v=remove) then remove else [remove] } }, + '#withSet':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."', args=[d.arg(name='set', type=d.T.array)]), + withSet(set): { responseHeadersPolicy+: { set: if std.isArray(v=set) then set else [set] } }, + '#withSetMixin':: d.fn(help='"Set specifies a list of HTTP header values that will be set in the HTTP header.\\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.array)]), + withSetMixin(set): { responseHeadersPolicy+: { set+: if std.isArray(v=set) then set else [set] } }, + }, + '#slowStartPolicy':: d.obj(help='"Slow start will gradually increase amount of traffic to a newly added endpoint."'), + slowStartPolicy: { + '#withAggression':: d.fn(help='"The speed of traffic increase over the slow start window.\\nDefaults to 1.0, so that endpoint would get linearly increasing amount of traffic.\\nWhen increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly.\\nThe value of aggression parameter should be greater than 0.0.\\nMore info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start"', args=[d.arg(name='aggression', type=d.T.string)]), + withAggression(aggression): { slowStartPolicy+: { aggression: aggression } }, + '#withMinWeightPercent':: d.fn(help='"The minimum or starting percentage of traffic to send to new endpoints.\\nA non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window.\\nIf not specified, the default is 10%."', args=[d.arg(name='minWeightPercent', type=d.T.integer)]), + withMinWeightPercent(minWeightPercent): { slowStartPolicy+: { minWeightPercent: minWeightPercent } }, + '#withWindow':: d.fn(help='"The duration of slow start window.\\nDuration is expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\\nValid time units are \\"ns\\", \\"us\\" (or \\"µs\\"), \\"ms\\", \\"s\\", \\"m\\", \\"h\\"."', args=[d.arg(name='window', type=d.T.string)]), + withWindow(window): { slowStartPolicy+: { window: window } }, + }, + '#validation':: d.obj(help="\"UpstreamValidation defines how to verify the backend service's certificate\""), + validation: { + '#withCaSecret':: d.fn(help='"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\\nThe secret must contain key named ca.crt.\\nThe name can be optionally prefixed with namespace \\"namespace/name\\".\\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)"', args=[d.arg(name='caSecret', type=d.T.string)]), + withCaSecret(caSecret): { validation+: { caSecret: caSecret } }, + '#withSubjectName':: d.fn(help="\"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\\nDeprecated: migrate to using the plural field subjectNames.\"", args=[d.arg(name='subjectName', type=d.T.string)]), + withSubjectName(subjectName): { validation+: { subjectName: subjectName } }, + '#withSubjectNames':: d.fn(help="\"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\\npresented certificate.\"", args=[d.arg(name='subjectNames', type=d.T.array)]), + withSubjectNames(subjectNames): { validation+: { subjectNames: if std.isArray(v=subjectNames) then subjectNames else [subjectNames] } }, + '#withSubjectNamesMixin':: d.fn(help="\"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\\npresented certificate.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='subjectNames', type=d.T.array)]), + withSubjectNamesMixin(subjectNames): { validation+: { subjectNames+: if std.isArray(v=subjectNames) then subjectNames else [subjectNames] } }, + }, + '#withCookieRewritePolicies':: d.fn(help='"The policies for rewriting Set-Cookie header attributes."', args=[d.arg(name='cookieRewritePolicies', type=d.T.array)]), + withCookieRewritePolicies(cookieRewritePolicies): { cookieRewritePolicies: if std.isArray(v=cookieRewritePolicies) then cookieRewritePolicies else [cookieRewritePolicies] }, + '#withCookieRewritePoliciesMixin':: d.fn(help='"The policies for rewriting Set-Cookie header attributes."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='cookieRewritePolicies', type=d.T.array)]), + withCookieRewritePoliciesMixin(cookieRewritePolicies): { cookieRewritePolicies+: if std.isArray(v=cookieRewritePolicies) then cookieRewritePolicies else [cookieRewritePolicies] }, + '#withHealthPort':: d.fn(help='"HealthPort is the port for this service healthcheck.\\nIf not specified, Port is used for service healthchecks."', args=[d.arg(name='healthPort', type=d.T.integer)]), + withHealthPort(healthPort): { healthPort: healthPort }, + '#withMirror':: d.fn(help='"If Mirror is true the Service will receive a read only mirror of the traffic for this route.\\nIf Mirror is true, then fractional mirroring can be enabled by optionally setting the Weight\\nfield. Legal values for Weight are 1-100. Omitting the Weight field will result in 100% mirroring.\\nNOTE: Setting Weight explicitly to 0 will unexpectedly result in 100% traffic mirroring. This\\noccurs since we cannot distinguish omitted fields from those explicitly set to their default\\nvalues"', args=[d.arg(name='mirror', type=d.T.boolean)]), + withMirror(mirror): { mirror: mirror }, + '#withName':: d.fn(help='"Name is the name of Kubernetes service to proxy traffic.\\nNames defined here will be used to look up corresponding endpoints which contain the ips to route."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port (defined as Integer) to proxy traffic to since a service can have multiple defined."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withProtocol':: d.fn(help='"Protocol may be used to specify (or override) the protocol used to reach this Service.\\nValues may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations."', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { protocol: protocol }, + '#withWeight':: d.fn(help='"Weight defines percentage of traffic to balance traffic"', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#withServices':: d.fn(help='"Services are the services to proxy traffic"', args=[d.arg(name='services', type=d.T.array)]), + withServices(services): { spec+: { tcpproxy+: { services: if std.isArray(v=services) then services else [services] } } }, + '#withServicesMixin':: d.fn(help='"Services are the services to proxy traffic"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='services', type=d.T.array)]), + withServicesMixin(services): { spec+: { tcpproxy+: { services+: if std.isArray(v=services) then services else [services] } } }, + }, + '#virtualhost':: d.obj(help='"Virtualhost appears at most once. If it is present, the object is considered\\nto be a \\"root\\" HTTPProxy."'), + virtualhost: { + '#authorization':: d.obj(help='"This field configures an extension service to perform\\nauthorization for this virtual host. Authorization can\\nonly be configured on virtual hosts that have TLS enabled.\\nIf the TLS configuration requires client certificate\\nvalidation, the client certificate is always included in the\\nauthentication check request."'), + authorization: { + '#authPolicy':: d.obj(help='"AuthPolicy sets a default authorization policy for client requests.\\nThis policy will be used unless overridden by individual routes."'), + authPolicy: { + '#withContext':: d.fn(help='"Context is a set of key/value pairs that are sent to the\\nauthentication server in the check request. If a context\\nis provided at an enclosing scope, the entries are merged\\nsuch that the inner scope overrides matching keys from the\\nouter scope."', args=[d.arg(name='context', type=d.T.object)]), + withContext(context): { spec+: { virtualhost+: { authorization+: { authPolicy+: { context: context } } } } }, + '#withContextMixin':: d.fn(help='"Context is a set of key/value pairs that are sent to the\\nauthentication server in the check request. If a context\\nis provided at an enclosing scope, the entries are merged\\nsuch that the inner scope overrides matching keys from the\\nouter scope."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='context', type=d.T.object)]), + withContextMixin(context): { spec+: { virtualhost+: { authorization+: { authPolicy+: { context+: context } } } } }, + '#withDisabled':: d.fn(help='"When true, this field disables client request authentication\\nfor the scope of the policy."', args=[d.arg(name='disabled', type=d.T.boolean)]), + withDisabled(disabled): { spec+: { virtualhost+: { authorization+: { authPolicy+: { disabled: disabled } } } } }, + }, + '#extensionRef':: d.obj(help='"ExtensionServiceRef specifies the extension resource that will authorize client requests."'), + extensionRef: { + '#withApiVersion':: d.fn(help='"API version of the referent.\\nIf this field is not specified, the default \\"projectcontour.io/v1alpha1\\" will be used"', args=[d.arg(name='apiVersion', type=d.T.string)]), + withApiVersion(apiVersion): { spec+: { virtualhost+: { authorization+: { extensionRef+: { apiVersion: apiVersion } } } } }, + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { virtualhost+: { authorization+: { extensionRef+: { name: name } } } } }, + '#withNamespace':: d.fn(help='"Namespace of the referent.\\nIf this field is not specifies, the namespace of the resource that targets the referent will be used.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { virtualhost+: { authorization+: { extensionRef+: { namespace: namespace } } } } }, + }, + '#withFailOpen':: d.fn(help='"If FailOpen is true, the client request is forwarded to the upstream service\\neven if the authorization server fails to respond. This field should not be\\nset in most cases. It is intended for use only while migrating applications\\nfrom internal authorization to Contour external authorization."', args=[d.arg(name='failOpen', type=d.T.boolean)]), + withFailOpen(failOpen): { spec+: { virtualhost+: { authorization+: { failOpen: failOpen } } } }, + '#withRequestBody':: d.obj(help="\"WithRequestBody specifies configuration for sending the client request's body to authorization server.\""), + withRequestBody: { + '#withAllowPartialMessage':: d.fn(help='"If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached."', args=[d.arg(name='allowPartialMessage', type=d.T.boolean)]), + withAllowPartialMessage(allowPartialMessage): { spec+: { virtualhost+: { authorization+: { withRequestBody+: { allowPartialMessage: allowPartialMessage } } } } }, + '#withMaxRequestBytes':: d.fn(help='"MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory."', args=[d.arg(name='maxRequestBytes', type=d.T.integer)]), + withMaxRequestBytes(maxRequestBytes): { spec+: { virtualhost+: { authorization+: { withRequestBody+: { maxRequestBytes: maxRequestBytes } } } } }, + '#withPackAsBytes':: d.fn(help='"If PackAsBytes is true, the body sent to Authorization Server is in raw bytes."', args=[d.arg(name='packAsBytes', type=d.T.boolean)]), + withPackAsBytes(packAsBytes): { spec+: { virtualhost+: { authorization+: { withRequestBody+: { packAsBytes: packAsBytes } } } } }, + }, + '#withResponseTimeout':: d.fn(help='"ResponseTimeout configures maximum time to wait for a check response from the authorization server.\\nTimeout durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\\nValid time units are \\"ns\\", \\"us\\" (or \\"µs\\"), \\"ms\\", \\"s\\", \\"m\\", \\"h\\".\\nThe string \\"infinity\\" is also a valid input and specifies no timeout."', args=[d.arg(name='responseTimeout', type=d.T.string)]), + withResponseTimeout(responseTimeout): { spec+: { virtualhost+: { authorization+: { responseTimeout: responseTimeout } } } }, + }, + '#corsPolicy':: d.obj(help='"Specifies the cross-origin policy to apply to the VirtualHost."'), + corsPolicy: { + '#withAllowCredentials':: d.fn(help='"Specifies whether the resource allows credentials."', args=[d.arg(name='allowCredentials', type=d.T.boolean)]), + withAllowCredentials(allowCredentials): { spec+: { virtualhost+: { corsPolicy+: { allowCredentials: allowCredentials } } } }, + '#withAllowHeaders':: d.fn(help='"AllowHeaders specifies the content for the *access-control-allow-headers* header."', args=[d.arg(name='allowHeaders', type=d.T.array)]), + withAllowHeaders(allowHeaders): { spec+: { virtualhost+: { corsPolicy+: { allowHeaders: if std.isArray(v=allowHeaders) then allowHeaders else [allowHeaders] } } } }, + '#withAllowHeadersMixin':: d.fn(help='"AllowHeaders specifies the content for the *access-control-allow-headers* header."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='allowHeaders', type=d.T.array)]), + withAllowHeadersMixin(allowHeaders): { spec+: { virtualhost+: { corsPolicy+: { allowHeaders+: if std.isArray(v=allowHeaders) then allowHeaders else [allowHeaders] } } } }, + '#withAllowMethods':: d.fn(help='"AllowMethods specifies the content for the *access-control-allow-methods* header."', args=[d.arg(name='allowMethods', type=d.T.array)]), + withAllowMethods(allowMethods): { spec+: { virtualhost+: { corsPolicy+: { allowMethods: if std.isArray(v=allowMethods) then allowMethods else [allowMethods] } } } }, + '#withAllowMethodsMixin':: d.fn(help='"AllowMethods specifies the content for the *access-control-allow-methods* header."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='allowMethods', type=d.T.array)]), + withAllowMethodsMixin(allowMethods): { spec+: { virtualhost+: { corsPolicy+: { allowMethods+: if std.isArray(v=allowMethods) then allowMethods else [allowMethods] } } } }, + '#withAllowOrigin':: d.fn(help='"AllowOrigin specifies the origins that will be allowed to do CORS requests.\\nAllowed values include \\"*\\" which signifies any origin is allowed, an exact\\norigin of the form \\"scheme://host[:port]\\" (where port is optional), or a valid\\nregex pattern.\\nNote that regex patterns are validated and a simple \\"glob\\" pattern (e.g. *.foo.com)\\nwill be rejected or produce unexpected matches when applied as a regex."', args=[d.arg(name='allowOrigin', type=d.T.array)]), + withAllowOrigin(allowOrigin): { spec+: { virtualhost+: { corsPolicy+: { allowOrigin: if std.isArray(v=allowOrigin) then allowOrigin else [allowOrigin] } } } }, + '#withAllowOriginMixin':: d.fn(help='"AllowOrigin specifies the origins that will be allowed to do CORS requests.\\nAllowed values include \\"*\\" which signifies any origin is allowed, an exact\\norigin of the form \\"scheme://host[:port]\\" (where port is optional), or a valid\\nregex pattern.\\nNote that regex patterns are validated and a simple \\"glob\\" pattern (e.g. *.foo.com)\\nwill be rejected or produce unexpected matches when applied as a regex."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='allowOrigin', type=d.T.array)]), + withAllowOriginMixin(allowOrigin): { spec+: { virtualhost+: { corsPolicy+: { allowOrigin+: if std.isArray(v=allowOrigin) then allowOrigin else [allowOrigin] } } } }, + '#withAllowPrivateNetwork':: d.fn(help='"AllowPrivateNetwork specifies whether to allow private network requests.\\nSee https://developer.chrome.com/blog/private-network-access-preflight."', args=[d.arg(name='allowPrivateNetwork', type=d.T.boolean)]), + withAllowPrivateNetwork(allowPrivateNetwork): { spec+: { virtualhost+: { corsPolicy+: { allowPrivateNetwork: allowPrivateNetwork } } } }, + '#withExposeHeaders':: d.fn(help='"ExposeHeaders Specifies the content for the *access-control-expose-headers* header."', args=[d.arg(name='exposeHeaders', type=d.T.array)]), + withExposeHeaders(exposeHeaders): { spec+: { virtualhost+: { corsPolicy+: { exposeHeaders: if std.isArray(v=exposeHeaders) then exposeHeaders else [exposeHeaders] } } } }, + '#withExposeHeadersMixin':: d.fn(help='"ExposeHeaders Specifies the content for the *access-control-expose-headers* header."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='exposeHeaders', type=d.T.array)]), + withExposeHeadersMixin(exposeHeaders): { spec+: { virtualhost+: { corsPolicy+: { exposeHeaders+: if std.isArray(v=exposeHeaders) then exposeHeaders else [exposeHeaders] } } } }, + '#withMaxAge':: d.fn(help='"MaxAge indicates for how long the results of a preflight request can be cached.\\nMaxAge durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\\nValid time units are \\"ns\\", \\"us\\" (or \\"µs\\"), \\"ms\\", \\"s\\", \\"m\\", \\"h\\".\\nOnly positive values are allowed while 0 disables the cache requiring a preflight OPTIONS\\ncheck for all cross-origin requests."', args=[d.arg(name='maxAge', type=d.T.string)]), + withMaxAge(maxAge): { spec+: { virtualhost+: { corsPolicy+: { maxAge: maxAge } } } }, + }, + '#ipAllowPolicy':: d.obj(help='"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be allowed. All other requests will be denied.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here may be overridden in a Route."'), + ipAllowPolicy: { + '#withCidr':: d.fn(help='"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\\na bare IP address (without a mask) to filter on exactly one address."', args=[d.arg(name='cidr', type=d.T.string)]), + withCidr(cidr): { cidr: cidr }, + '#withSource':: d.fn(help='"Source indicates how to determine the ip address to filter on, and can be\\none of two values:\\n - `Remote` filters on the ip address of the client, accounting for PROXY and\\n X-Forwarded-For as needed.\\n - `Peer` filters on the ip of the network request, ignoring PROXY and\\n X-Forwarded-For."', args=[d.arg(name='source', type=d.T.string)]), + withSource(source): { source: source }, + }, + '#ipDenyPolicy':: d.obj(help='"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be denied. All other requests will be allowed.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here may be overridden in a Route."'), + ipDenyPolicy: { + '#withCidr':: d.fn(help='"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\\na bare IP address (without a mask) to filter on exactly one address."', args=[d.arg(name='cidr', type=d.T.string)]), + withCidr(cidr): { cidr: cidr }, + '#withSource':: d.fn(help='"Source indicates how to determine the ip address to filter on, and can be\\none of two values:\\n - `Remote` filters on the ip address of the client, accounting for PROXY and\\n X-Forwarded-For as needed.\\n - `Peer` filters on the ip of the network request, ignoring PROXY and\\n X-Forwarded-For."', args=[d.arg(name='source', type=d.T.string)]), + withSource(source): { source: source }, + }, + '#jwtProviders':: d.obj(help='"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host."'), + jwtProviders: { + '#remoteJWKS':: d.obj(help='"Remote JWKS to use for verifying JWT signatures."'), + remoteJWKS: { + '#validation':: d.obj(help="\"UpstreamValidation defines how to verify the JWKS's TLS certificate.\""), + validation: { + '#withCaSecret':: d.fn(help='"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\\nThe secret must contain key named ca.crt.\\nThe name can be optionally prefixed with namespace \\"namespace/name\\".\\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)"', args=[d.arg(name='caSecret', type=d.T.string)]), + withCaSecret(caSecret): { remoteJWKS+: { validation+: { caSecret: caSecret } } }, + '#withSubjectName':: d.fn(help="\"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\\nDeprecated: migrate to using the plural field subjectNames.\"", args=[d.arg(name='subjectName', type=d.T.string)]), + withSubjectName(subjectName): { remoteJWKS+: { validation+: { subjectName: subjectName } } }, + '#withSubjectNames':: d.fn(help="\"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\\npresented certificate.\"", args=[d.arg(name='subjectNames', type=d.T.array)]), + withSubjectNames(subjectNames): { remoteJWKS+: { validation+: { subjectNames: if std.isArray(v=subjectNames) then subjectNames else [subjectNames] } } }, + '#withSubjectNamesMixin':: d.fn(help="\"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\\npresented certificate.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='subjectNames', type=d.T.array)]), + withSubjectNamesMixin(subjectNames): { remoteJWKS+: { validation+: { subjectNames+: if std.isArray(v=subjectNames) then subjectNames else [subjectNames] } } }, + }, + '#withCacheDuration':: d.fn(help="\"How long to cache the JWKS locally. If not specified,\\nEnvoy's default of 5m applies.\"", args=[d.arg(name='cacheDuration', type=d.T.string)]), + withCacheDuration(cacheDuration): { remoteJWKS+: { cacheDuration: cacheDuration } }, + '#withDnsLookupFamily':: d.fn(help='"The DNS IP address resolution policy for the JWKS URI.\\nWhen configured as \\"v4\\", the DNS resolver will only perform a lookup\\nfor addresses in the IPv4 family. If \\"v6\\" is configured, the DNS resolver\\nwill only perform a lookup for addresses in the IPv6 family.\\nIf \\"all\\" is configured, the DNS resolver\\nwill perform a lookup for addresses in both the IPv4 and IPv6 family.\\nIf \\"auto\\" is configured, the DNS resolver will first perform a lookup\\nfor addresses in the IPv6 family and fallback to a lookup for addresses\\nin the IPv4 family. If not specified, the Contour-wide setting defined\\nin the config file or ContourConfiguration applies (defaults to \\"auto\\").\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily\\nfor more information."', args=[d.arg(name='dnsLookupFamily', type=d.T.string)]), + withDnsLookupFamily(dnsLookupFamily): { remoteJWKS+: { dnsLookupFamily: dnsLookupFamily } }, + '#withTimeout':: d.fn(help='"How long to wait for a response from the URI.\\nIf not specified, a default of 1s applies."', args=[d.arg(name='timeout', type=d.T.string)]), + withTimeout(timeout): { remoteJWKS+: { timeout: timeout } }, + '#withUri':: d.fn(help='"The URI for the JWKS."', args=[d.arg(name='uri', type=d.T.string)]), + withUri(uri): { remoteJWKS+: { uri: uri } }, + }, + '#withAudiences':: d.fn(help='"Audiences that JWTs are allowed to have in the \\"aud\\" field.\\nIf not provided, JWT audiences are not checked."', args=[d.arg(name='audiences', type=d.T.array)]), + withAudiences(audiences): { audiences: if std.isArray(v=audiences) then audiences else [audiences] }, + '#withAudiencesMixin':: d.fn(help='"Audiences that JWTs are allowed to have in the \\"aud\\" field.\\nIf not provided, JWT audiences are not checked."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='audiences', type=d.T.array)]), + withAudiencesMixin(audiences): { audiences+: if std.isArray(v=audiences) then audiences else [audiences] }, + '#withDefault':: d.fn(help='"Whether the provider should apply to all\\nroutes in the HTTPProxy/its includes by\\ndefault. At most one provider can be marked\\nas the default. If no provider is marked\\nas the default, individual routes must explicitly\\nidentify the provider they require."', args=[d.arg(name='default', type=d.T.boolean)]), + withDefault(default): { default: default }, + '#withForwardJWT':: d.fn(help='"Whether the JWT should be forwarded to the backend\\nservice after successful verification. By default,\\nthe JWT is not forwarded."', args=[d.arg(name='forwardJWT', type=d.T.boolean)]), + withForwardJWT(forwardJWT): { forwardJWT: forwardJWT }, + '#withIssuer':: d.fn(help='"Issuer that JWTs are required to have in the \\"iss\\" field.\\nIf not provided, JWT issuers are not checked."', args=[d.arg(name='issuer', type=d.T.string)]), + withIssuer(issuer): { issuer: issuer }, + '#withName':: d.fn(help='"Unique name for the provider."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#rateLimitPolicy':: d.obj(help='"The policy for rate limiting on the virtual host."'), + rateLimitPolicy: { + '#global':: d.obj(help='"Global defines global rate limiting parameters, i.e. parameters\\ndefining descriptors that are sent to an external rate limit\\nservice (RLS) for a rate limit decision on each request."'), + global: { + '#descriptors':: d.obj(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."'), + descriptors: { + '#entries':: d.obj(help='"Entries is the list of key-value pair generators."'), + entries: { + '#genericKey':: d.obj(help='"GenericKey defines a descriptor entry with a static key and value."'), + genericKey: { + '#withKey':: d.fn(help='"Key defines the key of the descriptor entry. If not set, the\\nkey is set to \\"generic_key\\"."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { genericKey+: { key: key } }, + '#withValue':: d.fn(help='"Value defines the value of the descriptor entry."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { genericKey+: { value: value } }, + }, + '#requestHeader':: d.obj(help="\"RequestHeader defines a descriptor entry that's populated only if\\na given header is present on the request. The descriptor key is static,\\nand the descriptor value is equal to the value of the header.\""), + requestHeader: { + '#withDescriptorKey':: d.fn(help='"DescriptorKey defines the key to use on the descriptor entry."', args=[d.arg(name='descriptorKey', type=d.T.string)]), + withDescriptorKey(descriptorKey): { requestHeader+: { descriptorKey: descriptorKey } }, + '#withHeaderName':: d.fn(help='"HeaderName defines the name of the header to look for on the request."', args=[d.arg(name='headerName', type=d.T.string)]), + withHeaderName(headerName): { requestHeader+: { headerName: headerName } }, + }, + '#requestHeaderValueMatch':: d.obj(help="\"RequestHeaderValueMatch defines a descriptor entry that's populated\\nif the request's headers match a set of 1+ match criteria. The\\ndescriptor key is \\\"header_match\\\", and the descriptor value is static.\""), + requestHeaderValueMatch: { + '#headers':: d.obj(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."'), + headers: { + '#withContains':: d.fn(help='"Contains specifies a substring that must be present in\\nthe header value."', args=[d.arg(name='contains', type=d.T.string)]), + withContains(contains): { contains: contains }, + '#withExact':: d.fn(help='"Exact specifies a string that the header value must be equal to."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { exact: exact }, + '#withIgnoreCase':: d.fn(help='"IgnoreCase specifies that string matching should be case insensitive.\\nNote that this has no effect on the Regex parameter."', args=[d.arg(name='ignoreCase', type=d.T.boolean)]), + withIgnoreCase(ignoreCase): { ignoreCase: ignoreCase }, + '#withName':: d.fn(help='"Name is the name of the header to match against. Name is required.\\nHeader names are case insensitive."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNotcontains':: d.fn(help='"NotContains specifies a substring that must not be present\\nin the header value."', args=[d.arg(name='notcontains', type=d.T.string)]), + withNotcontains(notcontains): { notcontains: notcontains }, + '#withNotexact':: d.fn(help='"NoExact specifies a string that the header value must not be\\nequal to. The condition is true if the header has any other value."', args=[d.arg(name='notexact', type=d.T.string)]), + withNotexact(notexact): { notexact: notexact }, + '#withNotpresent':: d.fn(help='"NotPresent specifies that condition is true when the named header\\nis not present. Note that setting NotPresent to false does not\\nmake the condition true if the named header is present."', args=[d.arg(name='notpresent', type=d.T.boolean)]), + withNotpresent(notpresent): { notpresent: notpresent }, + '#withPresent':: d.fn(help='"Present specifies that condition is true when the named header\\nis present, regardless of its value. Note that setting Present\\nto false does not make the condition true if the named header\\nis absent."', args=[d.arg(name='present', type=d.T.boolean)]), + withPresent(present): { present: present }, + '#withRegex':: d.fn(help='"Regex specifies a regular expression pattern that must match the header\\nvalue."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { regex: regex }, + '#withTreatMissingAsEmpty':: d.fn(help='"TreatMissingAsEmpty specifies if the header match rule specified header\\ndoes not exist, this header value will be treated as empty. Defaults to false.\\nUnlike the underlying Envoy implementation this is **only** supported for\\nnegative matches (e.g. NotContains, NotExact)."', args=[d.arg(name='treatMissingAsEmpty', type=d.T.boolean)]), + withTreatMissingAsEmpty(treatMissingAsEmpty): { treatMissingAsEmpty: treatMissingAsEmpty }, + }, + '#withExpectMatch':: d.fn(help='"ExpectMatch defines whether the request must positively match the match\\ncriteria in order to generate a descriptor entry (i.e. true), or not\\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\\nThe default is true."', args=[d.arg(name='expectMatch', type=d.T.boolean)]), + withExpectMatch(expectMatch): { requestHeaderValueMatch+: { expectMatch: expectMatch } }, + '#withHeaders':: d.fn(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { requestHeaderValueMatch+: { headers: if std.isArray(v=headers) then headers else [headers] } }, + '#withHeadersMixin':: d.fn(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { requestHeaderValueMatch+: { headers+: if std.isArray(v=headers) then headers else [headers] } }, + '#withValue':: d.fn(help='"Value defines the value of the descriptor entry."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { requestHeaderValueMatch+: { value: value } }, + }, + '#withRemoteAddress':: d.fn(help="\"RemoteAddress defines a descriptor entry with a key of \\\"remote_address\\\"\\nand a value equal to the client's IP address (from x-forwarded-for).\"", args=[d.arg(name='remoteAddress', type=d.T.object)]), + withRemoteAddress(remoteAddress): { remoteAddress: remoteAddress }, + '#withRemoteAddressMixin':: d.fn(help="\"RemoteAddress defines a descriptor entry with a key of \\\"remote_address\\\"\\nand a value equal to the client's IP address (from x-forwarded-for).\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='remoteAddress', type=d.T.object)]), + withRemoteAddressMixin(remoteAddress): { remoteAddress+: remoteAddress }, + }, + '#withEntries':: d.fn(help='"Entries is the list of key-value pair generators."', args=[d.arg(name='entries', type=d.T.array)]), + withEntries(entries): { entries: if std.isArray(v=entries) then entries else [entries] }, + '#withEntriesMixin':: d.fn(help='"Entries is the list of key-value pair generators."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='entries', type=d.T.array)]), + withEntriesMixin(entries): { entries+: if std.isArray(v=entries) then entries else [entries] }, + }, + '#withDescriptors':: d.fn(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."', args=[d.arg(name='descriptors', type=d.T.array)]), + withDescriptors(descriptors): { spec+: { virtualhost+: { rateLimitPolicy+: { global+: { descriptors: if std.isArray(v=descriptors) then descriptors else [descriptors] } } } } }, + '#withDescriptorsMixin':: d.fn(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='descriptors', type=d.T.array)]), + withDescriptorsMixin(descriptors): { spec+: { virtualhost+: { rateLimitPolicy+: { global+: { descriptors+: if std.isArray(v=descriptors) then descriptors else [descriptors] } } } } }, + '#withDisabled':: d.fn(help='"Disabled configures the HTTPProxy to not use\\nthe default global rate limit policy defined by the Contour configuration."', args=[d.arg(name='disabled', type=d.T.boolean)]), + withDisabled(disabled): { spec+: { virtualhost+: { rateLimitPolicy+: { global+: { disabled: disabled } } } } }, + }, + '#local':: d.obj(help='"Local defines local rate limiting parameters, i.e. parameters\\nfor rate limiting that occurs within each Envoy pod as requests\\nare handled."'), + 'local': { + '#responseHeadersToAdd':: d.obj(help='"ResponseHeadersToAdd is an optional list of response headers to\\nset when a request is rate-limited."'), + responseHeadersToAdd: { + '#withName':: d.fn(help='"Name represents a key of a header"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withValue':: d.fn(help='"Value represents the value of a header specified by a key"', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withBurst':: d.fn(help='"Burst defines the number of requests above the requests per\\nunit that should be allowed within a short period of time."', args=[d.arg(name='burst', type=d.T.integer)]), + withBurst(burst): { spec+: { virtualhost+: { rateLimitPolicy+: { 'local'+: { burst: burst } } } } }, + '#withRequests':: d.fn(help='"Requests defines how many requests per unit of time should\\nbe allowed before rate limiting occurs."', args=[d.arg(name='requests', type=d.T.integer)]), + withRequests(requests): { spec+: { virtualhost+: { rateLimitPolicy+: { 'local'+: { requests: requests } } } } }, + '#withResponseHeadersToAdd':: d.fn(help='"ResponseHeadersToAdd is an optional list of response headers to\\nset when a request is rate-limited."', args=[d.arg(name='responseHeadersToAdd', type=d.T.array)]), + withResponseHeadersToAdd(responseHeadersToAdd): { spec+: { virtualhost+: { rateLimitPolicy+: { 'local'+: { responseHeadersToAdd: if std.isArray(v=responseHeadersToAdd) then responseHeadersToAdd else [responseHeadersToAdd] } } } } }, + '#withResponseHeadersToAddMixin':: d.fn(help='"ResponseHeadersToAdd is an optional list of response headers to\\nset when a request is rate-limited."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='responseHeadersToAdd', type=d.T.array)]), + withResponseHeadersToAddMixin(responseHeadersToAdd): { spec+: { virtualhost+: { rateLimitPolicy+: { 'local'+: { responseHeadersToAdd+: if std.isArray(v=responseHeadersToAdd) then responseHeadersToAdd else [responseHeadersToAdd] } } } } }, + '#withResponseStatusCode':: d.fn(help='"ResponseStatusCode is the HTTP status code to use for responses\\nto rate-limited requests. Codes must be in the 400-599 range\\n(inclusive). If not specified, the Envoy default of 429 (Too\\nMany Requests) is used."', args=[d.arg(name='responseStatusCode', type=d.T.integer)]), + withResponseStatusCode(responseStatusCode): { spec+: { virtualhost+: { rateLimitPolicy+: { 'local'+: { responseStatusCode: responseStatusCode } } } } }, + '#withUnit':: d.fn(help='"Unit defines the period of time within which requests\\nover the limit will be rate limited. Valid values are\\n\\"second\\", \\"minute\\" and \\"hour\\"."', args=[d.arg(name='unit', type=d.T.string)]), + withUnit(unit): { spec+: { virtualhost+: { rateLimitPolicy+: { 'local'+: { unit: unit } } } } }, + }, + }, + '#tls':: d.obj(help='"If present the fields describes TLS properties of the virtual\\nhost. The SNI names that will be matched on are described in fqdn,\\nthe tls.secretName secret must contain a certificate that itself\\ncontains a name that matches the FQDN."'), + tls: { + '#clientValidation':: d.obj(help='"ClientValidation defines how to verify the client certificate\\nwhen an external client establishes a TLS connection to Envoy.\\nThis setting:\\n1. Enables TLS client certificate validation.\\n2. Specifies how the client certificate will be validated (i.e.\\n validation required or skipped).\\nNote: Setting client certificate validation to be skipped should\\nbe only used in conjunction with an external authorization server that\\nperforms client validation as Contour will ensure client certificates\\nare passed along."'), + clientValidation: { + '#forwardClientCertificate':: d.obj(help='"ForwardClientCertificate adds the selected data from the passed client TLS certificate\\nto the x-forwarded-client-cert header."'), + forwardClientCertificate: { + '#withCert':: d.fn(help='"Client cert in URL encoded PEM format."', args=[d.arg(name='cert', type=d.T.boolean)]), + withCert(cert): { spec+: { virtualhost+: { tls+: { clientValidation+: { forwardClientCertificate+: { cert: cert } } } } } }, + '#withChain':: d.fn(help='"Client cert chain (including the leaf cert) in URL encoded PEM format."', args=[d.arg(name='chain', type=d.T.boolean)]), + withChain(chain): { spec+: { virtualhost+: { tls+: { clientValidation+: { forwardClientCertificate+: { chain: chain } } } } } }, + '#withDns':: d.fn(help='"DNS type Subject Alternative Names of the client cert."', args=[d.arg(name='dns', type=d.T.boolean)]), + withDns(dns): { spec+: { virtualhost+: { tls+: { clientValidation+: { forwardClientCertificate+: { dns: dns } } } } } }, + '#withSubject':: d.fn(help='"Subject of the client cert."', args=[d.arg(name='subject', type=d.T.boolean)]), + withSubject(subject): { spec+: { virtualhost+: { tls+: { clientValidation+: { forwardClientCertificate+: { subject: subject } } } } } }, + '#withUri':: d.fn(help='"URI type Subject Alternative Name of the client cert."', args=[d.arg(name='uri', type=d.T.boolean)]), + withUri(uri): { spec+: { virtualhost+: { tls+: { clientValidation+: { forwardClientCertificate+: { uri: uri } } } } } }, + }, + '#withCaSecret':: d.fn(help='"Name of a Kubernetes secret that contains a CA certificate bundle.\\nThe secret must contain key named ca.crt.\\nThe client certificate must validate against the certificates in the bundle.\\nIf specified and SkipClientCertValidation is true, client certificates will\\nbe required on requests.\\nThe name can be optionally prefixed with namespace \\"namespace/name\\".\\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret."', args=[d.arg(name='caSecret', type=d.T.string)]), + withCaSecret(caSecret): { spec+: { virtualhost+: { tls+: { clientValidation+: { caSecret: caSecret } } } } }, + '#withCrlOnlyVerifyLeafCert':: d.fn(help='"If this option is set to true, only the certificate at the end of the\\ncertificate chain will be subject to validation by CRL."', args=[d.arg(name='crlOnlyVerifyLeafCert', type=d.T.boolean)]), + withCrlOnlyVerifyLeafCert(crlOnlyVerifyLeafCert): { spec+: { virtualhost+: { tls+: { clientValidation+: { crlOnlyVerifyLeafCert: crlOnlyVerifyLeafCert } } } } }, + '#withCrlSecret':: d.fn(help='"Name of a Kubernetes opaque secret that contains a concatenated list of PEM encoded CRLs.\\nThe secret must contain key named crl.pem.\\nThis field will be used to verify that a client certificate has not been revoked.\\nCRLs must be available from all CAs, unless crlOnlyVerifyLeafCert is true.\\nLarge CRL lists are not supported since individual secrets are limited to 1MiB in size.\\nThe name can be optionally prefixed with namespace \\"namespace/name\\".\\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret."', args=[d.arg(name='crlSecret', type=d.T.string)]), + withCrlSecret(crlSecret): { spec+: { virtualhost+: { tls+: { clientValidation+: { crlSecret: crlSecret } } } } }, + '#withOptionalClientCertificate':: d.fn(help='"OptionalClientCertificate when set to true will request a client certificate\\nbut allow the connection to continue if the client does not provide one.\\nIf a client certificate is sent, it will be verified according to the\\nother properties, which includes disabling validation if\\nSkipClientCertValidation is set. Defaults to false."', args=[d.arg(name='optionalClientCertificate', type=d.T.boolean)]), + withOptionalClientCertificate(optionalClientCertificate): { spec+: { virtualhost+: { tls+: { clientValidation+: { optionalClientCertificate: optionalClientCertificate } } } } }, + '#withSkipClientCertValidation':: d.fn(help='"SkipClientCertValidation disables downstream client certificate\\nvalidation. Defaults to false. This field is intended to be used in\\nconjunction with external authorization in order to enable the external\\nauthorization server to validate client certificates. When this field\\nis set to true, client certificates are requested but not verified by\\nEnvoy. If CACertificate is specified, client certificates are required on\\nrequests, but not verified. If external authorization is in use, they are\\npresented to the external authorization server."', args=[d.arg(name='skipClientCertValidation', type=d.T.boolean)]), + withSkipClientCertValidation(skipClientCertValidation): { spec+: { virtualhost+: { tls+: { clientValidation+: { skipClientCertValidation: skipClientCertValidation } } } } }, + }, + '#withEnableFallbackCertificate':: d.fn(help="\"EnableFallbackCertificate defines if the vhost should allow a default certificate to\\nbe applied which handles all requests which don't match the SNI defined in this vhost.\"", args=[d.arg(name='enableFallbackCertificate', type=d.T.boolean)]), + withEnableFallbackCertificate(enableFallbackCertificate): { spec+: { virtualhost+: { tls+: { enableFallbackCertificate: enableFallbackCertificate } } } }, + '#withMaximumProtocolVersion':: d.fn(help='"MaximumProtocolVersion is the maximum TLS version this vhost should\\nnegotiate. Valid options are `1.2` and `1.3` (default). Any other value\\ndefaults to TLS 1.3."', args=[d.arg(name='maximumProtocolVersion', type=d.T.string)]), + withMaximumProtocolVersion(maximumProtocolVersion): { spec+: { virtualhost+: { tls+: { maximumProtocolVersion: maximumProtocolVersion } } } }, + '#withMinimumProtocolVersion':: d.fn(help='"MinimumProtocolVersion is the minimum TLS version this vhost should\\nnegotiate. Valid options are `1.2` (default) and `1.3`. Any other value\\ndefaults to TLS 1.2."', args=[d.arg(name='minimumProtocolVersion', type=d.T.string)]), + withMinimumProtocolVersion(minimumProtocolVersion): { spec+: { virtualhost+: { tls+: { minimumProtocolVersion: minimumProtocolVersion } } } }, + '#withPassthrough':: d.fn(help='"Passthrough defines whether the encrypted TLS handshake will be\\npassed through to the backing cluster. Either Passthrough or\\nSecretName must be specified, but not both."', args=[d.arg(name='passthrough', type=d.T.boolean)]), + withPassthrough(passthrough): { spec+: { virtualhost+: { tls+: { passthrough: passthrough } } } }, + '#withSecretName':: d.fn(help="\"SecretName is the name of a TLS secret.\\nEither SecretName or Passthrough must be specified, but not both.\\nIf specified, the named secret must contain a matching certificate\\nfor the virtual host's FQDN.\\nThe name can be optionally prefixed with namespace \\\"namespace/name\\\".\\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\"", args=[d.arg(name='secretName', type=d.T.string)]), + withSecretName(secretName): { spec+: { virtualhost+: { tls+: { secretName: secretName } } } }, + }, + '#withFqdn':: d.fn(help='"The fully qualified domain name of the root of the ingress tree\\nall leaves of the DAG rooted at this object relate to the fqdn."', args=[d.arg(name='fqdn', type=d.T.string)]), + withFqdn(fqdn): { spec+: { virtualhost+: { fqdn: fqdn } } }, + '#withIpAllowPolicy':: d.fn(help='"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be allowed. All other requests will be denied.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here may be overridden in a Route."', args=[d.arg(name='ipAllowPolicy', type=d.T.array)]), + withIpAllowPolicy(ipAllowPolicy): { spec+: { virtualhost+: { ipAllowPolicy: if std.isArray(v=ipAllowPolicy) then ipAllowPolicy else [ipAllowPolicy] } } }, + '#withIpAllowPolicyMixin':: d.fn(help='"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be allowed. All other requests will be denied.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here may be overridden in a Route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ipAllowPolicy', type=d.T.array)]), + withIpAllowPolicyMixin(ipAllowPolicy): { spec+: { virtualhost+: { ipAllowPolicy+: if std.isArray(v=ipAllowPolicy) then ipAllowPolicy else [ipAllowPolicy] } } }, + '#withIpDenyPolicy':: d.fn(help='"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be denied. All other requests will be allowed.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here may be overridden in a Route."', args=[d.arg(name='ipDenyPolicy', type=d.T.array)]), + withIpDenyPolicy(ipDenyPolicy): { spec+: { virtualhost+: { ipDenyPolicy: if std.isArray(v=ipDenyPolicy) then ipDenyPolicy else [ipDenyPolicy] } } }, + '#withIpDenyPolicyMixin':: d.fn(help='"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\\nrequests should be denied. All other requests will be allowed.\\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\\nThe rules defined here may be overridden in a Route."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ipDenyPolicy', type=d.T.array)]), + withIpDenyPolicyMixin(ipDenyPolicy): { spec+: { virtualhost+: { ipDenyPolicy+: if std.isArray(v=ipDenyPolicy) then ipDenyPolicy else [ipDenyPolicy] } } }, + '#withJwtProviders':: d.fn(help='"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host."', args=[d.arg(name='jwtProviders', type=d.T.array)]), + withJwtProviders(jwtProviders): { spec+: { virtualhost+: { jwtProviders: if std.isArray(v=jwtProviders) then jwtProviders else [jwtProviders] } } }, + '#withJwtProvidersMixin':: d.fn(help='"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='jwtProviders', type=d.T.array)]), + withJwtProvidersMixin(jwtProviders): { spec+: { virtualhost+: { jwtProviders+: if std.isArray(v=jwtProviders) then jwtProviders else [jwtProviders] } } }, + }, + '#withIncludes':: d.fn(help='"Includes allow for specific routing configuration to be included from another HTTPProxy,\\npossibly in another namespace."', args=[d.arg(name='includes', type=d.T.array)]), + withIncludes(includes): { spec+: { includes: if std.isArray(v=includes) then includes else [includes] } }, + '#withIncludesMixin':: d.fn(help='"Includes allow for specific routing configuration to be included from another HTTPProxy,\\npossibly in another namespace."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='includes', type=d.T.array)]), + withIncludesMixin(includes): { spec+: { includes+: if std.isArray(v=includes) then includes else [includes] } }, + '#withIngressClassName':: d.fn(help='"IngressClassName optionally specifies the ingress class to use for this\\nHTTPProxy. This replaces the deprecated `kubernetes.io/ingress.class`\\nannotation. For backwards compatibility, when that annotation is set, it\\nis given precedence over this field."', args=[d.arg(name='ingressClassName', type=d.T.string)]), + withIngressClassName(ingressClassName): { spec+: { ingressClassName: ingressClassName } }, + '#withRoutes':: d.fn(help='"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."', args=[d.arg(name='routes', type=d.T.array)]), + withRoutes(routes): { spec+: { routes: if std.isArray(v=routes) then routes else [routes] } }, + '#withRoutesMixin':: d.fn(help='"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='routes', type=d.T.array)]), + withRoutesMixin(routes): { spec+: { routes+: if std.isArray(v=routes) then routes else [routes] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.29/_gen/projectcontour/v1/main.libsonnet b/1.29/_gen/projectcontour/v1/main.libsonnet new file mode 100644 index 0000000..dbdbe31 --- /dev/null +++ b/1.29/_gen/projectcontour/v1/main.libsonnet @@ -0,0 +1,6 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1', url='', help=''), + httpProxy: (import 'httpProxy.libsonnet'), + tlsCertificateDelegation: (import 'tlsCertificateDelegation.libsonnet'), +} diff --git a/1.29/_gen/projectcontour/v1/tlsCertificateDelegation.libsonnet b/1.29/_gen/projectcontour/v1/tlsCertificateDelegation.libsonnet new file mode 100644 index 0000000..05c9290 --- /dev/null +++ b/1.29/_gen/projectcontour/v1/tlsCertificateDelegation.libsonnet @@ -0,0 +1,68 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='tlsCertificateDelegation', url='', help='"TLSCertificateDelegation is an TLS Certificate Delegation CRD specification.\\nSee design/tls-certificate-delegation.md for details."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of TLSCertificateDelegation', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'projectcontour.io/v1', + kind: 'TLSCertificateDelegation', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"TLSCertificateDelegationSpec defines the spec of the CRD"'), + spec: { + '#delegations':: d.obj(help=''), + delegations: { + '#withSecretName':: d.fn(help='"required, the name of a secret in the current namespace."', args=[d.arg(name='secretName', type=d.T.string)]), + withSecretName(secretName): { secretName: secretName }, + '#withTargetNamespaces':: d.fn(help="\"required, the namespaces the authority to reference the\\nsecret will be delegated to.\\nIf TargetNamespaces is nil or empty, the CertificateDelegation'\\nis ignored. If the TargetNamespace list contains the character, \\\"*\\\"\\nthe secret will be delegated to all namespaces.\"", args=[d.arg(name='targetNamespaces', type=d.T.array)]), + withTargetNamespaces(targetNamespaces): { targetNamespaces: if std.isArray(v=targetNamespaces) then targetNamespaces else [targetNamespaces] }, + '#withTargetNamespacesMixin':: d.fn(help="\"required, the namespaces the authority to reference the\\nsecret will be delegated to.\\nIf TargetNamespaces is nil or empty, the CertificateDelegation'\\nis ignored. If the TargetNamespace list contains the character, \\\"*\\\"\\nthe secret will be delegated to all namespaces.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='targetNamespaces', type=d.T.array)]), + withTargetNamespacesMixin(targetNamespaces): { targetNamespaces+: if std.isArray(v=targetNamespaces) then targetNamespaces else [targetNamespaces] }, + }, + '#withDelegations':: d.fn(help='', args=[d.arg(name='delegations', type=d.T.array)]), + withDelegations(delegations): { spec+: { delegations: if std.isArray(v=delegations) then delegations else [delegations] } }, + '#withDelegationsMixin':: d.fn(help='\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='delegations', type=d.T.array)]), + withDelegationsMixin(delegations): { spec+: { delegations+: if std.isArray(v=delegations) then delegations else [delegations] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.29/_gen/projectcontour/v1alpha1/contourConfiguration.libsonnet b/1.29/_gen/projectcontour/v1alpha1/contourConfiguration.libsonnet new file mode 100644 index 0000000..c682839 --- /dev/null +++ b/1.29/_gen/projectcontour/v1alpha1/contourConfiguration.libsonnet @@ -0,0 +1,498 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='contourConfiguration', url='', help='"ContourConfiguration is the schema for a Contour instance."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ContourConfiguration', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'projectcontour.io/v1alpha1', + kind: 'ContourConfiguration', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"ContourConfigurationSpec represents a configuration of a Contour controller.\\nIt contains most of all the options that can be customized, the\\nother remaining options being command line flags."'), + spec: { + '#debug':: d.obj(help='"Debug contains parameters to enable debug logging\\nand debug interfaces inside Contour."'), + debug: { + '#withAddress':: d.fn(help="\"Defines the Contour debug address interface.\\nContour's default is \\\"127.0.0.1\\\".\"", args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { debug+: { address: address } } }, + '#withPort':: d.fn(help="\"Defines the Contour debug address port.\\nContour's default is 6060.\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { debug+: { port: port } } }, + }, + '#envoy':: d.obj(help='"Envoy contains parameters for Envoy as well\\nas how to optionally configure a managed Envoy fleet."'), + envoy: { + '#clientCertificate':: d.obj(help='"ClientCertificate defines the namespace/name of the Kubernetes\\nsecret containing the client certificate and private key\\nto be used when establishing TLS connection to upstream\\ncluster."'), + clientCertificate: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { envoy+: { clientCertificate+: { name: name } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { envoy+: { clientCertificate+: { namespace: namespace } } } }, + }, + '#cluster':: d.obj(help='"Cluster holds various configurable Envoy cluster values that can\\nbe set in the config file."'), + cluster: { + '#circuitBreakers':: d.obj(help='"GlobalCircuitBreakerDefaults specifies default circuit breaker budget across all services.\\nIf defined, this will be used as the default for all services."'), + circuitBreakers: { + '#withMaxConnections':: d.fn(help='"The maximum number of connections that a single Envoy instance allows to the Kubernetes Service; defaults to 1024."', args=[d.arg(name='maxConnections', type=d.T.integer)]), + withMaxConnections(maxConnections): { spec+: { envoy+: { cluster+: { circuitBreakers+: { maxConnections: maxConnections } } } } }, + '#withMaxPendingRequests':: d.fn(help='"The maximum number of pending requests that a single Envoy instance allows to the Kubernetes Service; defaults to 1024."', args=[d.arg(name='maxPendingRequests', type=d.T.integer)]), + withMaxPendingRequests(maxPendingRequests): { spec+: { envoy+: { cluster+: { circuitBreakers+: { maxPendingRequests: maxPendingRequests } } } } }, + '#withMaxRequests':: d.fn(help='"The maximum parallel requests a single Envoy instance allows to the Kubernetes Service; defaults to 1024"', args=[d.arg(name='maxRequests', type=d.T.integer)]), + withMaxRequests(maxRequests): { spec+: { envoy+: { cluster+: { circuitBreakers+: { maxRequests: maxRequests } } } } }, + '#withMaxRetries':: d.fn(help='"The maximum number of parallel retries a single Envoy instance allows to the Kubernetes Service; defaults to 3."', args=[d.arg(name='maxRetries', type=d.T.integer)]), + withMaxRetries(maxRetries): { spec+: { envoy+: { cluster+: { circuitBreakers+: { maxRetries: maxRetries } } } } }, + }, + '#upstreamTLS':: d.obj(help='"UpstreamTLS contains the TLS policy parameters for upstream connections"'), + upstreamTLS: { + '#withCipherSuites':: d.fn(help="\"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\\nset that Envoy supports by default. This parameter should only be used\\nby advanced users. Note that these will be ignored when TLS 1.3 is in\\nuse.\\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\\nwill be used, which may be updated to keep it secure.\\nContour's default list is:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\nCiphers provided are validated against the following list:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-RSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-ECDSA-AES128-SHA\\\"\\n - \\\"ECDHE-RSA-AES128-SHA\\\"\\n - \\\"AES128-GCM-SHA256\\\"\\n - \\\"AES128-SHA\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-ECDSA-AES256-SHA\\\"\\n - \\\"ECDHE-RSA-AES256-SHA\\\"\\n - \\\"AES256-GCM-SHA384\\\"\\n - \\\"AES256-SHA\\\"\\nContour recommends leaving this undefined unless you are sure you must.\\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.\"", args=[d.arg(name='cipherSuites', type=d.T.array)]), + withCipherSuites(cipherSuites): { spec+: { envoy+: { cluster+: { upstreamTLS+: { cipherSuites: if std.isArray(v=cipherSuites) then cipherSuites else [cipherSuites] } } } } }, + '#withCipherSuitesMixin':: d.fn(help="\"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\\nset that Envoy supports by default. This parameter should only be used\\nby advanced users. Note that these will be ignored when TLS 1.3 is in\\nuse.\\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\\nwill be used, which may be updated to keep it secure.\\nContour's default list is:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\nCiphers provided are validated against the following list:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-RSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-ECDSA-AES128-SHA\\\"\\n - \\\"ECDHE-RSA-AES128-SHA\\\"\\n - \\\"AES128-GCM-SHA256\\\"\\n - \\\"AES128-SHA\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-ECDSA-AES256-SHA\\\"\\n - \\\"ECDHE-RSA-AES256-SHA\\\"\\n - \\\"AES256-GCM-SHA384\\\"\\n - \\\"AES256-SHA\\\"\\nContour recommends leaving this undefined unless you are sure you must.\\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='cipherSuites', type=d.T.array)]), + withCipherSuitesMixin(cipherSuites): { spec+: { envoy+: { cluster+: { upstreamTLS+: { cipherSuites+: if std.isArray(v=cipherSuites) then cipherSuites else [cipherSuites] } } } } }, + '#withMaximumProtocolVersion':: d.fn(help='"MaximumProtocolVersion is the maximum TLS version this vhost should\\nnegotiate.\\nValues: `1.2`, `1.3`(default).\\nOther values will produce an error."', args=[d.arg(name='maximumProtocolVersion', type=d.T.string)]), + withMaximumProtocolVersion(maximumProtocolVersion): { spec+: { envoy+: { cluster+: { upstreamTLS+: { maximumProtocolVersion: maximumProtocolVersion } } } } }, + '#withMinimumProtocolVersion':: d.fn(help='"MinimumProtocolVersion is the minimum TLS version this vhost should\\nnegotiate.\\nValues: `1.2` (default), `1.3`.\\nOther values will produce an error."', args=[d.arg(name='minimumProtocolVersion', type=d.T.string)]), + withMinimumProtocolVersion(minimumProtocolVersion): { spec+: { envoy+: { cluster+: { upstreamTLS+: { minimumProtocolVersion: minimumProtocolVersion } } } } }, + }, + '#withDnsLookupFamily':: d.fn(help='"DNSLookupFamily defines how external names are looked up\\nWhen configured as V4, the DNS resolver will only perform a lookup\\nfor addresses in the IPv4 family. If V6 is configured, the DNS resolver\\nwill only perform a lookup for addresses in the IPv6 family.\\nIf AUTO is configured, the DNS resolver will first perform a lookup\\nfor addresses in the IPv6 family and fallback to a lookup for addresses\\nin the IPv4 family. If ALL is specified, the DNS resolver will perform a lookup for\\nboth IPv4 and IPv6 families, and return all resolved addresses.\\nWhen this is used, Happy Eyeballs will be enabled for upstream connections.\\nRefer to Happy Eyeballs Support for more information.\\nNote: This only applies to externalName clusters.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily\\nfor more information.\\nValues: `auto` (default), `v4`, `v6`, `all`.\\nOther values will produce an error."', args=[d.arg(name='dnsLookupFamily', type=d.T.string)]), + withDnsLookupFamily(dnsLookupFamily): { spec+: { envoy+: { cluster+: { dnsLookupFamily: dnsLookupFamily } } } }, + '#withMaxRequestsPerConnection':: d.fn(help='"Defines the maximum requests for upstream connections. If not specified, there is no limit.\\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions\\nfor more information."', args=[d.arg(name='maxRequestsPerConnection', type=d.T.integer)]), + withMaxRequestsPerConnection(maxRequestsPerConnection): { spec+: { envoy+: { cluster+: { maxRequestsPerConnection: maxRequestsPerConnection } } } }, + '#withPer-Connection-Buffer-Limit-Bytes':: d.fn(help='"Defines the soft limit on size of the cluster’s new connection read and write buffers in bytes.\\nIf unspecified, an implementation defined default is applied (1MiB).\\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes\\nfor more information."', args=[d.arg(name='per_connection_buffer_limit_bytes', type=d.T.integer)]), + 'withPer-Connection-Buffer-Limit-Bytes'(per_connection_buffer_limit_bytes): { spec+: { envoy+: { cluster+: { 'per-connection-buffer-limit-bytes': per_connection_buffer_limit_bytes } } } }, + }, + '#health':: d.obj(help="\"Health defines the endpoint Envoy uses to serve health checks.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8002 }.\""), + health: { + '#withAddress':: d.fn(help='"Defines the health address interface."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { envoy+: { health+: { address: address } } } }, + '#withPort':: d.fn(help='"Defines the health port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { envoy+: { health+: { port: port } } } }, + }, + '#http':: d.obj(help="\"Defines the HTTP Listener for Envoy.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8080, accessLog: \\\"/dev/stdout\\\" }.\""), + http: { + '#withAccessLog':: d.fn(help='"AccessLog defines where Envoy logs are outputted for this listener."', args=[d.arg(name='accessLog', type=d.T.string)]), + withAccessLog(accessLog): { spec+: { envoy+: { http+: { accessLog: accessLog } } } }, + '#withAddress':: d.fn(help='"Defines an Envoy Listener Address."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { envoy+: { http+: { address: address } } } }, + '#withPort':: d.fn(help='"Defines an Envoy listener Port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { envoy+: { http+: { port: port } } } }, + }, + '#https':: d.obj(help="\"Defines the HTTPS Listener for Envoy.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8443, accessLog: \\\"/dev/stdout\\\" }.\""), + https: { + '#withAccessLog':: d.fn(help='"AccessLog defines where Envoy logs are outputted for this listener."', args=[d.arg(name='accessLog', type=d.T.string)]), + withAccessLog(accessLog): { spec+: { envoy+: { https+: { accessLog: accessLog } } } }, + '#withAddress':: d.fn(help='"Defines an Envoy Listener Address."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { envoy+: { https+: { address: address } } } }, + '#withPort':: d.fn(help='"Defines an Envoy listener Port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { envoy+: { https+: { port: port } } } }, + }, + '#listener':: d.obj(help='"Listener hold various configurable Envoy listener values."'), + listener: { + '#socketOptions':: d.obj(help='"SocketOptions defines configurable socket options for the listeners.\\nSingle set of options are applied to all listeners."'), + socketOptions: { + '#withTos':: d.fn(help='"Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners.\\nSingle value is applied to all listeners.\\nIf listeners are bound to IPv6-only addresses, setting this option will cause an error."', args=[d.arg(name='tos', type=d.T.integer)]), + withTos(tos): { spec+: { envoy+: { listener+: { socketOptions+: { tos: tos } } } } }, + '#withTrafficClass':: d.fn(help='"Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners.\\nSingle value is applied to all listeners.\\nIf listeners are bound to IPv4-only addresses, setting this option will cause an error."', args=[d.arg(name='trafficClass', type=d.T.integer)]), + withTrafficClass(trafficClass): { spec+: { envoy+: { listener+: { socketOptions+: { trafficClass: trafficClass } } } } }, + }, + '#tls':: d.obj(help='"TLS holds various configurable Envoy TLS listener values."'), + tls: { + '#withCipherSuites':: d.fn(help="\"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\\nset that Envoy supports by default. This parameter should only be used\\nby advanced users. Note that these will be ignored when TLS 1.3 is in\\nuse.\\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\\nwill be used, which may be updated to keep it secure.\\nContour's default list is:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\nCiphers provided are validated against the following list:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-RSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-ECDSA-AES128-SHA\\\"\\n - \\\"ECDHE-RSA-AES128-SHA\\\"\\n - \\\"AES128-GCM-SHA256\\\"\\n - \\\"AES128-SHA\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-ECDSA-AES256-SHA\\\"\\n - \\\"ECDHE-RSA-AES256-SHA\\\"\\n - \\\"AES256-GCM-SHA384\\\"\\n - \\\"AES256-SHA\\\"\\nContour recommends leaving this undefined unless you are sure you must.\\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.\"", args=[d.arg(name='cipherSuites', type=d.T.array)]), + withCipherSuites(cipherSuites): { spec+: { envoy+: { listener+: { tls+: { cipherSuites: if std.isArray(v=cipherSuites) then cipherSuites else [cipherSuites] } } } } }, + '#withCipherSuitesMixin':: d.fn(help="\"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\\nset that Envoy supports by default. This parameter should only be used\\nby advanced users. Note that these will be ignored when TLS 1.3 is in\\nuse.\\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\\nwill be used, which may be updated to keep it secure.\\nContour's default list is:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\nCiphers provided are validated against the following list:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-RSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-ECDSA-AES128-SHA\\\"\\n - \\\"ECDHE-RSA-AES128-SHA\\\"\\n - \\\"AES128-GCM-SHA256\\\"\\n - \\\"AES128-SHA\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-ECDSA-AES256-SHA\\\"\\n - \\\"ECDHE-RSA-AES256-SHA\\\"\\n - \\\"AES256-GCM-SHA384\\\"\\n - \\\"AES256-SHA\\\"\\nContour recommends leaving this undefined unless you are sure you must.\\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='cipherSuites', type=d.T.array)]), + withCipherSuitesMixin(cipherSuites): { spec+: { envoy+: { listener+: { tls+: { cipherSuites+: if std.isArray(v=cipherSuites) then cipherSuites else [cipherSuites] } } } } }, + '#withMaximumProtocolVersion':: d.fn(help='"MaximumProtocolVersion is the maximum TLS version this vhost should\\nnegotiate.\\nValues: `1.2`, `1.3`(default).\\nOther values will produce an error."', args=[d.arg(name='maximumProtocolVersion', type=d.T.string)]), + withMaximumProtocolVersion(maximumProtocolVersion): { spec+: { envoy+: { listener+: { tls+: { maximumProtocolVersion: maximumProtocolVersion } } } } }, + '#withMinimumProtocolVersion':: d.fn(help='"MinimumProtocolVersion is the minimum TLS version this vhost should\\nnegotiate.\\nValues: `1.2` (default), `1.3`.\\nOther values will produce an error."', args=[d.arg(name='minimumProtocolVersion', type=d.T.string)]), + withMinimumProtocolVersion(minimumProtocolVersion): { spec+: { envoy+: { listener+: { tls+: { minimumProtocolVersion: minimumProtocolVersion } } } } }, + }, + '#withConnectionBalancer':: d.fn(help='"ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig\\nfor more information.\\nValues: (empty string): use the default ConnectionBalancer, `exact`: use the Exact ConnectionBalancer.\\nOther values will produce an error."', args=[d.arg(name='connectionBalancer', type=d.T.string)]), + withConnectionBalancer(connectionBalancer): { spec+: { envoy+: { listener+: { connectionBalancer: connectionBalancer } } } }, + '#withDisableAllowChunkedLength':: d.fn(help="\"DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to\\nstrip the \\\"Content-Length\\\" header if \\\"Transfer-Encoding: chunked\\\" is\\nalso set. This is an emergency off-switch to revert back to Envoy's\\ndefault behavior in case of failures. Please file an issue if failures\\nare encountered.\\nSee: https://github.com/projectcontour/contour/issues/3221\\nContour's default is false.\"", args=[d.arg(name='disableAllowChunkedLength', type=d.T.boolean)]), + withDisableAllowChunkedLength(disableAllowChunkedLength): { spec+: { envoy+: { listener+: { disableAllowChunkedLength: disableAllowChunkedLength } } } }, + '#withDisableMergeSlashes':: d.fn(help="\"DisableMergeSlashes disables Envoy's non-standard merge_slashes path transformation option\\nwhich strips duplicate slashes from request URL paths.\\nContour's default is false.\"", args=[d.arg(name='disableMergeSlashes', type=d.T.boolean)]), + withDisableMergeSlashes(disableMergeSlashes): { spec+: { envoy+: { listener+: { disableMergeSlashes: disableMergeSlashes } } } }, + '#withHttpMaxConcurrentStreams':: d.fn(help='"Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the\\nSETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed\\nfor a peer on a single HTTP/2 connection. It is recommended to not set this lower\\nthan 100 but this field can be used to bound resource usage by HTTP/2 connections\\nand mitigate attacks like CVE-2023-44487. The default value when this is not set is\\nunlimited."', args=[d.arg(name='httpMaxConcurrentStreams', type=d.T.integer)]), + withHttpMaxConcurrentStreams(httpMaxConcurrentStreams): { spec+: { envoy+: { listener+: { httpMaxConcurrentStreams: httpMaxConcurrentStreams } } } }, + '#withMaxConnectionsPerListener':: d.fn(help='"Defines the limit on number of active connections to a listener. The limit is applied\\nper listener. The default value when this is not set is unlimited."', args=[d.arg(name='maxConnectionsPerListener', type=d.T.integer)]), + withMaxConnectionsPerListener(maxConnectionsPerListener): { spec+: { envoy+: { listener+: { maxConnectionsPerListener: maxConnectionsPerListener } } } }, + '#withMaxRequestsPerConnection':: d.fn(help='"Defines the maximum requests for downstream connections. If not specified, there is no limit.\\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions\\nfor more information."', args=[d.arg(name='maxRequestsPerConnection', type=d.T.integer)]), + withMaxRequestsPerConnection(maxRequestsPerConnection): { spec+: { envoy+: { listener+: { maxRequestsPerConnection: maxRequestsPerConnection } } } }, + '#withMaxRequestsPerIOCycle':: d.fn(help='"Defines the limit on number of HTTP requests that Envoy will process from a single\\nconnection in a single I/O cycle. Requests over this limit are processed in subsequent\\nI/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is\\ndetected. Configures the http.max_requests_per_io_cycle Envoy runtime setting. The default\\nvalue when this is not set is no limit."', args=[d.arg(name='maxRequestsPerIOCycle', type=d.T.integer)]), + withMaxRequestsPerIOCycle(maxRequestsPerIOCycle): { spec+: { envoy+: { listener+: { maxRequestsPerIOCycle: maxRequestsPerIOCycle } } } }, + '#withPer-Connection-Buffer-Limit-Bytes':: d.fn(help='"Defines the soft limit on size of the listener’s new connection read and write buffers in bytes.\\nIf unspecified, an implementation defined default is applied (1MiB).\\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-per-connection-buffer-limit-bytes\\nfor more information."', args=[d.arg(name='per_connection_buffer_limit_bytes', type=d.T.integer)]), + 'withPer-Connection-Buffer-Limit-Bytes'(per_connection_buffer_limit_bytes): { spec+: { envoy+: { listener+: { 'per-connection-buffer-limit-bytes': per_connection_buffer_limit_bytes } } } }, + '#withServerHeaderTransformation':: d.fn(help="\"Defines the action to be applied to the Server header on the response path.\\nWhen configured as overwrite, overwrites any Server header with \\\"envoy\\\".\\nWhen configured as append_if_absent, if a Server header is present, pass it through, otherwise set it to \\\"envoy\\\".\\nWhen configured as pass_through, pass through the value of the Server header, and do not append a header if none is present.\\nValues: `overwrite` (default), `append_if_absent`, `pass_through`\\nOther values will produce an error.\\nContour's default is overwrite.\"", args=[d.arg(name='serverHeaderTransformation', type=d.T.string)]), + withServerHeaderTransformation(serverHeaderTransformation): { spec+: { envoy+: { listener+: { serverHeaderTransformation: serverHeaderTransformation } } } }, + '#withUseProxyProtocol':: d.fn(help="\"Use PROXY protocol for all listeners.\\nContour's default is false.\"", args=[d.arg(name='useProxyProtocol', type=d.T.boolean)]), + withUseProxyProtocol(useProxyProtocol): { spec+: { envoy+: { listener+: { useProxyProtocol: useProxyProtocol } } } }, + }, + '#logging':: d.obj(help="\"Logging defines how Envoy's logs can be configured.\""), + logging: { + '#withAccessLogFormat':: d.fn(help='"AccessLogFormat sets the global access log format.\\nValues: `envoy` (default), `json`.\\nOther values will produce an error."', args=[d.arg(name='accessLogFormat', type=d.T.string)]), + withAccessLogFormat(accessLogFormat): { spec+: { envoy+: { logging+: { accessLogFormat: accessLogFormat } } } }, + '#withAccessLogFormatString':: d.fn(help="\"AccessLogFormatString sets the access log format when format is set to `envoy`.\\nWhen empty, Envoy's default format is used.\"", args=[d.arg(name='accessLogFormatString', type=d.T.string)]), + withAccessLogFormatString(accessLogFormatString): { spec+: { envoy+: { logging+: { accessLogFormatString: accessLogFormatString } } } }, + '#withAccessLogJSONFields':: d.fn(help='"AccessLogJSONFields sets the fields that JSON logging will\\noutput when AccessLogFormat is json."', args=[d.arg(name='accessLogJSONFields', type=d.T.array)]), + withAccessLogJSONFields(accessLogJSONFields): { spec+: { envoy+: { logging+: { accessLogJSONFields: if std.isArray(v=accessLogJSONFields) then accessLogJSONFields else [accessLogJSONFields] } } } }, + '#withAccessLogJSONFieldsMixin':: d.fn(help='"AccessLogJSONFields sets the fields that JSON logging will\\noutput when AccessLogFormat is json."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='accessLogJSONFields', type=d.T.array)]), + withAccessLogJSONFieldsMixin(accessLogJSONFields): { spec+: { envoy+: { logging+: { accessLogJSONFields+: if std.isArray(v=accessLogJSONFields) then accessLogJSONFields else [accessLogJSONFields] } } } }, + '#withAccessLogLevel':: d.fn(help='"AccessLogLevel sets the verbosity level of the access log.\\nValues: `info` (default, all requests are logged), `error` (all non-success requests, i.e. 300+ response code, are logged), `critical` (all 5xx requests are logged) and `disabled`.\\nOther values will produce an error."', args=[d.arg(name='accessLogLevel', type=d.T.string)]), + withAccessLogLevel(accessLogLevel): { spec+: { envoy+: { logging+: { accessLogLevel: accessLogLevel } } } }, + }, + '#metrics':: d.obj(help="\"Metrics defines the endpoint Envoy uses to serve metrics.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8002 }.\""), + metrics: { + '#tls':: d.obj(help='"TLS holds TLS file config details.\\nMetrics and health endpoints cannot have same port number when metrics is served over HTTPS."'), + tls: { + '#withCaFile':: d.fn(help='"CA filename."', args=[d.arg(name='caFile', type=d.T.string)]), + withCaFile(caFile): { spec+: { envoy+: { metrics+: { tls+: { caFile: caFile } } } } }, + '#withCertFile':: d.fn(help='"Client certificate filename."', args=[d.arg(name='certFile', type=d.T.string)]), + withCertFile(certFile): { spec+: { envoy+: { metrics+: { tls+: { certFile: certFile } } } } }, + '#withKeyFile':: d.fn(help='"Client key filename."', args=[d.arg(name='keyFile', type=d.T.string)]), + withKeyFile(keyFile): { spec+: { envoy+: { metrics+: { tls+: { keyFile: keyFile } } } } }, + }, + '#withAddress':: d.fn(help='"Defines the metrics address interface."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { envoy+: { metrics+: { address: address } } } }, + '#withPort':: d.fn(help='"Defines the metrics port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { envoy+: { metrics+: { port: port } } } }, + }, + '#network':: d.obj(help='"Network holds various configurable Envoy network values."'), + network: { + '#withAdminPort':: d.fn(help="\"Configure the port used to access the Envoy Admin interface.\\nIf configured to port \\\"0\\\" then the admin interface is disabled.\\nContour's default is 9001.\"", args=[d.arg(name='adminPort', type=d.T.integer)]), + withAdminPort(adminPort): { spec+: { envoy+: { network+: { adminPort: adminPort } } } }, + '#withNumTrustedHops':: d.fn(help="\"XffNumTrustedHops defines the number of additional ingress proxy hops from the\\nright side of the x-forwarded-for HTTP header to trust when determining the origin\\nclient’s IP address.\\nSee https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops\\nfor more information.\\nContour's default is 0.\"", args=[d.arg(name='numTrustedHops', type=d.T.integer)]), + withNumTrustedHops(numTrustedHops): { spec+: { envoy+: { network+: { numTrustedHops: numTrustedHops } } } }, + }, + '#service':: d.obj(help="\"Service holds Envoy service parameters for setting Ingress status.\\nContour's default is { namespace: \\\"projectcontour\\\", name: \\\"envoy\\\" }.\""), + service: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { envoy+: { service+: { name: name } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { envoy+: { service+: { namespace: namespace } } } }, + }, + '#timeouts':: d.obj(help='"Timeouts holds various configurable timeouts that can\\nbe set in the config file."'), + timeouts: { + '#withConnectTimeout':: d.fn(help='"ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service.\\nIf not set, a default value of 2 seconds will be used.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout\\nfor more information."', args=[d.arg(name='connectTimeout', type=d.T.string)]), + withConnectTimeout(connectTimeout): { spec+: { envoy+: { timeouts+: { connectTimeout: connectTimeout } } } }, + '#withConnectionIdleTimeout':: d.fn(help='"ConnectionIdleTimeout defines how long the proxy should wait while there are\\nno active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating\\nan HTTP connection. Set to \\"infinity\\" to disable the timeout entirely.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout\\nfor more information."', args=[d.arg(name='connectionIdleTimeout', type=d.T.string)]), + withConnectionIdleTimeout(connectionIdleTimeout): { spec+: { envoy+: { timeouts+: { connectionIdleTimeout: connectionIdleTimeout } } } }, + '#withConnectionShutdownGracePeriod':: d.fn(help='"ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an\\ninitial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection.\\nDuring this grace period, the proxy will continue to respond to new streams. After the final\\nGOAWAY frame has been sent, the proxy will refuse new streams.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout\\nfor more information."', args=[d.arg(name='connectionShutdownGracePeriod', type=d.T.string)]), + withConnectionShutdownGracePeriod(connectionShutdownGracePeriod): { spec+: { envoy+: { timeouts+: { connectionShutdownGracePeriod: connectionShutdownGracePeriod } } } }, + '#withDelayedCloseTimeout':: d.fn(help="\"DelayedCloseTimeout defines how long envoy will wait, once connection\\nclose processing has been initiated, for the downstream peer to close\\nthe connection before Envoy closes the socket associated with the connection.\\nSetting this timeout to 'infinity' will disable it, equivalent to setting it to '0'\\nin Envoy. Leaving it unset will result in the Envoy default value being used.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout\\nfor more information.\"", args=[d.arg(name='delayedCloseTimeout', type=d.T.string)]), + withDelayedCloseTimeout(delayedCloseTimeout): { spec+: { envoy+: { timeouts+: { delayedCloseTimeout: delayedCloseTimeout } } } }, + '#withMaxConnectionDuration':: d.fn(help='"MaxConnectionDuration defines the maximum period of time after an HTTP connection\\nhas been established from the client to the proxy before it is closed by the proxy,\\nregardless of whether there has been activity or not. Omit or set to \\"infinity\\" for\\nno max duration.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration\\nfor more information."', args=[d.arg(name='maxConnectionDuration', type=d.T.string)]), + withMaxConnectionDuration(maxConnectionDuration): { spec+: { envoy+: { timeouts+: { maxConnectionDuration: maxConnectionDuration } } } }, + '#withRequestTimeout':: d.fn(help='"RequestTimeout sets the client request timeout globally for Contour. Note that\\nthis is a timeout for the entire request, not an idle timeout. Omit or set to\\n\\"infinity\\" to disable the timeout entirely.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout\\nfor more information."', args=[d.arg(name='requestTimeout', type=d.T.string)]), + withRequestTimeout(requestTimeout): { spec+: { envoy+: { timeouts+: { requestTimeout: requestTimeout } } } }, + '#withStreamIdleTimeout':: d.fn(help='"StreamIdleTimeout defines how long the proxy should wait while there is no\\nrequest activity (for HTTP/1.1) or stream activity (for HTTP/2) before\\nterminating the HTTP request or stream. Set to \\"infinity\\" to disable the\\ntimeout entirely.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout\\nfor more information."', args=[d.arg(name='streamIdleTimeout', type=d.T.string)]), + withStreamIdleTimeout(streamIdleTimeout): { spec+: { envoy+: { timeouts+: { streamIdleTimeout: streamIdleTimeout } } } }, + }, + '#withDefaultHTTPVersions':: d.fn(help='"DefaultHTTPVersions defines the default set of HTTPS\\nversions the proxy should accept. HTTP versions are\\nstrings of the form \\"HTTP/xx\\". Supported versions are\\n\\"HTTP/1.1\\" and \\"HTTP/2\\".\\nValues: `HTTP/1.1`, `HTTP/2` (default: both).\\nOther values will produce an error."', args=[d.arg(name='defaultHTTPVersions', type=d.T.array)]), + withDefaultHTTPVersions(defaultHTTPVersions): { spec+: { envoy+: { defaultHTTPVersions: if std.isArray(v=defaultHTTPVersions) then defaultHTTPVersions else [defaultHTTPVersions] } } }, + '#withDefaultHTTPVersionsMixin':: d.fn(help='"DefaultHTTPVersions defines the default set of HTTPS\\nversions the proxy should accept. HTTP versions are\\nstrings of the form \\"HTTP/xx\\". Supported versions are\\n\\"HTTP/1.1\\" and \\"HTTP/2\\".\\nValues: `HTTP/1.1`, `HTTP/2` (default: both).\\nOther values will produce an error."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='defaultHTTPVersions', type=d.T.array)]), + withDefaultHTTPVersionsMixin(defaultHTTPVersions): { spec+: { envoy+: { defaultHTTPVersions+: if std.isArray(v=defaultHTTPVersions) then defaultHTTPVersions else [defaultHTTPVersions] } } }, + }, + '#gateway':: d.obj(help='"Gateway contains parameters for the gateway-api Gateway that Contour\\nis configured to serve traffic."'), + gateway: { + '#gatewayRef':: d.obj(help='"GatewayRef defines the specific Gateway that this Contour\\ninstance corresponds to."'), + gatewayRef: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { gateway+: { gatewayRef+: { name: name } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { gateway+: { gatewayRef+: { namespace: namespace } } } }, + }, + }, + '#globalExtAuth':: d.obj(help='"GlobalExternalAuthorization allows envoys external authorization filter\\nto be enabled for all virtual hosts."'), + globalExtAuth: { + '#authPolicy':: d.obj(help='"AuthPolicy sets a default authorization policy for client requests.\\nThis policy will be used unless overridden by individual routes."'), + authPolicy: { + '#withContext':: d.fn(help='"Context is a set of key/value pairs that are sent to the\\nauthentication server in the check request. If a context\\nis provided at an enclosing scope, the entries are merged\\nsuch that the inner scope overrides matching keys from the\\nouter scope."', args=[d.arg(name='context', type=d.T.object)]), + withContext(context): { spec+: { globalExtAuth+: { authPolicy+: { context: context } } } }, + '#withContextMixin':: d.fn(help='"Context is a set of key/value pairs that are sent to the\\nauthentication server in the check request. If a context\\nis provided at an enclosing scope, the entries are merged\\nsuch that the inner scope overrides matching keys from the\\nouter scope."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='context', type=d.T.object)]), + withContextMixin(context): { spec+: { globalExtAuth+: { authPolicy+: { context+: context } } } }, + '#withDisabled':: d.fn(help='"When true, this field disables client request authentication\\nfor the scope of the policy."', args=[d.arg(name='disabled', type=d.T.boolean)]), + withDisabled(disabled): { spec+: { globalExtAuth+: { authPolicy+: { disabled: disabled } } } }, + }, + '#extensionRef':: d.obj(help='"ExtensionServiceRef specifies the extension resource that will authorize client requests."'), + extensionRef: { + '#withApiVersion':: d.fn(help='"API version of the referent.\\nIf this field is not specified, the default \\"projectcontour.io/v1alpha1\\" will be used"', args=[d.arg(name='apiVersion', type=d.T.string)]), + withApiVersion(apiVersion): { spec+: { globalExtAuth+: { extensionRef+: { apiVersion: apiVersion } } } }, + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { globalExtAuth+: { extensionRef+: { name: name } } } }, + '#withNamespace':: d.fn(help='"Namespace of the referent.\\nIf this field is not specifies, the namespace of the resource that targets the referent will be used.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { globalExtAuth+: { extensionRef+: { namespace: namespace } } } }, + }, + '#withFailOpen':: d.fn(help='"If FailOpen is true, the client request is forwarded to the upstream service\\neven if the authorization server fails to respond. This field should not be\\nset in most cases. It is intended for use only while migrating applications\\nfrom internal authorization to Contour external authorization."', args=[d.arg(name='failOpen', type=d.T.boolean)]), + withFailOpen(failOpen): { spec+: { globalExtAuth+: { failOpen: failOpen } } }, + '#withRequestBody':: d.obj(help="\"WithRequestBody specifies configuration for sending the client request's body to authorization server.\""), + withRequestBody: { + '#withAllowPartialMessage':: d.fn(help='"If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached."', args=[d.arg(name='allowPartialMessage', type=d.T.boolean)]), + withAllowPartialMessage(allowPartialMessage): { spec+: { globalExtAuth+: { withRequestBody+: { allowPartialMessage: allowPartialMessage } } } }, + '#withMaxRequestBytes':: d.fn(help='"MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory."', args=[d.arg(name='maxRequestBytes', type=d.T.integer)]), + withMaxRequestBytes(maxRequestBytes): { spec+: { globalExtAuth+: { withRequestBody+: { maxRequestBytes: maxRequestBytes } } } }, + '#withPackAsBytes':: d.fn(help='"If PackAsBytes is true, the body sent to Authorization Server is in raw bytes."', args=[d.arg(name='packAsBytes', type=d.T.boolean)]), + withPackAsBytes(packAsBytes): { spec+: { globalExtAuth+: { withRequestBody+: { packAsBytes: packAsBytes } } } }, + }, + '#withResponseTimeout':: d.fn(help='"ResponseTimeout configures maximum time to wait for a check response from the authorization server.\\nTimeout durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\\nValid time units are \\"ns\\", \\"us\\" (or \\"µs\\"), \\"ms\\", \\"s\\", \\"m\\", \\"h\\".\\nThe string \\"infinity\\" is also a valid input and specifies no timeout."', args=[d.arg(name='responseTimeout', type=d.T.string)]), + withResponseTimeout(responseTimeout): { spec+: { globalExtAuth+: { responseTimeout: responseTimeout } } }, + }, + '#health':: d.obj(help="\"Health defines the endpoints Contour uses to serve health checks.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8000 }.\""), + health: { + '#withAddress':: d.fn(help='"Defines the health address interface."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { health+: { address: address } } }, + '#withPort':: d.fn(help='"Defines the health port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { health+: { port: port } } }, + }, + '#httpproxy':: d.obj(help='"HTTPProxy defines parameters on HTTPProxy."'), + httpproxy: { + '#fallbackCertificate':: d.obj(help='"FallbackCertificate defines the namespace/name of the Kubernetes secret to\\nuse as fallback when a non-SNI request is received."'), + fallbackCertificate: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { httpproxy+: { fallbackCertificate+: { name: name } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { httpproxy+: { fallbackCertificate+: { namespace: namespace } } } }, + }, + '#withDisablePermitInsecure':: d.fn(help="\"DisablePermitInsecure disables the use of the\\npermitInsecure field in HTTPProxy.\\nContour's default is false.\"", args=[d.arg(name='disablePermitInsecure', type=d.T.boolean)]), + withDisablePermitInsecure(disablePermitInsecure): { spec+: { httpproxy+: { disablePermitInsecure: disablePermitInsecure } } }, + '#withRootNamespaces':: d.fn(help='"Restrict Contour to searching these namespaces for root ingress routes."', args=[d.arg(name='rootNamespaces', type=d.T.array)]), + withRootNamespaces(rootNamespaces): { spec+: { httpproxy+: { rootNamespaces: if std.isArray(v=rootNamespaces) then rootNamespaces else [rootNamespaces] } } }, + '#withRootNamespacesMixin':: d.fn(help='"Restrict Contour to searching these namespaces for root ingress routes."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rootNamespaces', type=d.T.array)]), + withRootNamespacesMixin(rootNamespaces): { spec+: { httpproxy+: { rootNamespaces+: if std.isArray(v=rootNamespaces) then rootNamespaces else [rootNamespaces] } } }, + }, + '#ingress':: d.obj(help='"Ingress contains parameters for ingress options."'), + ingress: { + '#withClassNames':: d.fn(help='"Ingress Class Names Contour should use."', args=[d.arg(name='classNames', type=d.T.array)]), + withClassNames(classNames): { spec+: { ingress+: { classNames: if std.isArray(v=classNames) then classNames else [classNames] } } }, + '#withClassNamesMixin':: d.fn(help='"Ingress Class Names Contour should use."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='classNames', type=d.T.array)]), + withClassNamesMixin(classNames): { spec+: { ingress+: { classNames+: if std.isArray(v=classNames) then classNames else [classNames] } } }, + '#withStatusAddress':: d.fn(help='"Address to set in Ingress object status."', args=[d.arg(name='statusAddress', type=d.T.string)]), + withStatusAddress(statusAddress): { spec+: { ingress+: { statusAddress: statusAddress } } }, + }, + '#metrics':: d.obj(help="\"Metrics defines the endpoint Contour uses to serve metrics.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8000 }.\""), + metrics: { + '#tls':: d.obj(help='"TLS holds TLS file config details.\\nMetrics and health endpoints cannot have same port number when metrics is served over HTTPS."'), + tls: { + '#withCaFile':: d.fn(help='"CA filename."', args=[d.arg(name='caFile', type=d.T.string)]), + withCaFile(caFile): { spec+: { metrics+: { tls+: { caFile: caFile } } } }, + '#withCertFile':: d.fn(help='"Client certificate filename."', args=[d.arg(name='certFile', type=d.T.string)]), + withCertFile(certFile): { spec+: { metrics+: { tls+: { certFile: certFile } } } }, + '#withKeyFile':: d.fn(help='"Client key filename."', args=[d.arg(name='keyFile', type=d.T.string)]), + withKeyFile(keyFile): { spec+: { metrics+: { tls+: { keyFile: keyFile } } } }, + }, + '#withAddress':: d.fn(help='"Defines the metrics address interface."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { metrics+: { address: address } } }, + '#withPort':: d.fn(help='"Defines the metrics port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { metrics+: { port: port } } }, + }, + '#policy':: d.obj(help='"Policy specifies default policy applied if not overridden by the user"'), + policy: { + '#requestHeaders':: d.obj(help='"RequestHeadersPolicy defines the request headers set/removed on all routes"'), + requestHeaders: { + '#withRemove':: d.fn(help='', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { spec+: { policy+: { requestHeaders+: { remove: if std.isArray(v=remove) then remove else [remove] } } } }, + '#withRemoveMixin':: d.fn(help='\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { spec+: { policy+: { requestHeaders+: { remove+: if std.isArray(v=remove) then remove else [remove] } } } }, + '#withSet':: d.fn(help='', args=[d.arg(name='set', type=d.T.object)]), + withSet(set): { spec+: { policy+: { requestHeaders+: { set: set } } } }, + '#withSetMixin':: d.fn(help='\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.object)]), + withSetMixin(set): { spec+: { policy+: { requestHeaders+: { set+: set } } } }, + }, + '#responseHeaders':: d.obj(help='"ResponseHeadersPolicy defines the response headers set/removed on all routes"'), + responseHeaders: { + '#withRemove':: d.fn(help='', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { spec+: { policy+: { responseHeaders+: { remove: if std.isArray(v=remove) then remove else [remove] } } } }, + '#withRemoveMixin':: d.fn(help='\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { spec+: { policy+: { responseHeaders+: { remove+: if std.isArray(v=remove) then remove else [remove] } } } }, + '#withSet':: d.fn(help='', args=[d.arg(name='set', type=d.T.object)]), + withSet(set): { spec+: { policy+: { responseHeaders+: { set: set } } } }, + '#withSetMixin':: d.fn(help='\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.object)]), + withSetMixin(set): { spec+: { policy+: { responseHeaders+: { set+: set } } } }, + }, + '#withApplyToIngress':: d.fn(help="\"ApplyToIngress determines if the Policies will apply to ingress objects\\nContour's default is false.\"", args=[d.arg(name='applyToIngress', type=d.T.boolean)]), + withApplyToIngress(applyToIngress): { spec+: { policy+: { applyToIngress: applyToIngress } } }, + }, + '#rateLimitService':: d.obj(help='"RateLimitService optionally holds properties of the Rate Limit Service\\nto be used for global rate limiting."'), + rateLimitService: { + '#defaultGlobalRateLimitPolicy':: d.obj(help='"DefaultGlobalRateLimitPolicy allows setting a default global rate limit policy for every HTTPProxy.\\nHTTPProxy can overwrite this configuration."'), + defaultGlobalRateLimitPolicy: { + '#descriptors':: d.obj(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."'), + descriptors: { + '#entries':: d.obj(help='"Entries is the list of key-value pair generators."'), + entries: { + '#genericKey':: d.obj(help='"GenericKey defines a descriptor entry with a static key and value."'), + genericKey: { + '#withKey':: d.fn(help='"Key defines the key of the descriptor entry. If not set, the\\nkey is set to \\"generic_key\\"."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { genericKey+: { key: key } }, + '#withValue':: d.fn(help='"Value defines the value of the descriptor entry."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { genericKey+: { value: value } }, + }, + '#requestHeader':: d.obj(help="\"RequestHeader defines a descriptor entry that's populated only if\\na given header is present on the request. The descriptor key is static,\\nand the descriptor value is equal to the value of the header.\""), + requestHeader: { + '#withDescriptorKey':: d.fn(help='"DescriptorKey defines the key to use on the descriptor entry."', args=[d.arg(name='descriptorKey', type=d.T.string)]), + withDescriptorKey(descriptorKey): { requestHeader+: { descriptorKey: descriptorKey } }, + '#withHeaderName':: d.fn(help='"HeaderName defines the name of the header to look for on the request."', args=[d.arg(name='headerName', type=d.T.string)]), + withHeaderName(headerName): { requestHeader+: { headerName: headerName } }, + }, + '#requestHeaderValueMatch':: d.obj(help="\"RequestHeaderValueMatch defines a descriptor entry that's populated\\nif the request's headers match a set of 1+ match criteria. The\\ndescriptor key is \\\"header_match\\\", and the descriptor value is static.\""), + requestHeaderValueMatch: { + '#headers':: d.obj(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."'), + headers: { + '#withContains':: d.fn(help='"Contains specifies a substring that must be present in\\nthe header value."', args=[d.arg(name='contains', type=d.T.string)]), + withContains(contains): { contains: contains }, + '#withExact':: d.fn(help='"Exact specifies a string that the header value must be equal to."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { exact: exact }, + '#withIgnoreCase':: d.fn(help='"IgnoreCase specifies that string matching should be case insensitive.\\nNote that this has no effect on the Regex parameter."', args=[d.arg(name='ignoreCase', type=d.T.boolean)]), + withIgnoreCase(ignoreCase): { ignoreCase: ignoreCase }, + '#withName':: d.fn(help='"Name is the name of the header to match against. Name is required.\\nHeader names are case insensitive."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNotcontains':: d.fn(help='"NotContains specifies a substring that must not be present\\nin the header value."', args=[d.arg(name='notcontains', type=d.T.string)]), + withNotcontains(notcontains): { notcontains: notcontains }, + '#withNotexact':: d.fn(help='"NoExact specifies a string that the header value must not be\\nequal to. The condition is true if the header has any other value."', args=[d.arg(name='notexact', type=d.T.string)]), + withNotexact(notexact): { notexact: notexact }, + '#withNotpresent':: d.fn(help='"NotPresent specifies that condition is true when the named header\\nis not present. Note that setting NotPresent to false does not\\nmake the condition true if the named header is present."', args=[d.arg(name='notpresent', type=d.T.boolean)]), + withNotpresent(notpresent): { notpresent: notpresent }, + '#withPresent':: d.fn(help='"Present specifies that condition is true when the named header\\nis present, regardless of its value. Note that setting Present\\nto false does not make the condition true if the named header\\nis absent."', args=[d.arg(name='present', type=d.T.boolean)]), + withPresent(present): { present: present }, + '#withRegex':: d.fn(help='"Regex specifies a regular expression pattern that must match the header\\nvalue."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { regex: regex }, + '#withTreatMissingAsEmpty':: d.fn(help='"TreatMissingAsEmpty specifies if the header match rule specified header\\ndoes not exist, this header value will be treated as empty. Defaults to false.\\nUnlike the underlying Envoy implementation this is **only** supported for\\nnegative matches (e.g. NotContains, NotExact)."', args=[d.arg(name='treatMissingAsEmpty', type=d.T.boolean)]), + withTreatMissingAsEmpty(treatMissingAsEmpty): { treatMissingAsEmpty: treatMissingAsEmpty }, + }, + '#withExpectMatch':: d.fn(help='"ExpectMatch defines whether the request must positively match the match\\ncriteria in order to generate a descriptor entry (i.e. true), or not\\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\\nThe default is true."', args=[d.arg(name='expectMatch', type=d.T.boolean)]), + withExpectMatch(expectMatch): { requestHeaderValueMatch+: { expectMatch: expectMatch } }, + '#withHeaders':: d.fn(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { requestHeaderValueMatch+: { headers: if std.isArray(v=headers) then headers else [headers] } }, + '#withHeadersMixin':: d.fn(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { requestHeaderValueMatch+: { headers+: if std.isArray(v=headers) then headers else [headers] } }, + '#withValue':: d.fn(help='"Value defines the value of the descriptor entry."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { requestHeaderValueMatch+: { value: value } }, + }, + '#withRemoteAddress':: d.fn(help="\"RemoteAddress defines a descriptor entry with a key of \\\"remote_address\\\"\\nand a value equal to the client's IP address (from x-forwarded-for).\"", args=[d.arg(name='remoteAddress', type=d.T.object)]), + withRemoteAddress(remoteAddress): { remoteAddress: remoteAddress }, + '#withRemoteAddressMixin':: d.fn(help="\"RemoteAddress defines a descriptor entry with a key of \\\"remote_address\\\"\\nand a value equal to the client's IP address (from x-forwarded-for).\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='remoteAddress', type=d.T.object)]), + withRemoteAddressMixin(remoteAddress): { remoteAddress+: remoteAddress }, + }, + '#withEntries':: d.fn(help='"Entries is the list of key-value pair generators."', args=[d.arg(name='entries', type=d.T.array)]), + withEntries(entries): { entries: if std.isArray(v=entries) then entries else [entries] }, + '#withEntriesMixin':: d.fn(help='"Entries is the list of key-value pair generators."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='entries', type=d.T.array)]), + withEntriesMixin(entries): { entries+: if std.isArray(v=entries) then entries else [entries] }, + }, + '#withDescriptors':: d.fn(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."', args=[d.arg(name='descriptors', type=d.T.array)]), + withDescriptors(descriptors): { spec+: { rateLimitService+: { defaultGlobalRateLimitPolicy+: { descriptors: if std.isArray(v=descriptors) then descriptors else [descriptors] } } } }, + '#withDescriptorsMixin':: d.fn(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='descriptors', type=d.T.array)]), + withDescriptorsMixin(descriptors): { spec+: { rateLimitService+: { defaultGlobalRateLimitPolicy+: { descriptors+: if std.isArray(v=descriptors) then descriptors else [descriptors] } } } }, + '#withDisabled':: d.fn(help='"Disabled configures the HTTPProxy to not use\\nthe default global rate limit policy defined by the Contour configuration."', args=[d.arg(name='disabled', type=d.T.boolean)]), + withDisabled(disabled): { spec+: { rateLimitService+: { defaultGlobalRateLimitPolicy+: { disabled: disabled } } } }, + }, + '#extensionService':: d.obj(help='"ExtensionService identifies the extension service defining the RLS."'), + extensionService: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { rateLimitService+: { extensionService+: { name: name } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { rateLimitService+: { extensionService+: { namespace: namespace } } } }, + }, + '#withDomain':: d.fn(help='"Domain is passed to the Rate Limit Service."', args=[d.arg(name='domain', type=d.T.string)]), + withDomain(domain): { spec+: { rateLimitService+: { domain: domain } } }, + '#withEnableResourceExhaustedCode':: d.fn(help="\"EnableResourceExhaustedCode enables translating error code 429 to\\ngrpc code RESOURCE_EXHAUSTED. When disabled it's translated to UNAVAILABLE\"", args=[d.arg(name='enableResourceExhaustedCode', type=d.T.boolean)]), + withEnableResourceExhaustedCode(enableResourceExhaustedCode): { spec+: { rateLimitService+: { enableResourceExhaustedCode: enableResourceExhaustedCode } } }, + '#withEnableXRateLimitHeaders':: d.fn(help='"EnableXRateLimitHeaders defines whether to include the X-RateLimit\\nheaders X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset\\n(as defined by the IETF Internet-Draft linked below), on responses\\nto clients when the Rate Limit Service is consulted for a request.\\nref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html"', args=[d.arg(name='enableXRateLimitHeaders', type=d.T.boolean)]), + withEnableXRateLimitHeaders(enableXRateLimitHeaders): { spec+: { rateLimitService+: { enableXRateLimitHeaders: enableXRateLimitHeaders } } }, + '#withFailOpen':: d.fn(help='"FailOpen defines whether to allow requests to proceed when the\\nRate Limit Service fails to respond with a valid rate limit\\ndecision within the timeout defined on the extension service."', args=[d.arg(name='failOpen', type=d.T.boolean)]), + withFailOpen(failOpen): { spec+: { rateLimitService+: { failOpen: failOpen } } }, + }, + '#tracing':: d.obj(help='"Tracing defines properties for exporting trace data to OpenTelemetry."'), + tracing: { + '#customTags':: d.obj(help='"CustomTags defines a list of custom tags with unique tag name."'), + customTags: { + '#withLiteral':: d.fn(help='"Literal is a static custom tag value.\\nPrecisely one of Literal, RequestHeaderName must be set."', args=[d.arg(name='literal', type=d.T.string)]), + withLiteral(literal): { literal: literal }, + '#withRequestHeaderName':: d.fn(help='"RequestHeaderName indicates which request header\\nthe label value is obtained from.\\nPrecisely one of Literal, RequestHeaderName must be set."', args=[d.arg(name='requestHeaderName', type=d.T.string)]), + withRequestHeaderName(requestHeaderName): { requestHeaderName: requestHeaderName }, + '#withTagName':: d.fn(help='"TagName is the unique name of the custom tag."', args=[d.arg(name='tagName', type=d.T.string)]), + withTagName(tagName): { tagName: tagName }, + }, + '#extensionService':: d.obj(help='"ExtensionService identifies the extension service defining the otel-collector."'), + extensionService: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { tracing+: { extensionService+: { name: name } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { tracing+: { extensionService+: { namespace: namespace } } } }, + }, + '#withCustomTags':: d.fn(help='"CustomTags defines a list of custom tags with unique tag name."', args=[d.arg(name='customTags', type=d.T.array)]), + withCustomTags(customTags): { spec+: { tracing+: { customTags: if std.isArray(v=customTags) then customTags else [customTags] } } }, + '#withCustomTagsMixin':: d.fn(help='"CustomTags defines a list of custom tags with unique tag name."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='customTags', type=d.T.array)]), + withCustomTagsMixin(customTags): { spec+: { tracing+: { customTags+: if std.isArray(v=customTags) then customTags else [customTags] } } }, + '#withIncludePodDetail':: d.fn(help='"IncludePodDetail defines a flag.\\nIf it is true, contour will add the pod name and namespace to the span of the trace.\\nthe default is true.\\nNote: The Envoy pods MUST have the HOSTNAME and CONTOUR_NAMESPACE environment variables set for this to work properly."', args=[d.arg(name='includePodDetail', type=d.T.boolean)]), + withIncludePodDetail(includePodDetail): { spec+: { tracing+: { includePodDetail: includePodDetail } } }, + '#withMaxPathTagLength':: d.fn(help="\"MaxPathTagLength defines maximum length of the request path\\nto extract and include in the HttpUrl tag.\\ncontour's default is 256.\"", args=[d.arg(name='maxPathTagLength', type=d.T.integer)]), + withMaxPathTagLength(maxPathTagLength): { spec+: { tracing+: { maxPathTagLength: maxPathTagLength } } }, + '#withOverallSampling':: d.fn(help="\"OverallSampling defines the sampling rate of trace data.\\ncontour's default is 100.\"", args=[d.arg(name='overallSampling', type=d.T.string)]), + withOverallSampling(overallSampling): { spec+: { tracing+: { overallSampling: overallSampling } } }, + '#withServiceName':: d.fn(help="\"ServiceName defines the name for the service.\\ncontour's default is contour.\"", args=[d.arg(name='serviceName', type=d.T.string)]), + withServiceName(serviceName): { spec+: { tracing+: { serviceName: serviceName } } }, + }, + '#withEnableExternalNameService':: d.fn(help="\"EnableExternalNameService allows processing of ExternalNameServices\\nContour's default is false for security reasons.\"", args=[d.arg(name='enableExternalNameService', type=d.T.boolean)]), + withEnableExternalNameService(enableExternalNameService): { spec+: { enableExternalNameService: enableExternalNameService } }, + '#withFeatureFlags':: d.fn(help='"FeatureFlags defines toggle to enable new contour features.\\nAvailable toggles are:\\nuseEndpointSlices - Configures contour to fetch endpoint data\\nfrom k8s endpoint slices. defaults to true,\\nIf false then reads endpoint data from the k8s endpoints."', args=[d.arg(name='featureFlags', type=d.T.array)]), + withFeatureFlags(featureFlags): { spec+: { featureFlags: if std.isArray(v=featureFlags) then featureFlags else [featureFlags] } }, + '#withFeatureFlagsMixin':: d.fn(help='"FeatureFlags defines toggle to enable new contour features.\\nAvailable toggles are:\\nuseEndpointSlices - Configures contour to fetch endpoint data\\nfrom k8s endpoint slices. defaults to true,\\nIf false then reads endpoint data from the k8s endpoints."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='featureFlags', type=d.T.array)]), + withFeatureFlagsMixin(featureFlags): { spec+: { featureFlags+: if std.isArray(v=featureFlags) then featureFlags else [featureFlags] } }, + '#xdsServer':: d.obj(help='"XDSServer contains parameters for the xDS server."'), + xdsServer: { + '#tls':: d.obj(help="\"TLS holds TLS file config details.\\nContour's default is { caFile: \\\"/certs/ca.crt\\\", certFile: \\\"/certs/tls.cert\\\", keyFile: \\\"/certs/tls.key\\\", insecure: false }.\""), + tls: { + '#withCaFile':: d.fn(help='"CA filename."', args=[d.arg(name='caFile', type=d.T.string)]), + withCaFile(caFile): { spec+: { xdsServer+: { tls+: { caFile: caFile } } } }, + '#withCertFile':: d.fn(help='"Client certificate filename."', args=[d.arg(name='certFile', type=d.T.string)]), + withCertFile(certFile): { spec+: { xdsServer+: { tls+: { certFile: certFile } } } }, + '#withInsecure':: d.fn(help='"Allow serving the xDS gRPC API without TLS."', args=[d.arg(name='insecure', type=d.T.boolean)]), + withInsecure(insecure): { spec+: { xdsServer+: { tls+: { insecure: insecure } } } }, + '#withKeyFile':: d.fn(help='"Client key filename."', args=[d.arg(name='keyFile', type=d.T.string)]), + withKeyFile(keyFile): { spec+: { xdsServer+: { tls+: { keyFile: keyFile } } } }, + }, + '#withAddress':: d.fn(help="\"Defines the xDS gRPC API address which Contour will serve.\\nContour's default is \\\"0.0.0.0\\\".\"", args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { xdsServer+: { address: address } } }, + '#withPort':: d.fn(help="\"Defines the xDS gRPC API port which Contour will serve.\\nContour's default is 8001.\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { xdsServer+: { port: port } } }, + '#withType':: d.fn(help='"Defines the XDSServer to use for `contour serve`.\\nValues: `envoy` (default), `contour (deprecated)`.\\nOther values will produce an error."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { spec+: { xdsServer+: { type: type } } }, + }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.29/_gen/projectcontour/v1alpha1/contourDeployment.libsonnet b/1.29/_gen/projectcontour/v1alpha1/contourDeployment.libsonnet new file mode 100644 index 0000000..5ad9c3b --- /dev/null +++ b/1.29/_gen/projectcontour/v1alpha1/contourDeployment.libsonnet @@ -0,0 +1,1327 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='contourDeployment', url='', help='"ContourDeployment is the schema for a Contour Deployment."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ContourDeployment', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'projectcontour.io/v1alpha1', + kind: 'ContourDeployment', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"ContourDeploymentSpec specifies options for how a Contour\\ninstance should be provisioned."'), + spec: { + '#contour':: d.obj(help='"Contour specifies deployment-time settings for the Contour\\npart of the installation, i.e. the xDS server/control plane\\nand associated resources, including things like replica count\\nfor the Deployment, and node placement constraints for the pods."'), + contour: { + '#deployment':: d.obj(help='"Deployment describes the settings for running contour as a `Deployment`."'), + deployment: { + '#strategy':: d.obj(help='"Strategy describes the deployment strategy to use to replace existing pods with new pods."'), + strategy: { + '#rollingUpdate':: d.obj(help='"Rolling update config params. Present only if DeploymentStrategyType =\\nRollingUpdate.\\n---\\nTODO: Update this to follow our convention for oneOf, whatever we decide it\\nto be."'), + rollingUpdate: { + '#withMaxSurge':: d.fn(help='"The maximum number of pods that can be scheduled above the desired number of\\npods.\\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\\nThis can not be 0 if MaxUnavailable is 0.\\nAbsolute number is calculated from percentage by rounding up.\\nDefaults to 25%.\\nExample: when this is set to 30%, the new ReplicaSet can be scaled up immediately when\\nthe rolling update starts, such that the total number of old and new pods do not exceed\\n130% of desired pods. Once old pods have been killed,\\nnew ReplicaSet can be scaled up further, ensuring that total number of pods running\\nat any time during the update is at most 130% of desired pods."', args=[d.arg(name='maxSurge', type=d.T.any)]), + withMaxSurge(maxSurge): { spec+: { contour+: { deployment+: { strategy+: { rollingUpdate+: { maxSurge: maxSurge } } } } } }, + '#withMaxUnavailable':: d.fn(help='"The maximum number of pods that can be unavailable during the update.\\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\\nAbsolute number is calculated from percentage by rounding down.\\nThis can not be 0 if MaxSurge is 0.\\nDefaults to 25%.\\nExample: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods\\nimmediately when the rolling update starts. Once new pods are ready, old ReplicaSet\\ncan be scaled down further, followed by scaling up the new ReplicaSet, ensuring\\nthat the total number of pods available at all times during the update is at\\nleast 70% of desired pods."', args=[d.arg(name='maxUnavailable', type=d.T.any)]), + withMaxUnavailable(maxUnavailable): { spec+: { contour+: { deployment+: { strategy+: { rollingUpdate+: { maxUnavailable: maxUnavailable } } } } } }, + }, + '#withType':: d.fn(help='"Type of deployment. Can be \\"Recreate\\" or \\"RollingUpdate\\". Default is RollingUpdate."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { spec+: { contour+: { deployment+: { strategy+: { type: type } } } } }, + }, + '#withReplicas':: d.fn(help='"Replicas is the desired number of replicas."', args=[d.arg(name='replicas', type=d.T.integer)]), + withReplicas(replicas): { spec+: { contour+: { deployment+: { replicas: replicas } } } }, + }, + '#nodePlacement':: d.obj(help='"NodePlacement describes node scheduling configuration of Contour pods."'), + nodePlacement: { + '#tolerations':: d.obj(help='"Tolerations work with taints to ensure that pods are not scheduled\\nonto inappropriate nodes. One or more taints are applied to a node; this\\nmarks that the node should not accept any pods that do not tolerate the\\ntaints.\\nThe default is an empty list.\\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\\nfor additional details."'), + tolerations: { + '#withEffect':: d.fn(help='"Effect indicates the taint effect to match. Empty means match all taint effects.\\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute."', args=[d.arg(name='effect', type=d.T.string)]), + withEffect(effect): { effect: effect }, + '#withKey':: d.fn(help='"Key is the taint key that the toleration applies to. Empty means match all taint keys.\\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"Operator represents a key's relationship to the value.\\nValid operators are Exists and Equal. Defaults to Equal.\\nExists is equivalent to wildcard for value, so that a pod can\\ntolerate all taints of a particular category.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withTolerationSeconds':: d.fn(help='"TolerationSeconds represents the period of time the toleration (which must be\\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\\nit is not set, which means tolerate the taint forever (do not evict). Zero and\\nnegative values will be treated as 0 (evict immediately) by the system."', args=[d.arg(name='tolerationSeconds', type=d.T.integer)]), + withTolerationSeconds(tolerationSeconds): { tolerationSeconds: tolerationSeconds }, + '#withValue':: d.fn(help='"Value is the taint value the toleration matches to.\\nIf the operator is Exists, the value should be empty, otherwise just a regular string."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withNodeSelector':: d.fn(help='"NodeSelector is the simplest recommended form of node selection constraint\\nand specifies a map of key-value pairs. For the pod to be eligible\\nto run on a node, the node must have each of the indicated key-value pairs\\nas labels (it can have additional labels as well).\\nIf unset, the pod(s) will be scheduled to any available node."', args=[d.arg(name='nodeSelector', type=d.T.object)]), + withNodeSelector(nodeSelector): { spec+: { contour+: { nodePlacement+: { nodeSelector: nodeSelector } } } }, + '#withNodeSelectorMixin':: d.fn(help='"NodeSelector is the simplest recommended form of node selection constraint\\nand specifies a map of key-value pairs. For the pod to be eligible\\nto run on a node, the node must have each of the indicated key-value pairs\\nas labels (it can have additional labels as well).\\nIf unset, the pod(s) will be scheduled to any available node."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='nodeSelector', type=d.T.object)]), + withNodeSelectorMixin(nodeSelector): { spec+: { contour+: { nodePlacement+: { nodeSelector+: nodeSelector } } } }, + '#withTolerations':: d.fn(help='"Tolerations work with taints to ensure that pods are not scheduled\\nonto inappropriate nodes. One or more taints are applied to a node; this\\nmarks that the node should not accept any pods that do not tolerate the\\ntaints.\\nThe default is an empty list.\\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\\nfor additional details."', args=[d.arg(name='tolerations', type=d.T.array)]), + withTolerations(tolerations): { spec+: { contour+: { nodePlacement+: { tolerations: if std.isArray(v=tolerations) then tolerations else [tolerations] } } } }, + '#withTolerationsMixin':: d.fn(help='"Tolerations work with taints to ensure that pods are not scheduled\\nonto inappropriate nodes. One or more taints are applied to a node; this\\nmarks that the node should not accept any pods that do not tolerate the\\ntaints.\\nThe default is an empty list.\\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\\nfor additional details."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='tolerations', type=d.T.array)]), + withTolerationsMixin(tolerations): { spec+: { contour+: { nodePlacement+: { tolerations+: if std.isArray(v=tolerations) then tolerations else [tolerations] } } } }, + }, + '#resources':: d.obj(help='"Compute Resources required by contour container.\\nCannot be updated.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"'), + resources: { + '#claims':: d.obj(help='"Claims lists the names of resources, defined in spec.resourceClaims,\\nthat are used by this container.\\nThis is an alpha field and requires enabling the\\nDynamicResourceAllocation feature gate.\\nThis field is immutable. It can only be set for containers."'), + claims: { + '#withName':: d.fn(help='"Name must match the name of one entry in pod.spec.resourceClaims of\\nthe Pod where this field is used. It makes that resource available\\ninside a container."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withClaims':: d.fn(help='"Claims lists the names of resources, defined in spec.resourceClaims,\\nthat are used by this container.\\nThis is an alpha field and requires enabling the\\nDynamicResourceAllocation feature gate.\\nThis field is immutable. It can only be set for containers."', args=[d.arg(name='claims', type=d.T.array)]), + withClaims(claims): { spec+: { contour+: { resources+: { claims: if std.isArray(v=claims) then claims else [claims] } } } }, + '#withClaimsMixin':: d.fn(help='"Claims lists the names of resources, defined in spec.resourceClaims,\\nthat are used by this container.\\nThis is an alpha field and requires enabling the\\nDynamicResourceAllocation feature gate.\\nThis field is immutable. It can only be set for containers."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='claims', type=d.T.array)]), + withClaimsMixin(claims): { spec+: { contour+: { resources+: { claims+: if std.isArray(v=claims) then claims else [claims] } } } }, + '#withLimits':: d.fn(help='"Limits describes the maximum amount of compute resources allowed.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"', args=[d.arg(name='limits', type=d.T.object)]), + withLimits(limits): { spec+: { contour+: { resources+: { limits: limits } } } }, + '#withLimitsMixin':: d.fn(help='"Limits describes the maximum amount of compute resources allowed.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='limits', type=d.T.object)]), + withLimitsMixin(limits): { spec+: { contour+: { resources+: { limits+: limits } } } }, + '#withRequests':: d.fn(help='"Requests describes the minimum amount of compute resources required.\\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\\notherwise to an implementation-defined value. Requests cannot exceed Limits.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"', args=[d.arg(name='requests', type=d.T.object)]), + withRequests(requests): { spec+: { contour+: { resources+: { requests: requests } } } }, + '#withRequestsMixin':: d.fn(help='"Requests describes the minimum amount of compute resources required.\\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\\notherwise to an implementation-defined value. Requests cannot exceed Limits.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='requests', type=d.T.object)]), + withRequestsMixin(requests): { spec+: { contour+: { resources+: { requests+: requests } } } }, + }, + '#withDisabledFeatures':: d.fn(help='"DisabledFeatures defines an array of resources that will be ignored by\\ncontour reconciler."', args=[d.arg(name='disabledFeatures', type=d.T.array)]), + withDisabledFeatures(disabledFeatures): { spec+: { contour+: { disabledFeatures: if std.isArray(v=disabledFeatures) then disabledFeatures else [disabledFeatures] } } }, + '#withDisabledFeaturesMixin':: d.fn(help='"DisabledFeatures defines an array of resources that will be ignored by\\ncontour reconciler."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='disabledFeatures', type=d.T.array)]), + withDisabledFeaturesMixin(disabledFeatures): { spec+: { contour+: { disabledFeatures+: if std.isArray(v=disabledFeatures) then disabledFeatures else [disabledFeatures] } } }, + '#withKubernetesLogLevel':: d.fn(help='"KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset,\\ndefaults to 0."', args=[d.arg(name='kubernetesLogLevel', type=d.T.integer)]), + withKubernetesLogLevel(kubernetesLogLevel): { spec+: { contour+: { kubernetesLogLevel: kubernetesLogLevel } } }, + '#withLogLevel':: d.fn(help='"LogLevel sets the log level for Contour\\nAllowed values are \\"info\\", \\"debug\\"."', args=[d.arg(name='logLevel', type=d.T.string)]), + withLogLevel(logLevel): { spec+: { contour+: { logLevel: logLevel } } }, + '#withPodAnnotations':: d.fn(help='"PodAnnotations defines annotations to add to the Contour pods.\\nthe annotations for Prometheus will be appended or overwritten with predefined value."', args=[d.arg(name='podAnnotations', type=d.T.object)]), + withPodAnnotations(podAnnotations): { spec+: { contour+: { podAnnotations: podAnnotations } } }, + '#withPodAnnotationsMixin':: d.fn(help='"PodAnnotations defines annotations to add to the Contour pods.\\nthe annotations for Prometheus will be appended or overwritten with predefined value."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='podAnnotations', type=d.T.object)]), + withPodAnnotationsMixin(podAnnotations): { spec+: { contour+: { podAnnotations+: podAnnotations } } }, + '#withReplicas':: d.fn(help='"Deprecated: Use `DeploymentSettings.Replicas` instead.\\nReplicas is the desired number of Contour replicas. If if unset,\\ndefaults to 2.\\nif both `DeploymentSettings.Replicas` and this one is set, use `DeploymentSettings.Replicas`."', args=[d.arg(name='replicas', type=d.T.integer)]), + withReplicas(replicas): { spec+: { contour+: { replicas: replicas } } }, + '#withWatchNamespaces':: d.fn(help='"WatchNamespaces is an array of namespaces. Setting it will instruct the contour instance\\nto only watch this subset of namespaces."', args=[d.arg(name='watchNamespaces', type=d.T.array)]), + withWatchNamespaces(watchNamespaces): { spec+: { contour+: { watchNamespaces: if std.isArray(v=watchNamespaces) then watchNamespaces else [watchNamespaces] } } }, + '#withWatchNamespacesMixin':: d.fn(help='"WatchNamespaces is an array of namespaces. Setting it will instruct the contour instance\\nto only watch this subset of namespaces."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='watchNamespaces', type=d.T.array)]), + withWatchNamespacesMixin(watchNamespaces): { spec+: { contour+: { watchNamespaces+: if std.isArray(v=watchNamespaces) then watchNamespaces else [watchNamespaces] } } }, + }, + '#envoy':: d.obj(help='"Envoy specifies deployment-time settings for the Envoy\\npart of the installation, i.e. the xDS client/data plane\\nand associated resources, including things like the workload\\ntype to use (DaemonSet or Deployment), node placement constraints\\nfor the pods, and various options for the Envoy service."'), + envoy: { + '#daemonSet':: d.obj(help="\"DaemonSet describes the settings for running envoy as a `DaemonSet`.\\nif `WorkloadType` is `Deployment`,it's must be nil\""), + daemonSet: { + '#updateStrategy':: d.obj(help='"Strategy describes the deployment strategy to use to replace existing DaemonSet pods with new pods."'), + updateStrategy: { + '#rollingUpdate':: d.obj(help='"Rolling update config params. Present only if type = \\"RollingUpdate\\".\\n---\\nTODO: Update this to follow our convention for oneOf, whatever we decide it\\nto be. Same as Deployment `strategy.rollingUpdate`.\\nSee https://github.com/kubernetes/kubernetes/issues/35345"'), + rollingUpdate: { + '#withMaxSurge':: d.fn(help='"The maximum number of nodes with an existing available DaemonSet pod that\\ncan have an updated DaemonSet pod during during an update.\\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\\nThis can not be 0 if MaxUnavailable is 0.\\nAbsolute number is calculated from percentage by rounding up to a minimum of 1.\\nDefault value is 0.\\nExample: when this is set to 30%, at most 30% of the total number of nodes\\nthat should be running the daemon pod (i.e. status.desiredNumberScheduled)\\ncan have their a new pod created before the old pod is marked as deleted.\\nThe update starts by launching new pods on 30% of nodes. Once an updated\\npod is available (Ready for at least minReadySeconds) the old DaemonSet pod\\non that node is marked deleted. If the old pod becomes unavailable for any\\nreason (Ready transitions to false, is evicted, or is drained) an updated\\npod is immediatedly created on that node without considering surge limits.\\nAllowing surge implies the possibility that the resources consumed by the\\ndaemonset on any given node can double if the readiness check fails, and\\nso resource intensive daemonsets should take into account that they may\\ncause evictions during disruption."', args=[d.arg(name='maxSurge', type=d.T.any)]), + withMaxSurge(maxSurge): { spec+: { envoy+: { daemonSet+: { updateStrategy+: { rollingUpdate+: { maxSurge: maxSurge } } } } } }, + '#withMaxUnavailable':: d.fn(help='"The maximum number of DaemonSet pods that can be unavailable during the\\nupdate. Value can be an absolute number (ex: 5) or a percentage of total\\nnumber of DaemonSet pods at the start of the update (ex: 10%). Absolute\\nnumber is calculated from percentage by rounding up.\\nThis cannot be 0 if MaxSurge is 0\\nDefault value is 1.\\nExample: when this is set to 30%, at most 30% of the total number of nodes\\nthat should be running the daemon pod (i.e. status.desiredNumberScheduled)\\ncan have their pods stopped for an update at any given time. The update\\nstarts by stopping at most 30% of those DaemonSet pods and then brings\\nup new DaemonSet pods in their place. Once the new pods are available,\\nit then proceeds onto other DaemonSet pods, thus ensuring that at least\\n70% of original number of DaemonSet pods are available at all times during\\nthe update."', args=[d.arg(name='maxUnavailable', type=d.T.any)]), + withMaxUnavailable(maxUnavailable): { spec+: { envoy+: { daemonSet+: { updateStrategy+: { rollingUpdate+: { maxUnavailable: maxUnavailable } } } } } }, + }, + '#withType':: d.fn(help='"Type of daemon set update. Can be \\"RollingUpdate\\" or \\"OnDelete\\". Default is RollingUpdate."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { spec+: { envoy+: { daemonSet+: { updateStrategy+: { type: type } } } } }, + }, + }, + '#deployment':: d.obj(help="\"Deployment describes the settings for running envoy as a `Deployment`.\\nif `WorkloadType` is `DaemonSet`,it's must be nil\""), + deployment: { + '#strategy':: d.obj(help='"Strategy describes the deployment strategy to use to replace existing pods with new pods."'), + strategy: { + '#rollingUpdate':: d.obj(help='"Rolling update config params. Present only if DeploymentStrategyType =\\nRollingUpdate.\\n---\\nTODO: Update this to follow our convention for oneOf, whatever we decide it\\nto be."'), + rollingUpdate: { + '#withMaxSurge':: d.fn(help='"The maximum number of pods that can be scheduled above the desired number of\\npods.\\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\\nThis can not be 0 if MaxUnavailable is 0.\\nAbsolute number is calculated from percentage by rounding up.\\nDefaults to 25%.\\nExample: when this is set to 30%, the new ReplicaSet can be scaled up immediately when\\nthe rolling update starts, such that the total number of old and new pods do not exceed\\n130% of desired pods. Once old pods have been killed,\\nnew ReplicaSet can be scaled up further, ensuring that total number of pods running\\nat any time during the update is at most 130% of desired pods."', args=[d.arg(name='maxSurge', type=d.T.any)]), + withMaxSurge(maxSurge): { spec+: { envoy+: { deployment+: { strategy+: { rollingUpdate+: { maxSurge: maxSurge } } } } } }, + '#withMaxUnavailable':: d.fn(help='"The maximum number of pods that can be unavailable during the update.\\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\\nAbsolute number is calculated from percentage by rounding down.\\nThis can not be 0 if MaxSurge is 0.\\nDefaults to 25%.\\nExample: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods\\nimmediately when the rolling update starts. Once new pods are ready, old ReplicaSet\\ncan be scaled down further, followed by scaling up the new ReplicaSet, ensuring\\nthat the total number of pods available at all times during the update is at\\nleast 70% of desired pods."', args=[d.arg(name='maxUnavailable', type=d.T.any)]), + withMaxUnavailable(maxUnavailable): { spec+: { envoy+: { deployment+: { strategy+: { rollingUpdate+: { maxUnavailable: maxUnavailable } } } } } }, + }, + '#withType':: d.fn(help='"Type of deployment. Can be \\"Recreate\\" or \\"RollingUpdate\\". Default is RollingUpdate."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { spec+: { envoy+: { deployment+: { strategy+: { type: type } } } } }, + }, + '#withReplicas':: d.fn(help='"Replicas is the desired number of replicas."', args=[d.arg(name='replicas', type=d.T.integer)]), + withReplicas(replicas): { spec+: { envoy+: { deployment+: { replicas: replicas } } } }, + }, + '#extraVolumeMounts':: d.obj(help='"ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes)."'), + extraVolumeMounts: { + '#withMountPath':: d.fn(help="\"Path within the container at which the volume should be mounted. Must\\nnot contain ':'.\"", args=[d.arg(name='mountPath', type=d.T.string)]), + withMountPath(mountPath): { mountPath: mountPath }, + '#withMountPropagation':: d.fn(help='"mountPropagation determines how mounts are propagated from the host\\nto container and the other way around.\\nWhen not set, MountPropagationNone is used.\\nThis field is beta in 1.10.\\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\\n(which defaults to None)."', args=[d.arg(name='mountPropagation', type=d.T.string)]), + withMountPropagation(mountPropagation): { mountPropagation: mountPropagation }, + '#withName':: d.fn(help='"This must match the Name of a Volume."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withReadOnly':: d.fn(help='"Mounted read-only if true, read-write otherwise (false or unspecified).\\nDefaults to false."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { readOnly: readOnly }, + '#withRecursiveReadOnly':: d.fn(help='"RecursiveReadOnly specifies whether read-only mounts should be handled\\nrecursively.\\nIf ReadOnly is false, this field has no meaning and must be unspecified.\\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\\nrecursively read-only. If this field is set to IfPossible, the mount is made\\nrecursively read-only, if it is supported by the container runtime. If this\\nfield is set to Enabled, the mount is made recursively read-only if it is\\nsupported by the container runtime, otherwise the pod will not be started and\\nan error will be generated to indicate the reason.\\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\\nNone (or be unspecified, which defaults to None).\\nIf this field is not specified, it is treated as an equivalent of Disabled."', args=[d.arg(name='recursiveReadOnly', type=d.T.string)]), + withRecursiveReadOnly(recursiveReadOnly): { recursiveReadOnly: recursiveReadOnly }, + '#withSubPath':: d.fn(help="\"Path within the volume from which the container's volume should be mounted.\\nDefaults to \\\"\\\" (volume's root).\"", args=[d.arg(name='subPath', type=d.T.string)]), + withSubPath(subPath): { subPath: subPath }, + '#withSubPathExpr':: d.fn(help="\"Expanded path within the volume from which the container's volume should be mounted.\\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\\nDefaults to \\\"\\\" (volume's root).\\nSubPathExpr and SubPath are mutually exclusive.\"", args=[d.arg(name='subPathExpr', type=d.T.string)]), + withSubPathExpr(subPathExpr): { subPathExpr: subPathExpr }, + }, + '#extraVolumes':: d.obj(help='"ExtraVolumes holds the extra volumes to add."'), + extraVolumes: { + '#awsElasticBlockStore':: d.obj(help="\"awsElasticBlockStore represents an AWS Disk resource that is attached to a\\nkubelet's host machine and then exposed to the pod.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\""), + awsElasticBlockStore: { + '#withFsType':: d.fn(help='"fsType is the filesystem type of the volume that you want to mount.\\nTip: Ensure that the filesystem type is supported by the host operating system.\\nExamples: \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\\nTODO: how do we prevent errors in the filesystem from compromising the machine"', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { awsElasticBlockStore+: { fsType: fsType } }, + '#withPartition':: d.fn(help='"partition is the partition in the volume that you want to mount.\\nIf omitted, the default is to mount by volume name.\\nExamples: For volume /dev/sda1, you specify the partition as \\"1\\".\\nSimilarly, the volume partition for /dev/sda is \\"0\\" (or you can leave the property empty)."', args=[d.arg(name='partition', type=d.T.integer)]), + withPartition(partition): { awsElasticBlockStore+: { partition: partition } }, + '#withReadOnly':: d.fn(help='"readOnly value true will force the readOnly setting in VolumeMounts.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { awsElasticBlockStore+: { readOnly: readOnly } }, + '#withVolumeID':: d.fn(help='"volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore"', args=[d.arg(name='volumeID', type=d.T.string)]), + withVolumeID(volumeID): { awsElasticBlockStore+: { volumeID: volumeID } }, + }, + '#azureDisk':: d.obj(help='"azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod."'), + azureDisk: { + '#withCachingMode':: d.fn(help='"cachingMode is the Host Caching mode: None, Read Only, Read Write."', args=[d.arg(name='cachingMode', type=d.T.string)]), + withCachingMode(cachingMode): { azureDisk+: { cachingMode: cachingMode } }, + '#withDiskName':: d.fn(help='"diskName is the Name of the data disk in the blob storage"', args=[d.arg(name='diskName', type=d.T.string)]), + withDiskName(diskName): { azureDisk+: { diskName: diskName } }, + '#withDiskURI':: d.fn(help='"diskURI is the URI of data disk in the blob storage"', args=[d.arg(name='diskURI', type=d.T.string)]), + withDiskURI(diskURI): { azureDisk+: { diskURI: diskURI } }, + '#withFsType':: d.fn(help='"fsType is Filesystem type to mount.\\nMust be a filesystem type supported by the host operating system.\\nEx. \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified."', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { azureDisk+: { fsType: fsType } }, + '#withKind':: d.fn(help='"kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { azureDisk+: { kind: kind } }, + '#withReadOnly':: d.fn(help='"readOnly Defaults to false (read/write). ReadOnly here will force\\nthe ReadOnly setting in VolumeMounts."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { azureDisk+: { readOnly: readOnly } }, + }, + '#azureFile':: d.obj(help='"azureFile represents an Azure File Service mount on the host and bind mount to the pod."'), + azureFile: { + '#withReadOnly':: d.fn(help='"readOnly defaults to false (read/write). ReadOnly here will force\\nthe ReadOnly setting in VolumeMounts."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { azureFile+: { readOnly: readOnly } }, + '#withSecretName':: d.fn(help='"secretName is the name of secret that contains Azure Storage Account Name and Key"', args=[d.arg(name='secretName', type=d.T.string)]), + withSecretName(secretName): { azureFile+: { secretName: secretName } }, + '#withShareName':: d.fn(help='"shareName is the azure share Name"', args=[d.arg(name='shareName', type=d.T.string)]), + withShareName(shareName): { azureFile+: { shareName: shareName } }, + }, + '#cephfs':: d.obj(help="\"cephFS represents a Ceph FS mount on the host that shares a pod's lifetime\""), + cephfs: { + '#secretRef':: d.obj(help='"secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"'), + secretRef: { + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { cephfs+: { secretRef+: { name: name } } }, + }, + '#withMonitors':: d.fn(help='"monitors is Required: Monitors is a collection of Ceph monitors\\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"', args=[d.arg(name='monitors', type=d.T.array)]), + withMonitors(monitors): { cephfs+: { monitors: if std.isArray(v=monitors) then monitors else [monitors] } }, + '#withMonitorsMixin':: d.fn(help='"monitors is Required: Monitors is a collection of Ceph monitors\\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='monitors', type=d.T.array)]), + withMonitorsMixin(monitors): { cephfs+: { monitors+: if std.isArray(v=monitors) then monitors else [monitors] } }, + '#withPath':: d.fn(help='"path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /"', args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { cephfs+: { path: path } }, + '#withReadOnly':: d.fn(help='"readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\\nthe ReadOnly setting in VolumeMounts.\\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { cephfs+: { readOnly: readOnly } }, + '#withSecretFile':: d.fn(help='"secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"', args=[d.arg(name='secretFile', type=d.T.string)]), + withSecretFile(secretFile): { cephfs+: { secretFile: secretFile } }, + '#withUser':: d.fn(help='"user is optional: User is the rados user name, default is admin\\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"', args=[d.arg(name='user', type=d.T.string)]), + withUser(user): { cephfs+: { user: user } }, + }, + '#cinder':: d.obj(help='"cinder represents a cinder volume attached and mounted on kubelets host machine.\\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md"'), + cinder: { + '#secretRef':: d.obj(help='"secretRef is optional: points to a secret object containing parameters used to connect\\nto OpenStack."'), + secretRef: { + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { cinder+: { secretRef+: { name: name } } }, + }, + '#withFsType':: d.fn(help='"fsType is the filesystem type to mount.\\nMust be a filesystem type supported by the host operating system.\\nExamples: \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified.\\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md"', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { cinder+: { fsType: fsType } }, + '#withReadOnly':: d.fn(help='"readOnly defaults to false (read/write). ReadOnly here will force\\nthe ReadOnly setting in VolumeMounts.\\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md"', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { cinder+: { readOnly: readOnly } }, + '#withVolumeID':: d.fn(help='"volumeID used to identify the volume in cinder.\\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md"', args=[d.arg(name='volumeID', type=d.T.string)]), + withVolumeID(volumeID): { cinder+: { volumeID: volumeID } }, + }, + '#configMap':: d.obj(help='"configMap represents a configMap that should populate this volume"'), + configMap: { + '#items':: d.obj(help="\"items if unspecified, each key-value pair in the Data field of the referenced\\nConfigMap will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the ConfigMap,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\""), + items: { + '#withKey':: d.fn(help='"key is the key to project."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withMode':: d.fn(help='"mode is Optional: mode bits used to set permissions on this file.\\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\\nIf not specified, the volume defaultMode will be used.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='mode', type=d.T.integer)]), + withMode(mode): { mode: mode }, + '#withPath':: d.fn(help="\"path is the relative path of the file to map the key to.\\nMay not be an absolute path.\\nMay not contain the path element '..'.\\nMay not start with the string '..'.\"", args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { path: path }, + }, + '#withDefaultMode':: d.fn(help='"defaultMode is optional: mode bits used to set permissions on created files by default.\\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\\nDefaults to 0644.\\nDirectories within the path are not affected by this setting.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='defaultMode', type=d.T.integer)]), + withDefaultMode(defaultMode): { configMap+: { defaultMode: defaultMode } }, + '#withItems':: d.fn(help="\"items if unspecified, each key-value pair in the Data field of the referenced\\nConfigMap will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the ConfigMap,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\"", args=[d.arg(name='items', type=d.T.array)]), + withItems(items): { configMap+: { items: if std.isArray(v=items) then items else [items] } }, + '#withItemsMixin':: d.fn(help="\"items if unspecified, each key-value pair in the Data field of the referenced\\nConfigMap will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the ConfigMap,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='items', type=d.T.array)]), + withItemsMixin(items): { configMap+: { items+: if std.isArray(v=items) then items else [items] } }, + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { configMap+: { name: name } }, + '#withOptional':: d.fn(help='"optional specify whether the ConfigMap or its keys must be defined"', args=[d.arg(name='optional', type=d.T.boolean)]), + withOptional(optional): { configMap+: { optional: optional } }, + }, + '#csi':: d.obj(help='"csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)."'), + csi: { + '#nodePublishSecretRef':: d.obj(help='"nodePublishSecretRef is a reference to the secret object containing\\nsensitive information to pass to the CSI driver to complete the CSI\\nNodePublishVolume and NodeUnpublishVolume calls.\\nThis field is optional, and may be empty if no secret is required. If the\\nsecret object contains more than one secret, all secret references are passed."'), + nodePublishSecretRef: { + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { csi+: { nodePublishSecretRef+: { name: name } } }, + }, + '#withDriver':: d.fn(help='"driver is the name of the CSI driver that handles this volume.\\nConsult with your admin for the correct name as registered in the cluster."', args=[d.arg(name='driver', type=d.T.string)]), + withDriver(driver): { csi+: { driver: driver } }, + '#withFsType':: d.fn(help='"fsType to mount. Ex. \\"ext4\\", \\"xfs\\", \\"ntfs\\".\\nIf not provided, the empty value is passed to the associated CSI driver\\nwhich will determine the default filesystem to apply."', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { csi+: { fsType: fsType } }, + '#withReadOnly':: d.fn(help='"readOnly specifies a read-only configuration for the volume.\\nDefaults to false (read/write)."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { csi+: { readOnly: readOnly } }, + '#withVolumeAttributes':: d.fn(help="\"volumeAttributes stores driver-specific properties that are passed to the CSI\\ndriver. Consult your driver's documentation for supported values.\"", args=[d.arg(name='volumeAttributes', type=d.T.object)]), + withVolumeAttributes(volumeAttributes): { csi+: { volumeAttributes: volumeAttributes } }, + '#withVolumeAttributesMixin':: d.fn(help="\"volumeAttributes stores driver-specific properties that are passed to the CSI\\ndriver. Consult your driver's documentation for supported values.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='volumeAttributes', type=d.T.object)]), + withVolumeAttributesMixin(volumeAttributes): { csi+: { volumeAttributes+: volumeAttributes } }, + }, + '#downwardAPI':: d.obj(help='"downwardAPI represents downward API about the pod that should populate this volume"'), + downwardAPI: { + '#items':: d.obj(help='"Items is a list of downward API volume file"'), + items: { + '#fieldRef':: d.obj(help='"Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported."'), + fieldRef: { + '#withApiVersion':: d.fn(help='"Version of the schema the FieldPath is written in terms of, defaults to \\"v1\\"."', args=[d.arg(name='apiVersion', type=d.T.string)]), + withApiVersion(apiVersion): { fieldRef+: { apiVersion: apiVersion } }, + '#withFieldPath':: d.fn(help='"Path of the field to select in the specified API version."', args=[d.arg(name='fieldPath', type=d.T.string)]), + withFieldPath(fieldPath): { fieldRef+: { fieldPath: fieldPath } }, + }, + '#resourceFieldRef':: d.obj(help='"Selects a resource of the container: only resources limits and requests\\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported."'), + resourceFieldRef: { + '#withContainerName':: d.fn(help='"Container name: required for volumes, optional for env vars"', args=[d.arg(name='containerName', type=d.T.string)]), + withContainerName(containerName): { resourceFieldRef+: { containerName: containerName } }, + '#withDivisor':: d.fn(help='"Specifies the output format of the exposed resources, defaults to \\"1\\', args=[d.arg(name='divisor', type=d.T.any)]), + withDivisor(divisor): { resourceFieldRef+: { divisor: divisor } }, + '#withResource':: d.fn(help='"Required: resource to select"', args=[d.arg(name='resource', type=d.T.string)]), + withResource(resource): { resourceFieldRef+: { resource: resource } }, + }, + '#withMode':: d.fn(help='"Optional: mode bits used to set permissions on this file, must be an octal value\\nbetween 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\\nIf not specified, the volume defaultMode will be used.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='mode', type=d.T.integer)]), + withMode(mode): { mode: mode }, + '#withPath':: d.fn(help="\"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'\"", args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { path: path }, + }, + '#withDefaultMode':: d.fn(help='"Optional: mode bits to use on created files by default. Must be a\\nOptional: mode bits used to set permissions on created files by default.\\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\\nDefaults to 0644.\\nDirectories within the path are not affected by this setting.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='defaultMode', type=d.T.integer)]), + withDefaultMode(defaultMode): { downwardAPI+: { defaultMode: defaultMode } }, + '#withItems':: d.fn(help='"Items is a list of downward API volume file"', args=[d.arg(name='items', type=d.T.array)]), + withItems(items): { downwardAPI+: { items: if std.isArray(v=items) then items else [items] } }, + '#withItemsMixin':: d.fn(help='"Items is a list of downward API volume file"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='items', type=d.T.array)]), + withItemsMixin(items): { downwardAPI+: { items+: if std.isArray(v=items) then items else [items] } }, + }, + '#emptyDir':: d.obj(help="\"emptyDir represents a temporary directory that shares a pod's lifetime.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir\""), + emptyDir: { + '#withMedium':: d.fn(help="\"medium represents what type of storage medium should back this directory.\\nThe default is \\\"\\\" which means to use the node's default medium.\\nMust be an empty string (default) or Memory.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir\"", args=[d.arg(name='medium', type=d.T.string)]), + withMedium(medium): { emptyDir+: { medium: medium } }, + '#withSizeLimit':: d.fn(help='"sizeLimit is the total amount of local storage required for this EmptyDir volume.\\nThe size limit is also applicable for memory medium.\\nThe maximum usage on memory medium EmptyDir would be the minimum value between\\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\\nThe default is nil which means that the limit is undefined.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir"', args=[d.arg(name='sizeLimit', type=d.T.any)]), + withSizeLimit(sizeLimit): { emptyDir+: { sizeLimit: sizeLimit } }, + }, + '#ephemeral':: d.obj(help="\"ephemeral represents a volume that is handled by a cluster storage driver.\\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\\nand deleted when the pod is removed.\\nUse this if:\\na) the volume is only needed while the pod runs,\\nb) features of normal volumes like restoring from snapshot or capacity\\n tracking are needed,\\nc) the storage driver is specified through a storage class, and\\nd) the storage driver supports dynamic volume provisioning through\\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\\n information on the connection between this volume type\\n and PersistentVolumeClaim).\\nUse PersistentVolumeClaim or one of the vendor-specific\\nAPIs for volumes that persist for longer than the lifecycle\\nof an individual pod.\\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\\nbe used that way - see the documentation of the driver for\\nmore information.\\nA pod can use both types of ephemeral volumes and\\npersistent volumes at the same time.\""), + ephemeral: { + '#volumeClaimTemplate':: d.obj(help='"Will be used to create a stand-alone PVC to provision the volume.\\nThe pod in which this EphemeralVolumeSource is embedded will be the\\nowner of the PVC, i.e. the PVC will be deleted together with the\\npod. The name of the PVC will be `-` where\\n`` is the name from the `PodSpec.Volumes` array\\nentry. Pod validation will reject the pod if the concatenated name\\nis not valid for a PVC (for example, too long).\\nAn existing PVC with that name that is not owned by the pod\\nwill *not* be used for the pod to avoid using an unrelated\\nvolume by mistake. Starting the pod is then blocked until\\nthe unrelated PVC is removed. If such a pre-created PVC is\\nmeant to be used by the pod, the PVC has to updated with an\\nowner reference to the pod once the pod exists. Normally\\nthis should not be necessary, but it may be useful when\\nmanually reconstructing a broken cluster.\\nThis field is read-only and no changes will be made by Kubernetes\\nto the PVC after it has been created.\\nRequired, must not be nil."'), + volumeClaimTemplate: { + '#spec':: d.obj(help='"The specification for the PersistentVolumeClaim. The entire content is\\ncopied unchanged into the PVC that gets created from this\\ntemplate. The same fields as in a PersistentVolumeClaim\\nare also valid here."'), + spec: { + '#dataSource':: d.obj(help='"dataSource field can be used to specify either:\\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\\n* An existing PVC (PersistentVolumeClaim)\\nIf the provisioner or an external controller can support the specified data source,\\nit will create a new volume based on the contents of the specified data source.\\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource."'), + dataSource: { + '#withApiGroup':: d.fn(help='"APIGroup is the group for the resource being referenced.\\nIf APIGroup is not specified, the specified Kind must be in the core API group.\\nFor any other third-party types, APIGroup is required."', args=[d.arg(name='apiGroup', type=d.T.string)]), + withApiGroup(apiGroup): { ephemeral+: { volumeClaimTemplate+: { spec+: { dataSource+: { apiGroup: apiGroup } } } } }, + '#withKind':: d.fn(help='"Kind is the type of resource being referenced"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { ephemeral+: { volumeClaimTemplate+: { spec+: { dataSource+: { kind: kind } } } } }, + '#withName':: d.fn(help='"Name is the name of resource being referenced"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { ephemeral+: { volumeClaimTemplate+: { spec+: { dataSource+: { name: name } } } } }, + }, + '#dataSourceRef':: d.obj(help="\"dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\\nvolume is desired. This may be any object from a non-empty API group (non\\ncore object) or a PersistentVolumeClaim object.\\nWhen this field is specified, volume binding will only succeed if the type of\\nthe specified object matches some installed volume populator or dynamic\\nprovisioner.\\nThis field will replace the functionality of the dataSource field and as such\\nif both fields are non-empty, they must have the same value. For backwards\\ncompatibility, when namespace isn't specified in dataSourceRef,\\nboth fields (dataSource and dataSourceRef) will be set to the same\\nvalue automatically if one of them is empty and the other is non-empty.\\nWhen namespace is specified in dataSourceRef,\\ndataSource isn't set to the same value and must be empty.\\nThere are three important differences between dataSource and dataSourceRef:\\n* While dataSource only allows two specific types of objects, dataSourceRef\\n allows any non-core object, as well as PersistentVolumeClaim objects.\\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\\n preserves all values, and generates an error if a disallowed value is\\n specified.\\n* While dataSource only allows local objects, dataSourceRef allows objects\\n in any namespaces.\\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.\""), + dataSourceRef: { + '#withApiGroup':: d.fn(help='"APIGroup is the group for the resource being referenced.\\nIf APIGroup is not specified, the specified Kind must be in the core API group.\\nFor any other third-party types, APIGroup is required."', args=[d.arg(name='apiGroup', type=d.T.string)]), + withApiGroup(apiGroup): { ephemeral+: { volumeClaimTemplate+: { spec+: { dataSourceRef+: { apiGroup: apiGroup } } } } }, + '#withKind':: d.fn(help='"Kind is the type of resource being referenced"', args=[d.arg(name='kind', type=d.T.string)]), + withKind(kind): { ephemeral+: { volumeClaimTemplate+: { spec+: { dataSourceRef+: { kind: kind } } } } }, + '#withName':: d.fn(help='"Name is the name of resource being referenced"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { ephemeral+: { volumeClaimTemplate+: { spec+: { dataSourceRef+: { name: name } } } } }, + '#withNamespace':: d.fn(help="\"Namespace is the namespace of resource being referenced\\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.\"", args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { ephemeral+: { volumeClaimTemplate+: { spec+: { dataSourceRef+: { namespace: namespace } } } } }, + }, + '#resources':: d.obj(help='"resources represents the minimum resources the volume should have.\\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\\nthat are lower than previous value but must still be higher than capacity recorded in the\\nstatus field of the claim.\\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources"'), + resources: { + '#withLimits':: d.fn(help='"Limits describes the maximum amount of compute resources allowed.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"', args=[d.arg(name='limits', type=d.T.object)]), + withLimits(limits): { ephemeral+: { volumeClaimTemplate+: { spec+: { resources+: { limits: limits } } } } }, + '#withLimitsMixin':: d.fn(help='"Limits describes the maximum amount of compute resources allowed.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='limits', type=d.T.object)]), + withLimitsMixin(limits): { ephemeral+: { volumeClaimTemplate+: { spec+: { resources+: { limits+: limits } } } } }, + '#withRequests':: d.fn(help='"Requests describes the minimum amount of compute resources required.\\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\\notherwise to an implementation-defined value. Requests cannot exceed Limits.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"', args=[d.arg(name='requests', type=d.T.object)]), + withRequests(requests): { ephemeral+: { volumeClaimTemplate+: { spec+: { resources+: { requests: requests } } } } }, + '#withRequestsMixin':: d.fn(help='"Requests describes the minimum amount of compute resources required.\\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\\notherwise to an implementation-defined value. Requests cannot exceed Limits.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='requests', type=d.T.object)]), + withRequestsMixin(requests): { ephemeral+: { volumeClaimTemplate+: { spec+: { resources+: { requests+: requests } } } } }, + }, + '#selector':: d.obj(help='"selector is a label query over volumes to consider for binding."'), + selector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values.\\nValid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { ephemeral+: { volumeClaimTemplate+: { spec+: { selector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { ephemeral+: { volumeClaimTemplate+: { spec+: { selector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { ephemeral+: { volumeClaimTemplate+: { spec+: { selector+: { matchLabels: matchLabels } } } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { ephemeral+: { volumeClaimTemplate+: { spec+: { selector+: { matchLabels+: matchLabels } } } } }, + }, + '#withAccessModes':: d.fn(help='"accessModes contains the desired access modes the volume should have.\\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"', args=[d.arg(name='accessModes', type=d.T.array)]), + withAccessModes(accessModes): { ephemeral+: { volumeClaimTemplate+: { spec+: { accessModes: if std.isArray(v=accessModes) then accessModes else [accessModes] } } } }, + '#withAccessModesMixin':: d.fn(help='"accessModes contains the desired access modes the volume should have.\\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='accessModes', type=d.T.array)]), + withAccessModesMixin(accessModes): { ephemeral+: { volumeClaimTemplate+: { spec+: { accessModes+: if std.isArray(v=accessModes) then accessModes else [accessModes] } } } }, + '#withStorageClassName':: d.fn(help='"storageClassName is the name of the StorageClass required by the claim.\\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1"', args=[d.arg(name='storageClassName', type=d.T.string)]), + withStorageClassName(storageClassName): { ephemeral+: { volumeClaimTemplate+: { spec+: { storageClassName: storageClassName } } } }, + '#withVolumeAttributesClassName':: d.fn(help="\"volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\\nIf specified, the CSI driver will create or update the volume with the attributes defined\\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\\nwill be set by the persistentvolume controller if it exists.\\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\\nexists.\\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.\"", args=[d.arg(name='volumeAttributesClassName', type=d.T.string)]), + withVolumeAttributesClassName(volumeAttributesClassName): { ephemeral+: { volumeClaimTemplate+: { spec+: { volumeAttributesClassName: volumeAttributesClassName } } } }, + '#withVolumeMode':: d.fn(help='"volumeMode defines what type of volume is required by the claim.\\nValue of Filesystem is implied when not included in claim spec."', args=[d.arg(name='volumeMode', type=d.T.string)]), + withVolumeMode(volumeMode): { ephemeral+: { volumeClaimTemplate+: { spec+: { volumeMode: volumeMode } } } }, + '#withVolumeName':: d.fn(help='"volumeName is the binding reference to the PersistentVolume backing this claim."', args=[d.arg(name='volumeName', type=d.T.string)]), + withVolumeName(volumeName): { ephemeral+: { volumeClaimTemplate+: { spec+: { volumeName: volumeName } } } }, + }, + '#withMetadata':: d.fn(help='"May contain labels and annotations that will be copied into the PVC\\nwhen creating it. No other fields are allowed and will be rejected during\\nvalidation."', args=[d.arg(name='metadata', type=d.T.object)]), + withMetadata(metadata): { ephemeral+: { volumeClaimTemplate+: { metadata: metadata } } }, + '#withMetadataMixin':: d.fn(help='"May contain labels and annotations that will be copied into the PVC\\nwhen creating it. No other fields are allowed and will be rejected during\\nvalidation."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='metadata', type=d.T.object)]), + withMetadataMixin(metadata): { ephemeral+: { volumeClaimTemplate+: { metadata+: metadata } } }, + }, + }, + '#fc':: d.obj(help="\"fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.\""), + fc: { + '#withFsType':: d.fn(help='"fsType is the filesystem type to mount.\\nMust be a filesystem type supported by the host operating system.\\nEx. \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified.\\nTODO: how do we prevent errors in the filesystem from compromising the machine"', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { fc+: { fsType: fsType } }, + '#withLun':: d.fn(help='"lun is Optional: FC target lun number"', args=[d.arg(name='lun', type=d.T.integer)]), + withLun(lun): { fc+: { lun: lun } }, + '#withReadOnly':: d.fn(help='"readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\\nthe ReadOnly setting in VolumeMounts."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { fc+: { readOnly: readOnly } }, + '#withTargetWWNs':: d.fn(help='"targetWWNs is Optional: FC target worldwide names (WWNs)"', args=[d.arg(name='targetWWNs', type=d.T.array)]), + withTargetWWNs(targetWWNs): { fc+: { targetWWNs: if std.isArray(v=targetWWNs) then targetWWNs else [targetWWNs] } }, + '#withTargetWWNsMixin':: d.fn(help='"targetWWNs is Optional: FC target worldwide names (WWNs)"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='targetWWNs', type=d.T.array)]), + withTargetWWNsMixin(targetWWNs): { fc+: { targetWWNs+: if std.isArray(v=targetWWNs) then targetWWNs else [targetWWNs] } }, + '#withWwids':: d.fn(help='"wwids Optional: FC volume world wide identifiers (wwids)\\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously."', args=[d.arg(name='wwids', type=d.T.array)]), + withWwids(wwids): { fc+: { wwids: if std.isArray(v=wwids) then wwids else [wwids] } }, + '#withWwidsMixin':: d.fn(help='"wwids Optional: FC volume world wide identifiers (wwids)\\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='wwids', type=d.T.array)]), + withWwidsMixin(wwids): { fc+: { wwids+: if std.isArray(v=wwids) then wwids else [wwids] } }, + }, + '#flexVolume':: d.obj(help='"flexVolume represents a generic volume resource that is\\nprovisioned/attached using an exec based plugin."'), + flexVolume: { + '#secretRef':: d.obj(help='"secretRef is Optional: secretRef is reference to the secret object containing\\nsensitive information to pass to the plugin scripts. This may be\\nempty if no secret object is specified. If the secret object\\ncontains more than one secret, all secrets are passed to the plugin\\nscripts."'), + secretRef: { + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { flexVolume+: { secretRef+: { name: name } } }, + }, + '#withDriver':: d.fn(help='"driver is the name of the driver to use for this volume."', args=[d.arg(name='driver', type=d.T.string)]), + withDriver(driver): { flexVolume+: { driver: driver } }, + '#withFsType':: d.fn(help='"fsType is the filesystem type to mount.\\nMust be a filesystem type supported by the host operating system.\\nEx. \\"ext4\\", \\"xfs\\", \\"ntfs\\". The default filesystem depends on FlexVolume script."', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { flexVolume+: { fsType: fsType } }, + '#withOptions':: d.fn(help='"options is Optional: this field holds extra command options if any."', args=[d.arg(name='options', type=d.T.object)]), + withOptions(options): { flexVolume+: { options: options } }, + '#withOptionsMixin':: d.fn(help='"options is Optional: this field holds extra command options if any."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='options', type=d.T.object)]), + withOptionsMixin(options): { flexVolume+: { options+: options } }, + '#withReadOnly':: d.fn(help='"readOnly is Optional: defaults to false (read/write). ReadOnly here will force\\nthe ReadOnly setting in VolumeMounts."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { flexVolume+: { readOnly: readOnly } }, + }, + '#flocker':: d.obj(help="\"flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running\""), + flocker: { + '#withDatasetName':: d.fn(help='"datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\\nshould be considered as deprecated"', args=[d.arg(name='datasetName', type=d.T.string)]), + withDatasetName(datasetName): { flocker+: { datasetName: datasetName } }, + '#withDatasetUUID':: d.fn(help='"datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset"', args=[d.arg(name='datasetUUID', type=d.T.string)]), + withDatasetUUID(datasetUUID): { flocker+: { datasetUUID: datasetUUID } }, + }, + '#gcePersistentDisk':: d.obj(help="\"gcePersistentDisk represents a GCE Disk resource that is attached to a\\nkubelet's host machine and then exposed to the pod.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\""), + gcePersistentDisk: { + '#withFsType':: d.fn(help='"fsType is filesystem type of the volume that you want to mount.\\nTip: Ensure that the filesystem type is supported by the host operating system.\\nExamples: \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\\nTODO: how do we prevent errors in the filesystem from compromising the machine"', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { gcePersistentDisk+: { fsType: fsType } }, + '#withPartition':: d.fn(help='"partition is the partition in the volume that you want to mount.\\nIf omitted, the default is to mount by volume name.\\nExamples: For volume /dev/sda1, you specify the partition as \\"1\\".\\nSimilarly, the volume partition for /dev/sda is \\"0\\" (or you can leave the property empty).\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"', args=[d.arg(name='partition', type=d.T.integer)]), + withPartition(partition): { gcePersistentDisk+: { partition: partition } }, + '#withPdName':: d.fn(help='"pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"', args=[d.arg(name='pdName', type=d.T.string)]), + withPdName(pdName): { gcePersistentDisk+: { pdName: pdName } }, + '#withReadOnly':: d.fn(help='"readOnly here will force the ReadOnly setting in VolumeMounts.\\nDefaults to false.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk"', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { gcePersistentDisk+: { readOnly: readOnly } }, + }, + '#gitRepo':: d.obj(help="\"gitRepo represents a git repository at a particular revision.\\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\\ninto the Pod's container.\""), + gitRepo: { + '#withDirectory':: d.fn(help="\"directory is the target directory name.\\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\\ngit repository. Otherwise, if specified, the volume will contain the git repository in\\nthe subdirectory with the given name.\"", args=[d.arg(name='directory', type=d.T.string)]), + withDirectory(directory): { gitRepo+: { directory: directory } }, + '#withRepository':: d.fn(help='"repository is the URL"', args=[d.arg(name='repository', type=d.T.string)]), + withRepository(repository): { gitRepo+: { repository: repository } }, + '#withRevision':: d.fn(help='"revision is the commit hash for the specified revision."', args=[d.arg(name='revision', type=d.T.string)]), + withRevision(revision): { gitRepo+: { revision: revision } }, + }, + '#glusterfs':: d.obj(help="\"glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md\""), + glusterfs: { + '#withEndpoints':: d.fn(help='"endpoints is the endpoint name that details Glusterfs topology.\\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"', args=[d.arg(name='endpoints', type=d.T.string)]), + withEndpoints(endpoints): { glusterfs+: { endpoints: endpoints } }, + '#withPath':: d.fn(help='"path is the Glusterfs volume path.\\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"', args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { glusterfs+: { path: path } }, + '#withReadOnly':: d.fn(help='"readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\\nDefaults to false.\\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod"', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { glusterfs+: { readOnly: readOnly } }, + }, + '#hostPath':: d.obj(help='"hostPath represents a pre-existing file or directory on the host\\nmachine that is directly exposed to the container. This is generally\\nused for system agents or other privileged things that are allowed\\nto see the host machine. Most containers will NOT need this.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\\n---\\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\\nmount host directories as read/write."'), + hostPath: { + '#withPath':: d.fn(help='"path of the directory on the host.\\nIf the path is a symlink, it will follow the link to the real path.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"', args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { hostPath+: { path: path } }, + '#withType':: d.fn(help='"type for HostPath Volume\\nDefaults to \\"\\"\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath"', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { hostPath+: { type: type } }, + }, + '#iscsi':: d.obj(help="\"iscsi represents an ISCSI Disk resource that is attached to a\\nkubelet's host machine and then exposed to the pod.\\nMore info: https://examples.k8s.io/volumes/iscsi/README.md\""), + iscsi: { + '#secretRef':: d.obj(help='"secretRef is the CHAP Secret for iSCSI target and initiator authentication"'), + secretRef: { + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { iscsi+: { secretRef+: { name: name } } }, + }, + '#withChapAuthDiscovery':: d.fn(help='"chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication"', args=[d.arg(name='chapAuthDiscovery', type=d.T.boolean)]), + withChapAuthDiscovery(chapAuthDiscovery): { iscsi+: { chapAuthDiscovery: chapAuthDiscovery } }, + '#withChapAuthSession':: d.fn(help='"chapAuthSession defines whether support iSCSI Session CHAP authentication"', args=[d.arg(name='chapAuthSession', type=d.T.boolean)]), + withChapAuthSession(chapAuthSession): { iscsi+: { chapAuthSession: chapAuthSession } }, + '#withFsType':: d.fn(help='"fsType is the filesystem type of the volume that you want to mount.\\nTip: Ensure that the filesystem type is supported by the host operating system.\\nExamples: \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\\nTODO: how do we prevent errors in the filesystem from compromising the machine"', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { iscsi+: { fsType: fsType } }, + '#withInitiatorName':: d.fn(help='"initiatorName is the custom iSCSI Initiator Name.\\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\\n: will be created for the connection."', args=[d.arg(name='initiatorName', type=d.T.string)]), + withInitiatorName(initiatorName): { iscsi+: { initiatorName: initiatorName } }, + '#withIqn':: d.fn(help='"iqn is the target iSCSI Qualified Name."', args=[d.arg(name='iqn', type=d.T.string)]), + withIqn(iqn): { iscsi+: { iqn: iqn } }, + '#withIscsiInterface':: d.fn(help="\"iscsiInterface is the interface Name that uses an iSCSI transport.\\nDefaults to 'default' (tcp).\"", args=[d.arg(name='iscsiInterface', type=d.T.string)]), + withIscsiInterface(iscsiInterface): { iscsi+: { iscsiInterface: iscsiInterface } }, + '#withLun':: d.fn(help='"lun represents iSCSI Target Lun number."', args=[d.arg(name='lun', type=d.T.integer)]), + withLun(lun): { iscsi+: { lun: lun } }, + '#withPortals':: d.fn(help='"portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\\nis other than default (typically TCP ports 860 and 3260)."', args=[d.arg(name='portals', type=d.T.array)]), + withPortals(portals): { iscsi+: { portals: if std.isArray(v=portals) then portals else [portals] } }, + '#withPortalsMixin':: d.fn(help='"portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\\nis other than default (typically TCP ports 860 and 3260)."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='portals', type=d.T.array)]), + withPortalsMixin(portals): { iscsi+: { portals+: if std.isArray(v=portals) then portals else [portals] } }, + '#withReadOnly':: d.fn(help='"readOnly here will force the ReadOnly setting in VolumeMounts.\\nDefaults to false."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { iscsi+: { readOnly: readOnly } }, + '#withTargetPortal':: d.fn(help='"targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\\nis other than default (typically TCP ports 860 and 3260)."', args=[d.arg(name='targetPortal', type=d.T.string)]), + withTargetPortal(targetPortal): { iscsi+: { targetPortal: targetPortal } }, + }, + '#nfs':: d.obj(help="\"nfs represents an NFS mount on the host that shares a pod's lifetime\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs\""), + nfs: { + '#withPath':: d.fn(help='"path that is exported by the NFS server.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"', args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { nfs+: { path: path } }, + '#withReadOnly':: d.fn(help='"readOnly here will force the NFS export to be mounted with read-only permissions.\\nDefaults to false.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { nfs+: { readOnly: readOnly } }, + '#withServer':: d.fn(help='"server is the hostname or IP address of the NFS server.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"', args=[d.arg(name='server', type=d.T.string)]), + withServer(server): { nfs+: { server: server } }, + }, + '#persistentVolumeClaim':: d.obj(help='"persistentVolumeClaimVolumeSource represents a reference to a\\nPersistentVolumeClaim in the same namespace.\\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"'), + persistentVolumeClaim: { + '#withClaimName':: d.fn(help='"claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims"', args=[d.arg(name='claimName', type=d.T.string)]), + withClaimName(claimName): { persistentVolumeClaim+: { claimName: claimName } }, + '#withReadOnly':: d.fn(help='"readOnly Will force the ReadOnly setting in VolumeMounts.\\nDefault false."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { persistentVolumeClaim+: { readOnly: readOnly } }, + }, + '#photonPersistentDisk':: d.obj(help='"photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine"'), + photonPersistentDisk: { + '#withFsType':: d.fn(help='"fsType is the filesystem type to mount.\\nMust be a filesystem type supported by the host operating system.\\nEx. \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified."', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { photonPersistentDisk+: { fsType: fsType } }, + '#withPdID':: d.fn(help='"pdID is the ID that identifies Photon Controller persistent disk"', args=[d.arg(name='pdID', type=d.T.string)]), + withPdID(pdID): { photonPersistentDisk+: { pdID: pdID } }, + }, + '#portworxVolume':: d.obj(help='"portworxVolume represents a portworx volume attached and mounted on kubelets host machine"'), + portworxVolume: { + '#withFsType':: d.fn(help='"fSType represents the filesystem type to mount\\nMust be a filesystem type supported by the host operating system.\\nEx. \\"ext4\\", \\"xfs\\". Implicitly inferred to be \\"ext4\\" if unspecified."', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { portworxVolume+: { fsType: fsType } }, + '#withReadOnly':: d.fn(help='"readOnly defaults to false (read/write). ReadOnly here will force\\nthe ReadOnly setting in VolumeMounts."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { portworxVolume+: { readOnly: readOnly } }, + '#withVolumeID':: d.fn(help='"volumeID uniquely identifies a Portworx volume"', args=[d.arg(name='volumeID', type=d.T.string)]), + withVolumeID(volumeID): { portworxVolume+: { volumeID: volumeID } }, + }, + '#projected':: d.obj(help='"projected items for all in one resources secrets, configmaps, and downward API"'), + projected: { + '#sources':: d.obj(help='"sources is the list of volume projections"'), + sources: { + '#clusterTrustBundle':: d.obj(help='"ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\\nof ClusterTrustBundle objects in an auto-updating file.\\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\\nClusterTrustBundle objects can either be selected by name, or by the\\ncombination of signer name and a label selector.\\nKubelet performs aggressive normalization of the PEM contents written\\ninto the pod filesystem. Esoteric PEM features such as inter-block\\ncomments and block headers are stripped. Certificates are deduplicated.\\nThe ordering of certificates within the file is arbitrary, and Kubelet\\nmay change the order over time."'), + clusterTrustBundle: { + '#labelSelector':: d.obj(help='"Select all ClusterTrustBundles that match this label selector. Only has\\neffect if signerName is set. Mutually-exclusive with name. If unset,\\ninterpreted as \\"match nothing\\". If set but empty, interpreted as \\"match\\neverything\\"."'), + labelSelector: { + '#matchExpressions':: d.obj(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."'), + matchExpressions: { + '#withKey':: d.fn(help='"key is the label key that the selector applies to."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"operator represents a key's relationship to a set of values.\\nValid operators are In, NotIn, Exists and DoesNotExist.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withValues':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."', args=[d.arg(name='values', type=d.T.array)]), + withValues(values): { values: if std.isArray(v=values) then values else [values] }, + '#withValuesMixin':: d.fn(help='"values is an array of string values. If the operator is In or NotIn,\\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\\nthe values array must be empty. This array is replaced during a strategic\\nmerge patch."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='values', type=d.T.array)]), + withValuesMixin(values): { values+: if std.isArray(v=values) then values else [values] }, + }, + '#withMatchExpressions':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressions(matchExpressions): { clusterTrustBundle+: { labelSelector+: { matchExpressions: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } }, + '#withMatchExpressionsMixin':: d.fn(help='"matchExpressions is a list of label selector requirements. The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchExpressions', type=d.T.array)]), + withMatchExpressionsMixin(matchExpressions): { clusterTrustBundle+: { labelSelector+: { matchExpressions+: if std.isArray(v=matchExpressions) then matchExpressions else [matchExpressions] } } }, + '#withMatchLabels':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabels(matchLabels): { clusterTrustBundle+: { labelSelector+: { matchLabels: matchLabels } } }, + '#withMatchLabelsMixin':: d.fn(help='"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\\nmap is equivalent to an element of matchExpressions, whose key field is \\"key\\", the\\noperator is \\"In\\", and the values array contains only \\"value\\". The requirements are ANDed."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='matchLabels', type=d.T.object)]), + withMatchLabelsMixin(matchLabels): { clusterTrustBundle+: { labelSelector+: { matchLabels+: matchLabels } } }, + }, + '#withName':: d.fn(help='"Select a single ClusterTrustBundle by object name. Mutually-exclusive\\nwith signerName and labelSelector."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { clusterTrustBundle+: { name: name } }, + '#withOptional':: d.fn(help="\"If true, don't block pod startup if the referenced ClusterTrustBundle(s)\\naren't available. If using name, then the named ClusterTrustBundle is\\nallowed not to exist. If using signerName, then the combination of\\nsignerName and labelSelector is allowed to match zero\\nClusterTrustBundles.\"", args=[d.arg(name='optional', type=d.T.boolean)]), + withOptional(optional): { clusterTrustBundle+: { optional: optional } }, + '#withPath':: d.fn(help='"Relative path from the volume root to write the bundle."', args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { clusterTrustBundle+: { path: path } }, + '#withSignerName':: d.fn(help='"Select all ClusterTrustBundles that match this signer name.\\nMutually-exclusive with name. The contents of all selected\\nClusterTrustBundles will be unified and deduplicated."', args=[d.arg(name='signerName', type=d.T.string)]), + withSignerName(signerName): { clusterTrustBundle+: { signerName: signerName } }, + }, + '#configMap':: d.obj(help='"configMap information about the configMap data to project"'), + configMap: { + '#items':: d.obj(help="\"items if unspecified, each key-value pair in the Data field of the referenced\\nConfigMap will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the ConfigMap,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\""), + items: { + '#withKey':: d.fn(help='"key is the key to project."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withMode':: d.fn(help='"mode is Optional: mode bits used to set permissions on this file.\\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\\nIf not specified, the volume defaultMode will be used.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='mode', type=d.T.integer)]), + withMode(mode): { mode: mode }, + '#withPath':: d.fn(help="\"path is the relative path of the file to map the key to.\\nMay not be an absolute path.\\nMay not contain the path element '..'.\\nMay not start with the string '..'.\"", args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { path: path }, + }, + '#withItems':: d.fn(help="\"items if unspecified, each key-value pair in the Data field of the referenced\\nConfigMap will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the ConfigMap,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\"", args=[d.arg(name='items', type=d.T.array)]), + withItems(items): { configMap+: { items: if std.isArray(v=items) then items else [items] } }, + '#withItemsMixin':: d.fn(help="\"items if unspecified, each key-value pair in the Data field of the referenced\\nConfigMap will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the ConfigMap,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='items', type=d.T.array)]), + withItemsMixin(items): { configMap+: { items+: if std.isArray(v=items) then items else [items] } }, + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { configMap+: { name: name } }, + '#withOptional':: d.fn(help='"optional specify whether the ConfigMap or its keys must be defined"', args=[d.arg(name='optional', type=d.T.boolean)]), + withOptional(optional): { configMap+: { optional: optional } }, + }, + '#downwardAPI':: d.obj(help='"downwardAPI information about the downwardAPI data to project"'), + downwardAPI: { + '#items':: d.obj(help='"Items is a list of DownwardAPIVolume file"'), + items: { + '#fieldRef':: d.obj(help='"Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported."'), + fieldRef: { + '#withApiVersion':: d.fn(help='"Version of the schema the FieldPath is written in terms of, defaults to \\"v1\\"."', args=[d.arg(name='apiVersion', type=d.T.string)]), + withApiVersion(apiVersion): { fieldRef+: { apiVersion: apiVersion } }, + '#withFieldPath':: d.fn(help='"Path of the field to select in the specified API version."', args=[d.arg(name='fieldPath', type=d.T.string)]), + withFieldPath(fieldPath): { fieldRef+: { fieldPath: fieldPath } }, + }, + '#resourceFieldRef':: d.obj(help='"Selects a resource of the container: only resources limits and requests\\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported."'), + resourceFieldRef: { + '#withContainerName':: d.fn(help='"Container name: required for volumes, optional for env vars"', args=[d.arg(name='containerName', type=d.T.string)]), + withContainerName(containerName): { resourceFieldRef+: { containerName: containerName } }, + '#withDivisor':: d.fn(help='"Specifies the output format of the exposed resources, defaults to \\"1\\', args=[d.arg(name='divisor', type=d.T.any)]), + withDivisor(divisor): { resourceFieldRef+: { divisor: divisor } }, + '#withResource':: d.fn(help='"Required: resource to select"', args=[d.arg(name='resource', type=d.T.string)]), + withResource(resource): { resourceFieldRef+: { resource: resource } }, + }, + '#withMode':: d.fn(help='"Optional: mode bits used to set permissions on this file, must be an octal value\\nbetween 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\\nIf not specified, the volume defaultMode will be used.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='mode', type=d.T.integer)]), + withMode(mode): { mode: mode }, + '#withPath':: d.fn(help="\"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'\"", args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { path: path }, + }, + '#withItems':: d.fn(help='"Items is a list of DownwardAPIVolume file"', args=[d.arg(name='items', type=d.T.array)]), + withItems(items): { downwardAPI+: { items: if std.isArray(v=items) then items else [items] } }, + '#withItemsMixin':: d.fn(help='"Items is a list of DownwardAPIVolume file"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='items', type=d.T.array)]), + withItemsMixin(items): { downwardAPI+: { items+: if std.isArray(v=items) then items else [items] } }, + }, + '#secret':: d.obj(help='"secret information about the secret data to project"'), + secret: { + '#items':: d.obj(help="\"items if unspecified, each key-value pair in the Data field of the referenced\\nSecret will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the Secret,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\""), + items: { + '#withKey':: d.fn(help='"key is the key to project."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withMode':: d.fn(help='"mode is Optional: mode bits used to set permissions on this file.\\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\\nIf not specified, the volume defaultMode will be used.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='mode', type=d.T.integer)]), + withMode(mode): { mode: mode }, + '#withPath':: d.fn(help="\"path is the relative path of the file to map the key to.\\nMay not be an absolute path.\\nMay not contain the path element '..'.\\nMay not start with the string '..'.\"", args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { path: path }, + }, + '#withItems':: d.fn(help="\"items if unspecified, each key-value pair in the Data field of the referenced\\nSecret will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the Secret,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\"", args=[d.arg(name='items', type=d.T.array)]), + withItems(items): { secret+: { items: if std.isArray(v=items) then items else [items] } }, + '#withItemsMixin':: d.fn(help="\"items if unspecified, each key-value pair in the Data field of the referenced\\nSecret will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the Secret,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='items', type=d.T.array)]), + withItemsMixin(items): { secret+: { items+: if std.isArray(v=items) then items else [items] } }, + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { secret+: { name: name } }, + '#withOptional':: d.fn(help='"optional field specify whether the Secret or its key must be defined"', args=[d.arg(name='optional', type=d.T.boolean)]), + withOptional(optional): { secret+: { optional: optional } }, + }, + '#serviceAccountToken':: d.obj(help='"serviceAccountToken is information about the serviceAccountToken data to project"'), + serviceAccountToken: { + '#withAudience':: d.fn(help='"audience is the intended audience of the token. A recipient of a token\\nmust identify itself with an identifier specified in the audience of the\\ntoken, and otherwise should reject the token. The audience defaults to the\\nidentifier of the apiserver."', args=[d.arg(name='audience', type=d.T.string)]), + withAudience(audience): { serviceAccountToken+: { audience: audience } }, + '#withExpirationSeconds':: d.fn(help='"expirationSeconds is the requested duration of validity of the service\\naccount token. As the token approaches expiration, the kubelet volume\\nplugin will proactively rotate the service account token. The kubelet will\\nstart trying to rotate the token if the token is older than 80 percent of\\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\\nand must be at least 10 minutes."', args=[d.arg(name='expirationSeconds', type=d.T.integer)]), + withExpirationSeconds(expirationSeconds): { serviceAccountToken+: { expirationSeconds: expirationSeconds } }, + '#withPath':: d.fn(help='"path is the path relative to the mount point of the file to project the\\ntoken into."', args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { serviceAccountToken+: { path: path } }, + }, + }, + '#withDefaultMode':: d.fn(help='"defaultMode are the mode bits used to set permissions on created files by default.\\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\\nDirectories within the path are not affected by this setting.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='defaultMode', type=d.T.integer)]), + withDefaultMode(defaultMode): { projected+: { defaultMode: defaultMode } }, + '#withSources':: d.fn(help='"sources is the list of volume projections"', args=[d.arg(name='sources', type=d.T.array)]), + withSources(sources): { projected+: { sources: if std.isArray(v=sources) then sources else [sources] } }, + '#withSourcesMixin':: d.fn(help='"sources is the list of volume projections"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='sources', type=d.T.array)]), + withSourcesMixin(sources): { projected+: { sources+: if std.isArray(v=sources) then sources else [sources] } }, + }, + '#quobyte':: d.obj(help="\"quobyte represents a Quobyte mount on the host that shares a pod's lifetime\""), + quobyte: { + '#withGroup':: d.fn(help='"group to map volume access to\\nDefault is no group"', args=[d.arg(name='group', type=d.T.string)]), + withGroup(group): { quobyte+: { group: group } }, + '#withReadOnly':: d.fn(help='"readOnly here will force the Quobyte volume to be mounted with read-only permissions.\\nDefaults to false."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { quobyte+: { readOnly: readOnly } }, + '#withRegistry':: d.fn(help='"registry represents a single or multiple Quobyte Registry services\\nspecified as a string as host:port pair (multiple entries are separated with commas)\\nwhich acts as the central registry for volumes"', args=[d.arg(name='registry', type=d.T.string)]), + withRegistry(registry): { quobyte+: { registry: registry } }, + '#withTenant':: d.fn(help='"tenant owning the given Quobyte volume in the Backend\\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin"', args=[d.arg(name='tenant', type=d.T.string)]), + withTenant(tenant): { quobyte+: { tenant: tenant } }, + '#withUser':: d.fn(help='"user to map volume access to\\nDefaults to serivceaccount user"', args=[d.arg(name='user', type=d.T.string)]), + withUser(user): { quobyte+: { user: user } }, + '#withVolume':: d.fn(help='"volume is a string that references an already created Quobyte volume by name."', args=[d.arg(name='volume', type=d.T.string)]), + withVolume(volume): { quobyte+: { volume: volume } }, + }, + '#rbd':: d.obj(help="\"rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\\nMore info: https://examples.k8s.io/volumes/rbd/README.md\""), + rbd: { + '#secretRef':: d.obj(help='"secretRef is name of the authentication secret for RBDUser. If provided\\noverrides keyring.\\nDefault is nil.\\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"'), + secretRef: { + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { rbd+: { secretRef+: { name: name } } }, + }, + '#withFsType':: d.fn(help='"fsType is the filesystem type of the volume that you want to mount.\\nTip: Ensure that the filesystem type is supported by the host operating system.\\nExamples: \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\\nTODO: how do we prevent errors in the filesystem from compromising the machine"', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { rbd+: { fsType: fsType } }, + '#withImage':: d.fn(help='"image is the rados image name.\\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"', args=[d.arg(name='image', type=d.T.string)]), + withImage(image): { rbd+: { image: image } }, + '#withKeyring':: d.fn(help='"keyring is the path to key ring for RBDUser.\\nDefault is /etc/ceph/keyring.\\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"', args=[d.arg(name='keyring', type=d.T.string)]), + withKeyring(keyring): { rbd+: { keyring: keyring } }, + '#withMonitors':: d.fn(help='"monitors is a collection of Ceph monitors.\\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"', args=[d.arg(name='monitors', type=d.T.array)]), + withMonitors(monitors): { rbd+: { monitors: if std.isArray(v=monitors) then monitors else [monitors] } }, + '#withMonitorsMixin':: d.fn(help='"monitors is a collection of Ceph monitors.\\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='monitors', type=d.T.array)]), + withMonitorsMixin(monitors): { rbd+: { monitors+: if std.isArray(v=monitors) then monitors else [monitors] } }, + '#withPool':: d.fn(help='"pool is the rados pool name.\\nDefault is rbd.\\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"', args=[d.arg(name='pool', type=d.T.string)]), + withPool(pool): { rbd+: { pool: pool } }, + '#withReadOnly':: d.fn(help='"readOnly here will force the ReadOnly setting in VolumeMounts.\\nDefaults to false.\\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { rbd+: { readOnly: readOnly } }, + '#withUser':: d.fn(help='"user is the rados user name.\\nDefault is admin.\\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it"', args=[d.arg(name='user', type=d.T.string)]), + withUser(user): { rbd+: { user: user } }, + }, + '#scaleIO':: d.obj(help='"scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes."'), + scaleIO: { + '#secretRef':: d.obj(help='"secretRef references to the secret for ScaleIO user and other\\nsensitive information. If this is not provided, Login operation will fail."'), + secretRef: { + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { scaleIO+: { secretRef+: { name: name } } }, + }, + '#withFsType':: d.fn(help='"fsType is the filesystem type to mount.\\nMust be a filesystem type supported by the host operating system.\\nEx. \\"ext4\\", \\"xfs\\", \\"ntfs\\".\\nDefault is \\"xfs\\"."', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { scaleIO+: { fsType: fsType } }, + '#withGateway':: d.fn(help='"gateway is the host address of the ScaleIO API Gateway."', args=[d.arg(name='gateway', type=d.T.string)]), + withGateway(gateway): { scaleIO+: { gateway: gateway } }, + '#withProtectionDomain':: d.fn(help='"protectionDomain is the name of the ScaleIO Protection Domain for the configured storage."', args=[d.arg(name='protectionDomain', type=d.T.string)]), + withProtectionDomain(protectionDomain): { scaleIO+: { protectionDomain: protectionDomain } }, + '#withReadOnly':: d.fn(help='"readOnly Defaults to false (read/write). ReadOnly here will force\\nthe ReadOnly setting in VolumeMounts."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { scaleIO+: { readOnly: readOnly } }, + '#withSslEnabled':: d.fn(help='"sslEnabled Flag enable/disable SSL communication with Gateway, default false"', args=[d.arg(name='sslEnabled', type=d.T.boolean)]), + withSslEnabled(sslEnabled): { scaleIO+: { sslEnabled: sslEnabled } }, + '#withStorageMode':: d.fn(help='"storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\\nDefault is ThinProvisioned."', args=[d.arg(name='storageMode', type=d.T.string)]), + withStorageMode(storageMode): { scaleIO+: { storageMode: storageMode } }, + '#withStoragePool':: d.fn(help='"storagePool is the ScaleIO Storage Pool associated with the protection domain."', args=[d.arg(name='storagePool', type=d.T.string)]), + withStoragePool(storagePool): { scaleIO+: { storagePool: storagePool } }, + '#withSystem':: d.fn(help='"system is the name of the storage system as configured in ScaleIO."', args=[d.arg(name='system', type=d.T.string)]), + withSystem(system): { scaleIO+: { system: system } }, + '#withVolumeName':: d.fn(help='"volumeName is the name of a volume already created in the ScaleIO system\\nthat is associated with this volume source."', args=[d.arg(name='volumeName', type=d.T.string)]), + withVolumeName(volumeName): { scaleIO+: { volumeName: volumeName } }, + }, + '#secret':: d.obj(help='"secret represents a secret that should populate this volume.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret"'), + secret: { + '#items':: d.obj(help="\"items If unspecified, each key-value pair in the Data field of the referenced\\nSecret will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the Secret,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\""), + items: { + '#withKey':: d.fn(help='"key is the key to project."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withMode':: d.fn(help='"mode is Optional: mode bits used to set permissions on this file.\\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\\nIf not specified, the volume defaultMode will be used.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='mode', type=d.T.integer)]), + withMode(mode): { mode: mode }, + '#withPath':: d.fn(help="\"path is the relative path of the file to map the key to.\\nMay not be an absolute path.\\nMay not contain the path element '..'.\\nMay not start with the string '..'.\"", args=[d.arg(name='path', type=d.T.string)]), + withPath(path): { path: path }, + }, + '#withDefaultMode':: d.fn(help='"defaultMode is Optional: mode bits used to set permissions on created files by default.\\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\\nYAML accepts both octal and decimal values, JSON requires decimal values\\nfor mode bits. Defaults to 0644.\\nDirectories within the path are not affected by this setting.\\nThis might be in conflict with other options that affect the file\\nmode, like fsGroup, and the result can be other mode bits set."', args=[d.arg(name='defaultMode', type=d.T.integer)]), + withDefaultMode(defaultMode): { secret+: { defaultMode: defaultMode } }, + '#withItems':: d.fn(help="\"items If unspecified, each key-value pair in the Data field of the referenced\\nSecret will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the Secret,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\"", args=[d.arg(name='items', type=d.T.array)]), + withItems(items): { secret+: { items: if std.isArray(v=items) then items else [items] } }, + '#withItemsMixin':: d.fn(help="\"items If unspecified, each key-value pair in the Data field of the referenced\\nSecret will be projected into the volume as a file whose name is the\\nkey and content is the value. If specified, the listed keys will be\\nprojected into the specified paths, and unlisted keys will not be\\npresent. If a key is specified which is not present in the Secret,\\nthe volume setup will error unless it is marked optional. Paths must be\\nrelative and may not contain the '..' path or start with '..'.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='items', type=d.T.array)]), + withItemsMixin(items): { secret+: { items+: if std.isArray(v=items) then items else [items] } }, + '#withOptional':: d.fn(help='"optional field specify whether the Secret or its keys must be defined"', args=[d.arg(name='optional', type=d.T.boolean)]), + withOptional(optional): { secret+: { optional: optional } }, + '#withSecretName':: d.fn(help="\"secretName is the name of the secret in the pod's namespace to use.\\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret\"", args=[d.arg(name='secretName', type=d.T.string)]), + withSecretName(secretName): { secret+: { secretName: secretName } }, + }, + '#storageos':: d.obj(help='"storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes."'), + storageos: { + '#secretRef':: d.obj(help='"secretRef specifies the secret to use for obtaining the StorageOS API\\ncredentials. If not specified, default values will be attempted."'), + secretRef: { + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\\nTODO: Add other useful fields. apiVersion, kind, uid?"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { storageos+: { secretRef+: { name: name } } }, + }, + '#withFsType':: d.fn(help='"fsType is the filesystem type to mount.\\nMust be a filesystem type supported by the host operating system.\\nEx. \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified."', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { storageos+: { fsType: fsType } }, + '#withReadOnly':: d.fn(help='"readOnly defaults to false (read/write). ReadOnly here will force\\nthe ReadOnly setting in VolumeMounts."', args=[d.arg(name='readOnly', type=d.T.boolean)]), + withReadOnly(readOnly): { storageos+: { readOnly: readOnly } }, + '#withVolumeName':: d.fn(help='"volumeName is the human-readable name of the StorageOS volume. Volume\\nnames are only unique within a namespace."', args=[d.arg(name='volumeName', type=d.T.string)]), + withVolumeName(volumeName): { storageos+: { volumeName: volumeName } }, + '#withVolumeNamespace':: d.fn(help="\"volumeNamespace specifies the scope of the volume within StorageOS. If no\\nnamespace is specified then the Pod's namespace will be used. This allows the\\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\\nSet VolumeName to any name to override the default behaviour.\\nSet to \\\"default\\\" if you are not using namespaces within StorageOS.\\nNamespaces that do not pre-exist within StorageOS will be created.\"", args=[d.arg(name='volumeNamespace', type=d.T.string)]), + withVolumeNamespace(volumeNamespace): { storageos+: { volumeNamespace: volumeNamespace } }, + }, + '#vsphereVolume':: d.obj(help='"vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine"'), + vsphereVolume: { + '#withFsType':: d.fn(help='"fsType is filesystem type to mount.\\nMust be a filesystem type supported by the host operating system.\\nEx. \\"ext4\\", \\"xfs\\", \\"ntfs\\". Implicitly inferred to be \\"ext4\\" if unspecified."', args=[d.arg(name='fsType', type=d.T.string)]), + withFsType(fsType): { vsphereVolume+: { fsType: fsType } }, + '#withStoragePolicyID':: d.fn(help='"storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName."', args=[d.arg(name='storagePolicyID', type=d.T.string)]), + withStoragePolicyID(storagePolicyID): { vsphereVolume+: { storagePolicyID: storagePolicyID } }, + '#withStoragePolicyName':: d.fn(help='"storagePolicyName is the storage Policy Based Management (SPBM) profile name."', args=[d.arg(name='storagePolicyName', type=d.T.string)]), + withStoragePolicyName(storagePolicyName): { vsphereVolume+: { storagePolicyName: storagePolicyName } }, + '#withVolumePath':: d.fn(help='"volumePath is the path that identifies vSphere volume vmdk"', args=[d.arg(name='volumePath', type=d.T.string)]), + withVolumePath(volumePath): { vsphereVolume+: { volumePath: volumePath } }, + }, + '#withName':: d.fn(help='"name of the volume.\\nMust be a DNS_LABEL and unique within the pod.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#networkPublishing':: d.obj(help='"NetworkPublishing defines how to expose Envoy to a network."'), + networkPublishing: { + '#withExternalTrafficPolicy':: d.fn(help="\"ExternalTrafficPolicy describes how nodes distribute service traffic they\\nreceive on one of the Service's \\\"externally-facing\\\" addresses (NodePorts, ExternalIPs,\\nand LoadBalancer IPs).\\nIf unset, defaults to \\\"Local\\\".\"", args=[d.arg(name='externalTrafficPolicy', type=d.T.string)]), + withExternalTrafficPolicy(externalTrafficPolicy): { spec+: { envoy+: { networkPublishing+: { externalTrafficPolicy: externalTrafficPolicy } } } }, + '#withIpFamilyPolicy':: d.fn(help='"IPFamilyPolicy represents the dual-stack-ness requested or required by\\nthis Service. If there is no value provided, then this field will be set\\nto SingleStack. Services can be \\"SingleStack\\" (a single IP family),\\n\\"PreferDualStack\\" (two IP families on dual-stack configured clusters or\\na single IP family on single-stack clusters), or \\"RequireDualStack\\"\\n(two IP families on dual-stack configured clusters, otherwise fail)."', args=[d.arg(name='ipFamilyPolicy', type=d.T.string)]), + withIpFamilyPolicy(ipFamilyPolicy): { spec+: { envoy+: { networkPublishing+: { ipFamilyPolicy: ipFamilyPolicy } } } }, + '#withServiceAnnotations':: d.fn(help='"ServiceAnnotations is the annotations to add to\\nthe provisioned Envoy service."', args=[d.arg(name='serviceAnnotations', type=d.T.object)]), + withServiceAnnotations(serviceAnnotations): { spec+: { envoy+: { networkPublishing+: { serviceAnnotations: serviceAnnotations } } } }, + '#withServiceAnnotationsMixin':: d.fn(help='"ServiceAnnotations is the annotations to add to\\nthe provisioned Envoy service."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='serviceAnnotations', type=d.T.object)]), + withServiceAnnotationsMixin(serviceAnnotations): { spec+: { envoy+: { networkPublishing+: { serviceAnnotations+: serviceAnnotations } } } }, + '#withType':: d.fn(help="\"NetworkPublishingType is the type of publishing strategy to use. Valid values are:\\n* LoadBalancerService\\nIn this configuration, network endpoints for Envoy use container networking.\\nA Kubernetes LoadBalancer Service is created to publish Envoy network\\nendpoints.\\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\\n* NodePortService\\nPublishes Envoy network endpoints using a Kubernetes NodePort Service.\\nIn this configuration, Envoy network endpoints use container networking. A Kubernetes\\nNodePort Service is created to publish the network endpoints.\\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport\\nNOTE:\\nWhen provisioning an Envoy `NodePortService`, use Gateway Listeners' port numbers to populate\\nthe Service's node port values, there's no way to auto-allocate them.\\nSee: https://github.com/projectcontour/contour/issues/4499\\n* ClusterIPService\\nPublishes Envoy network endpoints using a Kubernetes ClusterIP Service.\\nIn this configuration, Envoy network endpoints use container networking. A Kubernetes\\nClusterIP Service is created to publish the network endpoints.\\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\\nIf unset, defaults to LoadBalancerService.\"", args=[d.arg(name='type', type=d.T.string)]), + withType(type): { spec+: { envoy+: { networkPublishing+: { type: type } } } }, + }, + '#nodePlacement':: d.obj(help='"NodePlacement describes node scheduling configuration of Envoy pods."'), + nodePlacement: { + '#tolerations':: d.obj(help='"Tolerations work with taints to ensure that pods are not scheduled\\nonto inappropriate nodes. One or more taints are applied to a node; this\\nmarks that the node should not accept any pods that do not tolerate the\\ntaints.\\nThe default is an empty list.\\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\\nfor additional details."'), + tolerations: { + '#withEffect':: d.fn(help='"Effect indicates the taint effect to match. Empty means match all taint effects.\\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute."', args=[d.arg(name='effect', type=d.T.string)]), + withEffect(effect): { effect: effect }, + '#withKey':: d.fn(help='"Key is the taint key that the toleration applies to. Empty means match all taint keys.\\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { key: key }, + '#withOperator':: d.fn(help="\"Operator represents a key's relationship to the value.\\nValid operators are Exists and Equal. Defaults to Equal.\\nExists is equivalent to wildcard for value, so that a pod can\\ntolerate all taints of a particular category.\"", args=[d.arg(name='operator', type=d.T.string)]), + withOperator(operator): { operator: operator }, + '#withTolerationSeconds':: d.fn(help='"TolerationSeconds represents the period of time the toleration (which must be\\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\\nit is not set, which means tolerate the taint forever (do not evict). Zero and\\nnegative values will be treated as 0 (evict immediately) by the system."', args=[d.arg(name='tolerationSeconds', type=d.T.integer)]), + withTolerationSeconds(tolerationSeconds): { tolerationSeconds: tolerationSeconds }, + '#withValue':: d.fn(help='"Value is the taint value the toleration matches to.\\nIf the operator is Exists, the value should be empty, otherwise just a regular string."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { value: value }, + }, + '#withNodeSelector':: d.fn(help='"NodeSelector is the simplest recommended form of node selection constraint\\nand specifies a map of key-value pairs. For the pod to be eligible\\nto run on a node, the node must have each of the indicated key-value pairs\\nas labels (it can have additional labels as well).\\nIf unset, the pod(s) will be scheduled to any available node."', args=[d.arg(name='nodeSelector', type=d.T.object)]), + withNodeSelector(nodeSelector): { spec+: { envoy+: { nodePlacement+: { nodeSelector: nodeSelector } } } }, + '#withNodeSelectorMixin':: d.fn(help='"NodeSelector is the simplest recommended form of node selection constraint\\nand specifies a map of key-value pairs. For the pod to be eligible\\nto run on a node, the node must have each of the indicated key-value pairs\\nas labels (it can have additional labels as well).\\nIf unset, the pod(s) will be scheduled to any available node."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='nodeSelector', type=d.T.object)]), + withNodeSelectorMixin(nodeSelector): { spec+: { envoy+: { nodePlacement+: { nodeSelector+: nodeSelector } } } }, + '#withTolerations':: d.fn(help='"Tolerations work with taints to ensure that pods are not scheduled\\nonto inappropriate nodes. One or more taints are applied to a node; this\\nmarks that the node should not accept any pods that do not tolerate the\\ntaints.\\nThe default is an empty list.\\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\\nfor additional details."', args=[d.arg(name='tolerations', type=d.T.array)]), + withTolerations(tolerations): { spec+: { envoy+: { nodePlacement+: { tolerations: if std.isArray(v=tolerations) then tolerations else [tolerations] } } } }, + '#withTolerationsMixin':: d.fn(help='"Tolerations work with taints to ensure that pods are not scheduled\\nonto inappropriate nodes. One or more taints are applied to a node; this\\nmarks that the node should not accept any pods that do not tolerate the\\ntaints.\\nThe default is an empty list.\\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\\nfor additional details."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='tolerations', type=d.T.array)]), + withTolerationsMixin(tolerations): { spec+: { envoy+: { nodePlacement+: { tolerations+: if std.isArray(v=tolerations) then tolerations else [tolerations] } } } }, + }, + '#resources':: d.obj(help='"Compute Resources required by envoy container.\\nCannot be updated.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"'), + resources: { + '#claims':: d.obj(help='"Claims lists the names of resources, defined in spec.resourceClaims,\\nthat are used by this container.\\nThis is an alpha field and requires enabling the\\nDynamicResourceAllocation feature gate.\\nThis field is immutable. It can only be set for containers."'), + claims: { + '#withName':: d.fn(help='"Name must match the name of one entry in pod.spec.resourceClaims of\\nthe Pod where this field is used. It makes that resource available\\ninside a container."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + }, + '#withClaims':: d.fn(help='"Claims lists the names of resources, defined in spec.resourceClaims,\\nthat are used by this container.\\nThis is an alpha field and requires enabling the\\nDynamicResourceAllocation feature gate.\\nThis field is immutable. It can only be set for containers."', args=[d.arg(name='claims', type=d.T.array)]), + withClaims(claims): { spec+: { envoy+: { resources+: { claims: if std.isArray(v=claims) then claims else [claims] } } } }, + '#withClaimsMixin':: d.fn(help='"Claims lists the names of resources, defined in spec.resourceClaims,\\nthat are used by this container.\\nThis is an alpha field and requires enabling the\\nDynamicResourceAllocation feature gate.\\nThis field is immutable. It can only be set for containers."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='claims', type=d.T.array)]), + withClaimsMixin(claims): { spec+: { envoy+: { resources+: { claims+: if std.isArray(v=claims) then claims else [claims] } } } }, + '#withLimits':: d.fn(help='"Limits describes the maximum amount of compute resources allowed.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"', args=[d.arg(name='limits', type=d.T.object)]), + withLimits(limits): { spec+: { envoy+: { resources+: { limits: limits } } } }, + '#withLimitsMixin':: d.fn(help='"Limits describes the maximum amount of compute resources allowed.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='limits', type=d.T.object)]), + withLimitsMixin(limits): { spec+: { envoy+: { resources+: { limits+: limits } } } }, + '#withRequests':: d.fn(help='"Requests describes the minimum amount of compute resources required.\\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\\notherwise to an implementation-defined value. Requests cannot exceed Limits.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"', args=[d.arg(name='requests', type=d.T.object)]), + withRequests(requests): { spec+: { envoy+: { resources+: { requests: requests } } } }, + '#withRequestsMixin':: d.fn(help='"Requests describes the minimum amount of compute resources required.\\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\\notherwise to an implementation-defined value. Requests cannot exceed Limits.\\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='requests', type=d.T.object)]), + withRequestsMixin(requests): { spec+: { envoy+: { resources+: { requests+: requests } } } }, + }, + '#withBaseID':: d.fn(help='"The base ID to use when allocating shared memory regions.\\nif Envoy needs to be run multiple times on the same machine, each running Envoy will need a unique base ID\\nso that the shared memory regions do not conflict.\\ndefaults to 0."', args=[d.arg(name='baseID', type=d.T.integer)]), + withBaseID(baseID): { spec+: { envoy+: { baseID: baseID } } }, + '#withExtraVolumeMounts':: d.fn(help='"ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes)."', args=[d.arg(name='extraVolumeMounts', type=d.T.array)]), + withExtraVolumeMounts(extraVolumeMounts): { spec+: { envoy+: { extraVolumeMounts: if std.isArray(v=extraVolumeMounts) then extraVolumeMounts else [extraVolumeMounts] } } }, + '#withExtraVolumeMountsMixin':: d.fn(help='"ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes)."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='extraVolumeMounts', type=d.T.array)]), + withExtraVolumeMountsMixin(extraVolumeMounts): { spec+: { envoy+: { extraVolumeMounts+: if std.isArray(v=extraVolumeMounts) then extraVolumeMounts else [extraVolumeMounts] } } }, + '#withExtraVolumes':: d.fn(help='"ExtraVolumes holds the extra volumes to add."', args=[d.arg(name='extraVolumes', type=d.T.array)]), + withExtraVolumes(extraVolumes): { spec+: { envoy+: { extraVolumes: if std.isArray(v=extraVolumes) then extraVolumes else [extraVolumes] } } }, + '#withExtraVolumesMixin':: d.fn(help='"ExtraVolumes holds the extra volumes to add."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='extraVolumes', type=d.T.array)]), + withExtraVolumesMixin(extraVolumes): { spec+: { envoy+: { extraVolumes+: if std.isArray(v=extraVolumes) then extraVolumes else [extraVolumes] } } }, + '#withLogLevel':: d.fn(help='"LogLevel sets the log level for Envoy.\\nAllowed values are \\"trace\\", \\"debug\\", \\"info\\", \\"warn\\", \\"error\\", \\"critical\\", \\"off\\"."', args=[d.arg(name='logLevel', type=d.T.string)]), + withLogLevel(logLevel): { spec+: { envoy+: { logLevel: logLevel } } }, + '#withOverloadMaxHeapSize':: d.fn(help='"OverloadMaxHeapSize defines the maximum heap memory of the envoy controlled by the overload manager.\\nWhen the value is greater than 0, the overload manager is enabled,\\nand when envoy reaches 95% of the maximum heap size, it performs a shrink heap operation,\\nWhen it reaches 98% of the maximum heap size, Envoy Will stop accepting requests.\\nMore info: https://projectcontour.io/docs/main/config/overload-manager/"', args=[d.arg(name='overloadMaxHeapSize', type=d.T.integer)]), + withOverloadMaxHeapSize(overloadMaxHeapSize): { spec+: { envoy+: { overloadMaxHeapSize: overloadMaxHeapSize } } }, + '#withPodAnnotations':: d.fn(help='"PodAnnotations defines annotations to add to the Envoy pods.\\nthe annotations for Prometheus will be appended or overwritten with predefined value."', args=[d.arg(name='podAnnotations', type=d.T.object)]), + withPodAnnotations(podAnnotations): { spec+: { envoy+: { podAnnotations: podAnnotations } } }, + '#withPodAnnotationsMixin':: d.fn(help='"PodAnnotations defines annotations to add to the Envoy pods.\\nthe annotations for Prometheus will be appended or overwritten with predefined value."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='podAnnotations', type=d.T.object)]), + withPodAnnotationsMixin(podAnnotations): { spec+: { envoy+: { podAnnotations+: podAnnotations } } }, + '#withReplicas':: d.fn(help='"Deprecated: Use `DeploymentSettings.Replicas` instead.\\nReplicas is the desired number of Envoy replicas. If WorkloadType\\nis not \\"Deployment\\", this field is ignored. Otherwise, if unset,\\ndefaults to 2.\\nif both `DeploymentSettings.Replicas` and this one is set, use `DeploymentSettings.Replicas`."', args=[d.arg(name='replicas', type=d.T.integer)]), + withReplicas(replicas): { spec+: { envoy+: { replicas: replicas } } }, + '#withWorkloadType':: d.fn(help='"WorkloadType is the type of workload to install Envoy\\nas. Choices are DaemonSet and Deployment. If unset, defaults\\nto DaemonSet."', args=[d.arg(name='workloadType', type=d.T.string)]), + withWorkloadType(workloadType): { spec+: { envoy+: { workloadType: workloadType } } }, + }, + '#runtimeSettings':: d.obj(help="\"RuntimeSettings is a ContourConfiguration spec to be used when\\nprovisioning a Contour instance that will influence aspects of\\nthe Contour instance's runtime behavior.\""), + runtimeSettings: { + '#debug':: d.obj(help='"Debug contains parameters to enable debug logging\\nand debug interfaces inside Contour."'), + debug: { + '#withAddress':: d.fn(help="\"Defines the Contour debug address interface.\\nContour's default is \\\"127.0.0.1\\\".\"", args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { runtimeSettings+: { debug+: { address: address } } } }, + '#withPort':: d.fn(help="\"Defines the Contour debug address port.\\nContour's default is 6060.\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { runtimeSettings+: { debug+: { port: port } } } }, + }, + '#envoy':: d.obj(help='"Envoy contains parameters for Envoy as well\\nas how to optionally configure a managed Envoy fleet."'), + envoy: { + '#clientCertificate':: d.obj(help='"ClientCertificate defines the namespace/name of the Kubernetes\\nsecret containing the client certificate and private key\\nto be used when establishing TLS connection to upstream\\ncluster."'), + clientCertificate: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { runtimeSettings+: { envoy+: { clientCertificate+: { name: name } } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { runtimeSettings+: { envoy+: { clientCertificate+: { namespace: namespace } } } } }, + }, + '#cluster':: d.obj(help='"Cluster holds various configurable Envoy cluster values that can\\nbe set in the config file."'), + cluster: { + '#circuitBreakers':: d.obj(help='"GlobalCircuitBreakerDefaults specifies default circuit breaker budget across all services.\\nIf defined, this will be used as the default for all services."'), + circuitBreakers: { + '#withMaxConnections':: d.fn(help='"The maximum number of connections that a single Envoy instance allows to the Kubernetes Service; defaults to 1024."', args=[d.arg(name='maxConnections', type=d.T.integer)]), + withMaxConnections(maxConnections): { spec+: { runtimeSettings+: { envoy+: { cluster+: { circuitBreakers+: { maxConnections: maxConnections } } } } } }, + '#withMaxPendingRequests':: d.fn(help='"The maximum number of pending requests that a single Envoy instance allows to the Kubernetes Service; defaults to 1024."', args=[d.arg(name='maxPendingRequests', type=d.T.integer)]), + withMaxPendingRequests(maxPendingRequests): { spec+: { runtimeSettings+: { envoy+: { cluster+: { circuitBreakers+: { maxPendingRequests: maxPendingRequests } } } } } }, + '#withMaxRequests':: d.fn(help='"The maximum parallel requests a single Envoy instance allows to the Kubernetes Service; defaults to 1024"', args=[d.arg(name='maxRequests', type=d.T.integer)]), + withMaxRequests(maxRequests): { spec+: { runtimeSettings+: { envoy+: { cluster+: { circuitBreakers+: { maxRequests: maxRequests } } } } } }, + '#withMaxRetries':: d.fn(help='"The maximum number of parallel retries a single Envoy instance allows to the Kubernetes Service; defaults to 3."', args=[d.arg(name='maxRetries', type=d.T.integer)]), + withMaxRetries(maxRetries): { spec+: { runtimeSettings+: { envoy+: { cluster+: { circuitBreakers+: { maxRetries: maxRetries } } } } } }, + }, + '#upstreamTLS':: d.obj(help='"UpstreamTLS contains the TLS policy parameters for upstream connections"'), + upstreamTLS: { + '#withCipherSuites':: d.fn(help="\"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\\nset that Envoy supports by default. This parameter should only be used\\nby advanced users. Note that these will be ignored when TLS 1.3 is in\\nuse.\\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\\nwill be used, which may be updated to keep it secure.\\nContour's default list is:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\nCiphers provided are validated against the following list:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-RSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-ECDSA-AES128-SHA\\\"\\n - \\\"ECDHE-RSA-AES128-SHA\\\"\\n - \\\"AES128-GCM-SHA256\\\"\\n - \\\"AES128-SHA\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-ECDSA-AES256-SHA\\\"\\n - \\\"ECDHE-RSA-AES256-SHA\\\"\\n - \\\"AES256-GCM-SHA384\\\"\\n - \\\"AES256-SHA\\\"\\nContour recommends leaving this undefined unless you are sure you must.\\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.\"", args=[d.arg(name='cipherSuites', type=d.T.array)]), + withCipherSuites(cipherSuites): { spec+: { runtimeSettings+: { envoy+: { cluster+: { upstreamTLS+: { cipherSuites: if std.isArray(v=cipherSuites) then cipherSuites else [cipherSuites] } } } } } }, + '#withCipherSuitesMixin':: d.fn(help="\"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\\nset that Envoy supports by default. This parameter should only be used\\nby advanced users. Note that these will be ignored when TLS 1.3 is in\\nuse.\\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\\nwill be used, which may be updated to keep it secure.\\nContour's default list is:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\nCiphers provided are validated against the following list:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-RSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-ECDSA-AES128-SHA\\\"\\n - \\\"ECDHE-RSA-AES128-SHA\\\"\\n - \\\"AES128-GCM-SHA256\\\"\\n - \\\"AES128-SHA\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-ECDSA-AES256-SHA\\\"\\n - \\\"ECDHE-RSA-AES256-SHA\\\"\\n - \\\"AES256-GCM-SHA384\\\"\\n - \\\"AES256-SHA\\\"\\nContour recommends leaving this undefined unless you are sure you must.\\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='cipherSuites', type=d.T.array)]), + withCipherSuitesMixin(cipherSuites): { spec+: { runtimeSettings+: { envoy+: { cluster+: { upstreamTLS+: { cipherSuites+: if std.isArray(v=cipherSuites) then cipherSuites else [cipherSuites] } } } } } }, + '#withMaximumProtocolVersion':: d.fn(help='"MaximumProtocolVersion is the maximum TLS version this vhost should\\nnegotiate.\\nValues: `1.2`, `1.3`(default).\\nOther values will produce an error."', args=[d.arg(name='maximumProtocolVersion', type=d.T.string)]), + withMaximumProtocolVersion(maximumProtocolVersion): { spec+: { runtimeSettings+: { envoy+: { cluster+: { upstreamTLS+: { maximumProtocolVersion: maximumProtocolVersion } } } } } }, + '#withMinimumProtocolVersion':: d.fn(help='"MinimumProtocolVersion is the minimum TLS version this vhost should\\nnegotiate.\\nValues: `1.2` (default), `1.3`.\\nOther values will produce an error."', args=[d.arg(name='minimumProtocolVersion', type=d.T.string)]), + withMinimumProtocolVersion(minimumProtocolVersion): { spec+: { runtimeSettings+: { envoy+: { cluster+: { upstreamTLS+: { minimumProtocolVersion: minimumProtocolVersion } } } } } }, + }, + '#withDnsLookupFamily':: d.fn(help='"DNSLookupFamily defines how external names are looked up\\nWhen configured as V4, the DNS resolver will only perform a lookup\\nfor addresses in the IPv4 family. If V6 is configured, the DNS resolver\\nwill only perform a lookup for addresses in the IPv6 family.\\nIf AUTO is configured, the DNS resolver will first perform a lookup\\nfor addresses in the IPv6 family and fallback to a lookup for addresses\\nin the IPv4 family. If ALL is specified, the DNS resolver will perform a lookup for\\nboth IPv4 and IPv6 families, and return all resolved addresses.\\nWhen this is used, Happy Eyeballs will be enabled for upstream connections.\\nRefer to Happy Eyeballs Support for more information.\\nNote: This only applies to externalName clusters.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily\\nfor more information.\\nValues: `auto` (default), `v4`, `v6`, `all`.\\nOther values will produce an error."', args=[d.arg(name='dnsLookupFamily', type=d.T.string)]), + withDnsLookupFamily(dnsLookupFamily): { spec+: { runtimeSettings+: { envoy+: { cluster+: { dnsLookupFamily: dnsLookupFamily } } } } }, + '#withMaxRequestsPerConnection':: d.fn(help='"Defines the maximum requests for upstream connections. If not specified, there is no limit.\\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions\\nfor more information."', args=[d.arg(name='maxRequestsPerConnection', type=d.T.integer)]), + withMaxRequestsPerConnection(maxRequestsPerConnection): { spec+: { runtimeSettings+: { envoy+: { cluster+: { maxRequestsPerConnection: maxRequestsPerConnection } } } } }, + '#withPer-Connection-Buffer-Limit-Bytes':: d.fn(help='"Defines the soft limit on size of the cluster’s new connection read and write buffers in bytes.\\nIf unspecified, an implementation defined default is applied (1MiB).\\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes\\nfor more information."', args=[d.arg(name='per_connection_buffer_limit_bytes', type=d.T.integer)]), + 'withPer-Connection-Buffer-Limit-Bytes'(per_connection_buffer_limit_bytes): { spec+: { runtimeSettings+: { envoy+: { cluster+: { 'per-connection-buffer-limit-bytes': per_connection_buffer_limit_bytes } } } } }, + }, + '#health':: d.obj(help="\"Health defines the endpoint Envoy uses to serve health checks.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8002 }.\""), + health: { + '#withAddress':: d.fn(help='"Defines the health address interface."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { runtimeSettings+: { envoy+: { health+: { address: address } } } } }, + '#withPort':: d.fn(help='"Defines the health port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { runtimeSettings+: { envoy+: { health+: { port: port } } } } }, + }, + '#http':: d.obj(help="\"Defines the HTTP Listener for Envoy.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8080, accessLog: \\\"/dev/stdout\\\" }.\""), + http: { + '#withAccessLog':: d.fn(help='"AccessLog defines where Envoy logs are outputted for this listener."', args=[d.arg(name='accessLog', type=d.T.string)]), + withAccessLog(accessLog): { spec+: { runtimeSettings+: { envoy+: { http+: { accessLog: accessLog } } } } }, + '#withAddress':: d.fn(help='"Defines an Envoy Listener Address."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { runtimeSettings+: { envoy+: { http+: { address: address } } } } }, + '#withPort':: d.fn(help='"Defines an Envoy listener Port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { runtimeSettings+: { envoy+: { http+: { port: port } } } } }, + }, + '#https':: d.obj(help="\"Defines the HTTPS Listener for Envoy.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8443, accessLog: \\\"/dev/stdout\\\" }.\""), + https: { + '#withAccessLog':: d.fn(help='"AccessLog defines where Envoy logs are outputted for this listener."', args=[d.arg(name='accessLog', type=d.T.string)]), + withAccessLog(accessLog): { spec+: { runtimeSettings+: { envoy+: { https+: { accessLog: accessLog } } } } }, + '#withAddress':: d.fn(help='"Defines an Envoy Listener Address."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { runtimeSettings+: { envoy+: { https+: { address: address } } } } }, + '#withPort':: d.fn(help='"Defines an Envoy listener Port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { runtimeSettings+: { envoy+: { https+: { port: port } } } } }, + }, + '#listener':: d.obj(help='"Listener hold various configurable Envoy listener values."'), + listener: { + '#socketOptions':: d.obj(help='"SocketOptions defines configurable socket options for the listeners.\\nSingle set of options are applied to all listeners."'), + socketOptions: { + '#withTos':: d.fn(help='"Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners.\\nSingle value is applied to all listeners.\\nIf listeners are bound to IPv6-only addresses, setting this option will cause an error."', args=[d.arg(name='tos', type=d.T.integer)]), + withTos(tos): { spec+: { runtimeSettings+: { envoy+: { listener+: { socketOptions+: { tos: tos } } } } } }, + '#withTrafficClass':: d.fn(help='"Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners.\\nSingle value is applied to all listeners.\\nIf listeners are bound to IPv4-only addresses, setting this option will cause an error."', args=[d.arg(name='trafficClass', type=d.T.integer)]), + withTrafficClass(trafficClass): { spec+: { runtimeSettings+: { envoy+: { listener+: { socketOptions+: { trafficClass: trafficClass } } } } } }, + }, + '#tls':: d.obj(help='"TLS holds various configurable Envoy TLS listener values."'), + tls: { + '#withCipherSuites':: d.fn(help="\"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\\nset that Envoy supports by default. This parameter should only be used\\nby advanced users. Note that these will be ignored when TLS 1.3 is in\\nuse.\\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\\nwill be used, which may be updated to keep it secure.\\nContour's default list is:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\nCiphers provided are validated against the following list:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-RSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-ECDSA-AES128-SHA\\\"\\n - \\\"ECDHE-RSA-AES128-SHA\\\"\\n - \\\"AES128-GCM-SHA256\\\"\\n - \\\"AES128-SHA\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-ECDSA-AES256-SHA\\\"\\n - \\\"ECDHE-RSA-AES256-SHA\\\"\\n - \\\"AES256-GCM-SHA384\\\"\\n - \\\"AES256-SHA\\\"\\nContour recommends leaving this undefined unless you are sure you must.\\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.\"", args=[d.arg(name='cipherSuites', type=d.T.array)]), + withCipherSuites(cipherSuites): { spec+: { runtimeSettings+: { envoy+: { listener+: { tls+: { cipherSuites: if std.isArray(v=cipherSuites) then cipherSuites else [cipherSuites] } } } } } }, + '#withCipherSuitesMixin':: d.fn(help="\"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\\nset that Envoy supports by default. This parameter should only be used\\nby advanced users. Note that these will be ignored when TLS 1.3 is in\\nuse.\\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\\nwill be used, which may be updated to keep it secure.\\nContour's default list is:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\nCiphers provided are validated against the following list:\\n - \\\"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\\\"\\n - \\\"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\\\"\\n - \\\"ECDHE-ECDSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-RSA-AES128-GCM-SHA256\\\"\\n - \\\"ECDHE-ECDSA-AES128-SHA\\\"\\n - \\\"ECDHE-RSA-AES128-SHA\\\"\\n - \\\"AES128-GCM-SHA256\\\"\\n - \\\"AES128-SHA\\\"\\n - \\\"ECDHE-ECDSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-RSA-AES256-GCM-SHA384\\\"\\n - \\\"ECDHE-ECDSA-AES256-SHA\\\"\\n - \\\"ECDHE-RSA-AES256-SHA\\\"\\n - \\\"AES256-GCM-SHA384\\\"\\n - \\\"AES256-SHA\\\"\\nContour recommends leaving this undefined unless you are sure you must.\\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='cipherSuites', type=d.T.array)]), + withCipherSuitesMixin(cipherSuites): { spec+: { runtimeSettings+: { envoy+: { listener+: { tls+: { cipherSuites+: if std.isArray(v=cipherSuites) then cipherSuites else [cipherSuites] } } } } } }, + '#withMaximumProtocolVersion':: d.fn(help='"MaximumProtocolVersion is the maximum TLS version this vhost should\\nnegotiate.\\nValues: `1.2`, `1.3`(default).\\nOther values will produce an error."', args=[d.arg(name='maximumProtocolVersion', type=d.T.string)]), + withMaximumProtocolVersion(maximumProtocolVersion): { spec+: { runtimeSettings+: { envoy+: { listener+: { tls+: { maximumProtocolVersion: maximumProtocolVersion } } } } } }, + '#withMinimumProtocolVersion':: d.fn(help='"MinimumProtocolVersion is the minimum TLS version this vhost should\\nnegotiate.\\nValues: `1.2` (default), `1.3`.\\nOther values will produce an error."', args=[d.arg(name='minimumProtocolVersion', type=d.T.string)]), + withMinimumProtocolVersion(minimumProtocolVersion): { spec+: { runtimeSettings+: { envoy+: { listener+: { tls+: { minimumProtocolVersion: minimumProtocolVersion } } } } } }, + }, + '#withConnectionBalancer':: d.fn(help='"ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig\\nfor more information.\\nValues: (empty string): use the default ConnectionBalancer, `exact`: use the Exact ConnectionBalancer.\\nOther values will produce an error."', args=[d.arg(name='connectionBalancer', type=d.T.string)]), + withConnectionBalancer(connectionBalancer): { spec+: { runtimeSettings+: { envoy+: { listener+: { connectionBalancer: connectionBalancer } } } } }, + '#withDisableAllowChunkedLength':: d.fn(help="\"DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to\\nstrip the \\\"Content-Length\\\" header if \\\"Transfer-Encoding: chunked\\\" is\\nalso set. This is an emergency off-switch to revert back to Envoy's\\ndefault behavior in case of failures. Please file an issue if failures\\nare encountered.\\nSee: https://github.com/projectcontour/contour/issues/3221\\nContour's default is false.\"", args=[d.arg(name='disableAllowChunkedLength', type=d.T.boolean)]), + withDisableAllowChunkedLength(disableAllowChunkedLength): { spec+: { runtimeSettings+: { envoy+: { listener+: { disableAllowChunkedLength: disableAllowChunkedLength } } } } }, + '#withDisableMergeSlashes':: d.fn(help="\"DisableMergeSlashes disables Envoy's non-standard merge_slashes path transformation option\\nwhich strips duplicate slashes from request URL paths.\\nContour's default is false.\"", args=[d.arg(name='disableMergeSlashes', type=d.T.boolean)]), + withDisableMergeSlashes(disableMergeSlashes): { spec+: { runtimeSettings+: { envoy+: { listener+: { disableMergeSlashes: disableMergeSlashes } } } } }, + '#withHttpMaxConcurrentStreams':: d.fn(help='"Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the\\nSETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed\\nfor a peer on a single HTTP/2 connection. It is recommended to not set this lower\\nthan 100 but this field can be used to bound resource usage by HTTP/2 connections\\nand mitigate attacks like CVE-2023-44487. The default value when this is not set is\\nunlimited."', args=[d.arg(name='httpMaxConcurrentStreams', type=d.T.integer)]), + withHttpMaxConcurrentStreams(httpMaxConcurrentStreams): { spec+: { runtimeSettings+: { envoy+: { listener+: { httpMaxConcurrentStreams: httpMaxConcurrentStreams } } } } }, + '#withMaxConnectionsPerListener':: d.fn(help='"Defines the limit on number of active connections to a listener. The limit is applied\\nper listener. The default value when this is not set is unlimited."', args=[d.arg(name='maxConnectionsPerListener', type=d.T.integer)]), + withMaxConnectionsPerListener(maxConnectionsPerListener): { spec+: { runtimeSettings+: { envoy+: { listener+: { maxConnectionsPerListener: maxConnectionsPerListener } } } } }, + '#withMaxRequestsPerConnection':: d.fn(help='"Defines the maximum requests for downstream connections. If not specified, there is no limit.\\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions\\nfor more information."', args=[d.arg(name='maxRequestsPerConnection', type=d.T.integer)]), + withMaxRequestsPerConnection(maxRequestsPerConnection): { spec+: { runtimeSettings+: { envoy+: { listener+: { maxRequestsPerConnection: maxRequestsPerConnection } } } } }, + '#withMaxRequestsPerIOCycle':: d.fn(help='"Defines the limit on number of HTTP requests that Envoy will process from a single\\nconnection in a single I/O cycle. Requests over this limit are processed in subsequent\\nI/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is\\ndetected. Configures the http.max_requests_per_io_cycle Envoy runtime setting. The default\\nvalue when this is not set is no limit."', args=[d.arg(name='maxRequestsPerIOCycle', type=d.T.integer)]), + withMaxRequestsPerIOCycle(maxRequestsPerIOCycle): { spec+: { runtimeSettings+: { envoy+: { listener+: { maxRequestsPerIOCycle: maxRequestsPerIOCycle } } } } }, + '#withPer-Connection-Buffer-Limit-Bytes':: d.fn(help='"Defines the soft limit on size of the listener’s new connection read and write buffers in bytes.\\nIf unspecified, an implementation defined default is applied (1MiB).\\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-per-connection-buffer-limit-bytes\\nfor more information."', args=[d.arg(name='per_connection_buffer_limit_bytes', type=d.T.integer)]), + 'withPer-Connection-Buffer-Limit-Bytes'(per_connection_buffer_limit_bytes): { spec+: { runtimeSettings+: { envoy+: { listener+: { 'per-connection-buffer-limit-bytes': per_connection_buffer_limit_bytes } } } } }, + '#withServerHeaderTransformation':: d.fn(help="\"Defines the action to be applied to the Server header on the response path.\\nWhen configured as overwrite, overwrites any Server header with \\\"envoy\\\".\\nWhen configured as append_if_absent, if a Server header is present, pass it through, otherwise set it to \\\"envoy\\\".\\nWhen configured as pass_through, pass through the value of the Server header, and do not append a header if none is present.\\nValues: `overwrite` (default), `append_if_absent`, `pass_through`\\nOther values will produce an error.\\nContour's default is overwrite.\"", args=[d.arg(name='serverHeaderTransformation', type=d.T.string)]), + withServerHeaderTransformation(serverHeaderTransformation): { spec+: { runtimeSettings+: { envoy+: { listener+: { serverHeaderTransformation: serverHeaderTransformation } } } } }, + '#withUseProxyProtocol':: d.fn(help="\"Use PROXY protocol for all listeners.\\nContour's default is false.\"", args=[d.arg(name='useProxyProtocol', type=d.T.boolean)]), + withUseProxyProtocol(useProxyProtocol): { spec+: { runtimeSettings+: { envoy+: { listener+: { useProxyProtocol: useProxyProtocol } } } } }, + }, + '#logging':: d.obj(help="\"Logging defines how Envoy's logs can be configured.\""), + logging: { + '#withAccessLogFormat':: d.fn(help='"AccessLogFormat sets the global access log format.\\nValues: `envoy` (default), `json`.\\nOther values will produce an error."', args=[d.arg(name='accessLogFormat', type=d.T.string)]), + withAccessLogFormat(accessLogFormat): { spec+: { runtimeSettings+: { envoy+: { logging+: { accessLogFormat: accessLogFormat } } } } }, + '#withAccessLogFormatString':: d.fn(help="\"AccessLogFormatString sets the access log format when format is set to `envoy`.\\nWhen empty, Envoy's default format is used.\"", args=[d.arg(name='accessLogFormatString', type=d.T.string)]), + withAccessLogFormatString(accessLogFormatString): { spec+: { runtimeSettings+: { envoy+: { logging+: { accessLogFormatString: accessLogFormatString } } } } }, + '#withAccessLogJSONFields':: d.fn(help='"AccessLogJSONFields sets the fields that JSON logging will\\noutput when AccessLogFormat is json."', args=[d.arg(name='accessLogJSONFields', type=d.T.array)]), + withAccessLogJSONFields(accessLogJSONFields): { spec+: { runtimeSettings+: { envoy+: { logging+: { accessLogJSONFields: if std.isArray(v=accessLogJSONFields) then accessLogJSONFields else [accessLogJSONFields] } } } } }, + '#withAccessLogJSONFieldsMixin':: d.fn(help='"AccessLogJSONFields sets the fields that JSON logging will\\noutput when AccessLogFormat is json."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='accessLogJSONFields', type=d.T.array)]), + withAccessLogJSONFieldsMixin(accessLogJSONFields): { spec+: { runtimeSettings+: { envoy+: { logging+: { accessLogJSONFields+: if std.isArray(v=accessLogJSONFields) then accessLogJSONFields else [accessLogJSONFields] } } } } }, + '#withAccessLogLevel':: d.fn(help='"AccessLogLevel sets the verbosity level of the access log.\\nValues: `info` (default, all requests are logged), `error` (all non-success requests, i.e. 300+ response code, are logged), `critical` (all 5xx requests are logged) and `disabled`.\\nOther values will produce an error."', args=[d.arg(name='accessLogLevel', type=d.T.string)]), + withAccessLogLevel(accessLogLevel): { spec+: { runtimeSettings+: { envoy+: { logging+: { accessLogLevel: accessLogLevel } } } } }, + }, + '#metrics':: d.obj(help="\"Metrics defines the endpoint Envoy uses to serve metrics.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8002 }.\""), + metrics: { + '#tls':: d.obj(help='"TLS holds TLS file config details.\\nMetrics and health endpoints cannot have same port number when metrics is served over HTTPS."'), + tls: { + '#withCaFile':: d.fn(help='"CA filename."', args=[d.arg(name='caFile', type=d.T.string)]), + withCaFile(caFile): { spec+: { runtimeSettings+: { envoy+: { metrics+: { tls+: { caFile: caFile } } } } } }, + '#withCertFile':: d.fn(help='"Client certificate filename."', args=[d.arg(name='certFile', type=d.T.string)]), + withCertFile(certFile): { spec+: { runtimeSettings+: { envoy+: { metrics+: { tls+: { certFile: certFile } } } } } }, + '#withKeyFile':: d.fn(help='"Client key filename."', args=[d.arg(name='keyFile', type=d.T.string)]), + withKeyFile(keyFile): { spec+: { runtimeSettings+: { envoy+: { metrics+: { tls+: { keyFile: keyFile } } } } } }, + }, + '#withAddress':: d.fn(help='"Defines the metrics address interface."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { runtimeSettings+: { envoy+: { metrics+: { address: address } } } } }, + '#withPort':: d.fn(help='"Defines the metrics port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { runtimeSettings+: { envoy+: { metrics+: { port: port } } } } }, + }, + '#network':: d.obj(help='"Network holds various configurable Envoy network values."'), + network: { + '#withAdminPort':: d.fn(help="\"Configure the port used to access the Envoy Admin interface.\\nIf configured to port \\\"0\\\" then the admin interface is disabled.\\nContour's default is 9001.\"", args=[d.arg(name='adminPort', type=d.T.integer)]), + withAdminPort(adminPort): { spec+: { runtimeSettings+: { envoy+: { network+: { adminPort: adminPort } } } } }, + '#withNumTrustedHops':: d.fn(help="\"XffNumTrustedHops defines the number of additional ingress proxy hops from the\\nright side of the x-forwarded-for HTTP header to trust when determining the origin\\nclient’s IP address.\\nSee https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops\\nfor more information.\\nContour's default is 0.\"", args=[d.arg(name='numTrustedHops', type=d.T.integer)]), + withNumTrustedHops(numTrustedHops): { spec+: { runtimeSettings+: { envoy+: { network+: { numTrustedHops: numTrustedHops } } } } }, + }, + '#service':: d.obj(help="\"Service holds Envoy service parameters for setting Ingress status.\\nContour's default is { namespace: \\\"projectcontour\\\", name: \\\"envoy\\\" }.\""), + service: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { runtimeSettings+: { envoy+: { service+: { name: name } } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { runtimeSettings+: { envoy+: { service+: { namespace: namespace } } } } }, + }, + '#timeouts':: d.obj(help='"Timeouts holds various configurable timeouts that can\\nbe set in the config file."'), + timeouts: { + '#withConnectTimeout':: d.fn(help='"ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service.\\nIf not set, a default value of 2 seconds will be used.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout\\nfor more information."', args=[d.arg(name='connectTimeout', type=d.T.string)]), + withConnectTimeout(connectTimeout): { spec+: { runtimeSettings+: { envoy+: { timeouts+: { connectTimeout: connectTimeout } } } } }, + '#withConnectionIdleTimeout':: d.fn(help='"ConnectionIdleTimeout defines how long the proxy should wait while there are\\nno active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating\\nan HTTP connection. Set to \\"infinity\\" to disable the timeout entirely.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout\\nfor more information."', args=[d.arg(name='connectionIdleTimeout', type=d.T.string)]), + withConnectionIdleTimeout(connectionIdleTimeout): { spec+: { runtimeSettings+: { envoy+: { timeouts+: { connectionIdleTimeout: connectionIdleTimeout } } } } }, + '#withConnectionShutdownGracePeriod':: d.fn(help='"ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an\\ninitial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection.\\nDuring this grace period, the proxy will continue to respond to new streams. After the final\\nGOAWAY frame has been sent, the proxy will refuse new streams.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout\\nfor more information."', args=[d.arg(name='connectionShutdownGracePeriod', type=d.T.string)]), + withConnectionShutdownGracePeriod(connectionShutdownGracePeriod): { spec+: { runtimeSettings+: { envoy+: { timeouts+: { connectionShutdownGracePeriod: connectionShutdownGracePeriod } } } } }, + '#withDelayedCloseTimeout':: d.fn(help="\"DelayedCloseTimeout defines how long envoy will wait, once connection\\nclose processing has been initiated, for the downstream peer to close\\nthe connection before Envoy closes the socket associated with the connection.\\nSetting this timeout to 'infinity' will disable it, equivalent to setting it to '0'\\nin Envoy. Leaving it unset will result in the Envoy default value being used.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout\\nfor more information.\"", args=[d.arg(name='delayedCloseTimeout', type=d.T.string)]), + withDelayedCloseTimeout(delayedCloseTimeout): { spec+: { runtimeSettings+: { envoy+: { timeouts+: { delayedCloseTimeout: delayedCloseTimeout } } } } }, + '#withMaxConnectionDuration':: d.fn(help='"MaxConnectionDuration defines the maximum period of time after an HTTP connection\\nhas been established from the client to the proxy before it is closed by the proxy,\\nregardless of whether there has been activity or not. Omit or set to \\"infinity\\" for\\nno max duration.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration\\nfor more information."', args=[d.arg(name='maxConnectionDuration', type=d.T.string)]), + withMaxConnectionDuration(maxConnectionDuration): { spec+: { runtimeSettings+: { envoy+: { timeouts+: { maxConnectionDuration: maxConnectionDuration } } } } }, + '#withRequestTimeout':: d.fn(help='"RequestTimeout sets the client request timeout globally for Contour. Note that\\nthis is a timeout for the entire request, not an idle timeout. Omit or set to\\n\\"infinity\\" to disable the timeout entirely.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout\\nfor more information."', args=[d.arg(name='requestTimeout', type=d.T.string)]), + withRequestTimeout(requestTimeout): { spec+: { runtimeSettings+: { envoy+: { timeouts+: { requestTimeout: requestTimeout } } } } }, + '#withStreamIdleTimeout':: d.fn(help='"StreamIdleTimeout defines how long the proxy should wait while there is no\\nrequest activity (for HTTP/1.1) or stream activity (for HTTP/2) before\\nterminating the HTTP request or stream. Set to \\"infinity\\" to disable the\\ntimeout entirely.\\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout\\nfor more information."', args=[d.arg(name='streamIdleTimeout', type=d.T.string)]), + withStreamIdleTimeout(streamIdleTimeout): { spec+: { runtimeSettings+: { envoy+: { timeouts+: { streamIdleTimeout: streamIdleTimeout } } } } }, + }, + '#withDefaultHTTPVersions':: d.fn(help='"DefaultHTTPVersions defines the default set of HTTPS\\nversions the proxy should accept. HTTP versions are\\nstrings of the form \\"HTTP/xx\\". Supported versions are\\n\\"HTTP/1.1\\" and \\"HTTP/2\\".\\nValues: `HTTP/1.1`, `HTTP/2` (default: both).\\nOther values will produce an error."', args=[d.arg(name='defaultHTTPVersions', type=d.T.array)]), + withDefaultHTTPVersions(defaultHTTPVersions): { spec+: { runtimeSettings+: { envoy+: { defaultHTTPVersions: if std.isArray(v=defaultHTTPVersions) then defaultHTTPVersions else [defaultHTTPVersions] } } } }, + '#withDefaultHTTPVersionsMixin':: d.fn(help='"DefaultHTTPVersions defines the default set of HTTPS\\nversions the proxy should accept. HTTP versions are\\nstrings of the form \\"HTTP/xx\\". Supported versions are\\n\\"HTTP/1.1\\" and \\"HTTP/2\\".\\nValues: `HTTP/1.1`, `HTTP/2` (default: both).\\nOther values will produce an error."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='defaultHTTPVersions', type=d.T.array)]), + withDefaultHTTPVersionsMixin(defaultHTTPVersions): { spec+: { runtimeSettings+: { envoy+: { defaultHTTPVersions+: if std.isArray(v=defaultHTTPVersions) then defaultHTTPVersions else [defaultHTTPVersions] } } } }, + }, + '#gateway':: d.obj(help='"Gateway contains parameters for the gateway-api Gateway that Contour\\nis configured to serve traffic."'), + gateway: { + '#gatewayRef':: d.obj(help='"GatewayRef defines the specific Gateway that this Contour\\ninstance corresponds to."'), + gatewayRef: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { runtimeSettings+: { gateway+: { gatewayRef+: { name: name } } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { runtimeSettings+: { gateway+: { gatewayRef+: { namespace: namespace } } } } }, + }, + }, + '#globalExtAuth':: d.obj(help='"GlobalExternalAuthorization allows envoys external authorization filter\\nto be enabled for all virtual hosts."'), + globalExtAuth: { + '#authPolicy':: d.obj(help='"AuthPolicy sets a default authorization policy for client requests.\\nThis policy will be used unless overridden by individual routes."'), + authPolicy: { + '#withContext':: d.fn(help='"Context is a set of key/value pairs that are sent to the\\nauthentication server in the check request. If a context\\nis provided at an enclosing scope, the entries are merged\\nsuch that the inner scope overrides matching keys from the\\nouter scope."', args=[d.arg(name='context', type=d.T.object)]), + withContext(context): { spec+: { runtimeSettings+: { globalExtAuth+: { authPolicy+: { context: context } } } } }, + '#withContextMixin':: d.fn(help='"Context is a set of key/value pairs that are sent to the\\nauthentication server in the check request. If a context\\nis provided at an enclosing scope, the entries are merged\\nsuch that the inner scope overrides matching keys from the\\nouter scope."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='context', type=d.T.object)]), + withContextMixin(context): { spec+: { runtimeSettings+: { globalExtAuth+: { authPolicy+: { context+: context } } } } }, + '#withDisabled':: d.fn(help='"When true, this field disables client request authentication\\nfor the scope of the policy."', args=[d.arg(name='disabled', type=d.T.boolean)]), + withDisabled(disabled): { spec+: { runtimeSettings+: { globalExtAuth+: { authPolicy+: { disabled: disabled } } } } }, + }, + '#extensionRef':: d.obj(help='"ExtensionServiceRef specifies the extension resource that will authorize client requests."'), + extensionRef: { + '#withApiVersion':: d.fn(help='"API version of the referent.\\nIf this field is not specified, the default \\"projectcontour.io/v1alpha1\\" will be used"', args=[d.arg(name='apiVersion', type=d.T.string)]), + withApiVersion(apiVersion): { spec+: { runtimeSettings+: { globalExtAuth+: { extensionRef+: { apiVersion: apiVersion } } } } }, + '#withName':: d.fn(help='"Name of the referent.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { runtimeSettings+: { globalExtAuth+: { extensionRef+: { name: name } } } } }, + '#withNamespace':: d.fn(help='"Namespace of the referent.\\nIf this field is not specifies, the namespace of the resource that targets the referent will be used.\\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { runtimeSettings+: { globalExtAuth+: { extensionRef+: { namespace: namespace } } } } }, + }, + '#withFailOpen':: d.fn(help='"If FailOpen is true, the client request is forwarded to the upstream service\\neven if the authorization server fails to respond. This field should not be\\nset in most cases. It is intended for use only while migrating applications\\nfrom internal authorization to Contour external authorization."', args=[d.arg(name='failOpen', type=d.T.boolean)]), + withFailOpen(failOpen): { spec+: { runtimeSettings+: { globalExtAuth+: { failOpen: failOpen } } } }, + '#withRequestBody':: d.obj(help="\"WithRequestBody specifies configuration for sending the client request's body to authorization server.\""), + withRequestBody: { + '#withAllowPartialMessage':: d.fn(help='"If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached."', args=[d.arg(name='allowPartialMessage', type=d.T.boolean)]), + withAllowPartialMessage(allowPartialMessage): { spec+: { runtimeSettings+: { globalExtAuth+: { withRequestBody+: { allowPartialMessage: allowPartialMessage } } } } }, + '#withMaxRequestBytes':: d.fn(help='"MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory."', args=[d.arg(name='maxRequestBytes', type=d.T.integer)]), + withMaxRequestBytes(maxRequestBytes): { spec+: { runtimeSettings+: { globalExtAuth+: { withRequestBody+: { maxRequestBytes: maxRequestBytes } } } } }, + '#withPackAsBytes':: d.fn(help='"If PackAsBytes is true, the body sent to Authorization Server is in raw bytes."', args=[d.arg(name='packAsBytes', type=d.T.boolean)]), + withPackAsBytes(packAsBytes): { spec+: { runtimeSettings+: { globalExtAuth+: { withRequestBody+: { packAsBytes: packAsBytes } } } } }, + }, + '#withResponseTimeout':: d.fn(help='"ResponseTimeout configures maximum time to wait for a check response from the authorization server.\\nTimeout durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\\nValid time units are \\"ns\\", \\"us\\" (or \\"µs\\"), \\"ms\\", \\"s\\", \\"m\\", \\"h\\".\\nThe string \\"infinity\\" is also a valid input and specifies no timeout."', args=[d.arg(name='responseTimeout', type=d.T.string)]), + withResponseTimeout(responseTimeout): { spec+: { runtimeSettings+: { globalExtAuth+: { responseTimeout: responseTimeout } } } }, + }, + '#health':: d.obj(help="\"Health defines the endpoints Contour uses to serve health checks.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8000 }.\""), + health: { + '#withAddress':: d.fn(help='"Defines the health address interface."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { runtimeSettings+: { health+: { address: address } } } }, + '#withPort':: d.fn(help='"Defines the health port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { runtimeSettings+: { health+: { port: port } } } }, + }, + '#httpproxy':: d.obj(help='"HTTPProxy defines parameters on HTTPProxy."'), + httpproxy: { + '#fallbackCertificate':: d.obj(help='"FallbackCertificate defines the namespace/name of the Kubernetes secret to\\nuse as fallback when a non-SNI request is received."'), + fallbackCertificate: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { runtimeSettings+: { httpproxy+: { fallbackCertificate+: { name: name } } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { runtimeSettings+: { httpproxy+: { fallbackCertificate+: { namespace: namespace } } } } }, + }, + '#withDisablePermitInsecure':: d.fn(help="\"DisablePermitInsecure disables the use of the\\npermitInsecure field in HTTPProxy.\\nContour's default is false.\"", args=[d.arg(name='disablePermitInsecure', type=d.T.boolean)]), + withDisablePermitInsecure(disablePermitInsecure): { spec+: { runtimeSettings+: { httpproxy+: { disablePermitInsecure: disablePermitInsecure } } } }, + '#withRootNamespaces':: d.fn(help='"Restrict Contour to searching these namespaces for root ingress routes."', args=[d.arg(name='rootNamespaces', type=d.T.array)]), + withRootNamespaces(rootNamespaces): { spec+: { runtimeSettings+: { httpproxy+: { rootNamespaces: if std.isArray(v=rootNamespaces) then rootNamespaces else [rootNamespaces] } } } }, + '#withRootNamespacesMixin':: d.fn(help='"Restrict Contour to searching these namespaces for root ingress routes."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='rootNamespaces', type=d.T.array)]), + withRootNamespacesMixin(rootNamespaces): { spec+: { runtimeSettings+: { httpproxy+: { rootNamespaces+: if std.isArray(v=rootNamespaces) then rootNamespaces else [rootNamespaces] } } } }, + }, + '#ingress':: d.obj(help='"Ingress contains parameters for ingress options."'), + ingress: { + '#withClassNames':: d.fn(help='"Ingress Class Names Contour should use."', args=[d.arg(name='classNames', type=d.T.array)]), + withClassNames(classNames): { spec+: { runtimeSettings+: { ingress+: { classNames: if std.isArray(v=classNames) then classNames else [classNames] } } } }, + '#withClassNamesMixin':: d.fn(help='"Ingress Class Names Contour should use."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='classNames', type=d.T.array)]), + withClassNamesMixin(classNames): { spec+: { runtimeSettings+: { ingress+: { classNames+: if std.isArray(v=classNames) then classNames else [classNames] } } } }, + '#withStatusAddress':: d.fn(help='"Address to set in Ingress object status."', args=[d.arg(name='statusAddress', type=d.T.string)]), + withStatusAddress(statusAddress): { spec+: { runtimeSettings+: { ingress+: { statusAddress: statusAddress } } } }, + }, + '#metrics':: d.obj(help="\"Metrics defines the endpoint Contour uses to serve metrics.\\nContour's default is { address: \\\"0.0.0.0\\\", port: 8000 }.\""), + metrics: { + '#tls':: d.obj(help='"TLS holds TLS file config details.\\nMetrics and health endpoints cannot have same port number when metrics is served over HTTPS."'), + tls: { + '#withCaFile':: d.fn(help='"CA filename."', args=[d.arg(name='caFile', type=d.T.string)]), + withCaFile(caFile): { spec+: { runtimeSettings+: { metrics+: { tls+: { caFile: caFile } } } } }, + '#withCertFile':: d.fn(help='"Client certificate filename."', args=[d.arg(name='certFile', type=d.T.string)]), + withCertFile(certFile): { spec+: { runtimeSettings+: { metrics+: { tls+: { certFile: certFile } } } } }, + '#withKeyFile':: d.fn(help='"Client key filename."', args=[d.arg(name='keyFile', type=d.T.string)]), + withKeyFile(keyFile): { spec+: { runtimeSettings+: { metrics+: { tls+: { keyFile: keyFile } } } } }, + }, + '#withAddress':: d.fn(help='"Defines the metrics address interface."', args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { runtimeSettings+: { metrics+: { address: address } } } }, + '#withPort':: d.fn(help='"Defines the metrics port."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { runtimeSettings+: { metrics+: { port: port } } } }, + }, + '#policy':: d.obj(help='"Policy specifies default policy applied if not overridden by the user"'), + policy: { + '#requestHeaders':: d.obj(help='"RequestHeadersPolicy defines the request headers set/removed on all routes"'), + requestHeaders: { + '#withRemove':: d.fn(help='', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { spec+: { runtimeSettings+: { policy+: { requestHeaders+: { remove: if std.isArray(v=remove) then remove else [remove] } } } } }, + '#withRemoveMixin':: d.fn(help='\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { spec+: { runtimeSettings+: { policy+: { requestHeaders+: { remove+: if std.isArray(v=remove) then remove else [remove] } } } } }, + '#withSet':: d.fn(help='', args=[d.arg(name='set', type=d.T.object)]), + withSet(set): { spec+: { runtimeSettings+: { policy+: { requestHeaders+: { set: set } } } } }, + '#withSetMixin':: d.fn(help='\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.object)]), + withSetMixin(set): { spec+: { runtimeSettings+: { policy+: { requestHeaders+: { set+: set } } } } }, + }, + '#responseHeaders':: d.obj(help='"ResponseHeadersPolicy defines the response headers set/removed on all routes"'), + responseHeaders: { + '#withRemove':: d.fn(help='', args=[d.arg(name='remove', type=d.T.array)]), + withRemove(remove): { spec+: { runtimeSettings+: { policy+: { responseHeaders+: { remove: if std.isArray(v=remove) then remove else [remove] } } } } }, + '#withRemoveMixin':: d.fn(help='\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='remove', type=d.T.array)]), + withRemoveMixin(remove): { spec+: { runtimeSettings+: { policy+: { responseHeaders+: { remove+: if std.isArray(v=remove) then remove else [remove] } } } } }, + '#withSet':: d.fn(help='', args=[d.arg(name='set', type=d.T.object)]), + withSet(set): { spec+: { runtimeSettings+: { policy+: { responseHeaders+: { set: set } } } } }, + '#withSetMixin':: d.fn(help='\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='set', type=d.T.object)]), + withSetMixin(set): { spec+: { runtimeSettings+: { policy+: { responseHeaders+: { set+: set } } } } }, + }, + '#withApplyToIngress':: d.fn(help="\"ApplyToIngress determines if the Policies will apply to ingress objects\\nContour's default is false.\"", args=[d.arg(name='applyToIngress', type=d.T.boolean)]), + withApplyToIngress(applyToIngress): { spec+: { runtimeSettings+: { policy+: { applyToIngress: applyToIngress } } } }, + }, + '#rateLimitService':: d.obj(help='"RateLimitService optionally holds properties of the Rate Limit Service\\nto be used for global rate limiting."'), + rateLimitService: { + '#defaultGlobalRateLimitPolicy':: d.obj(help='"DefaultGlobalRateLimitPolicy allows setting a default global rate limit policy for every HTTPProxy.\\nHTTPProxy can overwrite this configuration."'), + defaultGlobalRateLimitPolicy: { + '#descriptors':: d.obj(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."'), + descriptors: { + '#entries':: d.obj(help='"Entries is the list of key-value pair generators."'), + entries: { + '#genericKey':: d.obj(help='"GenericKey defines a descriptor entry with a static key and value."'), + genericKey: { + '#withKey':: d.fn(help='"Key defines the key of the descriptor entry. If not set, the\\nkey is set to \\"generic_key\\"."', args=[d.arg(name='key', type=d.T.string)]), + withKey(key): { genericKey+: { key: key } }, + '#withValue':: d.fn(help='"Value defines the value of the descriptor entry."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { genericKey+: { value: value } }, + }, + '#requestHeader':: d.obj(help="\"RequestHeader defines a descriptor entry that's populated only if\\na given header is present on the request. The descriptor key is static,\\nand the descriptor value is equal to the value of the header.\""), + requestHeader: { + '#withDescriptorKey':: d.fn(help='"DescriptorKey defines the key to use on the descriptor entry."', args=[d.arg(name='descriptorKey', type=d.T.string)]), + withDescriptorKey(descriptorKey): { requestHeader+: { descriptorKey: descriptorKey } }, + '#withHeaderName':: d.fn(help='"HeaderName defines the name of the header to look for on the request."', args=[d.arg(name='headerName', type=d.T.string)]), + withHeaderName(headerName): { requestHeader+: { headerName: headerName } }, + }, + '#requestHeaderValueMatch':: d.obj(help="\"RequestHeaderValueMatch defines a descriptor entry that's populated\\nif the request's headers match a set of 1+ match criteria. The\\ndescriptor key is \\\"header_match\\\", and the descriptor value is static.\""), + requestHeaderValueMatch: { + '#headers':: d.obj(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."'), + headers: { + '#withContains':: d.fn(help='"Contains specifies a substring that must be present in\\nthe header value."', args=[d.arg(name='contains', type=d.T.string)]), + withContains(contains): { contains: contains }, + '#withExact':: d.fn(help='"Exact specifies a string that the header value must be equal to."', args=[d.arg(name='exact', type=d.T.string)]), + withExact(exact): { exact: exact }, + '#withIgnoreCase':: d.fn(help='"IgnoreCase specifies that string matching should be case insensitive.\\nNote that this has no effect on the Regex parameter."', args=[d.arg(name='ignoreCase', type=d.T.boolean)]), + withIgnoreCase(ignoreCase): { ignoreCase: ignoreCase }, + '#withName':: d.fn(help='"Name is the name of the header to match against. Name is required.\\nHeader names are case insensitive."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withNotcontains':: d.fn(help='"NotContains specifies a substring that must not be present\\nin the header value."', args=[d.arg(name='notcontains', type=d.T.string)]), + withNotcontains(notcontains): { notcontains: notcontains }, + '#withNotexact':: d.fn(help='"NoExact specifies a string that the header value must not be\\nequal to. The condition is true if the header has any other value."', args=[d.arg(name='notexact', type=d.T.string)]), + withNotexact(notexact): { notexact: notexact }, + '#withNotpresent':: d.fn(help='"NotPresent specifies that condition is true when the named header\\nis not present. Note that setting NotPresent to false does not\\nmake the condition true if the named header is present."', args=[d.arg(name='notpresent', type=d.T.boolean)]), + withNotpresent(notpresent): { notpresent: notpresent }, + '#withPresent':: d.fn(help='"Present specifies that condition is true when the named header\\nis present, regardless of its value. Note that setting Present\\nto false does not make the condition true if the named header\\nis absent."', args=[d.arg(name='present', type=d.T.boolean)]), + withPresent(present): { present: present }, + '#withRegex':: d.fn(help='"Regex specifies a regular expression pattern that must match the header\\nvalue."', args=[d.arg(name='regex', type=d.T.string)]), + withRegex(regex): { regex: regex }, + '#withTreatMissingAsEmpty':: d.fn(help='"TreatMissingAsEmpty specifies if the header match rule specified header\\ndoes not exist, this header value will be treated as empty. Defaults to false.\\nUnlike the underlying Envoy implementation this is **only** supported for\\nnegative matches (e.g. NotContains, NotExact)."', args=[d.arg(name='treatMissingAsEmpty', type=d.T.boolean)]), + withTreatMissingAsEmpty(treatMissingAsEmpty): { treatMissingAsEmpty: treatMissingAsEmpty }, + }, + '#withExpectMatch':: d.fn(help='"ExpectMatch defines whether the request must positively match the match\\ncriteria in order to generate a descriptor entry (i.e. true), or not\\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\\nThe default is true."', args=[d.arg(name='expectMatch', type=d.T.boolean)]), + withExpectMatch(expectMatch): { requestHeaderValueMatch+: { expectMatch: expectMatch } }, + '#withHeaders':: d.fn(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."', args=[d.arg(name='headers', type=d.T.array)]), + withHeaders(headers): { requestHeaderValueMatch+: { headers: if std.isArray(v=headers) then headers else [headers] } }, + '#withHeadersMixin':: d.fn(help='"Headers is a list of 1+ match criteria to apply against the request\\nto determine whether to populate the descriptor entry or not."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='headers', type=d.T.array)]), + withHeadersMixin(headers): { requestHeaderValueMatch+: { headers+: if std.isArray(v=headers) then headers else [headers] } }, + '#withValue':: d.fn(help='"Value defines the value of the descriptor entry."', args=[d.arg(name='value', type=d.T.string)]), + withValue(value): { requestHeaderValueMatch+: { value: value } }, + }, + '#withRemoteAddress':: d.fn(help="\"RemoteAddress defines a descriptor entry with a key of \\\"remote_address\\\"\\nand a value equal to the client's IP address (from x-forwarded-for).\"", args=[d.arg(name='remoteAddress', type=d.T.object)]), + withRemoteAddress(remoteAddress): { remoteAddress: remoteAddress }, + '#withRemoteAddressMixin':: d.fn(help="\"RemoteAddress defines a descriptor entry with a key of \\\"remote_address\\\"\\nand a value equal to the client's IP address (from x-forwarded-for).\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='remoteAddress', type=d.T.object)]), + withRemoteAddressMixin(remoteAddress): { remoteAddress+: remoteAddress }, + }, + '#withEntries':: d.fn(help='"Entries is the list of key-value pair generators."', args=[d.arg(name='entries', type=d.T.array)]), + withEntries(entries): { entries: if std.isArray(v=entries) then entries else [entries] }, + '#withEntriesMixin':: d.fn(help='"Entries is the list of key-value pair generators."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='entries', type=d.T.array)]), + withEntriesMixin(entries): { entries+: if std.isArray(v=entries) then entries else [entries] }, + }, + '#withDescriptors':: d.fn(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."', args=[d.arg(name='descriptors', type=d.T.array)]), + withDescriptors(descriptors): { spec+: { runtimeSettings+: { rateLimitService+: { defaultGlobalRateLimitPolicy+: { descriptors: if std.isArray(v=descriptors) then descriptors else [descriptors] } } } } }, + '#withDescriptorsMixin':: d.fn(help='"Descriptors defines the list of descriptors that will\\nbe generated and sent to the rate limit service. Each\\ndescriptor contains 1+ key-value pair entries."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='descriptors', type=d.T.array)]), + withDescriptorsMixin(descriptors): { spec+: { runtimeSettings+: { rateLimitService+: { defaultGlobalRateLimitPolicy+: { descriptors+: if std.isArray(v=descriptors) then descriptors else [descriptors] } } } } }, + '#withDisabled':: d.fn(help='"Disabled configures the HTTPProxy to not use\\nthe default global rate limit policy defined by the Contour configuration."', args=[d.arg(name='disabled', type=d.T.boolean)]), + withDisabled(disabled): { spec+: { runtimeSettings+: { rateLimitService+: { defaultGlobalRateLimitPolicy+: { disabled: disabled } } } } }, + }, + '#extensionService':: d.obj(help='"ExtensionService identifies the extension service defining the RLS."'), + extensionService: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { runtimeSettings+: { rateLimitService+: { extensionService+: { name: name } } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { runtimeSettings+: { rateLimitService+: { extensionService+: { namespace: namespace } } } } }, + }, + '#withDomain':: d.fn(help='"Domain is passed to the Rate Limit Service."', args=[d.arg(name='domain', type=d.T.string)]), + withDomain(domain): { spec+: { runtimeSettings+: { rateLimitService+: { domain: domain } } } }, + '#withEnableResourceExhaustedCode':: d.fn(help="\"EnableResourceExhaustedCode enables translating error code 429 to\\ngrpc code RESOURCE_EXHAUSTED. When disabled it's translated to UNAVAILABLE\"", args=[d.arg(name='enableResourceExhaustedCode', type=d.T.boolean)]), + withEnableResourceExhaustedCode(enableResourceExhaustedCode): { spec+: { runtimeSettings+: { rateLimitService+: { enableResourceExhaustedCode: enableResourceExhaustedCode } } } }, + '#withEnableXRateLimitHeaders':: d.fn(help='"EnableXRateLimitHeaders defines whether to include the X-RateLimit\\nheaders X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset\\n(as defined by the IETF Internet-Draft linked below), on responses\\nto clients when the Rate Limit Service is consulted for a request.\\nref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html"', args=[d.arg(name='enableXRateLimitHeaders', type=d.T.boolean)]), + withEnableXRateLimitHeaders(enableXRateLimitHeaders): { spec+: { runtimeSettings+: { rateLimitService+: { enableXRateLimitHeaders: enableXRateLimitHeaders } } } }, + '#withFailOpen':: d.fn(help='"FailOpen defines whether to allow requests to proceed when the\\nRate Limit Service fails to respond with a valid rate limit\\ndecision within the timeout defined on the extension service."', args=[d.arg(name='failOpen', type=d.T.boolean)]), + withFailOpen(failOpen): { spec+: { runtimeSettings+: { rateLimitService+: { failOpen: failOpen } } } }, + }, + '#tracing':: d.obj(help='"Tracing defines properties for exporting trace data to OpenTelemetry."'), + tracing: { + '#customTags':: d.obj(help='"CustomTags defines a list of custom tags with unique tag name."'), + customTags: { + '#withLiteral':: d.fn(help='"Literal is a static custom tag value.\\nPrecisely one of Literal, RequestHeaderName must be set."', args=[d.arg(name='literal', type=d.T.string)]), + withLiteral(literal): { literal: literal }, + '#withRequestHeaderName':: d.fn(help='"RequestHeaderName indicates which request header\\nthe label value is obtained from.\\nPrecisely one of Literal, RequestHeaderName must be set."', args=[d.arg(name='requestHeaderName', type=d.T.string)]), + withRequestHeaderName(requestHeaderName): { requestHeaderName: requestHeaderName }, + '#withTagName':: d.fn(help='"TagName is the unique name of the custom tag."', args=[d.arg(name='tagName', type=d.T.string)]), + withTagName(tagName): { tagName: tagName }, + }, + '#extensionService':: d.obj(help='"ExtensionService identifies the extension service defining the otel-collector."'), + extensionService: { + '#withName':: d.fn(help='', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { spec+: { runtimeSettings+: { tracing+: { extensionService+: { name: name } } } } }, + '#withNamespace':: d.fn(help='', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { spec+: { runtimeSettings+: { tracing+: { extensionService+: { namespace: namespace } } } } }, + }, + '#withCustomTags':: d.fn(help='"CustomTags defines a list of custom tags with unique tag name."', args=[d.arg(name='customTags', type=d.T.array)]), + withCustomTags(customTags): { spec+: { runtimeSettings+: { tracing+: { customTags: if std.isArray(v=customTags) then customTags else [customTags] } } } }, + '#withCustomTagsMixin':: d.fn(help='"CustomTags defines a list of custom tags with unique tag name."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='customTags', type=d.T.array)]), + withCustomTagsMixin(customTags): { spec+: { runtimeSettings+: { tracing+: { customTags+: if std.isArray(v=customTags) then customTags else [customTags] } } } }, + '#withIncludePodDetail':: d.fn(help='"IncludePodDetail defines a flag.\\nIf it is true, contour will add the pod name and namespace to the span of the trace.\\nthe default is true.\\nNote: The Envoy pods MUST have the HOSTNAME and CONTOUR_NAMESPACE environment variables set for this to work properly."', args=[d.arg(name='includePodDetail', type=d.T.boolean)]), + withIncludePodDetail(includePodDetail): { spec+: { runtimeSettings+: { tracing+: { includePodDetail: includePodDetail } } } }, + '#withMaxPathTagLength':: d.fn(help="\"MaxPathTagLength defines maximum length of the request path\\nto extract and include in the HttpUrl tag.\\ncontour's default is 256.\"", args=[d.arg(name='maxPathTagLength', type=d.T.integer)]), + withMaxPathTagLength(maxPathTagLength): { spec+: { runtimeSettings+: { tracing+: { maxPathTagLength: maxPathTagLength } } } }, + '#withOverallSampling':: d.fn(help="\"OverallSampling defines the sampling rate of trace data.\\ncontour's default is 100.\"", args=[d.arg(name='overallSampling', type=d.T.string)]), + withOverallSampling(overallSampling): { spec+: { runtimeSettings+: { tracing+: { overallSampling: overallSampling } } } }, + '#withServiceName':: d.fn(help="\"ServiceName defines the name for the service.\\ncontour's default is contour.\"", args=[d.arg(name='serviceName', type=d.T.string)]), + withServiceName(serviceName): { spec+: { runtimeSettings+: { tracing+: { serviceName: serviceName } } } }, + }, + '#withEnableExternalNameService':: d.fn(help="\"EnableExternalNameService allows processing of ExternalNameServices\\nContour's default is false for security reasons.\"", args=[d.arg(name='enableExternalNameService', type=d.T.boolean)]), + withEnableExternalNameService(enableExternalNameService): { spec+: { runtimeSettings+: { enableExternalNameService: enableExternalNameService } } }, + '#withFeatureFlags':: d.fn(help='"FeatureFlags defines toggle to enable new contour features.\\nAvailable toggles are:\\nuseEndpointSlices - Configures contour to fetch endpoint data\\nfrom k8s endpoint slices. defaults to true,\\nIf false then reads endpoint data from the k8s endpoints."', args=[d.arg(name='featureFlags', type=d.T.array)]), + withFeatureFlags(featureFlags): { spec+: { runtimeSettings+: { featureFlags: if std.isArray(v=featureFlags) then featureFlags else [featureFlags] } } }, + '#withFeatureFlagsMixin':: d.fn(help='"FeatureFlags defines toggle to enable new contour features.\\nAvailable toggles are:\\nuseEndpointSlices - Configures contour to fetch endpoint data\\nfrom k8s endpoint slices. defaults to true,\\nIf false then reads endpoint data from the k8s endpoints."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='featureFlags', type=d.T.array)]), + withFeatureFlagsMixin(featureFlags): { spec+: { runtimeSettings+: { featureFlags+: if std.isArray(v=featureFlags) then featureFlags else [featureFlags] } } }, + '#xdsServer':: d.obj(help='"XDSServer contains parameters for the xDS server."'), + xdsServer: { + '#tls':: d.obj(help="\"TLS holds TLS file config details.\\nContour's default is { caFile: \\\"/certs/ca.crt\\\", certFile: \\\"/certs/tls.cert\\\", keyFile: \\\"/certs/tls.key\\\", insecure: false }.\""), + tls: { + '#withCaFile':: d.fn(help='"CA filename."', args=[d.arg(name='caFile', type=d.T.string)]), + withCaFile(caFile): { spec+: { runtimeSettings+: { xdsServer+: { tls+: { caFile: caFile } } } } }, + '#withCertFile':: d.fn(help='"Client certificate filename."', args=[d.arg(name='certFile', type=d.T.string)]), + withCertFile(certFile): { spec+: { runtimeSettings+: { xdsServer+: { tls+: { certFile: certFile } } } } }, + '#withInsecure':: d.fn(help='"Allow serving the xDS gRPC API without TLS."', args=[d.arg(name='insecure', type=d.T.boolean)]), + withInsecure(insecure): { spec+: { runtimeSettings+: { xdsServer+: { tls+: { insecure: insecure } } } } }, + '#withKeyFile':: d.fn(help='"Client key filename."', args=[d.arg(name='keyFile', type=d.T.string)]), + withKeyFile(keyFile): { spec+: { runtimeSettings+: { xdsServer+: { tls+: { keyFile: keyFile } } } } }, + }, + '#withAddress':: d.fn(help="\"Defines the xDS gRPC API address which Contour will serve.\\nContour's default is \\\"0.0.0.0\\\".\"", args=[d.arg(name='address', type=d.T.string)]), + withAddress(address): { spec+: { runtimeSettings+: { xdsServer+: { address: address } } } }, + '#withPort':: d.fn(help="\"Defines the xDS gRPC API port which Contour will serve.\\nContour's default is 8001.\"", args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { spec+: { runtimeSettings+: { xdsServer+: { port: port } } } }, + '#withType':: d.fn(help='"Defines the XDSServer to use for `contour serve`.\\nValues: `envoy` (default), `contour (deprecated)`.\\nOther values will produce an error."', args=[d.arg(name='type', type=d.T.string)]), + withType(type): { spec+: { runtimeSettings+: { xdsServer+: { type: type } } } }, + }, + }, + '#withResourceLabels':: d.fn(help='"ResourceLabels is a set of labels to add to the provisioned Contour resources.\\nDeprecated: use Gateway.Spec.Infrastructure.Labels instead. This field will be\\nremoved in a future release."', args=[d.arg(name='resourceLabels', type=d.T.object)]), + withResourceLabels(resourceLabels): { spec+: { resourceLabels: resourceLabels } }, + '#withResourceLabelsMixin':: d.fn(help='"ResourceLabels is a set of labels to add to the provisioned Contour resources.\\nDeprecated: use Gateway.Spec.Infrastructure.Labels instead. This field will be\\nremoved in a future release."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='resourceLabels', type=d.T.object)]), + withResourceLabelsMixin(resourceLabels): { spec+: { resourceLabels+: resourceLabels } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.29/_gen/projectcontour/v1alpha1/extensionService.libsonnet b/1.29/_gen/projectcontour/v1alpha1/extensionService.libsonnet new file mode 100644 index 0000000..1710890 --- /dev/null +++ b/1.29/_gen/projectcontour/v1alpha1/extensionService.libsonnet @@ -0,0 +1,118 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='extensionService', url='', help='"ExtensionService is the schema for the Contour extension services API.\\nAn ExtensionService resource binds a network service to the Contour\\nAPI so that Contour API features can be implemented by collaborating\\ncomponents."'), + '#metadata':: d.obj(help='"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."'), + metadata: { + '#withAnnotations':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotations(annotations): { metadata+: { annotations: annotations } }, + '#withAnnotationsMixin':: d.fn(help='"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='annotations', type=d.T.object)]), + withAnnotationsMixin(annotations): { metadata+: { annotations+: annotations } }, + '#withClusterName':: d.fn(help='"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."', args=[d.arg(name='clusterName', type=d.T.string)]), + withClusterName(clusterName): { metadata+: { clusterName: clusterName } }, + '#withCreationTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='creationTimestamp', type=d.T.string)]), + withCreationTimestamp(creationTimestamp): { metadata+: { creationTimestamp: creationTimestamp } }, + '#withDeletionGracePeriodSeconds':: d.fn(help='"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."', args=[d.arg(name='deletionGracePeriodSeconds', type=d.T.integer)]), + withDeletionGracePeriodSeconds(deletionGracePeriodSeconds): { metadata+: { deletionGracePeriodSeconds: deletionGracePeriodSeconds } }, + '#withDeletionTimestamp':: d.fn(help='"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."', args=[d.arg(name='deletionTimestamp', type=d.T.string)]), + withDeletionTimestamp(deletionTimestamp): { metadata+: { deletionTimestamp: deletionTimestamp } }, + '#withFinalizers':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizers(finalizers): { metadata+: { finalizers: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withFinalizersMixin':: d.fn(help='"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='finalizers', type=d.T.array)]), + withFinalizersMixin(finalizers): { metadata+: { finalizers+: if std.isArray(v=finalizers) then finalizers else [finalizers] } }, + '#withGenerateName':: d.fn(help='"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\\n\\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\\n\\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"', args=[d.arg(name='generateName', type=d.T.string)]), + withGenerateName(generateName): { metadata+: { generateName: generateName } }, + '#withGeneration':: d.fn(help='"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."', args=[d.arg(name='generation', type=d.T.integer)]), + withGeneration(generation): { metadata+: { generation: generation } }, + '#withLabels':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"', args=[d.arg(name='labels', type=d.T.object)]), + withLabels(labels): { metadata+: { labels: labels } }, + '#withLabelsMixin':: d.fn(help='"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='labels', type=d.T.object)]), + withLabelsMixin(labels): { metadata+: { labels+: labels } }, + '#withName':: d.fn(help='"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { metadata+: { name: name } }, + '#withNamespace':: d.fn(help='"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \\"default\\" namespace, but \\"default\\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\\n\\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"', args=[d.arg(name='namespace', type=d.T.string)]), + withNamespace(namespace): { metadata+: { namespace: namespace } }, + '#withOwnerReferences':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferences(ownerReferences): { metadata+: { ownerReferences: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withOwnerReferencesMixin':: d.fn(help='"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='ownerReferences', type=d.T.array)]), + withOwnerReferencesMixin(ownerReferences): { metadata+: { ownerReferences+: if std.isArray(v=ownerReferences) then ownerReferences else [ownerReferences] } }, + '#withResourceVersion':: d.fn(help='"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\\n\\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"', args=[d.arg(name='resourceVersion', type=d.T.string)]), + withResourceVersion(resourceVersion): { metadata+: { resourceVersion: resourceVersion } }, + '#withSelfLink':: d.fn(help='"SelfLink is a URL representing this object. Populated by the system. Read-only.\\n\\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."', args=[d.arg(name='selfLink', type=d.T.string)]), + withSelfLink(selfLink): { metadata+: { selfLink: selfLink } }, + '#withUid':: d.fn(help='"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\\n\\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"', args=[d.arg(name='uid', type=d.T.string)]), + withUid(uid): { metadata+: { uid: uid } }, + }, + '#new':: d.fn(help='new returns an instance of ExtensionService', args=[d.arg(name='name', type=d.T.string)]), + new(name): { + apiVersion: 'projectcontour.io/v1alpha1', + kind: 'ExtensionService', + } + self.metadata.withName(name=name), + '#spec':: d.obj(help='"ExtensionServiceSpec defines the desired state of an ExtensionService resource."'), + spec: { + '#loadBalancerPolicy':: d.obj(help='"The policy for load balancing GRPC service requests. Note that the\\n`Cookie` and `RequestHash` load balancing strategies cannot be used\\nhere."'), + loadBalancerPolicy: { + '#requestHashPolicies':: d.obj(help='"RequestHashPolicies contains a list of hash policies to apply when the\\n`RequestHash` load balancing strategy is chosen. If an element of the\\nsupplied list of hash policies is invalid, it will be ignored. If the\\nlist of hash policies is empty after validation, the load balancing\\nstrategy will fall back to the default `RoundRobin`."'), + requestHashPolicies: { + '#headerHashOptions':: d.obj(help='"HeaderHashOptions should be set when request header hash based load\\nbalancing is desired. It must be the only hash option field set,\\notherwise this request hash policy object will be ignored."'), + headerHashOptions: { + '#withHeaderName':: d.fn(help='"HeaderName is the name of the HTTP request header that will be used to\\ncalculate the hash key. If the header specified is not present on a\\nrequest, no hash will be produced."', args=[d.arg(name='headerName', type=d.T.string)]), + withHeaderName(headerName): { headerHashOptions+: { headerName: headerName } }, + }, + '#queryParameterHashOptions':: d.obj(help='"QueryParameterHashOptions should be set when request query parameter hash based load\\nbalancing is desired. It must be the only hash option field set,\\notherwise this request hash policy object will be ignored."'), + queryParameterHashOptions: { + '#withParameterName':: d.fn(help='"ParameterName is the name of the HTTP request query parameter that will be used to\\ncalculate the hash key. If the query parameter specified is not present on a\\nrequest, no hash will be produced."', args=[d.arg(name='parameterName', type=d.T.string)]), + withParameterName(parameterName): { queryParameterHashOptions+: { parameterName: parameterName } }, + }, + '#withHashSourceIP':: d.fn(help='"HashSourceIP should be set to true when request source IP hash based\\nload balancing is desired. It must be the only hash option field set,\\notherwise this request hash policy object will be ignored."', args=[d.arg(name='hashSourceIP', type=d.T.boolean)]), + withHashSourceIP(hashSourceIP): { hashSourceIP: hashSourceIP }, + '#withTerminal':: d.fn(help='"Terminal is a flag that allows for short-circuiting computing of a hash\\nfor a given request. If set to true, and the request attribute specified\\nin the attribute hash options is present, no further hash policies will\\nbe used to calculate a hash for the request."', args=[d.arg(name='terminal', type=d.T.boolean)]), + withTerminal(terminal): { terminal: terminal }, + }, + '#withRequestHashPolicies':: d.fn(help='"RequestHashPolicies contains a list of hash policies to apply when the\\n`RequestHash` load balancing strategy is chosen. If an element of the\\nsupplied list of hash policies is invalid, it will be ignored. If the\\nlist of hash policies is empty after validation, the load balancing\\nstrategy will fall back to the default `RoundRobin`."', args=[d.arg(name='requestHashPolicies', type=d.T.array)]), + withRequestHashPolicies(requestHashPolicies): { spec+: { loadBalancerPolicy+: { requestHashPolicies: if std.isArray(v=requestHashPolicies) then requestHashPolicies else [requestHashPolicies] } } }, + '#withRequestHashPoliciesMixin':: d.fn(help='"RequestHashPolicies contains a list of hash policies to apply when the\\n`RequestHash` load balancing strategy is chosen. If an element of the\\nsupplied list of hash policies is invalid, it will be ignored. If the\\nlist of hash policies is empty after validation, the load balancing\\nstrategy will fall back to the default `RoundRobin`."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='requestHashPolicies', type=d.T.array)]), + withRequestHashPoliciesMixin(requestHashPolicies): { spec+: { loadBalancerPolicy+: { requestHashPolicies+: if std.isArray(v=requestHashPolicies) then requestHashPolicies else [requestHashPolicies] } } }, + '#withStrategy':: d.fn(help='"Strategy specifies the policy used to balance requests\\nacross the pool of backend pods. Valid policy names are\\n`Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`,\\nand `RequestHash`. If an unknown strategy name is specified\\nor no policy is supplied, the default `RoundRobin` policy\\nis used."', args=[d.arg(name='strategy', type=d.T.string)]), + withStrategy(strategy): { spec+: { loadBalancerPolicy+: { strategy: strategy } } }, + }, + '#services':: d.obj(help='"Services specifies the set of Kubernetes Service resources that\\nreceive GRPC extension API requests.\\nIf no weights are specified for any of the entries in\\nthis array, traffic will be spread evenly across all the\\nservices.\\nOtherwise, traffic is balanced proportionally to the\\nWeight field in each entry."'), + services: { + '#withName':: d.fn(help='"Name is the name of Kubernetes service that will accept service\\ntraffic."', args=[d.arg(name='name', type=d.T.string)]), + withName(name): { name: name }, + '#withPort':: d.fn(help='"Port (defined as Integer) to proxy traffic to since a service can have multiple defined."', args=[d.arg(name='port', type=d.T.integer)]), + withPort(port): { port: port }, + '#withWeight':: d.fn(help='"Weight defines proportion of traffic to balance to the Kubernetes Service."', args=[d.arg(name='weight', type=d.T.integer)]), + withWeight(weight): { weight: weight }, + }, + '#timeoutPolicy':: d.obj(help='"The timeout policy for requests to the services."'), + timeoutPolicy: { + '#withIdle':: d.fn(help='"Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2).\\nTimeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests.\\nIf not specified, there is no per-route idle timeout, though a connection manager-wide\\nstream_idle_timeout default of 5m still applies."', args=[d.arg(name='idle', type=d.T.string)]), + withIdle(idle): { spec+: { timeoutPolicy+: { idle: idle } } }, + '#withIdleConnection':: d.fn(help="\"Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests.\\nIf not supplied, Envoy's default value of 1h applies.\"", args=[d.arg(name='idleConnection', type=d.T.string)]), + withIdleConnection(idleConnection): { spec+: { timeoutPolicy+: { idleConnection: idleConnection } } }, + '#withResponse':: d.fn(help="\"Timeout for receiving a response from the server after processing a request from client.\\nIf not supplied, Envoy's default value of 15s applies.\"", args=[d.arg(name='response', type=d.T.string)]), + withResponse(response): { spec+: { timeoutPolicy+: { response: response } } }, + }, + '#validation':: d.obj(help="\"UpstreamValidation defines how to verify the backend service's certificate\""), + validation: { + '#withCaSecret':: d.fn(help='"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\\nThe secret must contain key named ca.crt.\\nThe name can be optionally prefixed with namespace \\"namespace/name\\".\\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)"', args=[d.arg(name='caSecret', type=d.T.string)]), + withCaSecret(caSecret): { spec+: { validation+: { caSecret: caSecret } } }, + '#withSubjectName':: d.fn(help="\"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\\nDeprecated: migrate to using the plural field subjectNames.\"", args=[d.arg(name='subjectName', type=d.T.string)]), + withSubjectName(subjectName): { spec+: { validation+: { subjectName: subjectName } } }, + '#withSubjectNames':: d.fn(help="\"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\\npresented certificate.\"", args=[d.arg(name='subjectNames', type=d.T.array)]), + withSubjectNames(subjectNames): { spec+: { validation+: { subjectNames: if std.isArray(v=subjectNames) then subjectNames else [subjectNames] } } }, + '#withSubjectNamesMixin':: d.fn(help="\"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\\npresented certificate.\"\n\n**Note:** This function appends passed data to existing values", args=[d.arg(name='subjectNames', type=d.T.array)]), + withSubjectNamesMixin(subjectNames): { spec+: { validation+: { subjectNames+: if std.isArray(v=subjectNames) then subjectNames else [subjectNames] } } }, + }, + '#withProtocol':: d.fn(help='"Protocol may be used to specify (or override) the protocol used to reach this Service.\\nValues may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations."', args=[d.arg(name='protocol', type=d.T.string)]), + withProtocol(protocol): { spec+: { protocol: protocol } }, + '#withProtocolVersion':: d.fn(help='"This field sets the version of the GRPC protocol that Envoy uses to\\nsend requests to the extension service. Since Contour always uses the\\nv3 Envoy API, this is currently fixed at \\"v3\\". However, other\\nprotocol options will be available in future."', args=[d.arg(name='protocolVersion', type=d.T.string)]), + withProtocolVersion(protocolVersion): { spec+: { protocolVersion: protocolVersion } }, + '#withServices':: d.fn(help='"Services specifies the set of Kubernetes Service resources that\\nreceive GRPC extension API requests.\\nIf no weights are specified for any of the entries in\\nthis array, traffic will be spread evenly across all the\\nservices.\\nOtherwise, traffic is balanced proportionally to the\\nWeight field in each entry."', args=[d.arg(name='services', type=d.T.array)]), + withServices(services): { spec+: { services: if std.isArray(v=services) then services else [services] } }, + '#withServicesMixin':: d.fn(help='"Services specifies the set of Kubernetes Service resources that\\nreceive GRPC extension API requests.\\nIf no weights are specified for any of the entries in\\nthis array, traffic will be spread evenly across all the\\nservices.\\nOtherwise, traffic is balanced proportionally to the\\nWeight field in each entry."\n\n**Note:** This function appends passed data to existing values', args=[d.arg(name='services', type=d.T.array)]), + withServicesMixin(services): { spec+: { services+: if std.isArray(v=services) then services else [services] } }, + }, + '#mixin': 'ignore', + mixin: self, +} diff --git a/1.29/_gen/projectcontour/v1alpha1/main.libsonnet b/1.29/_gen/projectcontour/v1alpha1/main.libsonnet new file mode 100644 index 0000000..53f93c8 --- /dev/null +++ b/1.29/_gen/projectcontour/v1alpha1/main.libsonnet @@ -0,0 +1,7 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='v1alpha1', url='', help=''), + contourConfiguration: (import 'contourConfiguration.libsonnet'), + contourDeployment: (import 'contourDeployment.libsonnet'), + extensionService: (import 'extensionService.libsonnet'), +} diff --git a/1.29/gen.libsonnet b/1.29/gen.libsonnet new file mode 100644 index 0000000..c6b8138 --- /dev/null +++ b/1.29/gen.libsonnet @@ -0,0 +1,5 @@ +{ + local d = (import 'doc-util/main.libsonnet'), + '#':: d.pkg(name='contour', url='github.com/jsonnet-libs/contour-libsonnet/1.29/main.libsonnet', help=''), + projectcontour:: (import '_gen/projectcontour/main.libsonnet'), +} diff --git a/1.29/main.libsonnet b/1.29/main.libsonnet new file mode 100644 index 0000000..f5597a5 --- /dev/null +++ b/1.29/main.libsonnet @@ -0,0 +1 @@ +(import 'gen.libsonnet') diff --git a/docs/1.29/README.md b/docs/1.29/README.md new file mode 100644 index 0000000..f1a5dcf --- /dev/null +++ b/docs/1.29/README.md @@ -0,0 +1,13 @@ +--- +permalink: /1.29/ +--- + +# contour + +```jsonnet +local contour = import "github.com/jsonnet-libs/contour-libsonnet/1.29/main.libsonnet" +``` + + + +* [projectcontour](projectcontour/index.md) \ No newline at end of file diff --git a/docs/1.29/projectcontour/index.md b/docs/1.29/projectcontour/index.md new file mode 100644 index 0000000..35fbd8a --- /dev/null +++ b/docs/1.29/projectcontour/index.md @@ -0,0 +1,10 @@ +--- +permalink: /1.29/projectcontour/ +--- + +# projectcontour + + + +* [v1](v1/index.md) +* [v1alpha1](v1alpha1/index.md) \ No newline at end of file diff --git a/docs/1.29/projectcontour/v1/httpProxy.md b/docs/1.29/projectcontour/v1/httpProxy.md new file mode 100644 index 0000000..d46fe9d --- /dev/null +++ b/docs/1.29/projectcontour/v1/httpProxy.md @@ -0,0 +1,3855 @@ +--- +permalink: /1.29/projectcontour/v1/httpProxy/ +--- + +# projectcontour.v1.httpProxy + +"HTTPProxy is an Ingress CRD specification." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withIncludes(includes)`](#fn-specwithincludes) + * [`fn withIncludesMixin(includes)`](#fn-specwithincludesmixin) + * [`fn withIngressClassName(ingressClassName)`](#fn-specwithingressclassname) + * [`fn withRoutes(routes)`](#fn-specwithroutes) + * [`fn withRoutesMixin(routes)`](#fn-specwithroutesmixin) + * [`obj spec.includes`](#obj-specincludes) + * [`fn withConditions(conditions)`](#fn-specincludeswithconditions) + * [`fn withConditionsMixin(conditions)`](#fn-specincludeswithconditionsmixin) + * [`fn withName(name)`](#fn-specincludeswithname) + * [`fn withNamespace(namespace)`](#fn-specincludeswithnamespace) + * [`obj spec.includes.conditions`](#obj-specincludesconditions) + * [`fn withExact(exact)`](#fn-specincludesconditionswithexact) + * [`fn withPrefix(prefix)`](#fn-specincludesconditionswithprefix) + * [`fn withRegex(regex)`](#fn-specincludesconditionswithregex) + * [`obj spec.includes.conditions.header`](#obj-specincludesconditionsheader) + * [`fn withContains(contains)`](#fn-specincludesconditionsheaderwithcontains) + * [`fn withExact(exact)`](#fn-specincludesconditionsheaderwithexact) + * [`fn withIgnoreCase(ignoreCase)`](#fn-specincludesconditionsheaderwithignorecase) + * [`fn withName(name)`](#fn-specincludesconditionsheaderwithname) + * [`fn withNotcontains(notcontains)`](#fn-specincludesconditionsheaderwithnotcontains) + * [`fn withNotexact(notexact)`](#fn-specincludesconditionsheaderwithnotexact) + * [`fn withNotpresent(notpresent)`](#fn-specincludesconditionsheaderwithnotpresent) + * [`fn withPresent(present)`](#fn-specincludesconditionsheaderwithpresent) + * [`fn withRegex(regex)`](#fn-specincludesconditionsheaderwithregex) + * [`fn withTreatMissingAsEmpty(treatMissingAsEmpty)`](#fn-specincludesconditionsheaderwithtreatmissingasempty) + * [`obj spec.includes.conditions.queryParameter`](#obj-specincludesconditionsqueryparameter) + * [`fn withContains(contains)`](#fn-specincludesconditionsqueryparameterwithcontains) + * [`fn withExact(exact)`](#fn-specincludesconditionsqueryparameterwithexact) + * [`fn withIgnoreCase(ignoreCase)`](#fn-specincludesconditionsqueryparameterwithignorecase) + * [`fn withName(name)`](#fn-specincludesconditionsqueryparameterwithname) + * [`fn withPrefix(prefix)`](#fn-specincludesconditionsqueryparameterwithprefix) + * [`fn withPresent(present)`](#fn-specincludesconditionsqueryparameterwithpresent) + * [`fn withRegex(regex)`](#fn-specincludesconditionsqueryparameterwithregex) + * [`fn withSuffix(suffix)`](#fn-specincludesconditionsqueryparameterwithsuffix) + * [`obj spec.routes`](#obj-specroutes) + * [`fn withConditions(conditions)`](#fn-specrouteswithconditions) + * [`fn withConditionsMixin(conditions)`](#fn-specrouteswithconditionsmixin) + * [`fn withCookieRewritePolicies(cookieRewritePolicies)`](#fn-specrouteswithcookierewritepolicies) + * [`fn withCookieRewritePoliciesMixin(cookieRewritePolicies)`](#fn-specrouteswithcookierewritepoliciesmixin) + * [`fn withEnableWebsockets(enableWebsockets)`](#fn-specrouteswithenablewebsockets) + * [`fn withIpAllowPolicy(ipAllowPolicy)`](#fn-specrouteswithipallowpolicy) + * [`fn withIpAllowPolicyMixin(ipAllowPolicy)`](#fn-specrouteswithipallowpolicymixin) + * [`fn withIpDenyPolicy(ipDenyPolicy)`](#fn-specrouteswithipdenypolicy) + * [`fn withIpDenyPolicyMixin(ipDenyPolicy)`](#fn-specrouteswithipdenypolicymixin) + * [`fn withPermitInsecure(permitInsecure)`](#fn-specrouteswithpermitinsecure) + * [`fn withServices(services)`](#fn-specrouteswithservices) + * [`fn withServicesMixin(services)`](#fn-specrouteswithservicesmixin) + * [`obj spec.routes.authPolicy`](#obj-specroutesauthpolicy) + * [`fn withContext(context)`](#fn-specroutesauthpolicywithcontext) + * [`fn withContextMixin(context)`](#fn-specroutesauthpolicywithcontextmixin) + * [`fn withDisabled(disabled)`](#fn-specroutesauthpolicywithdisabled) + * [`obj spec.routes.conditions`](#obj-specroutesconditions) + * [`fn withExact(exact)`](#fn-specroutesconditionswithexact) + * [`fn withPrefix(prefix)`](#fn-specroutesconditionswithprefix) + * [`fn withRegex(regex)`](#fn-specroutesconditionswithregex) + * [`obj spec.routes.conditions.header`](#obj-specroutesconditionsheader) + * [`fn withContains(contains)`](#fn-specroutesconditionsheaderwithcontains) + * [`fn withExact(exact)`](#fn-specroutesconditionsheaderwithexact) + * [`fn withIgnoreCase(ignoreCase)`](#fn-specroutesconditionsheaderwithignorecase) + * [`fn withName(name)`](#fn-specroutesconditionsheaderwithname) + * [`fn withNotcontains(notcontains)`](#fn-specroutesconditionsheaderwithnotcontains) + * [`fn withNotexact(notexact)`](#fn-specroutesconditionsheaderwithnotexact) + * [`fn withNotpresent(notpresent)`](#fn-specroutesconditionsheaderwithnotpresent) + * [`fn withPresent(present)`](#fn-specroutesconditionsheaderwithpresent) + * [`fn withRegex(regex)`](#fn-specroutesconditionsheaderwithregex) + * [`fn withTreatMissingAsEmpty(treatMissingAsEmpty)`](#fn-specroutesconditionsheaderwithtreatmissingasempty) + * [`obj spec.routes.conditions.queryParameter`](#obj-specroutesconditionsqueryparameter) + * [`fn withContains(contains)`](#fn-specroutesconditionsqueryparameterwithcontains) + * [`fn withExact(exact)`](#fn-specroutesconditionsqueryparameterwithexact) + * [`fn withIgnoreCase(ignoreCase)`](#fn-specroutesconditionsqueryparameterwithignorecase) + * [`fn withName(name)`](#fn-specroutesconditionsqueryparameterwithname) + * [`fn withPrefix(prefix)`](#fn-specroutesconditionsqueryparameterwithprefix) + * [`fn withPresent(present)`](#fn-specroutesconditionsqueryparameterwithpresent) + * [`fn withRegex(regex)`](#fn-specroutesconditionsqueryparameterwithregex) + * [`fn withSuffix(suffix)`](#fn-specroutesconditionsqueryparameterwithsuffix) + * [`obj spec.routes.cookieRewritePolicies`](#obj-specroutescookierewritepolicies) + * [`fn withName(name)`](#fn-specroutescookierewritepolicieswithname) + * [`fn withSameSite(sameSite)`](#fn-specroutescookierewritepolicieswithsamesite) + * [`fn withSecure(secure)`](#fn-specroutescookierewritepolicieswithsecure) + * [`obj spec.routes.cookieRewritePolicies.domainRewrite`](#obj-specroutescookierewritepoliciesdomainrewrite) + * [`fn withValue(value)`](#fn-specroutescookierewritepoliciesdomainrewritewithvalue) + * [`obj spec.routes.cookieRewritePolicies.pathRewrite`](#obj-specroutescookierewritepoliciespathrewrite) + * [`fn withValue(value)`](#fn-specroutescookierewritepoliciespathrewritewithvalue) + * [`obj spec.routes.directResponsePolicy`](#obj-specroutesdirectresponsepolicy) + * [`fn withBody(body)`](#fn-specroutesdirectresponsepolicywithbody) + * [`fn withStatusCode(statusCode)`](#fn-specroutesdirectresponsepolicywithstatuscode) + * [`obj spec.routes.healthCheckPolicy`](#obj-specrouteshealthcheckpolicy) + * [`fn withExpectedStatuses(expectedStatuses)`](#fn-specrouteshealthcheckpolicywithexpectedstatuses) + * [`fn withExpectedStatusesMixin(expectedStatuses)`](#fn-specrouteshealthcheckpolicywithexpectedstatusesmixin) + * [`fn withHealthyThresholdCount(healthyThresholdCount)`](#fn-specrouteshealthcheckpolicywithhealthythresholdcount) + * [`fn withHost(host)`](#fn-specrouteshealthcheckpolicywithhost) + * [`fn withIntervalSeconds(intervalSeconds)`](#fn-specrouteshealthcheckpolicywithintervalseconds) + * [`fn withPath(path)`](#fn-specrouteshealthcheckpolicywithpath) + * [`fn withTimeoutSeconds(timeoutSeconds)`](#fn-specrouteshealthcheckpolicywithtimeoutseconds) + * [`fn withUnhealthyThresholdCount(unhealthyThresholdCount)`](#fn-specrouteshealthcheckpolicywithunhealthythresholdcount) + * [`obj spec.routes.healthCheckPolicy.expectedStatuses`](#obj-specrouteshealthcheckpolicyexpectedstatuses) + * [`fn withEnd(end)`](#fn-specrouteshealthcheckpolicyexpectedstatuseswithend) + * [`fn withStart(start)`](#fn-specrouteshealthcheckpolicyexpectedstatuseswithstart) + * [`obj spec.routes.internalRedirectPolicy`](#obj-specroutesinternalredirectpolicy) + * [`fn withAllowCrossSchemeRedirect(allowCrossSchemeRedirect)`](#fn-specroutesinternalredirectpolicywithallowcrossschemeredirect) + * [`fn withDenyRepeatedRouteRedirect(denyRepeatedRouteRedirect)`](#fn-specroutesinternalredirectpolicywithdenyrepeatedrouteredirect) + * [`fn withMaxInternalRedirects(maxInternalRedirects)`](#fn-specroutesinternalredirectpolicywithmaxinternalredirects) + * [`fn withRedirectResponseCodes(redirectResponseCodes)`](#fn-specroutesinternalredirectpolicywithredirectresponsecodes) + * [`fn withRedirectResponseCodesMixin(redirectResponseCodes)`](#fn-specroutesinternalredirectpolicywithredirectresponsecodesmixin) + * [`obj spec.routes.ipAllowPolicy`](#obj-specroutesipallowpolicy) + * [`fn withCidr(cidr)`](#fn-specroutesipallowpolicywithcidr) + * [`fn withSource(source)`](#fn-specroutesipallowpolicywithsource) + * [`obj spec.routes.ipDenyPolicy`](#obj-specroutesipdenypolicy) + * [`fn withCidr(cidr)`](#fn-specroutesipdenypolicywithcidr) + * [`fn withSource(source)`](#fn-specroutesipdenypolicywithsource) + * [`obj spec.routes.jwtVerificationPolicy`](#obj-specroutesjwtverificationpolicy) + * [`fn withDisabled(disabled)`](#fn-specroutesjwtverificationpolicywithdisabled) + * [`fn withRequire(require)`](#fn-specroutesjwtverificationpolicywithrequire) + * [`obj spec.routes.loadBalancerPolicy`](#obj-specroutesloadbalancerpolicy) + * [`fn withRequestHashPolicies(requestHashPolicies)`](#fn-specroutesloadbalancerpolicywithrequesthashpolicies) + * [`fn withRequestHashPoliciesMixin(requestHashPolicies)`](#fn-specroutesloadbalancerpolicywithrequesthashpoliciesmixin) + * [`fn withStrategy(strategy)`](#fn-specroutesloadbalancerpolicywithstrategy) + * [`obj spec.routes.loadBalancerPolicy.requestHashPolicies`](#obj-specroutesloadbalancerpolicyrequesthashpolicies) + * [`fn withHashSourceIP(hashSourceIP)`](#fn-specroutesloadbalancerpolicyrequesthashpolicieswithhashsourceip) + * [`fn withTerminal(terminal)`](#fn-specroutesloadbalancerpolicyrequesthashpolicieswithterminal) + * [`obj spec.routes.loadBalancerPolicy.requestHashPolicies.headerHashOptions`](#obj-specroutesloadbalancerpolicyrequesthashpoliciesheaderhashoptions) + * [`fn withHeaderName(headerName)`](#fn-specroutesloadbalancerpolicyrequesthashpoliciesheaderhashoptionswithheadername) + * [`obj spec.routes.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions`](#obj-specroutesloadbalancerpolicyrequesthashpoliciesqueryparameterhashoptions) + * [`fn withParameterName(parameterName)`](#fn-specroutesloadbalancerpolicyrequesthashpoliciesqueryparameterhashoptionswithparametername) + * [`obj spec.routes.pathRewritePolicy`](#obj-specroutespathrewritepolicy) + * [`fn withReplacePrefix(replacePrefix)`](#fn-specroutespathrewritepolicywithreplaceprefix) + * [`fn withReplacePrefixMixin(replacePrefix)`](#fn-specroutespathrewritepolicywithreplaceprefixmixin) + * [`obj spec.routes.pathRewritePolicy.replacePrefix`](#obj-specroutespathrewritepolicyreplaceprefix) + * [`fn withPrefix(prefix)`](#fn-specroutespathrewritepolicyreplaceprefixwithprefix) + * [`fn withReplacement(replacement)`](#fn-specroutespathrewritepolicyreplaceprefixwithreplacement) + * [`obj spec.routes.rateLimitPolicy`](#obj-specroutesratelimitpolicy) + * [`obj spec.routes.rateLimitPolicy.global`](#obj-specroutesratelimitpolicyglobal) + * [`fn withDescriptors(descriptors)`](#fn-specroutesratelimitpolicyglobalwithdescriptors) + * [`fn withDescriptorsMixin(descriptors)`](#fn-specroutesratelimitpolicyglobalwithdescriptorsmixin) + * [`fn withDisabled(disabled)`](#fn-specroutesratelimitpolicyglobalwithdisabled) + * [`obj spec.routes.rateLimitPolicy.global.descriptors`](#obj-specroutesratelimitpolicyglobaldescriptors) + * [`fn withEntries(entries)`](#fn-specroutesratelimitpolicyglobaldescriptorswithentries) + * [`fn withEntriesMixin(entries)`](#fn-specroutesratelimitpolicyglobaldescriptorswithentriesmixin) + * [`obj spec.routes.rateLimitPolicy.global.descriptors.entries`](#obj-specroutesratelimitpolicyglobaldescriptorsentries) + * [`fn withRemoteAddress(remoteAddress)`](#fn-specroutesratelimitpolicyglobaldescriptorsentrieswithremoteaddress) + * [`fn withRemoteAddressMixin(remoteAddress)`](#fn-specroutesratelimitpolicyglobaldescriptorsentrieswithremoteaddressmixin) + * [`obj spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey`](#obj-specroutesratelimitpolicyglobaldescriptorsentriesgenerickey) + * [`fn withKey(key)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesgenerickeywithkey) + * [`fn withValue(value)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesgenerickeywithvalue) + * [`obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader`](#obj-specroutesratelimitpolicyglobaldescriptorsentriesrequestheader) + * [`fn withDescriptorKey(descriptorKey)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheaderwithdescriptorkey) + * [`fn withHeaderName(headerName)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheaderwithheadername) + * [`obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch`](#obj-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematch) + * [`fn withExpectMatch(expectMatch)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchwithexpectmatch) + * [`fn withHeaders(headers)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchwithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchwithheadersmixin) + * [`fn withValue(value)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchwithvalue) + * [`obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers`](#obj-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaders) + * [`fn withContains(contains)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithcontains) + * [`fn withExact(exact)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithexact) + * [`fn withIgnoreCase(ignoreCase)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithignorecase) + * [`fn withName(name)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithname) + * [`fn withNotcontains(notcontains)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithnotcontains) + * [`fn withNotexact(notexact)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithnotexact) + * [`fn withNotpresent(notpresent)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithnotpresent) + * [`fn withPresent(present)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithpresent) + * [`fn withRegex(regex)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithregex) + * [`fn withTreatMissingAsEmpty(treatMissingAsEmpty)`](#fn-specroutesratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithtreatmissingasempty) + * [`obj spec.routes.rateLimitPolicy.local`](#obj-specroutesratelimitpolicylocal) + * [`fn withBurst(burst)`](#fn-specroutesratelimitpolicylocalwithburst) + * [`fn withRequests(requests)`](#fn-specroutesratelimitpolicylocalwithrequests) + * [`fn withResponseHeadersToAdd(responseHeadersToAdd)`](#fn-specroutesratelimitpolicylocalwithresponseheaderstoadd) + * [`fn withResponseHeadersToAddMixin(responseHeadersToAdd)`](#fn-specroutesratelimitpolicylocalwithresponseheaderstoaddmixin) + * [`fn withResponseStatusCode(responseStatusCode)`](#fn-specroutesratelimitpolicylocalwithresponsestatuscode) + * [`fn withUnit(unit)`](#fn-specroutesratelimitpolicylocalwithunit) + * [`obj spec.routes.rateLimitPolicy.local.responseHeadersToAdd`](#obj-specroutesratelimitpolicylocalresponseheaderstoadd) + * [`fn withName(name)`](#fn-specroutesratelimitpolicylocalresponseheaderstoaddwithname) + * [`fn withValue(value)`](#fn-specroutesratelimitpolicylocalresponseheaderstoaddwithvalue) + * [`obj spec.routes.requestHeadersPolicy`](#obj-specroutesrequestheaderspolicy) + * [`fn withRemove(remove)`](#fn-specroutesrequestheaderspolicywithremove) + * [`fn withRemoveMixin(remove)`](#fn-specroutesrequestheaderspolicywithremovemixin) + * [`fn withSet(set)`](#fn-specroutesrequestheaderspolicywithset) + * [`fn withSetMixin(set)`](#fn-specroutesrequestheaderspolicywithsetmixin) + * [`obj spec.routes.requestHeadersPolicy.set`](#obj-specroutesrequestheaderspolicyset) + * [`fn withName(name)`](#fn-specroutesrequestheaderspolicysetwithname) + * [`fn withValue(value)`](#fn-specroutesrequestheaderspolicysetwithvalue) + * [`obj spec.routes.requestRedirectPolicy`](#obj-specroutesrequestredirectpolicy) + * [`fn withHostname(hostname)`](#fn-specroutesrequestredirectpolicywithhostname) + * [`fn withPath(path)`](#fn-specroutesrequestredirectpolicywithpath) + * [`fn withPort(port)`](#fn-specroutesrequestredirectpolicywithport) + * [`fn withPrefix(prefix)`](#fn-specroutesrequestredirectpolicywithprefix) + * [`fn withScheme(scheme)`](#fn-specroutesrequestredirectpolicywithscheme) + * [`fn withStatusCode(statusCode)`](#fn-specroutesrequestredirectpolicywithstatuscode) + * [`obj spec.routes.responseHeadersPolicy`](#obj-specroutesresponseheaderspolicy) + * [`fn withRemove(remove)`](#fn-specroutesresponseheaderspolicywithremove) + * [`fn withRemoveMixin(remove)`](#fn-specroutesresponseheaderspolicywithremovemixin) + * [`fn withSet(set)`](#fn-specroutesresponseheaderspolicywithset) + * [`fn withSetMixin(set)`](#fn-specroutesresponseheaderspolicywithsetmixin) + * [`obj spec.routes.responseHeadersPolicy.set`](#obj-specroutesresponseheaderspolicyset) + * [`fn withName(name)`](#fn-specroutesresponseheaderspolicysetwithname) + * [`fn withValue(value)`](#fn-specroutesresponseheaderspolicysetwithvalue) + * [`obj spec.routes.retryPolicy`](#obj-specroutesretrypolicy) + * [`fn withCount(count)`](#fn-specroutesretrypolicywithcount) + * [`fn withPerTryTimeout(perTryTimeout)`](#fn-specroutesretrypolicywithpertrytimeout) + * [`fn withRetriableStatusCodes(retriableStatusCodes)`](#fn-specroutesretrypolicywithretriablestatuscodes) + * [`fn withRetriableStatusCodesMixin(retriableStatusCodes)`](#fn-specroutesretrypolicywithretriablestatuscodesmixin) + * [`fn withRetryOn(retryOn)`](#fn-specroutesretrypolicywithretryon) + * [`fn withRetryOnMixin(retryOn)`](#fn-specroutesretrypolicywithretryonmixin) + * [`obj spec.routes.services`](#obj-specroutesservices) + * [`fn withCookieRewritePolicies(cookieRewritePolicies)`](#fn-specroutesserviceswithcookierewritepolicies) + * [`fn withCookieRewritePoliciesMixin(cookieRewritePolicies)`](#fn-specroutesserviceswithcookierewritepoliciesmixin) + * [`fn withHealthPort(healthPort)`](#fn-specroutesserviceswithhealthport) + * [`fn withMirror(mirror)`](#fn-specroutesserviceswithmirror) + * [`fn withName(name)`](#fn-specroutesserviceswithname) + * [`fn withPort(port)`](#fn-specroutesserviceswithport) + * [`fn withProtocol(protocol)`](#fn-specroutesserviceswithprotocol) + * [`fn withWeight(weight)`](#fn-specroutesserviceswithweight) + * [`obj spec.routes.services.cookieRewritePolicies`](#obj-specroutesservicescookierewritepolicies) + * [`fn withName(name)`](#fn-specroutesservicescookierewritepolicieswithname) + * [`fn withSameSite(sameSite)`](#fn-specroutesservicescookierewritepolicieswithsamesite) + * [`fn withSecure(secure)`](#fn-specroutesservicescookierewritepolicieswithsecure) + * [`obj spec.routes.services.cookieRewritePolicies.domainRewrite`](#obj-specroutesservicescookierewritepoliciesdomainrewrite) + * [`fn withValue(value)`](#fn-specroutesservicescookierewritepoliciesdomainrewritewithvalue) + * [`obj spec.routes.services.cookieRewritePolicies.pathRewrite`](#obj-specroutesservicescookierewritepoliciespathrewrite) + * [`fn withValue(value)`](#fn-specroutesservicescookierewritepoliciespathrewritewithvalue) + * [`obj spec.routes.services.requestHeadersPolicy`](#obj-specroutesservicesrequestheaderspolicy) + * [`fn withRemove(remove)`](#fn-specroutesservicesrequestheaderspolicywithremove) + * [`fn withRemoveMixin(remove)`](#fn-specroutesservicesrequestheaderspolicywithremovemixin) + * [`fn withSet(set)`](#fn-specroutesservicesrequestheaderspolicywithset) + * [`fn withSetMixin(set)`](#fn-specroutesservicesrequestheaderspolicywithsetmixin) + * [`obj spec.routes.services.requestHeadersPolicy.set`](#obj-specroutesservicesrequestheaderspolicyset) + * [`fn withName(name)`](#fn-specroutesservicesrequestheaderspolicysetwithname) + * [`fn withValue(value)`](#fn-specroutesservicesrequestheaderspolicysetwithvalue) + * [`obj spec.routes.services.responseHeadersPolicy`](#obj-specroutesservicesresponseheaderspolicy) + * [`fn withRemove(remove)`](#fn-specroutesservicesresponseheaderspolicywithremove) + * [`fn withRemoveMixin(remove)`](#fn-specroutesservicesresponseheaderspolicywithremovemixin) + * [`fn withSet(set)`](#fn-specroutesservicesresponseheaderspolicywithset) + * [`fn withSetMixin(set)`](#fn-specroutesservicesresponseheaderspolicywithsetmixin) + * [`obj spec.routes.services.responseHeadersPolicy.set`](#obj-specroutesservicesresponseheaderspolicyset) + * [`fn withName(name)`](#fn-specroutesservicesresponseheaderspolicysetwithname) + * [`fn withValue(value)`](#fn-specroutesservicesresponseheaderspolicysetwithvalue) + * [`obj spec.routes.services.slowStartPolicy`](#obj-specroutesservicesslowstartpolicy) + * [`fn withAggression(aggression)`](#fn-specroutesservicesslowstartpolicywithaggression) + * [`fn withMinWeightPercent(minWeightPercent)`](#fn-specroutesservicesslowstartpolicywithminweightpercent) + * [`fn withWindow(window)`](#fn-specroutesservicesslowstartpolicywithwindow) + * [`obj spec.routes.services.validation`](#obj-specroutesservicesvalidation) + * [`fn withCaSecret(caSecret)`](#fn-specroutesservicesvalidationwithcasecret) + * [`fn withSubjectName(subjectName)`](#fn-specroutesservicesvalidationwithsubjectname) + * [`fn withSubjectNames(subjectNames)`](#fn-specroutesservicesvalidationwithsubjectnames) + * [`fn withSubjectNamesMixin(subjectNames)`](#fn-specroutesservicesvalidationwithsubjectnamesmixin) + * [`obj spec.routes.timeoutPolicy`](#obj-specroutestimeoutpolicy) + * [`fn withIdle(idle)`](#fn-specroutestimeoutpolicywithidle) + * [`fn withIdleConnection(idleConnection)`](#fn-specroutestimeoutpolicywithidleconnection) + * [`fn withResponse(response)`](#fn-specroutestimeoutpolicywithresponse) + * [`obj spec.tcpproxy`](#obj-spectcpproxy) + * [`fn withServices(services)`](#fn-spectcpproxywithservices) + * [`fn withServicesMixin(services)`](#fn-spectcpproxywithservicesmixin) + * [`obj spec.tcpproxy.healthCheckPolicy`](#obj-spectcpproxyhealthcheckpolicy) + * [`fn withHealthyThresholdCount(healthyThresholdCount)`](#fn-spectcpproxyhealthcheckpolicywithhealthythresholdcount) + * [`fn withIntervalSeconds(intervalSeconds)`](#fn-spectcpproxyhealthcheckpolicywithintervalseconds) + * [`fn withTimeoutSeconds(timeoutSeconds)`](#fn-spectcpproxyhealthcheckpolicywithtimeoutseconds) + * [`fn withUnhealthyThresholdCount(unhealthyThresholdCount)`](#fn-spectcpproxyhealthcheckpolicywithunhealthythresholdcount) + * [`obj spec.tcpproxy.include`](#obj-spectcpproxyinclude) + * [`fn withName(name)`](#fn-spectcpproxyincludewithname) + * [`fn withNamespace(namespace)`](#fn-spectcpproxyincludewithnamespace) + * [`obj spec.tcpproxy.includes`](#obj-spectcpproxyincludes) + * [`fn withName(name)`](#fn-spectcpproxyincludeswithname) + * [`fn withNamespace(namespace)`](#fn-spectcpproxyincludeswithnamespace) + * [`obj spec.tcpproxy.loadBalancerPolicy`](#obj-spectcpproxyloadbalancerpolicy) + * [`fn withRequestHashPolicies(requestHashPolicies)`](#fn-spectcpproxyloadbalancerpolicywithrequesthashpolicies) + * [`fn withRequestHashPoliciesMixin(requestHashPolicies)`](#fn-spectcpproxyloadbalancerpolicywithrequesthashpoliciesmixin) + * [`fn withStrategy(strategy)`](#fn-spectcpproxyloadbalancerpolicywithstrategy) + * [`obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies`](#obj-spectcpproxyloadbalancerpolicyrequesthashpolicies) + * [`fn withHashSourceIP(hashSourceIP)`](#fn-spectcpproxyloadbalancerpolicyrequesthashpolicieswithhashsourceip) + * [`fn withTerminal(terminal)`](#fn-spectcpproxyloadbalancerpolicyrequesthashpolicieswithterminal) + * [`obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.headerHashOptions`](#obj-spectcpproxyloadbalancerpolicyrequesthashpoliciesheaderhashoptions) + * [`fn withHeaderName(headerName)`](#fn-spectcpproxyloadbalancerpolicyrequesthashpoliciesheaderhashoptionswithheadername) + * [`obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions`](#obj-spectcpproxyloadbalancerpolicyrequesthashpoliciesqueryparameterhashoptions) + * [`fn withParameterName(parameterName)`](#fn-spectcpproxyloadbalancerpolicyrequesthashpoliciesqueryparameterhashoptionswithparametername) + * [`obj spec.tcpproxy.services`](#obj-spectcpproxyservices) + * [`fn withCookieRewritePolicies(cookieRewritePolicies)`](#fn-spectcpproxyserviceswithcookierewritepolicies) + * [`fn withCookieRewritePoliciesMixin(cookieRewritePolicies)`](#fn-spectcpproxyserviceswithcookierewritepoliciesmixin) + * [`fn withHealthPort(healthPort)`](#fn-spectcpproxyserviceswithhealthport) + * [`fn withMirror(mirror)`](#fn-spectcpproxyserviceswithmirror) + * [`fn withName(name)`](#fn-spectcpproxyserviceswithname) + * [`fn withPort(port)`](#fn-spectcpproxyserviceswithport) + * [`fn withProtocol(protocol)`](#fn-spectcpproxyserviceswithprotocol) + * [`fn withWeight(weight)`](#fn-spectcpproxyserviceswithweight) + * [`obj spec.tcpproxy.services.cookieRewritePolicies`](#obj-spectcpproxyservicescookierewritepolicies) + * [`fn withName(name)`](#fn-spectcpproxyservicescookierewritepolicieswithname) + * [`fn withSameSite(sameSite)`](#fn-spectcpproxyservicescookierewritepolicieswithsamesite) + * [`fn withSecure(secure)`](#fn-spectcpproxyservicescookierewritepolicieswithsecure) + * [`obj spec.tcpproxy.services.cookieRewritePolicies.domainRewrite`](#obj-spectcpproxyservicescookierewritepoliciesdomainrewrite) + * [`fn withValue(value)`](#fn-spectcpproxyservicescookierewritepoliciesdomainrewritewithvalue) + * [`obj spec.tcpproxy.services.cookieRewritePolicies.pathRewrite`](#obj-spectcpproxyservicescookierewritepoliciespathrewrite) + * [`fn withValue(value)`](#fn-spectcpproxyservicescookierewritepoliciespathrewritewithvalue) + * [`obj spec.tcpproxy.services.requestHeadersPolicy`](#obj-spectcpproxyservicesrequestheaderspolicy) + * [`fn withRemove(remove)`](#fn-spectcpproxyservicesrequestheaderspolicywithremove) + * [`fn withRemoveMixin(remove)`](#fn-spectcpproxyservicesrequestheaderspolicywithremovemixin) + * [`fn withSet(set)`](#fn-spectcpproxyservicesrequestheaderspolicywithset) + * [`fn withSetMixin(set)`](#fn-spectcpproxyservicesrequestheaderspolicywithsetmixin) + * [`obj spec.tcpproxy.services.requestHeadersPolicy.set`](#obj-spectcpproxyservicesrequestheaderspolicyset) + * [`fn withName(name)`](#fn-spectcpproxyservicesrequestheaderspolicysetwithname) + * [`fn withValue(value)`](#fn-spectcpproxyservicesrequestheaderspolicysetwithvalue) + * [`obj spec.tcpproxy.services.responseHeadersPolicy`](#obj-spectcpproxyservicesresponseheaderspolicy) + * [`fn withRemove(remove)`](#fn-spectcpproxyservicesresponseheaderspolicywithremove) + * [`fn withRemoveMixin(remove)`](#fn-spectcpproxyservicesresponseheaderspolicywithremovemixin) + * [`fn withSet(set)`](#fn-spectcpproxyservicesresponseheaderspolicywithset) + * [`fn withSetMixin(set)`](#fn-spectcpproxyservicesresponseheaderspolicywithsetmixin) + * [`obj spec.tcpproxy.services.responseHeadersPolicy.set`](#obj-spectcpproxyservicesresponseheaderspolicyset) + * [`fn withName(name)`](#fn-spectcpproxyservicesresponseheaderspolicysetwithname) + * [`fn withValue(value)`](#fn-spectcpproxyservicesresponseheaderspolicysetwithvalue) + * [`obj spec.tcpproxy.services.slowStartPolicy`](#obj-spectcpproxyservicesslowstartpolicy) + * [`fn withAggression(aggression)`](#fn-spectcpproxyservicesslowstartpolicywithaggression) + * [`fn withMinWeightPercent(minWeightPercent)`](#fn-spectcpproxyservicesslowstartpolicywithminweightpercent) + * [`fn withWindow(window)`](#fn-spectcpproxyservicesslowstartpolicywithwindow) + * [`obj spec.tcpproxy.services.validation`](#obj-spectcpproxyservicesvalidation) + * [`fn withCaSecret(caSecret)`](#fn-spectcpproxyservicesvalidationwithcasecret) + * [`fn withSubjectName(subjectName)`](#fn-spectcpproxyservicesvalidationwithsubjectname) + * [`fn withSubjectNames(subjectNames)`](#fn-spectcpproxyservicesvalidationwithsubjectnames) + * [`fn withSubjectNamesMixin(subjectNames)`](#fn-spectcpproxyservicesvalidationwithsubjectnamesmixin) + * [`obj spec.virtualhost`](#obj-specvirtualhost) + * [`fn withFqdn(fqdn)`](#fn-specvirtualhostwithfqdn) + * [`fn withIpAllowPolicy(ipAllowPolicy)`](#fn-specvirtualhostwithipallowpolicy) + * [`fn withIpAllowPolicyMixin(ipAllowPolicy)`](#fn-specvirtualhostwithipallowpolicymixin) + * [`fn withIpDenyPolicy(ipDenyPolicy)`](#fn-specvirtualhostwithipdenypolicy) + * [`fn withIpDenyPolicyMixin(ipDenyPolicy)`](#fn-specvirtualhostwithipdenypolicymixin) + * [`fn withJwtProviders(jwtProviders)`](#fn-specvirtualhostwithjwtproviders) + * [`fn withJwtProvidersMixin(jwtProviders)`](#fn-specvirtualhostwithjwtprovidersmixin) + * [`obj spec.virtualhost.authorization`](#obj-specvirtualhostauthorization) + * [`fn withFailOpen(failOpen)`](#fn-specvirtualhostauthorizationwithfailopen) + * [`fn withResponseTimeout(responseTimeout)`](#fn-specvirtualhostauthorizationwithresponsetimeout) + * [`obj spec.virtualhost.authorization.authPolicy`](#obj-specvirtualhostauthorizationauthpolicy) + * [`fn withContext(context)`](#fn-specvirtualhostauthorizationauthpolicywithcontext) + * [`fn withContextMixin(context)`](#fn-specvirtualhostauthorizationauthpolicywithcontextmixin) + * [`fn withDisabled(disabled)`](#fn-specvirtualhostauthorizationauthpolicywithdisabled) + * [`obj spec.virtualhost.authorization.extensionRef`](#obj-specvirtualhostauthorizationextensionref) + * [`fn withApiVersion(apiVersion)`](#fn-specvirtualhostauthorizationextensionrefwithapiversion) + * [`fn withName(name)`](#fn-specvirtualhostauthorizationextensionrefwithname) + * [`fn withNamespace(namespace)`](#fn-specvirtualhostauthorizationextensionrefwithnamespace) + * [`obj spec.virtualhost.authorization.withRequestBody`](#obj-specvirtualhostauthorizationwithrequestbody) + * [`fn withAllowPartialMessage(allowPartialMessage)`](#fn-specvirtualhostauthorizationwithrequestbodywithallowpartialmessage) + * [`fn withMaxRequestBytes(maxRequestBytes)`](#fn-specvirtualhostauthorizationwithrequestbodywithmaxrequestbytes) + * [`fn withPackAsBytes(packAsBytes)`](#fn-specvirtualhostauthorizationwithrequestbodywithpackasbytes) + * [`obj spec.virtualhost.corsPolicy`](#obj-specvirtualhostcorspolicy) + * [`fn withAllowCredentials(allowCredentials)`](#fn-specvirtualhostcorspolicywithallowcredentials) + * [`fn withAllowHeaders(allowHeaders)`](#fn-specvirtualhostcorspolicywithallowheaders) + * [`fn withAllowHeadersMixin(allowHeaders)`](#fn-specvirtualhostcorspolicywithallowheadersmixin) + * [`fn withAllowMethods(allowMethods)`](#fn-specvirtualhostcorspolicywithallowmethods) + * [`fn withAllowMethodsMixin(allowMethods)`](#fn-specvirtualhostcorspolicywithallowmethodsmixin) + * [`fn withAllowOrigin(allowOrigin)`](#fn-specvirtualhostcorspolicywithalloworigin) + * [`fn withAllowOriginMixin(allowOrigin)`](#fn-specvirtualhostcorspolicywithalloworiginmixin) + * [`fn withAllowPrivateNetwork(allowPrivateNetwork)`](#fn-specvirtualhostcorspolicywithallowprivatenetwork) + * [`fn withExposeHeaders(exposeHeaders)`](#fn-specvirtualhostcorspolicywithexposeheaders) + * [`fn withExposeHeadersMixin(exposeHeaders)`](#fn-specvirtualhostcorspolicywithexposeheadersmixin) + * [`fn withMaxAge(maxAge)`](#fn-specvirtualhostcorspolicywithmaxage) + * [`obj spec.virtualhost.ipAllowPolicy`](#obj-specvirtualhostipallowpolicy) + * [`fn withCidr(cidr)`](#fn-specvirtualhostipallowpolicywithcidr) + * [`fn withSource(source)`](#fn-specvirtualhostipallowpolicywithsource) + * [`obj spec.virtualhost.ipDenyPolicy`](#obj-specvirtualhostipdenypolicy) + * [`fn withCidr(cidr)`](#fn-specvirtualhostipdenypolicywithcidr) + * [`fn withSource(source)`](#fn-specvirtualhostipdenypolicywithsource) + * [`obj spec.virtualhost.jwtProviders`](#obj-specvirtualhostjwtproviders) + * [`fn withAudiences(audiences)`](#fn-specvirtualhostjwtproviderswithaudiences) + * [`fn withAudiencesMixin(audiences)`](#fn-specvirtualhostjwtproviderswithaudiencesmixin) + * [`fn withDefault(default)`](#fn-specvirtualhostjwtproviderswithdefault) + * [`fn withForwardJWT(forwardJWT)`](#fn-specvirtualhostjwtproviderswithforwardjwt) + * [`fn withIssuer(issuer)`](#fn-specvirtualhostjwtproviderswithissuer) + * [`fn withName(name)`](#fn-specvirtualhostjwtproviderswithname) + * [`obj spec.virtualhost.jwtProviders.remoteJWKS`](#obj-specvirtualhostjwtprovidersremotejwks) + * [`fn withCacheDuration(cacheDuration)`](#fn-specvirtualhostjwtprovidersremotejwkswithcacheduration) + * [`fn withDnsLookupFamily(dnsLookupFamily)`](#fn-specvirtualhostjwtprovidersremotejwkswithdnslookupfamily) + * [`fn withTimeout(timeout)`](#fn-specvirtualhostjwtprovidersremotejwkswithtimeout) + * [`fn withUri(uri)`](#fn-specvirtualhostjwtprovidersremotejwkswithuri) + * [`obj spec.virtualhost.jwtProviders.remoteJWKS.validation`](#obj-specvirtualhostjwtprovidersremotejwksvalidation) + * [`fn withCaSecret(caSecret)`](#fn-specvirtualhostjwtprovidersremotejwksvalidationwithcasecret) + * [`fn withSubjectName(subjectName)`](#fn-specvirtualhostjwtprovidersremotejwksvalidationwithsubjectname) + * [`fn withSubjectNames(subjectNames)`](#fn-specvirtualhostjwtprovidersremotejwksvalidationwithsubjectnames) + * [`fn withSubjectNamesMixin(subjectNames)`](#fn-specvirtualhostjwtprovidersremotejwksvalidationwithsubjectnamesmixin) + * [`obj spec.virtualhost.rateLimitPolicy`](#obj-specvirtualhostratelimitpolicy) + * [`obj spec.virtualhost.rateLimitPolicy.global`](#obj-specvirtualhostratelimitpolicyglobal) + * [`fn withDescriptors(descriptors)`](#fn-specvirtualhostratelimitpolicyglobalwithdescriptors) + * [`fn withDescriptorsMixin(descriptors)`](#fn-specvirtualhostratelimitpolicyglobalwithdescriptorsmixin) + * [`fn withDisabled(disabled)`](#fn-specvirtualhostratelimitpolicyglobalwithdisabled) + * [`obj spec.virtualhost.rateLimitPolicy.global.descriptors`](#obj-specvirtualhostratelimitpolicyglobaldescriptors) + * [`fn withEntries(entries)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorswithentries) + * [`fn withEntriesMixin(entries)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorswithentriesmixin) + * [`obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries`](#obj-specvirtualhostratelimitpolicyglobaldescriptorsentries) + * [`fn withRemoteAddress(remoteAddress)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentrieswithremoteaddress) + * [`fn withRemoteAddressMixin(remoteAddress)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentrieswithremoteaddressmixin) + * [`obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey`](#obj-specvirtualhostratelimitpolicyglobaldescriptorsentriesgenerickey) + * [`fn withKey(key)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesgenerickeywithkey) + * [`fn withValue(value)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesgenerickeywithvalue) + * [`obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader`](#obj-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheader) + * [`fn withDescriptorKey(descriptorKey)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheaderwithdescriptorkey) + * [`fn withHeaderName(headerName)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheaderwithheadername) + * [`obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch`](#obj-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematch) + * [`fn withExpectMatch(expectMatch)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchwithexpectmatch) + * [`fn withHeaders(headers)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchwithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchwithheadersmixin) + * [`fn withValue(value)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchwithvalue) + * [`obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers`](#obj-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaders) + * [`fn withContains(contains)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithcontains) + * [`fn withExact(exact)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithexact) + * [`fn withIgnoreCase(ignoreCase)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithignorecase) + * [`fn withName(name)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithname) + * [`fn withNotcontains(notcontains)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithnotcontains) + * [`fn withNotexact(notexact)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithnotexact) + * [`fn withNotpresent(notpresent)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithnotpresent) + * [`fn withPresent(present)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithpresent) + * [`fn withRegex(regex)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithregex) + * [`fn withTreatMissingAsEmpty(treatMissingAsEmpty)`](#fn-specvirtualhostratelimitpolicyglobaldescriptorsentriesrequestheadervaluematchheaderswithtreatmissingasempty) + * [`obj spec.virtualhost.rateLimitPolicy.local`](#obj-specvirtualhostratelimitpolicylocal) + * [`fn withBurst(burst)`](#fn-specvirtualhostratelimitpolicylocalwithburst) + * [`fn withRequests(requests)`](#fn-specvirtualhostratelimitpolicylocalwithrequests) + * [`fn withResponseHeadersToAdd(responseHeadersToAdd)`](#fn-specvirtualhostratelimitpolicylocalwithresponseheaderstoadd) + * [`fn withResponseHeadersToAddMixin(responseHeadersToAdd)`](#fn-specvirtualhostratelimitpolicylocalwithresponseheaderstoaddmixin) + * [`fn withResponseStatusCode(responseStatusCode)`](#fn-specvirtualhostratelimitpolicylocalwithresponsestatuscode) + * [`fn withUnit(unit)`](#fn-specvirtualhostratelimitpolicylocalwithunit) + * [`obj spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd`](#obj-specvirtualhostratelimitpolicylocalresponseheaderstoadd) + * [`fn withName(name)`](#fn-specvirtualhostratelimitpolicylocalresponseheaderstoaddwithname) + * [`fn withValue(value)`](#fn-specvirtualhostratelimitpolicylocalresponseheaderstoaddwithvalue) + * [`obj spec.virtualhost.tls`](#obj-specvirtualhosttls) + * [`fn withEnableFallbackCertificate(enableFallbackCertificate)`](#fn-specvirtualhosttlswithenablefallbackcertificate) + * [`fn withMaximumProtocolVersion(maximumProtocolVersion)`](#fn-specvirtualhosttlswithmaximumprotocolversion) + * [`fn withMinimumProtocolVersion(minimumProtocolVersion)`](#fn-specvirtualhosttlswithminimumprotocolversion) + * [`fn withPassthrough(passthrough)`](#fn-specvirtualhosttlswithpassthrough) + * [`fn withSecretName(secretName)`](#fn-specvirtualhosttlswithsecretname) + * [`obj spec.virtualhost.tls.clientValidation`](#obj-specvirtualhosttlsclientvalidation) + * [`fn withCaSecret(caSecret)`](#fn-specvirtualhosttlsclientvalidationwithcasecret) + * [`fn withCrlOnlyVerifyLeafCert(crlOnlyVerifyLeafCert)`](#fn-specvirtualhosttlsclientvalidationwithcrlonlyverifyleafcert) + * [`fn withCrlSecret(crlSecret)`](#fn-specvirtualhosttlsclientvalidationwithcrlsecret) + * [`fn withOptionalClientCertificate(optionalClientCertificate)`](#fn-specvirtualhosttlsclientvalidationwithoptionalclientcertificate) + * [`fn withSkipClientCertValidation(skipClientCertValidation)`](#fn-specvirtualhosttlsclientvalidationwithskipclientcertvalidation) + * [`obj spec.virtualhost.tls.clientValidation.forwardClientCertificate`](#obj-specvirtualhosttlsclientvalidationforwardclientcertificate) + * [`fn withCert(cert)`](#fn-specvirtualhosttlsclientvalidationforwardclientcertificatewithcert) + * [`fn withChain(chain)`](#fn-specvirtualhosttlsclientvalidationforwardclientcertificatewithchain) + * [`fn withDns(dns)`](#fn-specvirtualhosttlsclientvalidationforwardclientcertificatewithdns) + * [`fn withSubject(subject)`](#fn-specvirtualhosttlsclientvalidationforwardclientcertificatewithsubject) + * [`fn withUri(uri)`](#fn-specvirtualhosttlsclientvalidationforwardclientcertificatewithuri) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of HTTPProxy + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"HTTPProxySpec defines the spec of the CRD." + +### fn spec.withIncludes + +```ts +withIncludes(includes) +``` + +"Includes allow for specific routing configuration to be included from another HTTPProxy,\npossibly in another namespace." + +### fn spec.withIncludesMixin + +```ts +withIncludesMixin(includes) +``` + +"Includes allow for specific routing configuration to be included from another HTTPProxy,\npossibly in another namespace." + +**Note:** This function appends passed data to existing values + +### fn spec.withIngressClassName + +```ts +withIngressClassName(ingressClassName) +``` + +"IngressClassName optionally specifies the ingress class to use for this\nHTTPProxy. This replaces the deprecated `kubernetes.io/ingress.class`\nannotation. For backwards compatibility, when that annotation is set, it\nis given precedence over this field." + +### fn spec.withRoutes + +```ts +withRoutes(routes) +``` + +"Routes are the ingress routes. If TCPProxy is present, Routes is ignored." + +### fn spec.withRoutesMixin + +```ts +withRoutesMixin(routes) +``` + +"Routes are the ingress routes. If TCPProxy is present, Routes is ignored." + +**Note:** This function appends passed data to existing values + +## obj spec.includes + +"Includes allow for specific routing configuration to be included from another HTTPProxy,\npossibly in another namespace." + +### fn spec.includes.withConditions + +```ts +withConditions(conditions) +``` + +"Conditions are a set of rules that are applied to included HTTPProxies.\nIn effect, they are added onto the Conditions of included HTTPProxy Route\nstructs.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix MatchCondition per Conditions slice.\nMore than one Prefix, or contradictory Conditions, will make the\ninclude invalid. Exact and Regex match conditions are not allowed\non includes." + +### fn spec.includes.withConditionsMixin + +```ts +withConditionsMixin(conditions) +``` + +"Conditions are a set of rules that are applied to included HTTPProxies.\nIn effect, they are added onto the Conditions of included HTTPProxy Route\nstructs.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix MatchCondition per Conditions slice.\nMore than one Prefix, or contradictory Conditions, will make the\ninclude invalid. Exact and Regex match conditions are not allowed\non includes." + +**Note:** This function appends passed data to existing values + +### fn spec.includes.withName + +```ts +withName(name) +``` + +"Name of the HTTPProxy" + +### fn spec.includes.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied." + +## obj spec.includes.conditions + +"Conditions are a set of rules that are applied to included HTTPProxies.\nIn effect, they are added onto the Conditions of included HTTPProxy Route\nstructs.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix MatchCondition per Conditions slice.\nMore than one Prefix, or contradictory Conditions, will make the\ninclude invalid. Exact and Regex match conditions are not allowed\non includes." + +### fn spec.includes.conditions.withExact + +```ts +withExact(exact) +``` + +"Exact defines a exact match for a request.\nThis field is not allowed in include match conditions." + +### fn spec.includes.conditions.withPrefix + +```ts +withPrefix(prefix) +``` + +"Prefix defines a prefix match for a request." + +### fn spec.includes.conditions.withRegex + +```ts +withRegex(regex) +``` + +"Regex defines a regex match for a request.\nThis field is not allowed in include match conditions." + +## obj spec.includes.conditions.header + +"Header specifies the header condition to match." + +### fn spec.includes.conditions.header.withContains + +```ts +withContains(contains) +``` + +"Contains specifies a substring that must be present in\nthe header value." + +### fn spec.includes.conditions.header.withExact + +```ts +withExact(exact) +``` + +"Exact specifies a string that the header value must be equal to." + +### fn spec.includes.conditions.header.withIgnoreCase + +```ts +withIgnoreCase(ignoreCase) +``` + +"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter." + +### fn spec.includes.conditions.header.withName + +```ts +withName(name) +``` + +"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive." + +### fn spec.includes.conditions.header.withNotcontains + +```ts +withNotcontains(notcontains) +``` + +"NotContains specifies a substring that must not be present\nin the header value." + +### fn spec.includes.conditions.header.withNotexact + +```ts +withNotexact(notexact) +``` + +"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value." + +### fn spec.includes.conditions.header.withNotpresent + +```ts +withNotpresent(notpresent) +``` + +"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present." + +### fn spec.includes.conditions.header.withPresent + +```ts +withPresent(present) +``` + +"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent." + +### fn spec.includes.conditions.header.withRegex + +```ts +withRegex(regex) +``` + +"Regex specifies a regular expression pattern that must match the header\nvalue." + +### fn spec.includes.conditions.header.withTreatMissingAsEmpty + +```ts +withTreatMissingAsEmpty(treatMissingAsEmpty) +``` + +"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is **only** supported for\nnegative matches (e.g. NotContains, NotExact)." + +## obj spec.includes.conditions.queryParameter + +"QueryParameter specifies the query parameter condition to match." + +### fn spec.includes.conditions.queryParameter.withContains + +```ts +withContains(contains) +``` + +"Contains specifies a substring that must be present in\nthe query parameter value." + +### fn spec.includes.conditions.queryParameter.withExact + +```ts +withExact(exact) +``` + +"Exact specifies a string that the query parameter value must be equal to." + +### fn spec.includes.conditions.queryParameter.withIgnoreCase + +```ts +withIgnoreCase(ignoreCase) +``` + +"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter." + +### fn spec.includes.conditions.queryParameter.withName + +```ts +withName(name) +``` + +"Name is the name of the query parameter to match against. Name is required.\nQuery parameter names are case insensitive." + +### fn spec.includes.conditions.queryParameter.withPrefix + +```ts +withPrefix(prefix) +``` + +"Prefix defines a prefix match for the query parameter value." + +### fn spec.includes.conditions.queryParameter.withPresent + +```ts +withPresent(present) +``` + +"Present specifies that condition is true when the named query parameter\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named query parameter\nis absent." + +### fn spec.includes.conditions.queryParameter.withRegex + +```ts +withRegex(regex) +``` + +"Regex specifies a regular expression pattern that must match the query\nparameter value." + +### fn spec.includes.conditions.queryParameter.withSuffix + +```ts +withSuffix(suffix) +``` + +"Suffix defines a suffix match for a query parameter value." + +## obj spec.routes + +"Routes are the ingress routes. If TCPProxy is present, Routes is ignored." + +### fn spec.routes.withConditions + +```ts +withConditions(conditions) +``` + +"Conditions are a set of rules that are applied to a Route.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix, Exact or Regex MatchCondition\nper Conditions slice. More than one of these condition types,\nor contradictory Conditions, will make the route invalid." + +### fn spec.routes.withConditionsMixin + +```ts +withConditionsMixin(conditions) +``` + +"Conditions are a set of rules that are applied to a Route.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix, Exact or Regex MatchCondition\nper Conditions slice. More than one of these condition types,\nor contradictory Conditions, will make the route invalid." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.withCookieRewritePolicies + +```ts +withCookieRewritePolicies(cookieRewritePolicies) +``` + +"The policies for rewriting Set-Cookie header attributes. Note that\nrewritten cookie names must be unique in this list. Order rewrite\npolicies are specified in does not matter." + +### fn spec.routes.withCookieRewritePoliciesMixin + +```ts +withCookieRewritePoliciesMixin(cookieRewritePolicies) +``` + +"The policies for rewriting Set-Cookie header attributes. Note that\nrewritten cookie names must be unique in this list. Order rewrite\npolicies are specified in does not matter." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.withEnableWebsockets + +```ts +withEnableWebsockets(enableWebsockets) +``` + +"Enables websocket support for the route." + +### fn spec.routes.withIpAllowPolicy + +```ts +withIpAllowPolicy(ipAllowPolicy) +``` + +"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy." + +### fn spec.routes.withIpAllowPolicyMixin + +```ts +withIpAllowPolicyMixin(ipAllowPolicy) +``` + +"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.withIpDenyPolicy + +```ts +withIpDenyPolicy(ipDenyPolicy) +``` + +"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy." + +### fn spec.routes.withIpDenyPolicyMixin + +```ts +withIpDenyPolicyMixin(ipDenyPolicy) +``` + +"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.withPermitInsecure + +```ts +withPermitInsecure(permitInsecure) +``` + +"Allow this path to respond to insecure requests over HTTP which are normally\nnot permitted when a `virtualhost.tls` block is present." + +### fn spec.routes.withServices + +```ts +withServices(services) +``` + +"Services are the services to proxy traffic." + +### fn spec.routes.withServicesMixin + +```ts +withServicesMixin(services) +``` + +"Services are the services to proxy traffic." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.authPolicy + +"AuthPolicy updates the authorization policy that was set\non the root HTTPProxy object for client requests that\nmatch this route." + +### fn spec.routes.authPolicy.withContext + +```ts +withContext(context) +``` + +"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope." + +### fn spec.routes.authPolicy.withContextMixin + +```ts +withContextMixin(context) +``` + +"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.authPolicy.withDisabled + +```ts +withDisabled(disabled) +``` + +"When true, this field disables client request authentication\nfor the scope of the policy." + +## obj spec.routes.conditions + +"Conditions are a set of rules that are applied to a Route.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix, Exact or Regex MatchCondition\nper Conditions slice. More than one of these condition types,\nor contradictory Conditions, will make the route invalid." + +### fn spec.routes.conditions.withExact + +```ts +withExact(exact) +``` + +"Exact defines a exact match for a request.\nThis field is not allowed in include match conditions." + +### fn spec.routes.conditions.withPrefix + +```ts +withPrefix(prefix) +``` + +"Prefix defines a prefix match for a request." + +### fn spec.routes.conditions.withRegex + +```ts +withRegex(regex) +``` + +"Regex defines a regex match for a request.\nThis field is not allowed in include match conditions." + +## obj spec.routes.conditions.header + +"Header specifies the header condition to match." + +### fn spec.routes.conditions.header.withContains + +```ts +withContains(contains) +``` + +"Contains specifies a substring that must be present in\nthe header value." + +### fn spec.routes.conditions.header.withExact + +```ts +withExact(exact) +``` + +"Exact specifies a string that the header value must be equal to." + +### fn spec.routes.conditions.header.withIgnoreCase + +```ts +withIgnoreCase(ignoreCase) +``` + +"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter." + +### fn spec.routes.conditions.header.withName + +```ts +withName(name) +``` + +"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive." + +### fn spec.routes.conditions.header.withNotcontains + +```ts +withNotcontains(notcontains) +``` + +"NotContains specifies a substring that must not be present\nin the header value." + +### fn spec.routes.conditions.header.withNotexact + +```ts +withNotexact(notexact) +``` + +"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value." + +### fn spec.routes.conditions.header.withNotpresent + +```ts +withNotpresent(notpresent) +``` + +"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present." + +### fn spec.routes.conditions.header.withPresent + +```ts +withPresent(present) +``` + +"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent." + +### fn spec.routes.conditions.header.withRegex + +```ts +withRegex(regex) +``` + +"Regex specifies a regular expression pattern that must match the header\nvalue." + +### fn spec.routes.conditions.header.withTreatMissingAsEmpty + +```ts +withTreatMissingAsEmpty(treatMissingAsEmpty) +``` + +"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is **only** supported for\nnegative matches (e.g. NotContains, NotExact)." + +## obj spec.routes.conditions.queryParameter + +"QueryParameter specifies the query parameter condition to match." + +### fn spec.routes.conditions.queryParameter.withContains + +```ts +withContains(contains) +``` + +"Contains specifies a substring that must be present in\nthe query parameter value." + +### fn spec.routes.conditions.queryParameter.withExact + +```ts +withExact(exact) +``` + +"Exact specifies a string that the query parameter value must be equal to." + +### fn spec.routes.conditions.queryParameter.withIgnoreCase + +```ts +withIgnoreCase(ignoreCase) +``` + +"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter." + +### fn spec.routes.conditions.queryParameter.withName + +```ts +withName(name) +``` + +"Name is the name of the query parameter to match against. Name is required.\nQuery parameter names are case insensitive." + +### fn spec.routes.conditions.queryParameter.withPrefix + +```ts +withPrefix(prefix) +``` + +"Prefix defines a prefix match for the query parameter value." + +### fn spec.routes.conditions.queryParameter.withPresent + +```ts +withPresent(present) +``` + +"Present specifies that condition is true when the named query parameter\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named query parameter\nis absent." + +### fn spec.routes.conditions.queryParameter.withRegex + +```ts +withRegex(regex) +``` + +"Regex specifies a regular expression pattern that must match the query\nparameter value." + +### fn spec.routes.conditions.queryParameter.withSuffix + +```ts +withSuffix(suffix) +``` + +"Suffix defines a suffix match for a query parameter value." + +## obj spec.routes.cookieRewritePolicies + +"The policies for rewriting Set-Cookie header attributes. Note that\nrewritten cookie names must be unique in this list. Order rewrite\npolicies are specified in does not matter." + +### fn spec.routes.cookieRewritePolicies.withName + +```ts +withName(name) +``` + +"Name is the name of the cookie for which attributes will be rewritten." + +### fn spec.routes.cookieRewritePolicies.withSameSite + +```ts +withSameSite(sameSite) +``` + +"SameSite enables rewriting the Set-Cookie SameSite element.\nIf not set, SameSite attribute will not be rewritten." + +### fn spec.routes.cookieRewritePolicies.withSecure + +```ts +withSecure(secure) +``` + +"Secure enables rewriting the Set-Cookie Secure element.\nIf not set, Secure attribute will not be rewritten." + +## obj spec.routes.cookieRewritePolicies.domainRewrite + +"DomainRewrite enables rewriting the Set-Cookie Domain element.\nIf not set, Domain will not be rewritten." + +### fn spec.routes.cookieRewritePolicies.domainRewrite.withValue + +```ts +withValue(value) +``` + +"Value is the value to rewrite the Domain attribute to.\nFor now this is required." + +## obj spec.routes.cookieRewritePolicies.pathRewrite + +"PathRewrite enables rewriting the Set-Cookie Path element.\nIf not set, Path will not be rewritten." + +### fn spec.routes.cookieRewritePolicies.pathRewrite.withValue + +```ts +withValue(value) +``` + +"Value is the value to rewrite the Path attribute to.\nFor now this is required." + +## obj spec.routes.directResponsePolicy + +"DirectResponsePolicy returns an arbitrary HTTP response directly." + +### fn spec.routes.directResponsePolicy.withBody + +```ts +withBody(body) +``` + +"Body is the content of the response body.\nIf this setting is omitted, no body is included in the generated response.\nNote: Body is not recommended to set too long\notherwise it can have significant resource usage impacts." + +### fn spec.routes.directResponsePolicy.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP response status to be returned." + +## obj spec.routes.healthCheckPolicy + +"The health check policy for this route." + +### fn spec.routes.healthCheckPolicy.withExpectedStatuses + +```ts +withExpectedStatuses(expectedStatuses) +``` + +"The ranges of HTTP response statuses considered healthy. Follow half-open\nsemantics, i.e. for each range the start is inclusive and the end is exclusive.\nMust be within the range [100,600). If not specified, only a 200 response status\nis considered healthy." + +### fn spec.routes.healthCheckPolicy.withExpectedStatusesMixin + +```ts +withExpectedStatusesMixin(expectedStatuses) +``` + +"The ranges of HTTP response statuses considered healthy. Follow half-open\nsemantics, i.e. for each range the start is inclusive and the end is exclusive.\nMust be within the range [100,600). If not specified, only a 200 response status\nis considered healthy." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.healthCheckPolicy.withHealthyThresholdCount + +```ts +withHealthyThresholdCount(healthyThresholdCount) +``` + +"The number of healthy health checks required before a host is marked healthy" + +### fn spec.routes.healthCheckPolicy.withHost + +```ts +withHost(host) +``` + +"The value of the host header in the HTTP health check request.\nIf left empty (default value), the name \"contour-envoy-healthcheck\"\nwill be used." + +### fn spec.routes.healthCheckPolicy.withIntervalSeconds + +```ts +withIntervalSeconds(intervalSeconds) +``` + +"The interval (seconds) between health checks" + +### fn spec.routes.healthCheckPolicy.withPath + +```ts +withPath(path) +``` + +"HTTP endpoint used to perform health checks on upstream service" + +### fn spec.routes.healthCheckPolicy.withTimeoutSeconds + +```ts +withTimeoutSeconds(timeoutSeconds) +``` + +"The time to wait (seconds) for a health check response" + +### fn spec.routes.healthCheckPolicy.withUnhealthyThresholdCount + +```ts +withUnhealthyThresholdCount(unhealthyThresholdCount) +``` + +"The number of unhealthy health checks required before a host is marked unhealthy" + +## obj spec.routes.healthCheckPolicy.expectedStatuses + +"The ranges of HTTP response statuses considered healthy. Follow half-open\nsemantics, i.e. for each range the start is inclusive and the end is exclusive.\nMust be within the range [100,600). If not specified, only a 200 response status\nis considered healthy." + +### fn spec.routes.healthCheckPolicy.expectedStatuses.withEnd + +```ts +withEnd(end) +``` + +"The end (exclusive) of a range of HTTP status codes." + +### fn spec.routes.healthCheckPolicy.expectedStatuses.withStart + +```ts +withStart(start) +``` + +"The start (inclusive) of a range of HTTP status codes." + +## obj spec.routes.internalRedirectPolicy + +"The policy to define when to handle redirects responses internally." + +### fn spec.routes.internalRedirectPolicy.withAllowCrossSchemeRedirect + +```ts +withAllowCrossSchemeRedirect(allowCrossSchemeRedirect) +``` + +"AllowCrossSchemeRedirect Allow internal redirect to follow a target URI with a different scheme\nthan the value of x-forwarded-proto.\nSafeOnly allows same scheme redirect and safe cross scheme redirect, which means if the downstream\nscheme is HTTPS, both HTTPS and HTTP redirect targets are allowed, but if the downstream scheme\nis HTTP, only HTTP redirect targets are allowed." + +### fn spec.routes.internalRedirectPolicy.withDenyRepeatedRouteRedirect + +```ts +withDenyRepeatedRouteRedirect(denyRepeatedRouteRedirect) +``` + +"If DenyRepeatedRouteRedirect is true, rejects redirect targets that are pointing to a route that has\nbeen followed by a previous redirect from the current route." + +### fn spec.routes.internalRedirectPolicy.withMaxInternalRedirects + +```ts +withMaxInternalRedirects(maxInternalRedirects) +``` + +"MaxInternalRedirects An internal redirect is not handled, unless the number of previous internal\nredirects that a downstream request has encountered is lower than this value." + +### fn spec.routes.internalRedirectPolicy.withRedirectResponseCodes + +```ts +withRedirectResponseCodes(redirectResponseCodes) +``` + +"RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect.\nOnly 301, 302, 303, 307 and 308 are valid values." + +### fn spec.routes.internalRedirectPolicy.withRedirectResponseCodesMixin + +```ts +withRedirectResponseCodesMixin(redirectResponseCodes) +``` + +"RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect.\nOnly 301, 302, 303, 307 and 308 are valid values." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.ipAllowPolicy + +"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy." + +### fn spec.routes.ipAllowPolicy.withCidr + +```ts +withCidr(cidr) +``` + +"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\na bare IP address (without a mask) to filter on exactly one address." + +### fn spec.routes.ipAllowPolicy.withSource + +```ts +withSource(source) +``` + +"Source indicates how to determine the ip address to filter on, and can be\none of two values:\n - `Remote` filters on the ip address of the client, accounting for PROXY and\n X-Forwarded-For as needed.\n - `Peer` filters on the ip of the network request, ignoring PROXY and\n X-Forwarded-For." + +## obj spec.routes.ipDenyPolicy + +"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy." + +### fn spec.routes.ipDenyPolicy.withCidr + +```ts +withCidr(cidr) +``` + +"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\na bare IP address (without a mask) to filter on exactly one address." + +### fn spec.routes.ipDenyPolicy.withSource + +```ts +withSource(source) +``` + +"Source indicates how to determine the ip address to filter on, and can be\none of two values:\n - `Remote` filters on the ip address of the client, accounting for PROXY and\n X-Forwarded-For as needed.\n - `Peer` filters on the ip of the network request, ignoring PROXY and\n X-Forwarded-For." + +## obj spec.routes.jwtVerificationPolicy + +"The policy for verifying JWTs for requests to this route." + +### fn spec.routes.jwtVerificationPolicy.withDisabled + +```ts +withDisabled(disabled) +``` + +"Disabled defines whether to disable all JWT verification for this\nroute. This can be used to opt specific routes out of the default\nJWT provider for the HTTPProxy. At most one of this field or the\n\"require\" field can be specified." + +### fn spec.routes.jwtVerificationPolicy.withRequire + +```ts +withRequire(require) +``` + +"Require names a specific JWT provider (defined in the virtual host)\nto require for the route. If specified, this field overrides the\ndefault provider if one exists. If this field is not specified,\nthe default provider will be required if one exists. At most one of\nthis field or the \"disabled\" field can be specified." + +## obj spec.routes.loadBalancerPolicy + +"The load balancing policy for this route." + +### fn spec.routes.loadBalancerPolicy.withRequestHashPolicies + +```ts +withRequestHashPolicies(requestHashPolicies) +``` + +"RequestHashPolicies contains a list of hash policies to apply when the\n`RequestHash` load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default `RoundRobin`." + +### fn spec.routes.loadBalancerPolicy.withRequestHashPoliciesMixin + +```ts +withRequestHashPoliciesMixin(requestHashPolicies) +``` + +"RequestHashPolicies contains a list of hash policies to apply when the\n`RequestHash` load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default `RoundRobin`." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.loadBalancerPolicy.withStrategy + +```ts +withStrategy(strategy) +``` + +"Strategy specifies the policy used to balance requests\nacross the pool of backend pods. Valid policy names are\n`Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`,\nand `RequestHash`. If an unknown strategy name is specified\nor no policy is supplied, the default `RoundRobin` policy\nis used." + +## obj spec.routes.loadBalancerPolicy.requestHashPolicies + +"RequestHashPolicies contains a list of hash policies to apply when the\n`RequestHash` load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default `RoundRobin`." + +### fn spec.routes.loadBalancerPolicy.requestHashPolicies.withHashSourceIP + +```ts +withHashSourceIP(hashSourceIP) +``` + +"HashSourceIP should be set to true when request source IP hash based\nload balancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored." + +### fn spec.routes.loadBalancerPolicy.requestHashPolicies.withTerminal + +```ts +withTerminal(terminal) +``` + +"Terminal is a flag that allows for short-circuiting computing of a hash\nfor a given request. If set to true, and the request attribute specified\nin the attribute hash options is present, no further hash policies will\nbe used to calculate a hash for the request." + +## obj spec.routes.loadBalancerPolicy.requestHashPolicies.headerHashOptions + +"HeaderHashOptions should be set when request header hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored." + +### fn spec.routes.loadBalancerPolicy.requestHashPolicies.headerHashOptions.withHeaderName + +```ts +withHeaderName(headerName) +``` + +"HeaderName is the name of the HTTP request header that will be used to\ncalculate the hash key. If the header specified is not present on a\nrequest, no hash will be produced." + +## obj spec.routes.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions + +"QueryParameterHashOptions should be set when request query parameter hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored." + +### fn spec.routes.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions.withParameterName + +```ts +withParameterName(parameterName) +``` + +"ParameterName is the name of the HTTP request query parameter that will be used to\ncalculate the hash key. If the query parameter specified is not present on a\nrequest, no hash will be produced." + +## obj spec.routes.pathRewritePolicy + +"The policy for rewriting the path of the request URL\nafter the request has been routed to a Service." + +### fn spec.routes.pathRewritePolicy.withReplacePrefix + +```ts +withReplacePrefix(replacePrefix) +``` + +"ReplacePrefix describes how the path prefix should be replaced." + +### fn spec.routes.pathRewritePolicy.withReplacePrefixMixin + +```ts +withReplacePrefixMixin(replacePrefix) +``` + +"ReplacePrefix describes how the path prefix should be replaced." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.pathRewritePolicy.replacePrefix + +"ReplacePrefix describes how the path prefix should be replaced." + +### fn spec.routes.pathRewritePolicy.replacePrefix.withPrefix + +```ts +withPrefix(prefix) +``` + +"Prefix specifies the URL path prefix to be replaced.\nIf Prefix is specified, it must exactly match the MatchCondition\nprefix that is rendered by the chain of including HTTPProxies\nand only that path prefix will be replaced by Replacement.\nThis allows HTTPProxies that are included through multiple\nroots to only replace specific path prefixes, leaving others\nunmodified.\nIf Prefix is not specified, all routing prefixes rendered\nby the include chain will be replaced." + +### fn spec.routes.pathRewritePolicy.replacePrefix.withReplacement + +```ts +withReplacement(replacement) +``` + +"Replacement is the string that the routing path prefix\nwill be replaced with. This must not be empty." + +## obj spec.routes.rateLimitPolicy + +"The policy for rate limiting on the route." + +## obj spec.routes.rateLimitPolicy.global + +"Global defines global rate limiting parameters, i.e. parameters\ndefining descriptors that are sent to an external rate limit\nservice (RLS) for a rate limit decision on each request." + +### fn spec.routes.rateLimitPolicy.global.withDescriptors + +```ts +withDescriptors(descriptors) +``` + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +### fn spec.routes.rateLimitPolicy.global.withDescriptorsMixin + +```ts +withDescriptorsMixin(descriptors) +``` + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.rateLimitPolicy.global.withDisabled + +```ts +withDisabled(disabled) +``` + +"Disabled configures the HTTPProxy to not use\nthe default global rate limit policy defined by the Contour configuration." + +## obj spec.routes.rateLimitPolicy.global.descriptors + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +### fn spec.routes.rateLimitPolicy.global.descriptors.withEntries + +```ts +withEntries(entries) +``` + +"Entries is the list of key-value pair generators." + +### fn spec.routes.rateLimitPolicy.global.descriptors.withEntriesMixin + +```ts +withEntriesMixin(entries) +``` + +"Entries is the list of key-value pair generators." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.rateLimitPolicy.global.descriptors.entries + +"Entries is the list of key-value pair generators." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.withRemoteAddress + +```ts +withRemoteAddress(remoteAddress) +``` + +"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.withRemoteAddressMixin + +```ts +withRemoteAddressMixin(remoteAddress) +``` + +"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey + +"GenericKey defines a descriptor entry with a static key and value." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey.withKey + +```ts +withKey(key) +``` + +"Key defines the key of the descriptor entry. If not set, the\nkey is set to \"generic_key\"." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey.withValue + +```ts +withValue(value) +``` + +"Value defines the value of the descriptor entry." + +## obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader + +"RequestHeader defines a descriptor entry that's populated only if\na given header is present on the request. The descriptor key is static,\nand the descriptor value is equal to the value of the header." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader.withDescriptorKey + +```ts +withDescriptorKey(descriptorKey) +``` + +"DescriptorKey defines the key to use on the descriptor entry." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader.withHeaderName + +```ts +withHeaderName(headerName) +``` + +"HeaderName defines the name of the header to look for on the request." + +## obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch + +"RequestHeaderValueMatch defines a descriptor entry that's populated\nif the request's headers match a set of 1+ match criteria. The\ndescriptor key is \"header_match\", and the descriptor value is static." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withExpectMatch + +```ts +withExpectMatch(expectMatch) +``` + +"ExpectMatch defines whether the request must positively match the match\ncriteria in order to generate a descriptor entry (i.e. true), or not\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\nThe default is true." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withValue + +```ts +withValue(value) +``` + +"Value defines the value of the descriptor entry." + +## obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withContains + +```ts +withContains(contains) +``` + +"Contains specifies a substring that must be present in\nthe header value." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withExact + +```ts +withExact(exact) +``` + +"Exact specifies a string that the header value must be equal to." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withIgnoreCase + +```ts +withIgnoreCase(ignoreCase) +``` + +"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains + +```ts +withNotcontains(notcontains) +``` + +"NotContains specifies a substring that must not be present\nin the header value." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotexact + +```ts +withNotexact(notexact) +``` + +"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent + +```ts +withNotpresent(notpresent) +``` + +"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withPresent + +```ts +withPresent(present) +``` + +"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withRegex + +```ts +withRegex(regex) +``` + +"Regex specifies a regular expression pattern that must match the header\nvalue." + +### fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withTreatMissingAsEmpty + +```ts +withTreatMissingAsEmpty(treatMissingAsEmpty) +``` + +"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is **only** supported for\nnegative matches (e.g. NotContains, NotExact)." + +## obj spec.routes.rateLimitPolicy.local + +"Local defines local rate limiting parameters, i.e. parameters\nfor rate limiting that occurs within each Envoy pod as requests\nare handled." + +### fn spec.routes.rateLimitPolicy.local.withBurst + +```ts +withBurst(burst) +``` + +"Burst defines the number of requests above the requests per\nunit that should be allowed within a short period of time." + +### fn spec.routes.rateLimitPolicy.local.withRequests + +```ts +withRequests(requests) +``` + +"Requests defines how many requests per unit of time should\nbe allowed before rate limiting occurs." + +### fn spec.routes.rateLimitPolicy.local.withResponseHeadersToAdd + +```ts +withResponseHeadersToAdd(responseHeadersToAdd) +``` + +"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited." + +### fn spec.routes.rateLimitPolicy.local.withResponseHeadersToAddMixin + +```ts +withResponseHeadersToAddMixin(responseHeadersToAdd) +``` + +"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.rateLimitPolicy.local.withResponseStatusCode + +```ts +withResponseStatusCode(responseStatusCode) +``` + +"ResponseStatusCode is the HTTP status code to use for responses\nto rate-limited requests. Codes must be in the 400-599 range\n(inclusive). If not specified, the Envoy default of 429 (Too\nMany Requests) is used." + +### fn spec.routes.rateLimitPolicy.local.withUnit + +```ts +withUnit(unit) +``` + +"Unit defines the period of time within which requests\nover the limit will be rate limited. Valid values are\n\"second\", \"minute\" and \"hour\"." + +## obj spec.routes.rateLimitPolicy.local.responseHeadersToAdd + +"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited." + +### fn spec.routes.rateLimitPolicy.local.responseHeadersToAdd.withName + +```ts +withName(name) +``` + +"Name represents a key of a header" + +### fn spec.routes.rateLimitPolicy.local.responseHeadersToAdd.withValue + +```ts +withValue(value) +``` + +"Value represents the value of a header specified by a key" + +## obj spec.routes.requestHeadersPolicy + +"The policy for managing request headers during proxying.\nYou may dynamically rewrite the Host header to be forwarded\nupstream to the content of a request header using\nthe below format \"%REQ(X-Header-Name)%\". If the value of the header\nis empty, it is ignored.\n*NOTE: Pay attention to the potential security implications of using this option.\nProvided header must come from trusted source.\n**NOTE: The header rewrite is only done while forwarding and has no bearing\non the routing decision." + +### fn spec.routes.requestHeadersPolicy.withRemove + +```ts +withRemove(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +### fn spec.routes.requestHeadersPolicy.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.requestHeadersPolicy.withSet + +```ts +withSet(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.routes.requestHeadersPolicy.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.requestHeadersPolicy.set + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.routes.requestHeadersPolicy.set.withName + +```ts +withName(name) +``` + +"Name represents a key of a header" + +### fn spec.routes.requestHeadersPolicy.set.withValue + +```ts +withValue(value) +``` + +"Value represents the value of a header specified by a key" + +## obj spec.routes.requestRedirectPolicy + +"RequestRedirectPolicy defines an HTTP redirection." + +### fn spec.routes.requestRedirectPolicy.withHostname + +```ts +withHostname(hostname) +``` + +"Hostname is the precise hostname to be used in the value of the `Location`\nheader in the response.\nWhen empty, the hostname of the request is used.\nNo wildcards are allowed." + +### fn spec.routes.requestRedirectPolicy.withPath + +```ts +withPath(path) +``` + +"Path allows for redirection to a different path from the\noriginal on the request. The path must start with a\nleading slash.\nNote: Only one of Path or Prefix can be defined." + +### fn spec.routes.requestRedirectPolicy.withPort + +```ts +withPort(port) +``` + +"Port is the port to be used in the value of the `Location`\nheader in the response.\nWhen empty, port (if specified) of the request is used." + +### fn spec.routes.requestRedirectPolicy.withPrefix + +```ts +withPrefix(prefix) +``` + +"Prefix defines the value to swap the matched prefix or path with.\nThe prefix must start with a leading slash.\nNote: Only one of Path or Prefix can be defined." + +### fn spec.routes.requestRedirectPolicy.withScheme + +```ts +withScheme(scheme) +``` + +"Scheme is the scheme to be used in the value of the `Location`\nheader in the response.\nWhen empty, the scheme of the request is used." + +### fn spec.routes.requestRedirectPolicy.withStatusCode + +```ts +withStatusCode(statusCode) +``` + +"StatusCode is the HTTP status code to be used in response." + +## obj spec.routes.responseHeadersPolicy + +"The policy for managing response headers during proxying.\nRewriting the 'Host' header is not supported." + +### fn spec.routes.responseHeadersPolicy.withRemove + +```ts +withRemove(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +### fn spec.routes.responseHeadersPolicy.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.responseHeadersPolicy.withSet + +```ts +withSet(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.routes.responseHeadersPolicy.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.responseHeadersPolicy.set + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.routes.responseHeadersPolicy.set.withName + +```ts +withName(name) +``` + +"Name represents a key of a header" + +### fn spec.routes.responseHeadersPolicy.set.withValue + +```ts +withValue(value) +``` + +"Value represents the value of a header specified by a key" + +## obj spec.routes.retryPolicy + +"The retry policy for this route." + +### fn spec.routes.retryPolicy.withCount + +```ts +withCount(count) +``` + +"NumRetries is maximum allowed number of retries.\nIf set to -1, then retries are disabled.\nIf set to 0 or not supplied, the value is set\nto the Envoy default of 1." + +### fn spec.routes.retryPolicy.withPerTryTimeout + +```ts +withPerTryTimeout(perTryTimeout) +``` + +"PerTryTimeout specifies the timeout per retry attempt.\nIgnored if NumRetries is not supplied." + +### fn spec.routes.retryPolicy.withRetriableStatusCodes + +```ts +withRetriableStatusCodes(retriableStatusCodes) +``` + +"RetriableStatusCodes specifies the HTTP status codes that should be retried.\nThis field is only respected when you include `retriable-status-codes` in the `RetryOn` field." + +### fn spec.routes.retryPolicy.withRetriableStatusCodesMixin + +```ts +withRetriableStatusCodesMixin(retriableStatusCodes) +``` + +"RetriableStatusCodes specifies the HTTP status codes that should be retried.\nThis field is only respected when you include `retriable-status-codes` in the `RetryOn` field." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.retryPolicy.withRetryOn + +```ts +withRetryOn(retryOn) +``` + +"RetryOn specifies the conditions on which to retry a request.\nSupported [HTTP conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on):\n- `5xx`\n- `gateway-error`\n- `reset`\n- `connect-failure`\n- `retriable-4xx`\n- `refused-stream`\n- `retriable-status-codes`\n- `retriable-headers`\nSupported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on):\n- `cancelled`\n- `deadline-exceeded`\n- `internal`\n- `resource-exhausted`\n- `unavailable`" + +### fn spec.routes.retryPolicy.withRetryOnMixin + +```ts +withRetryOnMixin(retryOn) +``` + +"RetryOn specifies the conditions on which to retry a request.\nSupported [HTTP conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on):\n- `5xx`\n- `gateway-error`\n- `reset`\n- `connect-failure`\n- `retriable-4xx`\n- `refused-stream`\n- `retriable-status-codes`\n- `retriable-headers`\nSupported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on):\n- `cancelled`\n- `deadline-exceeded`\n- `internal`\n- `resource-exhausted`\n- `unavailable`" + +**Note:** This function appends passed data to existing values + +## obj spec.routes.services + +"Services are the services to proxy traffic." + +### fn spec.routes.services.withCookieRewritePolicies + +```ts +withCookieRewritePolicies(cookieRewritePolicies) +``` + +"The policies for rewriting Set-Cookie header attributes." + +### fn spec.routes.services.withCookieRewritePoliciesMixin + +```ts +withCookieRewritePoliciesMixin(cookieRewritePolicies) +``` + +"The policies for rewriting Set-Cookie header attributes." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.services.withHealthPort + +```ts +withHealthPort(healthPort) +``` + +"HealthPort is the port for this service healthcheck.\nIf not specified, Port is used for service healthchecks." + +### fn spec.routes.services.withMirror + +```ts +withMirror(mirror) +``` + +"If Mirror is true the Service will receive a read only mirror of the traffic for this route.\nIf Mirror is true, then fractional mirroring can be enabled by optionally setting the Weight\nfield. Legal values for Weight are 1-100. Omitting the Weight field will result in 100% mirroring.\nNOTE: Setting Weight explicitly to 0 will unexpectedly result in 100% traffic mirroring. This\noccurs since we cannot distinguish omitted fields from those explicitly set to their default\nvalues" + +### fn spec.routes.services.withName + +```ts +withName(name) +``` + +"Name is the name of Kubernetes service to proxy traffic.\nNames defined here will be used to look up corresponding endpoints which contain the ips to route." + +### fn spec.routes.services.withPort + +```ts +withPort(port) +``` + +"Port (defined as Integer) to proxy traffic to since a service can have multiple defined." + +### fn spec.routes.services.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol may be used to specify (or override) the protocol used to reach this Service.\nValues may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations." + +### fn spec.routes.services.withWeight + +```ts +withWeight(weight) +``` + +"Weight defines percentage of traffic to balance traffic" + +## obj spec.routes.services.cookieRewritePolicies + +"The policies for rewriting Set-Cookie header attributes." + +### fn spec.routes.services.cookieRewritePolicies.withName + +```ts +withName(name) +``` + +"Name is the name of the cookie for which attributes will be rewritten." + +### fn spec.routes.services.cookieRewritePolicies.withSameSite + +```ts +withSameSite(sameSite) +``` + +"SameSite enables rewriting the Set-Cookie SameSite element.\nIf not set, SameSite attribute will not be rewritten." + +### fn spec.routes.services.cookieRewritePolicies.withSecure + +```ts +withSecure(secure) +``` + +"Secure enables rewriting the Set-Cookie Secure element.\nIf not set, Secure attribute will not be rewritten." + +## obj spec.routes.services.cookieRewritePolicies.domainRewrite + +"DomainRewrite enables rewriting the Set-Cookie Domain element.\nIf not set, Domain will not be rewritten." + +### fn spec.routes.services.cookieRewritePolicies.domainRewrite.withValue + +```ts +withValue(value) +``` + +"Value is the value to rewrite the Domain attribute to.\nFor now this is required." + +## obj spec.routes.services.cookieRewritePolicies.pathRewrite + +"PathRewrite enables rewriting the Set-Cookie Path element.\nIf not set, Path will not be rewritten." + +### fn spec.routes.services.cookieRewritePolicies.pathRewrite.withValue + +```ts +withValue(value) +``` + +"Value is the value to rewrite the Path attribute to.\nFor now this is required." + +## obj spec.routes.services.requestHeadersPolicy + +"The policy for managing request headers during proxying." + +### fn spec.routes.services.requestHeadersPolicy.withRemove + +```ts +withRemove(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +### fn spec.routes.services.requestHeadersPolicy.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.services.requestHeadersPolicy.withSet + +```ts +withSet(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.routes.services.requestHeadersPolicy.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.services.requestHeadersPolicy.set + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.routes.services.requestHeadersPolicy.set.withName + +```ts +withName(name) +``` + +"Name represents a key of a header" + +### fn spec.routes.services.requestHeadersPolicy.set.withValue + +```ts +withValue(value) +``` + +"Value represents the value of a header specified by a key" + +## obj spec.routes.services.responseHeadersPolicy + +"The policy for managing response headers during proxying.\nRewriting the 'Host' header is not supported." + +### fn spec.routes.services.responseHeadersPolicy.withRemove + +```ts +withRemove(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +### fn spec.routes.services.responseHeadersPolicy.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +**Note:** This function appends passed data to existing values + +### fn spec.routes.services.responseHeadersPolicy.withSet + +```ts +withSet(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.routes.services.responseHeadersPolicy.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.services.responseHeadersPolicy.set + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.routes.services.responseHeadersPolicy.set.withName + +```ts +withName(name) +``` + +"Name represents a key of a header" + +### fn spec.routes.services.responseHeadersPolicy.set.withValue + +```ts +withValue(value) +``` + +"Value represents the value of a header specified by a key" + +## obj spec.routes.services.slowStartPolicy + +"Slow start will gradually increase amount of traffic to a newly added endpoint." + +### fn spec.routes.services.slowStartPolicy.withAggression + +```ts +withAggression(aggression) +``` + +"The speed of traffic increase over the slow start window.\nDefaults to 1.0, so that endpoint would get linearly increasing amount of traffic.\nWhen increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly.\nThe value of aggression parameter should be greater than 0.0.\nMore info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start" + +### fn spec.routes.services.slowStartPolicy.withMinWeightPercent + +```ts +withMinWeightPercent(minWeightPercent) +``` + +"The minimum or starting percentage of traffic to send to new endpoints.\nA non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window.\nIf not specified, the default is 10%." + +### fn spec.routes.services.slowStartPolicy.withWindow + +```ts +withWindow(window) +``` + +"The duration of slow start window.\nDuration is expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"." + +## obj spec.routes.services.validation + +"UpstreamValidation defines how to verify the backend service's certificate" + +### fn spec.routes.services.validation.withCaSecret + +```ts +withCaSecret(caSecret) +``` + +"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\nThe secret must contain key named ca.crt.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)" + +### fn spec.routes.services.validation.withSubjectName + +```ts +withSubjectName(subjectName) +``` + +"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\nDeprecated: migrate to using the plural field subjectNames." + +### fn spec.routes.services.validation.withSubjectNames + +```ts +withSubjectNames(subjectNames) +``` + +"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate." + +### fn spec.routes.services.validation.withSubjectNamesMixin + +```ts +withSubjectNamesMixin(subjectNames) +``` + +"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate." + +**Note:** This function appends passed data to existing values + +## obj spec.routes.timeoutPolicy + +"The timeout policy for this route." + +### fn spec.routes.timeoutPolicy.withIdle + +```ts +withIdle(idle) +``` + +"Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2).\nTimeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests.\nIf not specified, there is no per-route idle timeout, though a connection manager-wide\nstream_idle_timeout default of 5m still applies." + +### fn spec.routes.timeoutPolicy.withIdleConnection + +```ts +withIdleConnection(idleConnection) +``` + +"Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests.\nIf not supplied, Envoy's default value of 1h applies." + +### fn spec.routes.timeoutPolicy.withResponse + +```ts +withResponse(response) +``` + +"Timeout for receiving a response from the server after processing a request from client.\nIf not supplied, Envoy's default value of 15s applies." + +## obj spec.tcpproxy + +"TCPProxy holds TCP proxy information." + +### fn spec.tcpproxy.withServices + +```ts +withServices(services) +``` + +"Services are the services to proxy traffic" + +### fn spec.tcpproxy.withServicesMixin + +```ts +withServicesMixin(services) +``` + +"Services are the services to proxy traffic" + +**Note:** This function appends passed data to existing values + +## obj spec.tcpproxy.healthCheckPolicy + +"The health check policy for this tcp proxy" + +### fn spec.tcpproxy.healthCheckPolicy.withHealthyThresholdCount + +```ts +withHealthyThresholdCount(healthyThresholdCount) +``` + +"The number of healthy health checks required before a host is marked healthy" + +### fn spec.tcpproxy.healthCheckPolicy.withIntervalSeconds + +```ts +withIntervalSeconds(intervalSeconds) +``` + +"The interval (seconds) between health checks" + +### fn spec.tcpproxy.healthCheckPolicy.withTimeoutSeconds + +```ts +withTimeoutSeconds(timeoutSeconds) +``` + +"The time to wait (seconds) for a health check response" + +### fn spec.tcpproxy.healthCheckPolicy.withUnhealthyThresholdCount + +```ts +withUnhealthyThresholdCount(unhealthyThresholdCount) +``` + +"The number of unhealthy health checks required before a host is marked unhealthy" + +## obj spec.tcpproxy.include + +"Include specifies that this tcpproxy should be delegated to another HTTPProxy." + +### fn spec.tcpproxy.include.withName + +```ts +withName(name) +``` + +"Name of the child HTTPProxy" + +### fn spec.tcpproxy.include.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied." + +## obj spec.tcpproxy.includes + +"IncludesDeprecated allow for specific routing configuration to be appended to another HTTPProxy in another namespace.\nExists due to a mistake when developing HTTPProxy and the field was marked plural\nwhen it should have been singular. This field should stay to not break backwards compatibility to v1 users." + +### fn spec.tcpproxy.includes.withName + +```ts +withName(name) +``` + +"Name of the child HTTPProxy" + +### fn spec.tcpproxy.includes.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied." + +## obj spec.tcpproxy.loadBalancerPolicy + +"The load balancing policy for the backend services. Note that the\n`Cookie` and `RequestHash` load balancing strategies cannot be used\nhere." + +### fn spec.tcpproxy.loadBalancerPolicy.withRequestHashPolicies + +```ts +withRequestHashPolicies(requestHashPolicies) +``` + +"RequestHashPolicies contains a list of hash policies to apply when the\n`RequestHash` load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default `RoundRobin`." + +### fn spec.tcpproxy.loadBalancerPolicy.withRequestHashPoliciesMixin + +```ts +withRequestHashPoliciesMixin(requestHashPolicies) +``` + +"RequestHashPolicies contains a list of hash policies to apply when the\n`RequestHash` load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default `RoundRobin`." + +**Note:** This function appends passed data to existing values + +### fn spec.tcpproxy.loadBalancerPolicy.withStrategy + +```ts +withStrategy(strategy) +``` + +"Strategy specifies the policy used to balance requests\nacross the pool of backend pods. Valid policy names are\n`Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`,\nand `RequestHash`. If an unknown strategy name is specified\nor no policy is supplied, the default `RoundRobin` policy\nis used." + +## obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies + +"RequestHashPolicies contains a list of hash policies to apply when the\n`RequestHash` load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default `RoundRobin`." + +### fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.withHashSourceIP + +```ts +withHashSourceIP(hashSourceIP) +``` + +"HashSourceIP should be set to true when request source IP hash based\nload balancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored." + +### fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.withTerminal + +```ts +withTerminal(terminal) +``` + +"Terminal is a flag that allows for short-circuiting computing of a hash\nfor a given request. If set to true, and the request attribute specified\nin the attribute hash options is present, no further hash policies will\nbe used to calculate a hash for the request." + +## obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.headerHashOptions + +"HeaderHashOptions should be set when request header hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored." + +### fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.headerHashOptions.withHeaderName + +```ts +withHeaderName(headerName) +``` + +"HeaderName is the name of the HTTP request header that will be used to\ncalculate the hash key. If the header specified is not present on a\nrequest, no hash will be produced." + +## obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions + +"QueryParameterHashOptions should be set when request query parameter hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored." + +### fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions.withParameterName + +```ts +withParameterName(parameterName) +``` + +"ParameterName is the name of the HTTP request query parameter that will be used to\ncalculate the hash key. If the query parameter specified is not present on a\nrequest, no hash will be produced." + +## obj spec.tcpproxy.services + +"Services are the services to proxy traffic" + +### fn spec.tcpproxy.services.withCookieRewritePolicies + +```ts +withCookieRewritePolicies(cookieRewritePolicies) +``` + +"The policies for rewriting Set-Cookie header attributes." + +### fn spec.tcpproxy.services.withCookieRewritePoliciesMixin + +```ts +withCookieRewritePoliciesMixin(cookieRewritePolicies) +``` + +"The policies for rewriting Set-Cookie header attributes." + +**Note:** This function appends passed data to existing values + +### fn spec.tcpproxy.services.withHealthPort + +```ts +withHealthPort(healthPort) +``` + +"HealthPort is the port for this service healthcheck.\nIf not specified, Port is used for service healthchecks." + +### fn spec.tcpproxy.services.withMirror + +```ts +withMirror(mirror) +``` + +"If Mirror is true the Service will receive a read only mirror of the traffic for this route.\nIf Mirror is true, then fractional mirroring can be enabled by optionally setting the Weight\nfield. Legal values for Weight are 1-100. Omitting the Weight field will result in 100% mirroring.\nNOTE: Setting Weight explicitly to 0 will unexpectedly result in 100% traffic mirroring. This\noccurs since we cannot distinguish omitted fields from those explicitly set to their default\nvalues" + +### fn spec.tcpproxy.services.withName + +```ts +withName(name) +``` + +"Name is the name of Kubernetes service to proxy traffic.\nNames defined here will be used to look up corresponding endpoints which contain the ips to route." + +### fn spec.tcpproxy.services.withPort + +```ts +withPort(port) +``` + +"Port (defined as Integer) to proxy traffic to since a service can have multiple defined." + +### fn spec.tcpproxy.services.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol may be used to specify (or override) the protocol used to reach this Service.\nValues may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations." + +### fn spec.tcpproxy.services.withWeight + +```ts +withWeight(weight) +``` + +"Weight defines percentage of traffic to balance traffic" + +## obj spec.tcpproxy.services.cookieRewritePolicies + +"The policies for rewriting Set-Cookie header attributes." + +### fn spec.tcpproxy.services.cookieRewritePolicies.withName + +```ts +withName(name) +``` + +"Name is the name of the cookie for which attributes will be rewritten." + +### fn spec.tcpproxy.services.cookieRewritePolicies.withSameSite + +```ts +withSameSite(sameSite) +``` + +"SameSite enables rewriting the Set-Cookie SameSite element.\nIf not set, SameSite attribute will not be rewritten." + +### fn spec.tcpproxy.services.cookieRewritePolicies.withSecure + +```ts +withSecure(secure) +``` + +"Secure enables rewriting the Set-Cookie Secure element.\nIf not set, Secure attribute will not be rewritten." + +## obj spec.tcpproxy.services.cookieRewritePolicies.domainRewrite + +"DomainRewrite enables rewriting the Set-Cookie Domain element.\nIf not set, Domain will not be rewritten." + +### fn spec.tcpproxy.services.cookieRewritePolicies.domainRewrite.withValue + +```ts +withValue(value) +``` + +"Value is the value to rewrite the Domain attribute to.\nFor now this is required." + +## obj spec.tcpproxy.services.cookieRewritePolicies.pathRewrite + +"PathRewrite enables rewriting the Set-Cookie Path element.\nIf not set, Path will not be rewritten." + +### fn spec.tcpproxy.services.cookieRewritePolicies.pathRewrite.withValue + +```ts +withValue(value) +``` + +"Value is the value to rewrite the Path attribute to.\nFor now this is required." + +## obj spec.tcpproxy.services.requestHeadersPolicy + +"The policy for managing request headers during proxying." + +### fn spec.tcpproxy.services.requestHeadersPolicy.withRemove + +```ts +withRemove(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +### fn spec.tcpproxy.services.requestHeadersPolicy.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +**Note:** This function appends passed data to existing values + +### fn spec.tcpproxy.services.requestHeadersPolicy.withSet + +```ts +withSet(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.tcpproxy.services.requestHeadersPolicy.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +**Note:** This function appends passed data to existing values + +## obj spec.tcpproxy.services.requestHeadersPolicy.set + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.tcpproxy.services.requestHeadersPolicy.set.withName + +```ts +withName(name) +``` + +"Name represents a key of a header" + +### fn spec.tcpproxy.services.requestHeadersPolicy.set.withValue + +```ts +withValue(value) +``` + +"Value represents the value of a header specified by a key" + +## obj spec.tcpproxy.services.responseHeadersPolicy + +"The policy for managing response headers during proxying.\nRewriting the 'Host' header is not supported." + +### fn spec.tcpproxy.services.responseHeadersPolicy.withRemove + +```ts +withRemove(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +### fn spec.tcpproxy.services.responseHeadersPolicy.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + +"Remove specifies a list of HTTP header names to remove." + +**Note:** This function appends passed data to existing values + +### fn spec.tcpproxy.services.responseHeadersPolicy.withSet + +```ts +withSet(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.tcpproxy.services.responseHeadersPolicy.withSetMixin + +```ts +withSetMixin(set) +``` + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +**Note:** This function appends passed data to existing values + +## obj spec.tcpproxy.services.responseHeadersPolicy.set + +"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value." + +### fn spec.tcpproxy.services.responseHeadersPolicy.set.withName + +```ts +withName(name) +``` + +"Name represents a key of a header" + +### fn spec.tcpproxy.services.responseHeadersPolicy.set.withValue + +```ts +withValue(value) +``` + +"Value represents the value of a header specified by a key" + +## obj spec.tcpproxy.services.slowStartPolicy + +"Slow start will gradually increase amount of traffic to a newly added endpoint." + +### fn spec.tcpproxy.services.slowStartPolicy.withAggression + +```ts +withAggression(aggression) +``` + +"The speed of traffic increase over the slow start window.\nDefaults to 1.0, so that endpoint would get linearly increasing amount of traffic.\nWhen increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly.\nThe value of aggression parameter should be greater than 0.0.\nMore info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start" + +### fn spec.tcpproxy.services.slowStartPolicy.withMinWeightPercent + +```ts +withMinWeightPercent(minWeightPercent) +``` + +"The minimum or starting percentage of traffic to send to new endpoints.\nA non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window.\nIf not specified, the default is 10%." + +### fn spec.tcpproxy.services.slowStartPolicy.withWindow + +```ts +withWindow(window) +``` + +"The duration of slow start window.\nDuration is expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"." + +## obj spec.tcpproxy.services.validation + +"UpstreamValidation defines how to verify the backend service's certificate" + +### fn spec.tcpproxy.services.validation.withCaSecret + +```ts +withCaSecret(caSecret) +``` + +"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\nThe secret must contain key named ca.crt.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)" + +### fn spec.tcpproxy.services.validation.withSubjectName + +```ts +withSubjectName(subjectName) +``` + +"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\nDeprecated: migrate to using the plural field subjectNames." + +### fn spec.tcpproxy.services.validation.withSubjectNames + +```ts +withSubjectNames(subjectNames) +``` + +"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate." + +### fn spec.tcpproxy.services.validation.withSubjectNamesMixin + +```ts +withSubjectNamesMixin(subjectNames) +``` + +"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate." + +**Note:** This function appends passed data to existing values + +## obj spec.virtualhost + +"Virtualhost appears at most once. If it is present, the object is considered\nto be a \"root\" HTTPProxy." + +### fn spec.virtualhost.withFqdn + +```ts +withFqdn(fqdn) +``` + +"The fully qualified domain name of the root of the ingress tree\nall leaves of the DAG rooted at this object relate to the fqdn." + +### fn spec.virtualhost.withIpAllowPolicy + +```ts +withIpAllowPolicy(ipAllowPolicy) +``` + +"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route." + +### fn spec.virtualhost.withIpAllowPolicyMixin + +```ts +withIpAllowPolicyMixin(ipAllowPolicy) +``` + +"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.withIpDenyPolicy + +```ts +withIpDenyPolicy(ipDenyPolicy) +``` + +"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route." + +### fn spec.virtualhost.withIpDenyPolicyMixin + +```ts +withIpDenyPolicyMixin(ipDenyPolicy) +``` + +"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.withJwtProviders + +```ts +withJwtProviders(jwtProviders) +``` + +"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host." + +### fn spec.virtualhost.withJwtProvidersMixin + +```ts +withJwtProvidersMixin(jwtProviders) +``` + +"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host." + +**Note:** This function appends passed data to existing values + +## obj spec.virtualhost.authorization + +"This field configures an extension service to perform\nauthorization for this virtual host. Authorization can\nonly be configured on virtual hosts that have TLS enabled.\nIf the TLS configuration requires client certificate\nvalidation, the client certificate is always included in the\nauthentication check request." + +### fn spec.virtualhost.authorization.withFailOpen + +```ts +withFailOpen(failOpen) +``` + +"If FailOpen is true, the client request is forwarded to the upstream service\neven if the authorization server fails to respond. This field should not be\nset in most cases. It is intended for use only while migrating applications\nfrom internal authorization to Contour external authorization." + +### fn spec.virtualhost.authorization.withResponseTimeout + +```ts +withResponseTimeout(responseTimeout) +``` + +"ResponseTimeout configures maximum time to wait for a check response from the authorization server.\nTimeout durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".\nThe string \"infinity\" is also a valid input and specifies no timeout." + +## obj spec.virtualhost.authorization.authPolicy + +"AuthPolicy sets a default authorization policy for client requests.\nThis policy will be used unless overridden by individual routes." + +### fn spec.virtualhost.authorization.authPolicy.withContext + +```ts +withContext(context) +``` + +"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope." + +### fn spec.virtualhost.authorization.authPolicy.withContextMixin + +```ts +withContextMixin(context) +``` + +"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.authorization.authPolicy.withDisabled + +```ts +withDisabled(disabled) +``` + +"When true, this field disables client request authentication\nfor the scope of the policy." + +## obj spec.virtualhost.authorization.extensionRef + +"ExtensionServiceRef specifies the extension resource that will authorize client requests." + +### fn spec.virtualhost.authorization.extensionRef.withApiVersion + +```ts +withApiVersion(apiVersion) +``` + +"API version of the referent.\nIf this field is not specified, the default \"projectcontour.io/v1alpha1\" will be used" + +### fn spec.virtualhost.authorization.extensionRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + +### fn spec.virtualhost.authorization.extensionRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace of the referent.\nIf this field is not specifies, the namespace of the resource that targets the referent will be used.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + +## obj spec.virtualhost.authorization.withRequestBody + +"WithRequestBody specifies configuration for sending the client request's body to authorization server." + +### fn spec.virtualhost.authorization.withRequestBody.withAllowPartialMessage + +```ts +withAllowPartialMessage(allowPartialMessage) +``` + +"If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached." + +### fn spec.virtualhost.authorization.withRequestBody.withMaxRequestBytes + +```ts +withMaxRequestBytes(maxRequestBytes) +``` + +"MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory." + +### fn spec.virtualhost.authorization.withRequestBody.withPackAsBytes + +```ts +withPackAsBytes(packAsBytes) +``` + +"If PackAsBytes is true, the body sent to Authorization Server is in raw bytes." + +## obj spec.virtualhost.corsPolicy + +"Specifies the cross-origin policy to apply to the VirtualHost." + +### fn spec.virtualhost.corsPolicy.withAllowCredentials + +```ts +withAllowCredentials(allowCredentials) +``` + +"Specifies whether the resource allows credentials." + +### fn spec.virtualhost.corsPolicy.withAllowHeaders + +```ts +withAllowHeaders(allowHeaders) +``` + +"AllowHeaders specifies the content for the *access-control-allow-headers* header." + +### fn spec.virtualhost.corsPolicy.withAllowHeadersMixin + +```ts +withAllowHeadersMixin(allowHeaders) +``` + +"AllowHeaders specifies the content for the *access-control-allow-headers* header." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.corsPolicy.withAllowMethods + +```ts +withAllowMethods(allowMethods) +``` + +"AllowMethods specifies the content for the *access-control-allow-methods* header." + +### fn spec.virtualhost.corsPolicy.withAllowMethodsMixin + +```ts +withAllowMethodsMixin(allowMethods) +``` + +"AllowMethods specifies the content for the *access-control-allow-methods* header." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.corsPolicy.withAllowOrigin + +```ts +withAllowOrigin(allowOrigin) +``` + +"AllowOrigin specifies the origins that will be allowed to do CORS requests.\nAllowed values include \"*\" which signifies any origin is allowed, an exact\norigin of the form \"scheme://host[:port]\" (where port is optional), or a valid\nregex pattern.\nNote that regex patterns are validated and a simple \"glob\" pattern (e.g. *.foo.com)\nwill be rejected or produce unexpected matches when applied as a regex." + +### fn spec.virtualhost.corsPolicy.withAllowOriginMixin + +```ts +withAllowOriginMixin(allowOrigin) +``` + +"AllowOrigin specifies the origins that will be allowed to do CORS requests.\nAllowed values include \"*\" which signifies any origin is allowed, an exact\norigin of the form \"scheme://host[:port]\" (where port is optional), or a valid\nregex pattern.\nNote that regex patterns are validated and a simple \"glob\" pattern (e.g. *.foo.com)\nwill be rejected or produce unexpected matches when applied as a regex." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.corsPolicy.withAllowPrivateNetwork + +```ts +withAllowPrivateNetwork(allowPrivateNetwork) +``` + +"AllowPrivateNetwork specifies whether to allow private network requests.\nSee https://developer.chrome.com/blog/private-network-access-preflight." + +### fn spec.virtualhost.corsPolicy.withExposeHeaders + +```ts +withExposeHeaders(exposeHeaders) +``` + +"ExposeHeaders Specifies the content for the *access-control-expose-headers* header." + +### fn spec.virtualhost.corsPolicy.withExposeHeadersMixin + +```ts +withExposeHeadersMixin(exposeHeaders) +``` + +"ExposeHeaders Specifies the content for the *access-control-expose-headers* header." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.corsPolicy.withMaxAge + +```ts +withMaxAge(maxAge) +``` + +"MaxAge indicates for how long the results of a preflight request can be cached.\nMaxAge durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".\nOnly positive values are allowed while 0 disables the cache requiring a preflight OPTIONS\ncheck for all cross-origin requests." + +## obj spec.virtualhost.ipAllowPolicy + +"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route." + +### fn spec.virtualhost.ipAllowPolicy.withCidr + +```ts +withCidr(cidr) +``` + +"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\na bare IP address (without a mask) to filter on exactly one address." + +### fn spec.virtualhost.ipAllowPolicy.withSource + +```ts +withSource(source) +``` + +"Source indicates how to determine the ip address to filter on, and can be\none of two values:\n - `Remote` filters on the ip address of the client, accounting for PROXY and\n X-Forwarded-For as needed.\n - `Peer` filters on the ip of the network request, ignoring PROXY and\n X-Forwarded-For." + +## obj spec.virtualhost.ipDenyPolicy + +"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route." + +### fn spec.virtualhost.ipDenyPolicy.withCidr + +```ts +withCidr(cidr) +``` + +"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\na bare IP address (without a mask) to filter on exactly one address." + +### fn spec.virtualhost.ipDenyPolicy.withSource + +```ts +withSource(source) +``` + +"Source indicates how to determine the ip address to filter on, and can be\none of two values:\n - `Remote` filters on the ip address of the client, accounting for PROXY and\n X-Forwarded-For as needed.\n - `Peer` filters on the ip of the network request, ignoring PROXY and\n X-Forwarded-For." + +## obj spec.virtualhost.jwtProviders + +"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host." + +### fn spec.virtualhost.jwtProviders.withAudiences + +```ts +withAudiences(audiences) +``` + +"Audiences that JWTs are allowed to have in the \"aud\" field.\nIf not provided, JWT audiences are not checked." + +### fn spec.virtualhost.jwtProviders.withAudiencesMixin + +```ts +withAudiencesMixin(audiences) +``` + +"Audiences that JWTs are allowed to have in the \"aud\" field.\nIf not provided, JWT audiences are not checked." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.jwtProviders.withDefault + +```ts +withDefault(default) +``` + +"Whether the provider should apply to all\nroutes in the HTTPProxy/its includes by\ndefault. At most one provider can be marked\nas the default. If no provider is marked\nas the default, individual routes must explicitly\nidentify the provider they require." + +### fn spec.virtualhost.jwtProviders.withForwardJWT + +```ts +withForwardJWT(forwardJWT) +``` + +"Whether the JWT should be forwarded to the backend\nservice after successful verification. By default,\nthe JWT is not forwarded." + +### fn spec.virtualhost.jwtProviders.withIssuer + +```ts +withIssuer(issuer) +``` + +"Issuer that JWTs are required to have in the \"iss\" field.\nIf not provided, JWT issuers are not checked." + +### fn spec.virtualhost.jwtProviders.withName + +```ts +withName(name) +``` + +"Unique name for the provider." + +## obj spec.virtualhost.jwtProviders.remoteJWKS + +"Remote JWKS to use for verifying JWT signatures." + +### fn spec.virtualhost.jwtProviders.remoteJWKS.withCacheDuration + +```ts +withCacheDuration(cacheDuration) +``` + +"How long to cache the JWKS locally. If not specified,\nEnvoy's default of 5m applies." + +### fn spec.virtualhost.jwtProviders.remoteJWKS.withDnsLookupFamily + +```ts +withDnsLookupFamily(dnsLookupFamily) +``` + +"The DNS IP address resolution policy for the JWKS URI.\nWhen configured as \"v4\", the DNS resolver will only perform a lookup\nfor addresses in the IPv4 family. If \"v6\" is configured, the DNS resolver\nwill only perform a lookup for addresses in the IPv6 family.\nIf \"all\" is configured, the DNS resolver\nwill perform a lookup for addresses in both the IPv4 and IPv6 family.\nIf \"auto\" is configured, the DNS resolver will first perform a lookup\nfor addresses in the IPv6 family and fallback to a lookup for addresses\nin the IPv4 family. If not specified, the Contour-wide setting defined\nin the config file or ContourConfiguration applies (defaults to \"auto\").\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily\nfor more information." + +### fn spec.virtualhost.jwtProviders.remoteJWKS.withTimeout + +```ts +withTimeout(timeout) +``` + +"How long to wait for a response from the URI.\nIf not specified, a default of 1s applies." + +### fn spec.virtualhost.jwtProviders.remoteJWKS.withUri + +```ts +withUri(uri) +``` + +"The URI for the JWKS." + +## obj spec.virtualhost.jwtProviders.remoteJWKS.validation + +"UpstreamValidation defines how to verify the JWKS's TLS certificate." + +### fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withCaSecret + +```ts +withCaSecret(caSecret) +``` + +"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\nThe secret must contain key named ca.crt.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)" + +### fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withSubjectName + +```ts +withSubjectName(subjectName) +``` + +"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\nDeprecated: migrate to using the plural field subjectNames." + +### fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withSubjectNames + +```ts +withSubjectNames(subjectNames) +``` + +"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate." + +### fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withSubjectNamesMixin + +```ts +withSubjectNamesMixin(subjectNames) +``` + +"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate." + +**Note:** This function appends passed data to existing values + +## obj spec.virtualhost.rateLimitPolicy + +"The policy for rate limiting on the virtual host." + +## obj spec.virtualhost.rateLimitPolicy.global + +"Global defines global rate limiting parameters, i.e. parameters\ndefining descriptors that are sent to an external rate limit\nservice (RLS) for a rate limit decision on each request." + +### fn spec.virtualhost.rateLimitPolicy.global.withDescriptors + +```ts +withDescriptors(descriptors) +``` + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +### fn spec.virtualhost.rateLimitPolicy.global.withDescriptorsMixin + +```ts +withDescriptorsMixin(descriptors) +``` + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.rateLimitPolicy.global.withDisabled + +```ts +withDisabled(disabled) +``` + +"Disabled configures the HTTPProxy to not use\nthe default global rate limit policy defined by the Contour configuration." + +## obj spec.virtualhost.rateLimitPolicy.global.descriptors + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.withEntries + +```ts +withEntries(entries) +``` + +"Entries is the list of key-value pair generators." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.withEntriesMixin + +```ts +withEntriesMixin(entries) +``` + +"Entries is the list of key-value pair generators." + +**Note:** This function appends passed data to existing values + +## obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries + +"Entries is the list of key-value pair generators." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.withRemoteAddress + +```ts +withRemoteAddress(remoteAddress) +``` + +"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.withRemoteAddressMixin + +```ts +withRemoteAddressMixin(remoteAddress) +``` + +"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)." + +**Note:** This function appends passed data to existing values + +## obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey + +"GenericKey defines a descriptor entry with a static key and value." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey.withKey + +```ts +withKey(key) +``` + +"Key defines the key of the descriptor entry. If not set, the\nkey is set to \"generic_key\"." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey.withValue + +```ts +withValue(value) +``` + +"Value defines the value of the descriptor entry." + +## obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader + +"RequestHeader defines a descriptor entry that's populated only if\na given header is present on the request. The descriptor key is static,\nand the descriptor value is equal to the value of the header." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader.withDescriptorKey + +```ts +withDescriptorKey(descriptorKey) +``` + +"DescriptorKey defines the key to use on the descriptor entry." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader.withHeaderName + +```ts +withHeaderName(headerName) +``` + +"HeaderName defines the name of the header to look for on the request." + +## obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch + +"RequestHeaderValueMatch defines a descriptor entry that's populated\nif the request's headers match a set of 1+ match criteria. The\ndescriptor key is \"header_match\", and the descriptor value is static." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withExpectMatch + +```ts +withExpectMatch(expectMatch) +``` + +"ExpectMatch defines whether the request must positively match the match\ncriteria in order to generate a descriptor entry (i.e. true), or not\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\nThe default is true." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withValue + +```ts +withValue(value) +``` + +"Value defines the value of the descriptor entry." + +## obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withContains + +```ts +withContains(contains) +``` + +"Contains specifies a substring that must be present in\nthe header value." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withExact + +```ts +withExact(exact) +``` + +"Exact specifies a string that the header value must be equal to." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withIgnoreCase + +```ts +withIgnoreCase(ignoreCase) +``` + +"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains + +```ts +withNotcontains(notcontains) +``` + +"NotContains specifies a substring that must not be present\nin the header value." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotexact + +```ts +withNotexact(notexact) +``` + +"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent + +```ts +withNotpresent(notpresent) +``` + +"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withPresent + +```ts +withPresent(present) +``` + +"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withRegex + +```ts +withRegex(regex) +``` + +"Regex specifies a regular expression pattern that must match the header\nvalue." + +### fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withTreatMissingAsEmpty + +```ts +withTreatMissingAsEmpty(treatMissingAsEmpty) +``` + +"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is **only** supported for\nnegative matches (e.g. NotContains, NotExact)." + +## obj spec.virtualhost.rateLimitPolicy.local + +"Local defines local rate limiting parameters, i.e. parameters\nfor rate limiting that occurs within each Envoy pod as requests\nare handled." + +### fn spec.virtualhost.rateLimitPolicy.local.withBurst + +```ts +withBurst(burst) +``` + +"Burst defines the number of requests above the requests per\nunit that should be allowed within a short period of time." + +### fn spec.virtualhost.rateLimitPolicy.local.withRequests + +```ts +withRequests(requests) +``` + +"Requests defines how many requests per unit of time should\nbe allowed before rate limiting occurs." + +### fn spec.virtualhost.rateLimitPolicy.local.withResponseHeadersToAdd + +```ts +withResponseHeadersToAdd(responseHeadersToAdd) +``` + +"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited." + +### fn spec.virtualhost.rateLimitPolicy.local.withResponseHeadersToAddMixin + +```ts +withResponseHeadersToAddMixin(responseHeadersToAdd) +``` + +"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited." + +**Note:** This function appends passed data to existing values + +### fn spec.virtualhost.rateLimitPolicy.local.withResponseStatusCode + +```ts +withResponseStatusCode(responseStatusCode) +``` + +"ResponseStatusCode is the HTTP status code to use for responses\nto rate-limited requests. Codes must be in the 400-599 range\n(inclusive). If not specified, the Envoy default of 429 (Too\nMany Requests) is used." + +### fn spec.virtualhost.rateLimitPolicy.local.withUnit + +```ts +withUnit(unit) +``` + +"Unit defines the period of time within which requests\nover the limit will be rate limited. Valid values are\n\"second\", \"minute\" and \"hour\"." + +## obj spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd + +"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited." + +### fn spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd.withName + +```ts +withName(name) +``` + +"Name represents a key of a header" + +### fn spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd.withValue + +```ts +withValue(value) +``` + +"Value represents the value of a header specified by a key" + +## obj spec.virtualhost.tls + +"If present the fields describes TLS properties of the virtual\nhost. The SNI names that will be matched on are described in fqdn,\nthe tls.secretName secret must contain a certificate that itself\ncontains a name that matches the FQDN." + +### fn spec.virtualhost.tls.withEnableFallbackCertificate + +```ts +withEnableFallbackCertificate(enableFallbackCertificate) +``` + +"EnableFallbackCertificate defines if the vhost should allow a default certificate to\nbe applied which handles all requests which don't match the SNI defined in this vhost." + +### fn spec.virtualhost.tls.withMaximumProtocolVersion + +```ts +withMaximumProtocolVersion(maximumProtocolVersion) +``` + +"MaximumProtocolVersion is the maximum TLS version this vhost should\nnegotiate. Valid options are `1.2` and `1.3` (default). Any other value\ndefaults to TLS 1.3." + +### fn spec.virtualhost.tls.withMinimumProtocolVersion + +```ts +withMinimumProtocolVersion(minimumProtocolVersion) +``` + +"MinimumProtocolVersion is the minimum TLS version this vhost should\nnegotiate. Valid options are `1.2` (default) and `1.3`. Any other value\ndefaults to TLS 1.2." + +### fn spec.virtualhost.tls.withPassthrough + +```ts +withPassthrough(passthrough) +``` + +"Passthrough defines whether the encrypted TLS handshake will be\npassed through to the backing cluster. Either Passthrough or\nSecretName must be specified, but not both." + +### fn spec.virtualhost.tls.withSecretName + +```ts +withSecretName(secretName) +``` + +"SecretName is the name of a TLS secret.\nEither SecretName or Passthrough must be specified, but not both.\nIf specified, the named secret must contain a matching certificate\nfor the virtual host's FQDN.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret." + +## obj spec.virtualhost.tls.clientValidation + +"ClientValidation defines how to verify the client certificate\nwhen an external client establishes a TLS connection to Envoy.\nThis setting:\n1. Enables TLS client certificate validation.\n2. Specifies how the client certificate will be validated (i.e.\n validation required or skipped).\nNote: Setting client certificate validation to be skipped should\nbe only used in conjunction with an external authorization server that\nperforms client validation as Contour will ensure client certificates\nare passed along." + +### fn spec.virtualhost.tls.clientValidation.withCaSecret + +```ts +withCaSecret(caSecret) +``` + +"Name of a Kubernetes secret that contains a CA certificate bundle.\nThe secret must contain key named ca.crt.\nThe client certificate must validate against the certificates in the bundle.\nIf specified and SkipClientCertValidation is true, client certificates will\nbe required on requests.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret." + +### fn spec.virtualhost.tls.clientValidation.withCrlOnlyVerifyLeafCert + +```ts +withCrlOnlyVerifyLeafCert(crlOnlyVerifyLeafCert) +``` + +"If this option is set to true, only the certificate at the end of the\ncertificate chain will be subject to validation by CRL." + +### fn spec.virtualhost.tls.clientValidation.withCrlSecret + +```ts +withCrlSecret(crlSecret) +``` + +"Name of a Kubernetes opaque secret that contains a concatenated list of PEM encoded CRLs.\nThe secret must contain key named crl.pem.\nThis field will be used to verify that a client certificate has not been revoked.\nCRLs must be available from all CAs, unless crlOnlyVerifyLeafCert is true.\nLarge CRL lists are not supported since individual secrets are limited to 1MiB in size.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret." + +### fn spec.virtualhost.tls.clientValidation.withOptionalClientCertificate + +```ts +withOptionalClientCertificate(optionalClientCertificate) +``` + +"OptionalClientCertificate when set to true will request a client certificate\nbut allow the connection to continue if the client does not provide one.\nIf a client certificate is sent, it will be verified according to the\nother properties, which includes disabling validation if\nSkipClientCertValidation is set. Defaults to false." + +### fn spec.virtualhost.tls.clientValidation.withSkipClientCertValidation + +```ts +withSkipClientCertValidation(skipClientCertValidation) +``` + +"SkipClientCertValidation disables downstream client certificate\nvalidation. Defaults to false. This field is intended to be used in\nconjunction with external authorization in order to enable the external\nauthorization server to validate client certificates. When this field\nis set to true, client certificates are requested but not verified by\nEnvoy. If CACertificate is specified, client certificates are required on\nrequests, but not verified. If external authorization is in use, they are\npresented to the external authorization server." + +## obj spec.virtualhost.tls.clientValidation.forwardClientCertificate + +"ForwardClientCertificate adds the selected data from the passed client TLS certificate\nto the x-forwarded-client-cert header." + +### fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withCert + +```ts +withCert(cert) +``` + +"Client cert in URL encoded PEM format." + +### fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withChain + +```ts +withChain(chain) +``` + +"Client cert chain (including the leaf cert) in URL encoded PEM format." + +### fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withDns + +```ts +withDns(dns) +``` + +"DNS type Subject Alternative Names of the client cert." + +### fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withSubject + +```ts +withSubject(subject) +``` + +"Subject of the client cert." + +### fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withUri + +```ts +withUri(uri) +``` + +"URI type Subject Alternative Name of the client cert." \ No newline at end of file diff --git a/docs/1.29/projectcontour/v1/index.md b/docs/1.29/projectcontour/v1/index.md new file mode 100644 index 0000000..dc806d5 --- /dev/null +++ b/docs/1.29/projectcontour/v1/index.md @@ -0,0 +1,10 @@ +--- +permalink: /1.29/projectcontour/v1/ +--- + +# projectcontour.v1 + + + +* [httpProxy](httpProxy.md) +* [tlsCertificateDelegation](tlsCertificateDelegation.md) \ No newline at end of file diff --git a/docs/1.29/projectcontour/v1/tlsCertificateDelegation.md b/docs/1.29/projectcontour/v1/tlsCertificateDelegation.md new file mode 100644 index 0000000..343c371 --- /dev/null +++ b/docs/1.29/projectcontour/v1/tlsCertificateDelegation.md @@ -0,0 +1,264 @@ +--- +permalink: /1.29/projectcontour/v1/tlsCertificateDelegation/ +--- + +# projectcontour.v1.tlsCertificateDelegation + +"TLSCertificateDelegation is an TLS Certificate Delegation CRD specification.\nSee design/tls-certificate-delegation.md for details." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withDelegations(delegations)`](#fn-specwithdelegations) + * [`fn withDelegationsMixin(delegations)`](#fn-specwithdelegationsmixin) + * [`obj spec.delegations`](#obj-specdelegations) + * [`fn withSecretName(secretName)`](#fn-specdelegationswithsecretname) + * [`fn withTargetNamespaces(targetNamespaces)`](#fn-specdelegationswithtargetnamespaces) + * [`fn withTargetNamespacesMixin(targetNamespaces)`](#fn-specdelegationswithtargetnamespacesmixin) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of TLSCertificateDelegation + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"TLSCertificateDelegationSpec defines the spec of the CRD" + +### fn spec.withDelegations + +```ts +withDelegations(delegations) +``` + + + +### fn spec.withDelegationsMixin + +```ts +withDelegationsMixin(delegations) +``` + + + +**Note:** This function appends passed data to existing values + +## obj spec.delegations + + + +### fn spec.delegations.withSecretName + +```ts +withSecretName(secretName) +``` + +"required, the name of a secret in the current namespace." + +### fn spec.delegations.withTargetNamespaces + +```ts +withTargetNamespaces(targetNamespaces) +``` + +"required, the namespaces the authority to reference the\nsecret will be delegated to.\nIf TargetNamespaces is nil or empty, the CertificateDelegation'\nis ignored. If the TargetNamespace list contains the character, \"*\"\nthe secret will be delegated to all namespaces." + +### fn spec.delegations.withTargetNamespacesMixin + +```ts +withTargetNamespacesMixin(targetNamespaces) +``` + +"required, the namespaces the authority to reference the\nsecret will be delegated to.\nIf TargetNamespaces is nil or empty, the CertificateDelegation'\nis ignored. If the TargetNamespace list contains the character, \"*\"\nthe secret will be delegated to all namespaces." + +**Note:** This function appends passed data to existing values \ No newline at end of file diff --git a/docs/1.29/projectcontour/v1alpha1/contourConfiguration.md b/docs/1.29/projectcontour/v1alpha1/contourConfiguration.md new file mode 100644 index 0000000..2fdef74 --- /dev/null +++ b/docs/1.29/projectcontour/v1alpha1/contourConfiguration.md @@ -0,0 +1,1838 @@ +--- +permalink: /1.29/projectcontour/v1alpha1/contourConfiguration/ +--- + +# projectcontour.v1alpha1.contourConfiguration + +"ContourConfiguration is the schema for a Contour instance." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withEnableExternalNameService(enableExternalNameService)`](#fn-specwithenableexternalnameservice) + * [`fn withFeatureFlags(featureFlags)`](#fn-specwithfeatureflags) + * [`fn withFeatureFlagsMixin(featureFlags)`](#fn-specwithfeatureflagsmixin) + * [`obj spec.debug`](#obj-specdebug) + * [`fn withAddress(address)`](#fn-specdebugwithaddress) + * [`fn withPort(port)`](#fn-specdebugwithport) + * [`obj spec.envoy`](#obj-specenvoy) + * [`fn withDefaultHTTPVersions(defaultHTTPVersions)`](#fn-specenvoywithdefaulthttpversions) + * [`fn withDefaultHTTPVersionsMixin(defaultHTTPVersions)`](#fn-specenvoywithdefaulthttpversionsmixin) + * [`obj spec.envoy.clientCertificate`](#obj-specenvoyclientcertificate) + * [`fn withName(name)`](#fn-specenvoyclientcertificatewithname) + * [`fn withNamespace(namespace)`](#fn-specenvoyclientcertificatewithnamespace) + * [`obj spec.envoy.cluster`](#obj-specenvoycluster) + * [`fn withDnsLookupFamily(dnsLookupFamily)`](#fn-specenvoyclusterwithdnslookupfamily) + * [`fn withMaxRequestsPerConnection(maxRequestsPerConnection)`](#fn-specenvoyclusterwithmaxrequestsperconnection) + * [`fn withPer-Connection-Buffer-Limit-Bytes(per_connection_buffer_limit_bytes)`](#fn-specenvoyclusterwithper-connection-buffer-limit-bytes) + * [`obj spec.envoy.cluster.circuitBreakers`](#obj-specenvoyclustercircuitbreakers) + * [`fn withMaxConnections(maxConnections)`](#fn-specenvoyclustercircuitbreakerswithmaxconnections) + * [`fn withMaxPendingRequests(maxPendingRequests)`](#fn-specenvoyclustercircuitbreakerswithmaxpendingrequests) + * [`fn withMaxRequests(maxRequests)`](#fn-specenvoyclustercircuitbreakerswithmaxrequests) + * [`fn withMaxRetries(maxRetries)`](#fn-specenvoyclustercircuitbreakerswithmaxretries) + * [`obj spec.envoy.cluster.upstreamTLS`](#obj-specenvoyclusterupstreamtls) + * [`fn withCipherSuites(cipherSuites)`](#fn-specenvoyclusterupstreamtlswithciphersuites) + * [`fn withCipherSuitesMixin(cipherSuites)`](#fn-specenvoyclusterupstreamtlswithciphersuitesmixin) + * [`fn withMaximumProtocolVersion(maximumProtocolVersion)`](#fn-specenvoyclusterupstreamtlswithmaximumprotocolversion) + * [`fn withMinimumProtocolVersion(minimumProtocolVersion)`](#fn-specenvoyclusterupstreamtlswithminimumprotocolversion) + * [`obj spec.envoy.health`](#obj-specenvoyhealth) + * [`fn withAddress(address)`](#fn-specenvoyhealthwithaddress) + * [`fn withPort(port)`](#fn-specenvoyhealthwithport) + * [`obj spec.envoy.http`](#obj-specenvoyhttp) + * [`fn withAccessLog(accessLog)`](#fn-specenvoyhttpwithaccesslog) + * [`fn withAddress(address)`](#fn-specenvoyhttpwithaddress) + * [`fn withPort(port)`](#fn-specenvoyhttpwithport) + * [`obj spec.envoy.https`](#obj-specenvoyhttps) + * [`fn withAccessLog(accessLog)`](#fn-specenvoyhttpswithaccesslog) + * [`fn withAddress(address)`](#fn-specenvoyhttpswithaddress) + * [`fn withPort(port)`](#fn-specenvoyhttpswithport) + * [`obj spec.envoy.listener`](#obj-specenvoylistener) + * [`fn withConnectionBalancer(connectionBalancer)`](#fn-specenvoylistenerwithconnectionbalancer) + * [`fn withDisableAllowChunkedLength(disableAllowChunkedLength)`](#fn-specenvoylistenerwithdisableallowchunkedlength) + * [`fn withDisableMergeSlashes(disableMergeSlashes)`](#fn-specenvoylistenerwithdisablemergeslashes) + * [`fn withHttpMaxConcurrentStreams(httpMaxConcurrentStreams)`](#fn-specenvoylistenerwithhttpmaxconcurrentstreams) + * [`fn withMaxConnectionsPerListener(maxConnectionsPerListener)`](#fn-specenvoylistenerwithmaxconnectionsperlistener) + * [`fn withMaxRequestsPerConnection(maxRequestsPerConnection)`](#fn-specenvoylistenerwithmaxrequestsperconnection) + * [`fn withMaxRequestsPerIOCycle(maxRequestsPerIOCycle)`](#fn-specenvoylistenerwithmaxrequestsperiocycle) + * [`fn withPer-Connection-Buffer-Limit-Bytes(per_connection_buffer_limit_bytes)`](#fn-specenvoylistenerwithper-connection-buffer-limit-bytes) + * [`fn withServerHeaderTransformation(serverHeaderTransformation)`](#fn-specenvoylistenerwithserverheadertransformation) + * [`fn withUseProxyProtocol(useProxyProtocol)`](#fn-specenvoylistenerwithuseproxyprotocol) + * [`obj spec.envoy.listener.socketOptions`](#obj-specenvoylistenersocketoptions) + * [`fn withTos(tos)`](#fn-specenvoylistenersocketoptionswithtos) + * [`fn withTrafficClass(trafficClass)`](#fn-specenvoylistenersocketoptionswithtrafficclass) + * [`obj spec.envoy.listener.tls`](#obj-specenvoylistenertls) + * [`fn withCipherSuites(cipherSuites)`](#fn-specenvoylistenertlswithciphersuites) + * [`fn withCipherSuitesMixin(cipherSuites)`](#fn-specenvoylistenertlswithciphersuitesmixin) + * [`fn withMaximumProtocolVersion(maximumProtocolVersion)`](#fn-specenvoylistenertlswithmaximumprotocolversion) + * [`fn withMinimumProtocolVersion(minimumProtocolVersion)`](#fn-specenvoylistenertlswithminimumprotocolversion) + * [`obj spec.envoy.logging`](#obj-specenvoylogging) + * [`fn withAccessLogFormat(accessLogFormat)`](#fn-specenvoyloggingwithaccesslogformat) + * [`fn withAccessLogFormatString(accessLogFormatString)`](#fn-specenvoyloggingwithaccesslogformatstring) + * [`fn withAccessLogJSONFields(accessLogJSONFields)`](#fn-specenvoyloggingwithaccesslogjsonfields) + * [`fn withAccessLogJSONFieldsMixin(accessLogJSONFields)`](#fn-specenvoyloggingwithaccesslogjsonfieldsmixin) + * [`fn withAccessLogLevel(accessLogLevel)`](#fn-specenvoyloggingwithaccessloglevel) + * [`obj spec.envoy.metrics`](#obj-specenvoymetrics) + * [`fn withAddress(address)`](#fn-specenvoymetricswithaddress) + * [`fn withPort(port)`](#fn-specenvoymetricswithport) + * [`obj spec.envoy.metrics.tls`](#obj-specenvoymetricstls) + * [`fn withCaFile(caFile)`](#fn-specenvoymetricstlswithcafile) + * [`fn withCertFile(certFile)`](#fn-specenvoymetricstlswithcertfile) + * [`fn withKeyFile(keyFile)`](#fn-specenvoymetricstlswithkeyfile) + * [`obj spec.envoy.network`](#obj-specenvoynetwork) + * [`fn withAdminPort(adminPort)`](#fn-specenvoynetworkwithadminport) + * [`fn withNumTrustedHops(numTrustedHops)`](#fn-specenvoynetworkwithnumtrustedhops) + * [`obj spec.envoy.service`](#obj-specenvoyservice) + * [`fn withName(name)`](#fn-specenvoyservicewithname) + * [`fn withNamespace(namespace)`](#fn-specenvoyservicewithnamespace) + * [`obj spec.envoy.timeouts`](#obj-specenvoytimeouts) + * [`fn withConnectTimeout(connectTimeout)`](#fn-specenvoytimeoutswithconnecttimeout) + * [`fn withConnectionIdleTimeout(connectionIdleTimeout)`](#fn-specenvoytimeoutswithconnectionidletimeout) + * [`fn withConnectionShutdownGracePeriod(connectionShutdownGracePeriod)`](#fn-specenvoytimeoutswithconnectionshutdowngraceperiod) + * [`fn withDelayedCloseTimeout(delayedCloseTimeout)`](#fn-specenvoytimeoutswithdelayedclosetimeout) + * [`fn withMaxConnectionDuration(maxConnectionDuration)`](#fn-specenvoytimeoutswithmaxconnectionduration) + * [`fn withRequestTimeout(requestTimeout)`](#fn-specenvoytimeoutswithrequesttimeout) + * [`fn withStreamIdleTimeout(streamIdleTimeout)`](#fn-specenvoytimeoutswithstreamidletimeout) + * [`obj spec.gateway`](#obj-specgateway) + * [`obj spec.gateway.gatewayRef`](#obj-specgatewaygatewayref) + * [`fn withName(name)`](#fn-specgatewaygatewayrefwithname) + * [`fn withNamespace(namespace)`](#fn-specgatewaygatewayrefwithnamespace) + * [`obj spec.globalExtAuth`](#obj-specglobalextauth) + * [`fn withFailOpen(failOpen)`](#fn-specglobalextauthwithfailopen) + * [`fn withResponseTimeout(responseTimeout)`](#fn-specglobalextauthwithresponsetimeout) + * [`obj spec.globalExtAuth.authPolicy`](#obj-specglobalextauthauthpolicy) + * [`fn withContext(context)`](#fn-specglobalextauthauthpolicywithcontext) + * [`fn withContextMixin(context)`](#fn-specglobalextauthauthpolicywithcontextmixin) + * [`fn withDisabled(disabled)`](#fn-specglobalextauthauthpolicywithdisabled) + * [`obj spec.globalExtAuth.extensionRef`](#obj-specglobalextauthextensionref) + * [`fn withApiVersion(apiVersion)`](#fn-specglobalextauthextensionrefwithapiversion) + * [`fn withName(name)`](#fn-specglobalextauthextensionrefwithname) + * [`fn withNamespace(namespace)`](#fn-specglobalextauthextensionrefwithnamespace) + * [`obj spec.globalExtAuth.withRequestBody`](#obj-specglobalextauthwithrequestbody) + * [`fn withAllowPartialMessage(allowPartialMessage)`](#fn-specglobalextauthwithrequestbodywithallowpartialmessage) + * [`fn withMaxRequestBytes(maxRequestBytes)`](#fn-specglobalextauthwithrequestbodywithmaxrequestbytes) + * [`fn withPackAsBytes(packAsBytes)`](#fn-specglobalextauthwithrequestbodywithpackasbytes) + * [`obj spec.health`](#obj-spechealth) + * [`fn withAddress(address)`](#fn-spechealthwithaddress) + * [`fn withPort(port)`](#fn-spechealthwithport) + * [`obj spec.httpproxy`](#obj-spechttpproxy) + * [`fn withDisablePermitInsecure(disablePermitInsecure)`](#fn-spechttpproxywithdisablepermitinsecure) + * [`fn withRootNamespaces(rootNamespaces)`](#fn-spechttpproxywithrootnamespaces) + * [`fn withRootNamespacesMixin(rootNamespaces)`](#fn-spechttpproxywithrootnamespacesmixin) + * [`obj spec.httpproxy.fallbackCertificate`](#obj-spechttpproxyfallbackcertificate) + * [`fn withName(name)`](#fn-spechttpproxyfallbackcertificatewithname) + * [`fn withNamespace(namespace)`](#fn-spechttpproxyfallbackcertificatewithnamespace) + * [`obj spec.ingress`](#obj-specingress) + * [`fn withClassNames(classNames)`](#fn-specingresswithclassnames) + * [`fn withClassNamesMixin(classNames)`](#fn-specingresswithclassnamesmixin) + * [`fn withStatusAddress(statusAddress)`](#fn-specingresswithstatusaddress) + * [`obj spec.metrics`](#obj-specmetrics) + * [`fn withAddress(address)`](#fn-specmetricswithaddress) + * [`fn withPort(port)`](#fn-specmetricswithport) + * [`obj spec.metrics.tls`](#obj-specmetricstls) + * [`fn withCaFile(caFile)`](#fn-specmetricstlswithcafile) + * [`fn withCertFile(certFile)`](#fn-specmetricstlswithcertfile) + * [`fn withKeyFile(keyFile)`](#fn-specmetricstlswithkeyfile) + * [`obj spec.policy`](#obj-specpolicy) + * [`fn withApplyToIngress(applyToIngress)`](#fn-specpolicywithapplytoingress) + * [`obj spec.policy.requestHeaders`](#obj-specpolicyrequestheaders) + * [`fn withRemove(remove)`](#fn-specpolicyrequestheaderswithremove) + * [`fn withRemoveMixin(remove)`](#fn-specpolicyrequestheaderswithremovemixin) + * [`fn withSet(set)`](#fn-specpolicyrequestheaderswithset) + * [`fn withSetMixin(set)`](#fn-specpolicyrequestheaderswithsetmixin) + * [`obj spec.policy.responseHeaders`](#obj-specpolicyresponseheaders) + * [`fn withRemove(remove)`](#fn-specpolicyresponseheaderswithremove) + * [`fn withRemoveMixin(remove)`](#fn-specpolicyresponseheaderswithremovemixin) + * [`fn withSet(set)`](#fn-specpolicyresponseheaderswithset) + * [`fn withSetMixin(set)`](#fn-specpolicyresponseheaderswithsetmixin) + * [`obj spec.rateLimitService`](#obj-specratelimitservice) + * [`fn withDomain(domain)`](#fn-specratelimitservicewithdomain) + * [`fn withEnableResourceExhaustedCode(enableResourceExhaustedCode)`](#fn-specratelimitservicewithenableresourceexhaustedcode) + * [`fn withEnableXRateLimitHeaders(enableXRateLimitHeaders)`](#fn-specratelimitservicewithenablexratelimitheaders) + * [`fn withFailOpen(failOpen)`](#fn-specratelimitservicewithfailopen) + * [`obj spec.rateLimitService.defaultGlobalRateLimitPolicy`](#obj-specratelimitservicedefaultglobalratelimitpolicy) + * [`fn withDescriptors(descriptors)`](#fn-specratelimitservicedefaultglobalratelimitpolicywithdescriptors) + * [`fn withDescriptorsMixin(descriptors)`](#fn-specratelimitservicedefaultglobalratelimitpolicywithdescriptorsmixin) + * [`fn withDisabled(disabled)`](#fn-specratelimitservicedefaultglobalratelimitpolicywithdisabled) + * [`obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors`](#obj-specratelimitservicedefaultglobalratelimitpolicydescriptors) + * [`fn withEntries(entries)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorswithentries) + * [`fn withEntriesMixin(entries)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorswithentriesmixin) + * [`obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries`](#obj-specratelimitservicedefaultglobalratelimitpolicydescriptorsentries) + * [`fn withRemoteAddress(remoteAddress)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentrieswithremoteaddress) + * [`fn withRemoteAddressMixin(remoteAddress)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentrieswithremoteaddressmixin) + * [`obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.genericKey`](#obj-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesgenerickey) + * [`fn withKey(key)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesgenerickeywithkey) + * [`fn withValue(value)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesgenerickeywithvalue) + * [`obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeader`](#obj-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheader) + * [`fn withDescriptorKey(descriptorKey)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheaderwithdescriptorkey) + * [`fn withHeaderName(headerName)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheaderwithheadername) + * [`obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch`](#obj-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematch) + * [`fn withExpectMatch(expectMatch)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchwithexpectmatch) + * [`fn withHeaders(headers)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchwithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchwithheadersmixin) + * [`fn withValue(value)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchwithvalue) + * [`obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers`](#obj-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaders) + * [`fn withContains(contains)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithcontains) + * [`fn withExact(exact)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithexact) + * [`fn withIgnoreCase(ignoreCase)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithignorecase) + * [`fn withName(name)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithname) + * [`fn withNotcontains(notcontains)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithnotcontains) + * [`fn withNotexact(notexact)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithnotexact) + * [`fn withNotpresent(notpresent)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithnotpresent) + * [`fn withPresent(present)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithpresent) + * [`fn withRegex(regex)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithregex) + * [`fn withTreatMissingAsEmpty(treatMissingAsEmpty)`](#fn-specratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithtreatmissingasempty) + * [`obj spec.rateLimitService.extensionService`](#obj-specratelimitserviceextensionservice) + * [`fn withName(name)`](#fn-specratelimitserviceextensionservicewithname) + * [`fn withNamespace(namespace)`](#fn-specratelimitserviceextensionservicewithnamespace) + * [`obj spec.tracing`](#obj-spectracing) + * [`fn withCustomTags(customTags)`](#fn-spectracingwithcustomtags) + * [`fn withCustomTagsMixin(customTags)`](#fn-spectracingwithcustomtagsmixin) + * [`fn withIncludePodDetail(includePodDetail)`](#fn-spectracingwithincludepoddetail) + * [`fn withMaxPathTagLength(maxPathTagLength)`](#fn-spectracingwithmaxpathtaglength) + * [`fn withOverallSampling(overallSampling)`](#fn-spectracingwithoverallsampling) + * [`fn withServiceName(serviceName)`](#fn-spectracingwithservicename) + * [`obj spec.tracing.customTags`](#obj-spectracingcustomtags) + * [`fn withLiteral(literal)`](#fn-spectracingcustomtagswithliteral) + * [`fn withRequestHeaderName(requestHeaderName)`](#fn-spectracingcustomtagswithrequestheadername) + * [`fn withTagName(tagName)`](#fn-spectracingcustomtagswithtagname) + * [`obj spec.tracing.extensionService`](#obj-spectracingextensionservice) + * [`fn withName(name)`](#fn-spectracingextensionservicewithname) + * [`fn withNamespace(namespace)`](#fn-spectracingextensionservicewithnamespace) + * [`obj spec.xdsServer`](#obj-specxdsserver) + * [`fn withAddress(address)`](#fn-specxdsserverwithaddress) + * [`fn withPort(port)`](#fn-specxdsserverwithport) + * [`fn withType(type)`](#fn-specxdsserverwithtype) + * [`obj spec.xdsServer.tls`](#obj-specxdsservertls) + * [`fn withCaFile(caFile)`](#fn-specxdsservertlswithcafile) + * [`fn withCertFile(certFile)`](#fn-specxdsservertlswithcertfile) + * [`fn withInsecure(insecure)`](#fn-specxdsservertlswithinsecure) + * [`fn withKeyFile(keyFile)`](#fn-specxdsservertlswithkeyfile) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ContourConfiguration + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"ContourConfigurationSpec represents a configuration of a Contour controller.\nIt contains most of all the options that can be customized, the\nother remaining options being command line flags." + +### fn spec.withEnableExternalNameService + +```ts +withEnableExternalNameService(enableExternalNameService) +``` + +"EnableExternalNameService allows processing of ExternalNameServices\nContour's default is false for security reasons." + +### fn spec.withFeatureFlags + +```ts +withFeatureFlags(featureFlags) +``` + +"FeatureFlags defines toggle to enable new contour features.\nAvailable toggles are:\nuseEndpointSlices - Configures contour to fetch endpoint data\nfrom k8s endpoint slices. defaults to true,\nIf false then reads endpoint data from the k8s endpoints." + +### fn spec.withFeatureFlagsMixin + +```ts +withFeatureFlagsMixin(featureFlags) +``` + +"FeatureFlags defines toggle to enable new contour features.\nAvailable toggles are:\nuseEndpointSlices - Configures contour to fetch endpoint data\nfrom k8s endpoint slices. defaults to true,\nIf false then reads endpoint data from the k8s endpoints." + +**Note:** This function appends passed data to existing values + +## obj spec.debug + +"Debug contains parameters to enable debug logging\nand debug interfaces inside Contour." + +### fn spec.debug.withAddress + +```ts +withAddress(address) +``` + +"Defines the Contour debug address interface.\nContour's default is \"127.0.0.1\"." + +### fn spec.debug.withPort + +```ts +withPort(port) +``` + +"Defines the Contour debug address port.\nContour's default is 6060." + +## obj spec.envoy + +"Envoy contains parameters for Envoy as well\nas how to optionally configure a managed Envoy fleet." + +### fn spec.envoy.withDefaultHTTPVersions + +```ts +withDefaultHTTPVersions(defaultHTTPVersions) +``` + +"DefaultHTTPVersions defines the default set of HTTPS\nversions the proxy should accept. HTTP versions are\nstrings of the form \"HTTP/xx\". Supported versions are\n\"HTTP/1.1\" and \"HTTP/2\".\nValues: `HTTP/1.1`, `HTTP/2` (default: both).\nOther values will produce an error." + +### fn spec.envoy.withDefaultHTTPVersionsMixin + +```ts +withDefaultHTTPVersionsMixin(defaultHTTPVersions) +``` + +"DefaultHTTPVersions defines the default set of HTTPS\nversions the proxy should accept. HTTP versions are\nstrings of the form \"HTTP/xx\". Supported versions are\n\"HTTP/1.1\" and \"HTTP/2\".\nValues: `HTTP/1.1`, `HTTP/2` (default: both).\nOther values will produce an error." + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.clientCertificate + +"ClientCertificate defines the namespace/name of the Kubernetes\nsecret containing the client certificate and private key\nto be used when establishing TLS connection to upstream\ncluster." + +### fn spec.envoy.clientCertificate.withName + +```ts +withName(name) +``` + + + +### fn spec.envoy.clientCertificate.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.envoy.cluster + +"Cluster holds various configurable Envoy cluster values that can\nbe set in the config file." + +### fn spec.envoy.cluster.withDnsLookupFamily + +```ts +withDnsLookupFamily(dnsLookupFamily) +``` + +"DNSLookupFamily defines how external names are looked up\nWhen configured as V4, the DNS resolver will only perform a lookup\nfor addresses in the IPv4 family. If V6 is configured, the DNS resolver\nwill only perform a lookup for addresses in the IPv6 family.\nIf AUTO is configured, the DNS resolver will first perform a lookup\nfor addresses in the IPv6 family and fallback to a lookup for addresses\nin the IPv4 family. If ALL is specified, the DNS resolver will perform a lookup for\nboth IPv4 and IPv6 families, and return all resolved addresses.\nWhen this is used, Happy Eyeballs will be enabled for upstream connections.\nRefer to Happy Eyeballs Support for more information.\nNote: This only applies to externalName clusters.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily\nfor more information.\nValues: `auto` (default), `v4`, `v6`, `all`.\nOther values will produce an error." + +### fn spec.envoy.cluster.withMaxRequestsPerConnection + +```ts +withMaxRequestsPerConnection(maxRequestsPerConnection) +``` + +"Defines the maximum requests for upstream connections. If not specified, there is no limit.\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions\nfor more information." + +### fn spec.envoy.cluster.withPer-Connection-Buffer-Limit-Bytes + +```ts +withPer-Connection-Buffer-Limit-Bytes(per_connection_buffer_limit_bytes) +``` + +"Defines the soft limit on size of the cluster’s new connection read and write buffers in bytes.\nIf unspecified, an implementation defined default is applied (1MiB).\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes\nfor more information." + +## obj spec.envoy.cluster.circuitBreakers + +"GlobalCircuitBreakerDefaults specifies default circuit breaker budget across all services.\nIf defined, this will be used as the default for all services." + +### fn spec.envoy.cluster.circuitBreakers.withMaxConnections + +```ts +withMaxConnections(maxConnections) +``` + +"The maximum number of connections that a single Envoy instance allows to the Kubernetes Service; defaults to 1024." + +### fn spec.envoy.cluster.circuitBreakers.withMaxPendingRequests + +```ts +withMaxPendingRequests(maxPendingRequests) +``` + +"The maximum number of pending requests that a single Envoy instance allows to the Kubernetes Service; defaults to 1024." + +### fn spec.envoy.cluster.circuitBreakers.withMaxRequests + +```ts +withMaxRequests(maxRequests) +``` + +"The maximum parallel requests a single Envoy instance allows to the Kubernetes Service; defaults to 1024" + +### fn spec.envoy.cluster.circuitBreakers.withMaxRetries + +```ts +withMaxRetries(maxRetries) +``` + +"The maximum number of parallel retries a single Envoy instance allows to the Kubernetes Service; defaults to 3." + +## obj spec.envoy.cluster.upstreamTLS + +"UpstreamTLS contains the TLS policy parameters for upstream connections" + +### fn spec.envoy.cluster.upstreamTLS.withCipherSuites + +```ts +withCipherSuites(cipherSuites) +``` + +"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\nset that Envoy supports by default. This parameter should only be used\nby advanced users. Note that these will be ignored when TLS 1.3 is in\nuse.\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\nwill be used, which may be updated to keep it secure.\nContour's default list is:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\nCiphers provided are validated against the following list:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES128-GCM-SHA256\"\n - \"ECDHE-RSA-AES128-GCM-SHA256\"\n - \"ECDHE-ECDSA-AES128-SHA\"\n - \"ECDHE-RSA-AES128-SHA\"\n - \"AES128-GCM-SHA256\"\n - \"AES128-SHA\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\n - \"ECDHE-ECDSA-AES256-SHA\"\n - \"ECDHE-RSA-AES256-SHA\"\n - \"AES256-GCM-SHA384\"\n - \"AES256-SHA\"\nContour recommends leaving this undefined unless you are sure you must.\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS." + +### fn spec.envoy.cluster.upstreamTLS.withCipherSuitesMixin + +```ts +withCipherSuitesMixin(cipherSuites) +``` + +"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\nset that Envoy supports by default. This parameter should only be used\nby advanced users. Note that these will be ignored when TLS 1.3 is in\nuse.\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\nwill be used, which may be updated to keep it secure.\nContour's default list is:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\nCiphers provided are validated against the following list:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES128-GCM-SHA256\"\n - \"ECDHE-RSA-AES128-GCM-SHA256\"\n - \"ECDHE-ECDSA-AES128-SHA\"\n - \"ECDHE-RSA-AES128-SHA\"\n - \"AES128-GCM-SHA256\"\n - \"AES128-SHA\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\n - \"ECDHE-ECDSA-AES256-SHA\"\n - \"ECDHE-RSA-AES256-SHA\"\n - \"AES256-GCM-SHA384\"\n - \"AES256-SHA\"\nContour recommends leaving this undefined unless you are sure you must.\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.cluster.upstreamTLS.withMaximumProtocolVersion + +```ts +withMaximumProtocolVersion(maximumProtocolVersion) +``` + +"MaximumProtocolVersion is the maximum TLS version this vhost should\nnegotiate.\nValues: `1.2`, `1.3`(default).\nOther values will produce an error." + +### fn spec.envoy.cluster.upstreamTLS.withMinimumProtocolVersion + +```ts +withMinimumProtocolVersion(minimumProtocolVersion) +``` + +"MinimumProtocolVersion is the minimum TLS version this vhost should\nnegotiate.\nValues: `1.2` (default), `1.3`.\nOther values will produce an error." + +## obj spec.envoy.health + +"Health defines the endpoint Envoy uses to serve health checks.\nContour's default is { address: \"0.0.0.0\", port: 8002 }." + +### fn spec.envoy.health.withAddress + +```ts +withAddress(address) +``` + +"Defines the health address interface." + +### fn spec.envoy.health.withPort + +```ts +withPort(port) +``` + +"Defines the health port." + +## obj spec.envoy.http + +"Defines the HTTP Listener for Envoy.\nContour's default is { address: \"0.0.0.0\", port: 8080, accessLog: \"/dev/stdout\" }." + +### fn spec.envoy.http.withAccessLog + +```ts +withAccessLog(accessLog) +``` + +"AccessLog defines where Envoy logs are outputted for this listener." + +### fn spec.envoy.http.withAddress + +```ts +withAddress(address) +``` + +"Defines an Envoy Listener Address." + +### fn spec.envoy.http.withPort + +```ts +withPort(port) +``` + +"Defines an Envoy listener Port." + +## obj spec.envoy.https + +"Defines the HTTPS Listener for Envoy.\nContour's default is { address: \"0.0.0.0\", port: 8443, accessLog: \"/dev/stdout\" }." + +### fn spec.envoy.https.withAccessLog + +```ts +withAccessLog(accessLog) +``` + +"AccessLog defines where Envoy logs are outputted for this listener." + +### fn spec.envoy.https.withAddress + +```ts +withAddress(address) +``` + +"Defines an Envoy Listener Address." + +### fn spec.envoy.https.withPort + +```ts +withPort(port) +``` + +"Defines an Envoy listener Port." + +## obj spec.envoy.listener + +"Listener hold various configurable Envoy listener values." + +### fn spec.envoy.listener.withConnectionBalancer + +```ts +withConnectionBalancer(connectionBalancer) +``` + +"ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig\nfor more information.\nValues: (empty string): use the default ConnectionBalancer, `exact`: use the Exact ConnectionBalancer.\nOther values will produce an error." + +### fn spec.envoy.listener.withDisableAllowChunkedLength + +```ts +withDisableAllowChunkedLength(disableAllowChunkedLength) +``` + +"DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to\nstrip the \"Content-Length\" header if \"Transfer-Encoding: chunked\" is\nalso set. This is an emergency off-switch to revert back to Envoy's\ndefault behavior in case of failures. Please file an issue if failures\nare encountered.\nSee: https://github.com/projectcontour/contour/issues/3221\nContour's default is false." + +### fn spec.envoy.listener.withDisableMergeSlashes + +```ts +withDisableMergeSlashes(disableMergeSlashes) +``` + +"DisableMergeSlashes disables Envoy's non-standard merge_slashes path transformation option\nwhich strips duplicate slashes from request URL paths.\nContour's default is false." + +### fn spec.envoy.listener.withHttpMaxConcurrentStreams + +```ts +withHttpMaxConcurrentStreams(httpMaxConcurrentStreams) +``` + +"Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the\nSETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed\nfor a peer on a single HTTP/2 connection. It is recommended to not set this lower\nthan 100 but this field can be used to bound resource usage by HTTP/2 connections\nand mitigate attacks like CVE-2023-44487. The default value when this is not set is\nunlimited." + +### fn spec.envoy.listener.withMaxConnectionsPerListener + +```ts +withMaxConnectionsPerListener(maxConnectionsPerListener) +``` + +"Defines the limit on number of active connections to a listener. The limit is applied\nper listener. The default value when this is not set is unlimited." + +### fn spec.envoy.listener.withMaxRequestsPerConnection + +```ts +withMaxRequestsPerConnection(maxRequestsPerConnection) +``` + +"Defines the maximum requests for downstream connections. If not specified, there is no limit.\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions\nfor more information." + +### fn spec.envoy.listener.withMaxRequestsPerIOCycle + +```ts +withMaxRequestsPerIOCycle(maxRequestsPerIOCycle) +``` + +"Defines the limit on number of HTTP requests that Envoy will process from a single\nconnection in a single I/O cycle. Requests over this limit are processed in subsequent\nI/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is\ndetected. Configures the http.max_requests_per_io_cycle Envoy runtime setting. The default\nvalue when this is not set is no limit." + +### fn spec.envoy.listener.withPer-Connection-Buffer-Limit-Bytes + +```ts +withPer-Connection-Buffer-Limit-Bytes(per_connection_buffer_limit_bytes) +``` + +"Defines the soft limit on size of the listener’s new connection read and write buffers in bytes.\nIf unspecified, an implementation defined default is applied (1MiB).\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-per-connection-buffer-limit-bytes\nfor more information." + +### fn spec.envoy.listener.withServerHeaderTransformation + +```ts +withServerHeaderTransformation(serverHeaderTransformation) +``` + +"Defines the action to be applied to the Server header on the response path.\nWhen configured as overwrite, overwrites any Server header with \"envoy\".\nWhen configured as append_if_absent, if a Server header is present, pass it through, otherwise set it to \"envoy\".\nWhen configured as pass_through, pass through the value of the Server header, and do not append a header if none is present.\nValues: `overwrite` (default), `append_if_absent`, `pass_through`\nOther values will produce an error.\nContour's default is overwrite." + +### fn spec.envoy.listener.withUseProxyProtocol + +```ts +withUseProxyProtocol(useProxyProtocol) +``` + +"Use PROXY protocol for all listeners.\nContour's default is false." + +## obj spec.envoy.listener.socketOptions + +"SocketOptions defines configurable socket options for the listeners.\nSingle set of options are applied to all listeners." + +### fn spec.envoy.listener.socketOptions.withTos + +```ts +withTos(tos) +``` + +"Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners.\nSingle value is applied to all listeners.\nIf listeners are bound to IPv6-only addresses, setting this option will cause an error." + +### fn spec.envoy.listener.socketOptions.withTrafficClass + +```ts +withTrafficClass(trafficClass) +``` + +"Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners.\nSingle value is applied to all listeners.\nIf listeners are bound to IPv4-only addresses, setting this option will cause an error." + +## obj spec.envoy.listener.tls + +"TLS holds various configurable Envoy TLS listener values." + +### fn spec.envoy.listener.tls.withCipherSuites + +```ts +withCipherSuites(cipherSuites) +``` + +"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\nset that Envoy supports by default. This parameter should only be used\nby advanced users. Note that these will be ignored when TLS 1.3 is in\nuse.\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\nwill be used, which may be updated to keep it secure.\nContour's default list is:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\nCiphers provided are validated against the following list:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES128-GCM-SHA256\"\n - \"ECDHE-RSA-AES128-GCM-SHA256\"\n - \"ECDHE-ECDSA-AES128-SHA\"\n - \"ECDHE-RSA-AES128-SHA\"\n - \"AES128-GCM-SHA256\"\n - \"AES128-SHA\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\n - \"ECDHE-ECDSA-AES256-SHA\"\n - \"ECDHE-RSA-AES256-SHA\"\n - \"AES256-GCM-SHA384\"\n - \"AES256-SHA\"\nContour recommends leaving this undefined unless you are sure you must.\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS." + +### fn spec.envoy.listener.tls.withCipherSuitesMixin + +```ts +withCipherSuitesMixin(cipherSuites) +``` + +"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\nset that Envoy supports by default. This parameter should only be used\nby advanced users. Note that these will be ignored when TLS 1.3 is in\nuse.\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\nwill be used, which may be updated to keep it secure.\nContour's default list is:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\nCiphers provided are validated against the following list:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES128-GCM-SHA256\"\n - \"ECDHE-RSA-AES128-GCM-SHA256\"\n - \"ECDHE-ECDSA-AES128-SHA\"\n - \"ECDHE-RSA-AES128-SHA\"\n - \"AES128-GCM-SHA256\"\n - \"AES128-SHA\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\n - \"ECDHE-ECDSA-AES256-SHA\"\n - \"ECDHE-RSA-AES256-SHA\"\n - \"AES256-GCM-SHA384\"\n - \"AES256-SHA\"\nContour recommends leaving this undefined unless you are sure you must.\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.listener.tls.withMaximumProtocolVersion + +```ts +withMaximumProtocolVersion(maximumProtocolVersion) +``` + +"MaximumProtocolVersion is the maximum TLS version this vhost should\nnegotiate.\nValues: `1.2`, `1.3`(default).\nOther values will produce an error." + +### fn spec.envoy.listener.tls.withMinimumProtocolVersion + +```ts +withMinimumProtocolVersion(minimumProtocolVersion) +``` + +"MinimumProtocolVersion is the minimum TLS version this vhost should\nnegotiate.\nValues: `1.2` (default), `1.3`.\nOther values will produce an error." + +## obj spec.envoy.logging + +"Logging defines how Envoy's logs can be configured." + +### fn spec.envoy.logging.withAccessLogFormat + +```ts +withAccessLogFormat(accessLogFormat) +``` + +"AccessLogFormat sets the global access log format.\nValues: `envoy` (default), `json`.\nOther values will produce an error." + +### fn spec.envoy.logging.withAccessLogFormatString + +```ts +withAccessLogFormatString(accessLogFormatString) +``` + +"AccessLogFormatString sets the access log format when format is set to `envoy`.\nWhen empty, Envoy's default format is used." + +### fn spec.envoy.logging.withAccessLogJSONFields + +```ts +withAccessLogJSONFields(accessLogJSONFields) +``` + +"AccessLogJSONFields sets the fields that JSON logging will\noutput when AccessLogFormat is json." + +### fn spec.envoy.logging.withAccessLogJSONFieldsMixin + +```ts +withAccessLogJSONFieldsMixin(accessLogJSONFields) +``` + +"AccessLogJSONFields sets the fields that JSON logging will\noutput when AccessLogFormat is json." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.logging.withAccessLogLevel + +```ts +withAccessLogLevel(accessLogLevel) +``` + +"AccessLogLevel sets the verbosity level of the access log.\nValues: `info` (default, all requests are logged), `error` (all non-success requests, i.e. 300+ response code, are logged), `critical` (all 5xx requests are logged) and `disabled`.\nOther values will produce an error." + +## obj spec.envoy.metrics + +"Metrics defines the endpoint Envoy uses to serve metrics.\nContour's default is { address: \"0.0.0.0\", port: 8002 }." + +### fn spec.envoy.metrics.withAddress + +```ts +withAddress(address) +``` + +"Defines the metrics address interface." + +### fn spec.envoy.metrics.withPort + +```ts +withPort(port) +``` + +"Defines the metrics port." + +## obj spec.envoy.metrics.tls + +"TLS holds TLS file config details.\nMetrics and health endpoints cannot have same port number when metrics is served over HTTPS." + +### fn spec.envoy.metrics.tls.withCaFile + +```ts +withCaFile(caFile) +``` + +"CA filename." + +### fn spec.envoy.metrics.tls.withCertFile + +```ts +withCertFile(certFile) +``` + +"Client certificate filename." + +### fn spec.envoy.metrics.tls.withKeyFile + +```ts +withKeyFile(keyFile) +``` + +"Client key filename." + +## obj spec.envoy.network + +"Network holds various configurable Envoy network values." + +### fn spec.envoy.network.withAdminPort + +```ts +withAdminPort(adminPort) +``` + +"Configure the port used to access the Envoy Admin interface.\nIf configured to port \"0\" then the admin interface is disabled.\nContour's default is 9001." + +### fn spec.envoy.network.withNumTrustedHops + +```ts +withNumTrustedHops(numTrustedHops) +``` + +"XffNumTrustedHops defines the number of additional ingress proxy hops from the\nright side of the x-forwarded-for HTTP header to trust when determining the origin\nclient’s IP address.\nSee https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops\nfor more information.\nContour's default is 0." + +## obj spec.envoy.service + +"Service holds Envoy service parameters for setting Ingress status.\nContour's default is { namespace: \"projectcontour\", name: \"envoy\" }." + +### fn spec.envoy.service.withName + +```ts +withName(name) +``` + + + +### fn spec.envoy.service.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.envoy.timeouts + +"Timeouts holds various configurable timeouts that can\nbe set in the config file." + +### fn spec.envoy.timeouts.withConnectTimeout + +```ts +withConnectTimeout(connectTimeout) +``` + +"ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service.\nIf not set, a default value of 2 seconds will be used.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout\nfor more information." + +### fn spec.envoy.timeouts.withConnectionIdleTimeout + +```ts +withConnectionIdleTimeout(connectionIdleTimeout) +``` + +"ConnectionIdleTimeout defines how long the proxy should wait while there are\nno active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating\nan HTTP connection. Set to \"infinity\" to disable the timeout entirely.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout\nfor more information." + +### fn spec.envoy.timeouts.withConnectionShutdownGracePeriod + +```ts +withConnectionShutdownGracePeriod(connectionShutdownGracePeriod) +``` + +"ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an\ninitial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection.\nDuring this grace period, the proxy will continue to respond to new streams. After the final\nGOAWAY frame has been sent, the proxy will refuse new streams.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout\nfor more information." + +### fn spec.envoy.timeouts.withDelayedCloseTimeout + +```ts +withDelayedCloseTimeout(delayedCloseTimeout) +``` + +"DelayedCloseTimeout defines how long envoy will wait, once connection\nclose processing has been initiated, for the downstream peer to close\nthe connection before Envoy closes the socket associated with the connection.\nSetting this timeout to 'infinity' will disable it, equivalent to setting it to '0'\nin Envoy. Leaving it unset will result in the Envoy default value being used.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout\nfor more information." + +### fn spec.envoy.timeouts.withMaxConnectionDuration + +```ts +withMaxConnectionDuration(maxConnectionDuration) +``` + +"MaxConnectionDuration defines the maximum period of time after an HTTP connection\nhas been established from the client to the proxy before it is closed by the proxy,\nregardless of whether there has been activity or not. Omit or set to \"infinity\" for\nno max duration.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration\nfor more information." + +### fn spec.envoy.timeouts.withRequestTimeout + +```ts +withRequestTimeout(requestTimeout) +``` + +"RequestTimeout sets the client request timeout globally for Contour. Note that\nthis is a timeout for the entire request, not an idle timeout. Omit or set to\n\"infinity\" to disable the timeout entirely.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout\nfor more information." + +### fn spec.envoy.timeouts.withStreamIdleTimeout + +```ts +withStreamIdleTimeout(streamIdleTimeout) +``` + +"StreamIdleTimeout defines how long the proxy should wait while there is no\nrequest activity (for HTTP/1.1) or stream activity (for HTTP/2) before\nterminating the HTTP request or stream. Set to \"infinity\" to disable the\ntimeout entirely.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout\nfor more information." + +## obj spec.gateway + +"Gateway contains parameters for the gateway-api Gateway that Contour\nis configured to serve traffic." + +## obj spec.gateway.gatewayRef + +"GatewayRef defines the specific Gateway that this Contour\ninstance corresponds to." + +### fn spec.gateway.gatewayRef.withName + +```ts +withName(name) +``` + + + +### fn spec.gateway.gatewayRef.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.globalExtAuth + +"GlobalExternalAuthorization allows envoys external authorization filter\nto be enabled for all virtual hosts." + +### fn spec.globalExtAuth.withFailOpen + +```ts +withFailOpen(failOpen) +``` + +"If FailOpen is true, the client request is forwarded to the upstream service\neven if the authorization server fails to respond. This field should not be\nset in most cases. It is intended for use only while migrating applications\nfrom internal authorization to Contour external authorization." + +### fn spec.globalExtAuth.withResponseTimeout + +```ts +withResponseTimeout(responseTimeout) +``` + +"ResponseTimeout configures maximum time to wait for a check response from the authorization server.\nTimeout durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".\nThe string \"infinity\" is also a valid input and specifies no timeout." + +## obj spec.globalExtAuth.authPolicy + +"AuthPolicy sets a default authorization policy for client requests.\nThis policy will be used unless overridden by individual routes." + +### fn spec.globalExtAuth.authPolicy.withContext + +```ts +withContext(context) +``` + +"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope." + +### fn spec.globalExtAuth.authPolicy.withContextMixin + +```ts +withContextMixin(context) +``` + +"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope." + +**Note:** This function appends passed data to existing values + +### fn spec.globalExtAuth.authPolicy.withDisabled + +```ts +withDisabled(disabled) +``` + +"When true, this field disables client request authentication\nfor the scope of the policy." + +## obj spec.globalExtAuth.extensionRef + +"ExtensionServiceRef specifies the extension resource that will authorize client requests." + +### fn spec.globalExtAuth.extensionRef.withApiVersion + +```ts +withApiVersion(apiVersion) +``` + +"API version of the referent.\nIf this field is not specified, the default \"projectcontour.io/v1alpha1\" will be used" + +### fn spec.globalExtAuth.extensionRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + +### fn spec.globalExtAuth.extensionRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace of the referent.\nIf this field is not specifies, the namespace of the resource that targets the referent will be used.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + +## obj spec.globalExtAuth.withRequestBody + +"WithRequestBody specifies configuration for sending the client request's body to authorization server." + +### fn spec.globalExtAuth.withRequestBody.withAllowPartialMessage + +```ts +withAllowPartialMessage(allowPartialMessage) +``` + +"If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached." + +### fn spec.globalExtAuth.withRequestBody.withMaxRequestBytes + +```ts +withMaxRequestBytes(maxRequestBytes) +``` + +"MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory." + +### fn spec.globalExtAuth.withRequestBody.withPackAsBytes + +```ts +withPackAsBytes(packAsBytes) +``` + +"If PackAsBytes is true, the body sent to Authorization Server is in raw bytes." + +## obj spec.health + +"Health defines the endpoints Contour uses to serve health checks.\nContour's default is { address: \"0.0.0.0\", port: 8000 }." + +### fn spec.health.withAddress + +```ts +withAddress(address) +``` + +"Defines the health address interface." + +### fn spec.health.withPort + +```ts +withPort(port) +``` + +"Defines the health port." + +## obj spec.httpproxy + +"HTTPProxy defines parameters on HTTPProxy." + +### fn spec.httpproxy.withDisablePermitInsecure + +```ts +withDisablePermitInsecure(disablePermitInsecure) +``` + +"DisablePermitInsecure disables the use of the\npermitInsecure field in HTTPProxy.\nContour's default is false." + +### fn spec.httpproxy.withRootNamespaces + +```ts +withRootNamespaces(rootNamespaces) +``` + +"Restrict Contour to searching these namespaces for root ingress routes." + +### fn spec.httpproxy.withRootNamespacesMixin + +```ts +withRootNamespacesMixin(rootNamespaces) +``` + +"Restrict Contour to searching these namespaces for root ingress routes." + +**Note:** This function appends passed data to existing values + +## obj spec.httpproxy.fallbackCertificate + +"FallbackCertificate defines the namespace/name of the Kubernetes secret to\nuse as fallback when a non-SNI request is received." + +### fn spec.httpproxy.fallbackCertificate.withName + +```ts +withName(name) +``` + + + +### fn spec.httpproxy.fallbackCertificate.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.ingress + +"Ingress contains parameters for ingress options." + +### fn spec.ingress.withClassNames + +```ts +withClassNames(classNames) +``` + +"Ingress Class Names Contour should use." + +### fn spec.ingress.withClassNamesMixin + +```ts +withClassNamesMixin(classNames) +``` + +"Ingress Class Names Contour should use." + +**Note:** This function appends passed data to existing values + +### fn spec.ingress.withStatusAddress + +```ts +withStatusAddress(statusAddress) +``` + +"Address to set in Ingress object status." + +## obj spec.metrics + +"Metrics defines the endpoint Contour uses to serve metrics.\nContour's default is { address: \"0.0.0.0\", port: 8000 }." + +### fn spec.metrics.withAddress + +```ts +withAddress(address) +``` + +"Defines the metrics address interface." + +### fn spec.metrics.withPort + +```ts +withPort(port) +``` + +"Defines the metrics port." + +## obj spec.metrics.tls + +"TLS holds TLS file config details.\nMetrics and health endpoints cannot have same port number when metrics is served over HTTPS." + +### fn spec.metrics.tls.withCaFile + +```ts +withCaFile(caFile) +``` + +"CA filename." + +### fn spec.metrics.tls.withCertFile + +```ts +withCertFile(certFile) +``` + +"Client certificate filename." + +### fn spec.metrics.tls.withKeyFile + +```ts +withKeyFile(keyFile) +``` + +"Client key filename." + +## obj spec.policy + +"Policy specifies default policy applied if not overridden by the user" + +### fn spec.policy.withApplyToIngress + +```ts +withApplyToIngress(applyToIngress) +``` + +"ApplyToIngress determines if the Policies will apply to ingress objects\nContour's default is false." + +## obj spec.policy.requestHeaders + +"RequestHeadersPolicy defines the request headers set/removed on all routes" + +### fn spec.policy.requestHeaders.withRemove + +```ts +withRemove(remove) +``` + + + +### fn spec.policy.requestHeaders.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + + + +**Note:** This function appends passed data to existing values + +### fn spec.policy.requestHeaders.withSet + +```ts +withSet(set) +``` + + + +### fn spec.policy.requestHeaders.withSetMixin + +```ts +withSetMixin(set) +``` + + + +**Note:** This function appends passed data to existing values + +## obj spec.policy.responseHeaders + +"ResponseHeadersPolicy defines the response headers set/removed on all routes" + +### fn spec.policy.responseHeaders.withRemove + +```ts +withRemove(remove) +``` + + + +### fn spec.policy.responseHeaders.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + + + +**Note:** This function appends passed data to existing values + +### fn spec.policy.responseHeaders.withSet + +```ts +withSet(set) +``` + + + +### fn spec.policy.responseHeaders.withSetMixin + +```ts +withSetMixin(set) +``` + + + +**Note:** This function appends passed data to existing values + +## obj spec.rateLimitService + +"RateLimitService optionally holds properties of the Rate Limit Service\nto be used for global rate limiting." + +### fn spec.rateLimitService.withDomain + +```ts +withDomain(domain) +``` + +"Domain is passed to the Rate Limit Service." + +### fn spec.rateLimitService.withEnableResourceExhaustedCode + +```ts +withEnableResourceExhaustedCode(enableResourceExhaustedCode) +``` + +"EnableResourceExhaustedCode enables translating error code 429 to\ngrpc code RESOURCE_EXHAUSTED. When disabled it's translated to UNAVAILABLE" + +### fn spec.rateLimitService.withEnableXRateLimitHeaders + +```ts +withEnableXRateLimitHeaders(enableXRateLimitHeaders) +``` + +"EnableXRateLimitHeaders defines whether to include the X-RateLimit\nheaders X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset\n(as defined by the IETF Internet-Draft linked below), on responses\nto clients when the Rate Limit Service is consulted for a request.\nref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html" + +### fn spec.rateLimitService.withFailOpen + +```ts +withFailOpen(failOpen) +``` + +"FailOpen defines whether to allow requests to proceed when the\nRate Limit Service fails to respond with a valid rate limit\ndecision within the timeout defined on the extension service." + +## obj spec.rateLimitService.defaultGlobalRateLimitPolicy + +"DefaultGlobalRateLimitPolicy allows setting a default global rate limit policy for every HTTPProxy.\nHTTPProxy can overwrite this configuration." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.withDescriptors + +```ts +withDescriptors(descriptors) +``` + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.withDescriptorsMixin + +```ts +withDescriptorsMixin(descriptors) +``` + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +**Note:** This function appends passed data to existing values + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.withDisabled + +```ts +withDisabled(disabled) +``` + +"Disabled configures the HTTPProxy to not use\nthe default global rate limit policy defined by the Contour configuration." + +## obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.withEntries + +```ts +withEntries(entries) +``` + +"Entries is the list of key-value pair generators." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.withEntriesMixin + +```ts +withEntriesMixin(entries) +``` + +"Entries is the list of key-value pair generators." + +**Note:** This function appends passed data to existing values + +## obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries + +"Entries is the list of key-value pair generators." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.withRemoteAddress + +```ts +withRemoteAddress(remoteAddress) +``` + +"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.withRemoteAddressMixin + +```ts +withRemoteAddressMixin(remoteAddress) +``` + +"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)." + +**Note:** This function appends passed data to existing values + +## obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.genericKey + +"GenericKey defines a descriptor entry with a static key and value." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.genericKey.withKey + +```ts +withKey(key) +``` + +"Key defines the key of the descriptor entry. If not set, the\nkey is set to \"generic_key\"." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.genericKey.withValue + +```ts +withValue(value) +``` + +"Value defines the value of the descriptor entry." + +## obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeader + +"RequestHeader defines a descriptor entry that's populated only if\na given header is present on the request. The descriptor key is static,\nand the descriptor value is equal to the value of the header." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeader.withDescriptorKey + +```ts +withDescriptorKey(descriptorKey) +``` + +"DescriptorKey defines the key to use on the descriptor entry." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeader.withHeaderName + +```ts +withHeaderName(headerName) +``` + +"HeaderName defines the name of the header to look for on the request." + +## obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch + +"RequestHeaderValueMatch defines a descriptor entry that's populated\nif the request's headers match a set of 1+ match criteria. The\ndescriptor key is \"header_match\", and the descriptor value is static." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.withExpectMatch + +```ts +withExpectMatch(expectMatch) +``` + +"ExpectMatch defines whether the request must positively match the match\ncriteria in order to generate a descriptor entry (i.e. true), or not\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\nThe default is true." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +**Note:** This function appends passed data to existing values + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.withValue + +```ts +withValue(value) +``` + +"Value defines the value of the descriptor entry." + +## obj spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withContains + +```ts +withContains(contains) +``` + +"Contains specifies a substring that must be present in\nthe header value." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withExact + +```ts +withExact(exact) +``` + +"Exact specifies a string that the header value must be equal to." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withIgnoreCase + +```ts +withIgnoreCase(ignoreCase) +``` + +"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains + +```ts +withNotcontains(notcontains) +``` + +"NotContains specifies a substring that must not be present\nin the header value." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withNotexact + +```ts +withNotexact(notexact) +``` + +"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent + +```ts +withNotpresent(notpresent) +``` + +"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withPresent + +```ts +withPresent(present) +``` + +"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withRegex + +```ts +withRegex(regex) +``` + +"Regex specifies a regular expression pattern that must match the header\nvalue." + +### fn spec.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withTreatMissingAsEmpty + +```ts +withTreatMissingAsEmpty(treatMissingAsEmpty) +``` + +"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is **only** supported for\nnegative matches (e.g. NotContains, NotExact)." + +## obj spec.rateLimitService.extensionService + +"ExtensionService identifies the extension service defining the RLS." + +### fn spec.rateLimitService.extensionService.withName + +```ts +withName(name) +``` + + + +### fn spec.rateLimitService.extensionService.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.tracing + +"Tracing defines properties for exporting trace data to OpenTelemetry." + +### fn spec.tracing.withCustomTags + +```ts +withCustomTags(customTags) +``` + +"CustomTags defines a list of custom tags with unique tag name." + +### fn spec.tracing.withCustomTagsMixin + +```ts +withCustomTagsMixin(customTags) +``` + +"CustomTags defines a list of custom tags with unique tag name." + +**Note:** This function appends passed data to existing values + +### fn spec.tracing.withIncludePodDetail + +```ts +withIncludePodDetail(includePodDetail) +``` + +"IncludePodDetail defines a flag.\nIf it is true, contour will add the pod name and namespace to the span of the trace.\nthe default is true.\nNote: The Envoy pods MUST have the HOSTNAME and CONTOUR_NAMESPACE environment variables set for this to work properly." + +### fn spec.tracing.withMaxPathTagLength + +```ts +withMaxPathTagLength(maxPathTagLength) +``` + +"MaxPathTagLength defines maximum length of the request path\nto extract and include in the HttpUrl tag.\ncontour's default is 256." + +### fn spec.tracing.withOverallSampling + +```ts +withOverallSampling(overallSampling) +``` + +"OverallSampling defines the sampling rate of trace data.\ncontour's default is 100." + +### fn spec.tracing.withServiceName + +```ts +withServiceName(serviceName) +``` + +"ServiceName defines the name for the service.\ncontour's default is contour." + +## obj spec.tracing.customTags + +"CustomTags defines a list of custom tags with unique tag name." + +### fn spec.tracing.customTags.withLiteral + +```ts +withLiteral(literal) +``` + +"Literal is a static custom tag value.\nPrecisely one of Literal, RequestHeaderName must be set." + +### fn spec.tracing.customTags.withRequestHeaderName + +```ts +withRequestHeaderName(requestHeaderName) +``` + +"RequestHeaderName indicates which request header\nthe label value is obtained from.\nPrecisely one of Literal, RequestHeaderName must be set." + +### fn spec.tracing.customTags.withTagName + +```ts +withTagName(tagName) +``` + +"TagName is the unique name of the custom tag." + +## obj spec.tracing.extensionService + +"ExtensionService identifies the extension service defining the otel-collector." + +### fn spec.tracing.extensionService.withName + +```ts +withName(name) +``` + + + +### fn spec.tracing.extensionService.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.xdsServer + +"XDSServer contains parameters for the xDS server." + +### fn spec.xdsServer.withAddress + +```ts +withAddress(address) +``` + +"Defines the xDS gRPC API address which Contour will serve.\nContour's default is \"0.0.0.0\"." + +### fn spec.xdsServer.withPort + +```ts +withPort(port) +``` + +"Defines the xDS gRPC API port which Contour will serve.\nContour's default is 8001." + +### fn spec.xdsServer.withType + +```ts +withType(type) +``` + +"Defines the XDSServer to use for `contour serve`.\nValues: `envoy` (default), `contour (deprecated)`.\nOther values will produce an error." + +## obj spec.xdsServer.tls + +"TLS holds TLS file config details.\nContour's default is { caFile: \"/certs/ca.crt\", certFile: \"/certs/tls.cert\", keyFile: \"/certs/tls.key\", insecure: false }." + +### fn spec.xdsServer.tls.withCaFile + +```ts +withCaFile(caFile) +``` + +"CA filename." + +### fn spec.xdsServer.tls.withCertFile + +```ts +withCertFile(certFile) +``` + +"Client certificate filename." + +### fn spec.xdsServer.tls.withInsecure + +```ts +withInsecure(insecure) +``` + +"Allow serving the xDS gRPC API without TLS." + +### fn spec.xdsServer.tls.withKeyFile + +```ts +withKeyFile(keyFile) +``` + +"Client key filename." \ No newline at end of file diff --git a/docs/1.29/projectcontour/v1alpha1/contourDeployment.md b/docs/1.29/projectcontour/v1alpha1/contourDeployment.md new file mode 100644 index 0000000..a2a2331 --- /dev/null +++ b/docs/1.29/projectcontour/v1alpha1/contourDeployment.md @@ -0,0 +1,4930 @@ +--- +permalink: /1.29/projectcontour/v1alpha1/contourDeployment/ +--- + +# projectcontour.v1alpha1.contourDeployment + +"ContourDeployment is the schema for a Contour Deployment." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withResourceLabels(resourceLabels)`](#fn-specwithresourcelabels) + * [`fn withResourceLabelsMixin(resourceLabels)`](#fn-specwithresourcelabelsmixin) + * [`obj spec.contour`](#obj-speccontour) + * [`fn withDisabledFeatures(disabledFeatures)`](#fn-speccontourwithdisabledfeatures) + * [`fn withDisabledFeaturesMixin(disabledFeatures)`](#fn-speccontourwithdisabledfeaturesmixin) + * [`fn withKubernetesLogLevel(kubernetesLogLevel)`](#fn-speccontourwithkubernetesloglevel) + * [`fn withLogLevel(logLevel)`](#fn-speccontourwithloglevel) + * [`fn withPodAnnotations(podAnnotations)`](#fn-speccontourwithpodannotations) + * [`fn withPodAnnotationsMixin(podAnnotations)`](#fn-speccontourwithpodannotationsmixin) + * [`fn withReplicas(replicas)`](#fn-speccontourwithreplicas) + * [`fn withWatchNamespaces(watchNamespaces)`](#fn-speccontourwithwatchnamespaces) + * [`fn withWatchNamespacesMixin(watchNamespaces)`](#fn-speccontourwithwatchnamespacesmixin) + * [`obj spec.contour.deployment`](#obj-speccontourdeployment) + * [`fn withReplicas(replicas)`](#fn-speccontourdeploymentwithreplicas) + * [`obj spec.contour.deployment.strategy`](#obj-speccontourdeploymentstrategy) + * [`fn withType(type)`](#fn-speccontourdeploymentstrategywithtype) + * [`obj spec.contour.deployment.strategy.rollingUpdate`](#obj-speccontourdeploymentstrategyrollingupdate) + * [`fn withMaxSurge(maxSurge)`](#fn-speccontourdeploymentstrategyrollingupdatewithmaxsurge) + * [`fn withMaxUnavailable(maxUnavailable)`](#fn-speccontourdeploymentstrategyrollingupdatewithmaxunavailable) + * [`obj spec.contour.nodePlacement`](#obj-speccontournodeplacement) + * [`fn withNodeSelector(nodeSelector)`](#fn-speccontournodeplacementwithnodeselector) + * [`fn withNodeSelectorMixin(nodeSelector)`](#fn-speccontournodeplacementwithnodeselectormixin) + * [`fn withTolerations(tolerations)`](#fn-speccontournodeplacementwithtolerations) + * [`fn withTolerationsMixin(tolerations)`](#fn-speccontournodeplacementwithtolerationsmixin) + * [`obj spec.contour.nodePlacement.tolerations`](#obj-speccontournodeplacementtolerations) + * [`fn withEffect(effect)`](#fn-speccontournodeplacementtolerationswitheffect) + * [`fn withKey(key)`](#fn-speccontournodeplacementtolerationswithkey) + * [`fn withOperator(operator)`](#fn-speccontournodeplacementtolerationswithoperator) + * [`fn withTolerationSeconds(tolerationSeconds)`](#fn-speccontournodeplacementtolerationswithtolerationseconds) + * [`fn withValue(value)`](#fn-speccontournodeplacementtolerationswithvalue) + * [`obj spec.contour.resources`](#obj-speccontourresources) + * [`fn withClaims(claims)`](#fn-speccontourresourceswithclaims) + * [`fn withClaimsMixin(claims)`](#fn-speccontourresourceswithclaimsmixin) + * [`fn withLimits(limits)`](#fn-speccontourresourceswithlimits) + * [`fn withLimitsMixin(limits)`](#fn-speccontourresourceswithlimitsmixin) + * [`fn withRequests(requests)`](#fn-speccontourresourceswithrequests) + * [`fn withRequestsMixin(requests)`](#fn-speccontourresourceswithrequestsmixin) + * [`obj spec.contour.resources.claims`](#obj-speccontourresourcesclaims) + * [`fn withName(name)`](#fn-speccontourresourcesclaimswithname) + * [`obj spec.envoy`](#obj-specenvoy) + * [`fn withBaseID(baseID)`](#fn-specenvoywithbaseid) + * [`fn withExtraVolumeMounts(extraVolumeMounts)`](#fn-specenvoywithextravolumemounts) + * [`fn withExtraVolumeMountsMixin(extraVolumeMounts)`](#fn-specenvoywithextravolumemountsmixin) + * [`fn withExtraVolumes(extraVolumes)`](#fn-specenvoywithextravolumes) + * [`fn withExtraVolumesMixin(extraVolumes)`](#fn-specenvoywithextravolumesmixin) + * [`fn withLogLevel(logLevel)`](#fn-specenvoywithloglevel) + * [`fn withOverloadMaxHeapSize(overloadMaxHeapSize)`](#fn-specenvoywithoverloadmaxheapsize) + * [`fn withPodAnnotations(podAnnotations)`](#fn-specenvoywithpodannotations) + * [`fn withPodAnnotationsMixin(podAnnotations)`](#fn-specenvoywithpodannotationsmixin) + * [`fn withReplicas(replicas)`](#fn-specenvoywithreplicas) + * [`fn withWorkloadType(workloadType)`](#fn-specenvoywithworkloadtype) + * [`obj spec.envoy.daemonSet`](#obj-specenvoydaemonset) + * [`obj spec.envoy.daemonSet.updateStrategy`](#obj-specenvoydaemonsetupdatestrategy) + * [`fn withType(type)`](#fn-specenvoydaemonsetupdatestrategywithtype) + * [`obj spec.envoy.daemonSet.updateStrategy.rollingUpdate`](#obj-specenvoydaemonsetupdatestrategyrollingupdate) + * [`fn withMaxSurge(maxSurge)`](#fn-specenvoydaemonsetupdatestrategyrollingupdatewithmaxsurge) + * [`fn withMaxUnavailable(maxUnavailable)`](#fn-specenvoydaemonsetupdatestrategyrollingupdatewithmaxunavailable) + * [`obj spec.envoy.deployment`](#obj-specenvoydeployment) + * [`fn withReplicas(replicas)`](#fn-specenvoydeploymentwithreplicas) + * [`obj spec.envoy.deployment.strategy`](#obj-specenvoydeploymentstrategy) + * [`fn withType(type)`](#fn-specenvoydeploymentstrategywithtype) + * [`obj spec.envoy.deployment.strategy.rollingUpdate`](#obj-specenvoydeploymentstrategyrollingupdate) + * [`fn withMaxSurge(maxSurge)`](#fn-specenvoydeploymentstrategyrollingupdatewithmaxsurge) + * [`fn withMaxUnavailable(maxUnavailable)`](#fn-specenvoydeploymentstrategyrollingupdatewithmaxunavailable) + * [`obj spec.envoy.extraVolumeMounts`](#obj-specenvoyextravolumemounts) + * [`fn withMountPath(mountPath)`](#fn-specenvoyextravolumemountswithmountpath) + * [`fn withMountPropagation(mountPropagation)`](#fn-specenvoyextravolumemountswithmountpropagation) + * [`fn withName(name)`](#fn-specenvoyextravolumemountswithname) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumemountswithreadonly) + * [`fn withRecursiveReadOnly(recursiveReadOnly)`](#fn-specenvoyextravolumemountswithrecursivereadonly) + * [`fn withSubPath(subPath)`](#fn-specenvoyextravolumemountswithsubpath) + * [`fn withSubPathExpr(subPathExpr)`](#fn-specenvoyextravolumemountswithsubpathexpr) + * [`obj spec.envoy.extraVolumes`](#obj-specenvoyextravolumes) + * [`fn withName(name)`](#fn-specenvoyextravolumeswithname) + * [`obj spec.envoy.extraVolumes.awsElasticBlockStore`](#obj-specenvoyextravolumesawselasticblockstore) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesawselasticblockstorewithfstype) + * [`fn withPartition(partition)`](#fn-specenvoyextravolumesawselasticblockstorewithpartition) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesawselasticblockstorewithreadonly) + * [`fn withVolumeID(volumeID)`](#fn-specenvoyextravolumesawselasticblockstorewithvolumeid) + * [`obj spec.envoy.extraVolumes.azureDisk`](#obj-specenvoyextravolumesazuredisk) + * [`fn withCachingMode(cachingMode)`](#fn-specenvoyextravolumesazurediskwithcachingmode) + * [`fn withDiskName(diskName)`](#fn-specenvoyextravolumesazurediskwithdiskname) + * [`fn withDiskURI(diskURI)`](#fn-specenvoyextravolumesazurediskwithdiskuri) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesazurediskwithfstype) + * [`fn withKind(kind)`](#fn-specenvoyextravolumesazurediskwithkind) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesazurediskwithreadonly) + * [`obj spec.envoy.extraVolumes.azureFile`](#obj-specenvoyextravolumesazurefile) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesazurefilewithreadonly) + * [`fn withSecretName(secretName)`](#fn-specenvoyextravolumesazurefilewithsecretname) + * [`fn withShareName(shareName)`](#fn-specenvoyextravolumesazurefilewithsharename) + * [`obj spec.envoy.extraVolumes.cephfs`](#obj-specenvoyextravolumescephfs) + * [`fn withMonitors(monitors)`](#fn-specenvoyextravolumescephfswithmonitors) + * [`fn withMonitorsMixin(monitors)`](#fn-specenvoyextravolumescephfswithmonitorsmixin) + * [`fn withPath(path)`](#fn-specenvoyextravolumescephfswithpath) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumescephfswithreadonly) + * [`fn withSecretFile(secretFile)`](#fn-specenvoyextravolumescephfswithsecretfile) + * [`fn withUser(user)`](#fn-specenvoyextravolumescephfswithuser) + * [`obj spec.envoy.extraVolumes.cephfs.secretRef`](#obj-specenvoyextravolumescephfssecretref) + * [`fn withName(name)`](#fn-specenvoyextravolumescephfssecretrefwithname) + * [`obj spec.envoy.extraVolumes.cinder`](#obj-specenvoyextravolumescinder) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumescinderwithfstype) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumescinderwithreadonly) + * [`fn withVolumeID(volumeID)`](#fn-specenvoyextravolumescinderwithvolumeid) + * [`obj spec.envoy.extraVolumes.cinder.secretRef`](#obj-specenvoyextravolumescindersecretref) + * [`fn withName(name)`](#fn-specenvoyextravolumescindersecretrefwithname) + * [`obj spec.envoy.extraVolumes.configMap`](#obj-specenvoyextravolumesconfigmap) + * [`fn withDefaultMode(defaultMode)`](#fn-specenvoyextravolumesconfigmapwithdefaultmode) + * [`fn withItems(items)`](#fn-specenvoyextravolumesconfigmapwithitems) + * [`fn withItemsMixin(items)`](#fn-specenvoyextravolumesconfigmapwithitemsmixin) + * [`fn withName(name)`](#fn-specenvoyextravolumesconfigmapwithname) + * [`fn withOptional(optional)`](#fn-specenvoyextravolumesconfigmapwithoptional) + * [`obj spec.envoy.extraVolumes.configMap.items`](#obj-specenvoyextravolumesconfigmapitems) + * [`fn withKey(key)`](#fn-specenvoyextravolumesconfigmapitemswithkey) + * [`fn withMode(mode)`](#fn-specenvoyextravolumesconfigmapitemswithmode) + * [`fn withPath(path)`](#fn-specenvoyextravolumesconfigmapitemswithpath) + * [`obj spec.envoy.extraVolumes.csi`](#obj-specenvoyextravolumescsi) + * [`fn withDriver(driver)`](#fn-specenvoyextravolumescsiwithdriver) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumescsiwithfstype) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumescsiwithreadonly) + * [`fn withVolumeAttributes(volumeAttributes)`](#fn-specenvoyextravolumescsiwithvolumeattributes) + * [`fn withVolumeAttributesMixin(volumeAttributes)`](#fn-specenvoyextravolumescsiwithvolumeattributesmixin) + * [`obj spec.envoy.extraVolumes.csi.nodePublishSecretRef`](#obj-specenvoyextravolumescsinodepublishsecretref) + * [`fn withName(name)`](#fn-specenvoyextravolumescsinodepublishsecretrefwithname) + * [`obj spec.envoy.extraVolumes.downwardAPI`](#obj-specenvoyextravolumesdownwardapi) + * [`fn withDefaultMode(defaultMode)`](#fn-specenvoyextravolumesdownwardapiwithdefaultmode) + * [`fn withItems(items)`](#fn-specenvoyextravolumesdownwardapiwithitems) + * [`fn withItemsMixin(items)`](#fn-specenvoyextravolumesdownwardapiwithitemsmixin) + * [`obj spec.envoy.extraVolumes.downwardAPI.items`](#obj-specenvoyextravolumesdownwardapiitems) + * [`fn withMode(mode)`](#fn-specenvoyextravolumesdownwardapiitemswithmode) + * [`fn withPath(path)`](#fn-specenvoyextravolumesdownwardapiitemswithpath) + * [`obj spec.envoy.extraVolumes.downwardAPI.items.fieldRef`](#obj-specenvoyextravolumesdownwardapiitemsfieldref) + * [`fn withApiVersion(apiVersion)`](#fn-specenvoyextravolumesdownwardapiitemsfieldrefwithapiversion) + * [`fn withFieldPath(fieldPath)`](#fn-specenvoyextravolumesdownwardapiitemsfieldrefwithfieldpath) + * [`obj spec.envoy.extraVolumes.downwardAPI.items.resourceFieldRef`](#obj-specenvoyextravolumesdownwardapiitemsresourcefieldref) + * [`fn withContainerName(containerName)`](#fn-specenvoyextravolumesdownwardapiitemsresourcefieldrefwithcontainername) + * [`fn withDivisor(divisor)`](#fn-specenvoyextravolumesdownwardapiitemsresourcefieldrefwithdivisor) + * [`fn withResource(resource)`](#fn-specenvoyextravolumesdownwardapiitemsresourcefieldrefwithresource) + * [`obj spec.envoy.extraVolumes.emptyDir`](#obj-specenvoyextravolumesemptydir) + * [`fn withMedium(medium)`](#fn-specenvoyextravolumesemptydirwithmedium) + * [`fn withSizeLimit(sizeLimit)`](#fn-specenvoyextravolumesemptydirwithsizelimit) + * [`obj spec.envoy.extraVolumes.ephemeral`](#obj-specenvoyextravolumesephemeral) + * [`obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate`](#obj-specenvoyextravolumesephemeralvolumeclaimtemplate) + * [`fn withMetadata(metadata)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatewithmetadata) + * [`fn withMetadataMixin(metadata)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatewithmetadatamixin) + * [`obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec`](#obj-specenvoyextravolumesephemeralvolumeclaimtemplatespec) + * [`fn withAccessModes(accessModes)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecwithaccessmodes) + * [`fn withAccessModesMixin(accessModes)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecwithaccessmodesmixin) + * [`fn withStorageClassName(storageClassName)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecwithstorageclassname) + * [`fn withVolumeAttributesClassName(volumeAttributesClassName)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecwithvolumeattributesclassname) + * [`fn withVolumeMode(volumeMode)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecwithvolumemode) + * [`fn withVolumeName(volumeName)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecwithvolumename) + * [`obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSource`](#obj-specenvoyextravolumesephemeralvolumeclaimtemplatespecdatasource) + * [`fn withApiGroup(apiGroup)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecdatasourcewithapigroup) + * [`fn withKind(kind)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecdatasourcewithkind) + * [`fn withName(name)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecdatasourcewithname) + * [`obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef`](#obj-specenvoyextravolumesephemeralvolumeclaimtemplatespecdatasourceref) + * [`fn withApiGroup(apiGroup)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecdatasourcerefwithapigroup) + * [`fn withKind(kind)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecdatasourcerefwithkind) + * [`fn withName(name)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecdatasourcerefwithname) + * [`fn withNamespace(namespace)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecdatasourcerefwithnamespace) + * [`obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources`](#obj-specenvoyextravolumesephemeralvolumeclaimtemplatespecresources) + * [`fn withLimits(limits)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecresourceswithlimits) + * [`fn withLimitsMixin(limits)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecresourceswithlimitsmixin) + * [`fn withRequests(requests)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecresourceswithrequests) + * [`fn withRequestsMixin(requests)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecresourceswithrequestsmixin) + * [`obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector`](#obj-specenvoyextravolumesephemeralvolumeclaimtemplatespecselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecselectorwithmatchlabelsmixin) + * [`obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions`](#obj-specenvoyextravolumesephemeralvolumeclaimtemplatespecselectormatchexpressions) + * [`fn withKey(key)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-specenvoyextravolumesephemeralvolumeclaimtemplatespecselectormatchexpressionswithvaluesmixin) + * [`obj spec.envoy.extraVolumes.fc`](#obj-specenvoyextravolumesfc) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesfcwithfstype) + * [`fn withLun(lun)`](#fn-specenvoyextravolumesfcwithlun) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesfcwithreadonly) + * [`fn withTargetWWNs(targetWWNs)`](#fn-specenvoyextravolumesfcwithtargetwwns) + * [`fn withTargetWWNsMixin(targetWWNs)`](#fn-specenvoyextravolumesfcwithtargetwwnsmixin) + * [`fn withWwids(wwids)`](#fn-specenvoyextravolumesfcwithwwids) + * [`fn withWwidsMixin(wwids)`](#fn-specenvoyextravolumesfcwithwwidsmixin) + * [`obj spec.envoy.extraVolumes.flexVolume`](#obj-specenvoyextravolumesflexvolume) + * [`fn withDriver(driver)`](#fn-specenvoyextravolumesflexvolumewithdriver) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesflexvolumewithfstype) + * [`fn withOptions(options)`](#fn-specenvoyextravolumesflexvolumewithoptions) + * [`fn withOptionsMixin(options)`](#fn-specenvoyextravolumesflexvolumewithoptionsmixin) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesflexvolumewithreadonly) + * [`obj spec.envoy.extraVolumes.flexVolume.secretRef`](#obj-specenvoyextravolumesflexvolumesecretref) + * [`fn withName(name)`](#fn-specenvoyextravolumesflexvolumesecretrefwithname) + * [`obj spec.envoy.extraVolumes.flocker`](#obj-specenvoyextravolumesflocker) + * [`fn withDatasetName(datasetName)`](#fn-specenvoyextravolumesflockerwithdatasetname) + * [`fn withDatasetUUID(datasetUUID)`](#fn-specenvoyextravolumesflockerwithdatasetuuid) + * [`obj spec.envoy.extraVolumes.gcePersistentDisk`](#obj-specenvoyextravolumesgcepersistentdisk) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesgcepersistentdiskwithfstype) + * [`fn withPartition(partition)`](#fn-specenvoyextravolumesgcepersistentdiskwithpartition) + * [`fn withPdName(pdName)`](#fn-specenvoyextravolumesgcepersistentdiskwithpdname) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesgcepersistentdiskwithreadonly) + * [`obj spec.envoy.extraVolumes.gitRepo`](#obj-specenvoyextravolumesgitrepo) + * [`fn withDirectory(directory)`](#fn-specenvoyextravolumesgitrepowithdirectory) + * [`fn withRepository(repository)`](#fn-specenvoyextravolumesgitrepowithrepository) + * [`fn withRevision(revision)`](#fn-specenvoyextravolumesgitrepowithrevision) + * [`obj spec.envoy.extraVolumes.glusterfs`](#obj-specenvoyextravolumesglusterfs) + * [`fn withEndpoints(endpoints)`](#fn-specenvoyextravolumesglusterfswithendpoints) + * [`fn withPath(path)`](#fn-specenvoyextravolumesglusterfswithpath) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesglusterfswithreadonly) + * [`obj spec.envoy.extraVolumes.hostPath`](#obj-specenvoyextravolumeshostpath) + * [`fn withPath(path)`](#fn-specenvoyextravolumeshostpathwithpath) + * [`fn withType(type)`](#fn-specenvoyextravolumeshostpathwithtype) + * [`obj spec.envoy.extraVolumes.iscsi`](#obj-specenvoyextravolumesiscsi) + * [`fn withChapAuthDiscovery(chapAuthDiscovery)`](#fn-specenvoyextravolumesiscsiwithchapauthdiscovery) + * [`fn withChapAuthSession(chapAuthSession)`](#fn-specenvoyextravolumesiscsiwithchapauthsession) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesiscsiwithfstype) + * [`fn withInitiatorName(initiatorName)`](#fn-specenvoyextravolumesiscsiwithinitiatorname) + * [`fn withIqn(iqn)`](#fn-specenvoyextravolumesiscsiwithiqn) + * [`fn withIscsiInterface(iscsiInterface)`](#fn-specenvoyextravolumesiscsiwithiscsiinterface) + * [`fn withLun(lun)`](#fn-specenvoyextravolumesiscsiwithlun) + * [`fn withPortals(portals)`](#fn-specenvoyextravolumesiscsiwithportals) + * [`fn withPortalsMixin(portals)`](#fn-specenvoyextravolumesiscsiwithportalsmixin) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesiscsiwithreadonly) + * [`fn withTargetPortal(targetPortal)`](#fn-specenvoyextravolumesiscsiwithtargetportal) + * [`obj spec.envoy.extraVolumes.iscsi.secretRef`](#obj-specenvoyextravolumesiscsisecretref) + * [`fn withName(name)`](#fn-specenvoyextravolumesiscsisecretrefwithname) + * [`obj spec.envoy.extraVolumes.nfs`](#obj-specenvoyextravolumesnfs) + * [`fn withPath(path)`](#fn-specenvoyextravolumesnfswithpath) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesnfswithreadonly) + * [`fn withServer(server)`](#fn-specenvoyextravolumesnfswithserver) + * [`obj spec.envoy.extraVolumes.persistentVolumeClaim`](#obj-specenvoyextravolumespersistentvolumeclaim) + * [`fn withClaimName(claimName)`](#fn-specenvoyextravolumespersistentvolumeclaimwithclaimname) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumespersistentvolumeclaimwithreadonly) + * [`obj spec.envoy.extraVolumes.photonPersistentDisk`](#obj-specenvoyextravolumesphotonpersistentdisk) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesphotonpersistentdiskwithfstype) + * [`fn withPdID(pdID)`](#fn-specenvoyextravolumesphotonpersistentdiskwithpdid) + * [`obj spec.envoy.extraVolumes.portworxVolume`](#obj-specenvoyextravolumesportworxvolume) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesportworxvolumewithfstype) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesportworxvolumewithreadonly) + * [`fn withVolumeID(volumeID)`](#fn-specenvoyextravolumesportworxvolumewithvolumeid) + * [`obj spec.envoy.extraVolumes.projected`](#obj-specenvoyextravolumesprojected) + * [`fn withDefaultMode(defaultMode)`](#fn-specenvoyextravolumesprojectedwithdefaultmode) + * [`fn withSources(sources)`](#fn-specenvoyextravolumesprojectedwithsources) + * [`fn withSourcesMixin(sources)`](#fn-specenvoyextravolumesprojectedwithsourcesmixin) + * [`obj spec.envoy.extraVolumes.projected.sources`](#obj-specenvoyextravolumesprojectedsources) + * [`obj spec.envoy.extraVolumes.projected.sources.clusterTrustBundle`](#obj-specenvoyextravolumesprojectedsourcesclustertrustbundle) + * [`fn withName(name)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlewithname) + * [`fn withOptional(optional)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlewithoptional) + * [`fn withPath(path)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlewithpath) + * [`fn withSignerName(signerName)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlewithsignername) + * [`obj spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector`](#obj-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselector) + * [`fn withMatchExpressions(matchExpressions)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselectorwithmatchexpressions) + * [`fn withMatchExpressionsMixin(matchExpressions)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselectorwithmatchexpressionsmixin) + * [`fn withMatchLabels(matchLabels)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselectorwithmatchlabels) + * [`fn withMatchLabelsMixin(matchLabels)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselectorwithmatchlabelsmixin) + * [`obj spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.matchExpressions`](#obj-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselectormatchexpressions) + * [`fn withKey(key)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselectormatchexpressionswithkey) + * [`fn withOperator(operator)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselectormatchexpressionswithoperator) + * [`fn withValues(values)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselectormatchexpressionswithvalues) + * [`fn withValuesMixin(values)`](#fn-specenvoyextravolumesprojectedsourcesclustertrustbundlelabelselectormatchexpressionswithvaluesmixin) + * [`obj spec.envoy.extraVolumes.projected.sources.configMap`](#obj-specenvoyextravolumesprojectedsourcesconfigmap) + * [`fn withItems(items)`](#fn-specenvoyextravolumesprojectedsourcesconfigmapwithitems) + * [`fn withItemsMixin(items)`](#fn-specenvoyextravolumesprojectedsourcesconfigmapwithitemsmixin) + * [`fn withName(name)`](#fn-specenvoyextravolumesprojectedsourcesconfigmapwithname) + * [`fn withOptional(optional)`](#fn-specenvoyextravolumesprojectedsourcesconfigmapwithoptional) + * [`obj spec.envoy.extraVolumes.projected.sources.configMap.items`](#obj-specenvoyextravolumesprojectedsourcesconfigmapitems) + * [`fn withKey(key)`](#fn-specenvoyextravolumesprojectedsourcesconfigmapitemswithkey) + * [`fn withMode(mode)`](#fn-specenvoyextravolumesprojectedsourcesconfigmapitemswithmode) + * [`fn withPath(path)`](#fn-specenvoyextravolumesprojectedsourcesconfigmapitemswithpath) + * [`obj spec.envoy.extraVolumes.projected.sources.downwardAPI`](#obj-specenvoyextravolumesprojectedsourcesdownwardapi) + * [`fn withItems(items)`](#fn-specenvoyextravolumesprojectedsourcesdownwardapiwithitems) + * [`fn withItemsMixin(items)`](#fn-specenvoyextravolumesprojectedsourcesdownwardapiwithitemsmixin) + * [`obj spec.envoy.extraVolumes.projected.sources.downwardAPI.items`](#obj-specenvoyextravolumesprojectedsourcesdownwardapiitems) + * [`fn withMode(mode)`](#fn-specenvoyextravolumesprojectedsourcesdownwardapiitemswithmode) + * [`fn withPath(path)`](#fn-specenvoyextravolumesprojectedsourcesdownwardapiitemswithpath) + * [`obj spec.envoy.extraVolumes.projected.sources.downwardAPI.items.fieldRef`](#obj-specenvoyextravolumesprojectedsourcesdownwardapiitemsfieldref) + * [`fn withApiVersion(apiVersion)`](#fn-specenvoyextravolumesprojectedsourcesdownwardapiitemsfieldrefwithapiversion) + * [`fn withFieldPath(fieldPath)`](#fn-specenvoyextravolumesprojectedsourcesdownwardapiitemsfieldrefwithfieldpath) + * [`obj spec.envoy.extraVolumes.projected.sources.downwardAPI.items.resourceFieldRef`](#obj-specenvoyextravolumesprojectedsourcesdownwardapiitemsresourcefieldref) + * [`fn withContainerName(containerName)`](#fn-specenvoyextravolumesprojectedsourcesdownwardapiitemsresourcefieldrefwithcontainername) + * [`fn withDivisor(divisor)`](#fn-specenvoyextravolumesprojectedsourcesdownwardapiitemsresourcefieldrefwithdivisor) + * [`fn withResource(resource)`](#fn-specenvoyextravolumesprojectedsourcesdownwardapiitemsresourcefieldrefwithresource) + * [`obj spec.envoy.extraVolumes.projected.sources.secret`](#obj-specenvoyextravolumesprojectedsourcessecret) + * [`fn withItems(items)`](#fn-specenvoyextravolumesprojectedsourcessecretwithitems) + * [`fn withItemsMixin(items)`](#fn-specenvoyextravolumesprojectedsourcessecretwithitemsmixin) + * [`fn withName(name)`](#fn-specenvoyextravolumesprojectedsourcessecretwithname) + * [`fn withOptional(optional)`](#fn-specenvoyextravolumesprojectedsourcessecretwithoptional) + * [`obj spec.envoy.extraVolumes.projected.sources.secret.items`](#obj-specenvoyextravolumesprojectedsourcessecretitems) + * [`fn withKey(key)`](#fn-specenvoyextravolumesprojectedsourcessecretitemswithkey) + * [`fn withMode(mode)`](#fn-specenvoyextravolumesprojectedsourcessecretitemswithmode) + * [`fn withPath(path)`](#fn-specenvoyextravolumesprojectedsourcessecretitemswithpath) + * [`obj spec.envoy.extraVolumes.projected.sources.serviceAccountToken`](#obj-specenvoyextravolumesprojectedsourcesserviceaccounttoken) + * [`fn withAudience(audience)`](#fn-specenvoyextravolumesprojectedsourcesserviceaccounttokenwithaudience) + * [`fn withExpirationSeconds(expirationSeconds)`](#fn-specenvoyextravolumesprojectedsourcesserviceaccounttokenwithexpirationseconds) + * [`fn withPath(path)`](#fn-specenvoyextravolumesprojectedsourcesserviceaccounttokenwithpath) + * [`obj spec.envoy.extraVolumes.quobyte`](#obj-specenvoyextravolumesquobyte) + * [`fn withGroup(group)`](#fn-specenvoyextravolumesquobytewithgroup) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesquobytewithreadonly) + * [`fn withRegistry(registry)`](#fn-specenvoyextravolumesquobytewithregistry) + * [`fn withTenant(tenant)`](#fn-specenvoyextravolumesquobytewithtenant) + * [`fn withUser(user)`](#fn-specenvoyextravolumesquobytewithuser) + * [`fn withVolume(volume)`](#fn-specenvoyextravolumesquobytewithvolume) + * [`obj spec.envoy.extraVolumes.rbd`](#obj-specenvoyextravolumesrbd) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesrbdwithfstype) + * [`fn withImage(image)`](#fn-specenvoyextravolumesrbdwithimage) + * [`fn withKeyring(keyring)`](#fn-specenvoyextravolumesrbdwithkeyring) + * [`fn withMonitors(monitors)`](#fn-specenvoyextravolumesrbdwithmonitors) + * [`fn withMonitorsMixin(monitors)`](#fn-specenvoyextravolumesrbdwithmonitorsmixin) + * [`fn withPool(pool)`](#fn-specenvoyextravolumesrbdwithpool) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesrbdwithreadonly) + * [`fn withUser(user)`](#fn-specenvoyextravolumesrbdwithuser) + * [`obj spec.envoy.extraVolumes.rbd.secretRef`](#obj-specenvoyextravolumesrbdsecretref) + * [`fn withName(name)`](#fn-specenvoyextravolumesrbdsecretrefwithname) + * [`obj spec.envoy.extraVolumes.scaleIO`](#obj-specenvoyextravolumesscaleio) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesscaleiowithfstype) + * [`fn withGateway(gateway)`](#fn-specenvoyextravolumesscaleiowithgateway) + * [`fn withProtectionDomain(protectionDomain)`](#fn-specenvoyextravolumesscaleiowithprotectiondomain) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesscaleiowithreadonly) + * [`fn withSslEnabled(sslEnabled)`](#fn-specenvoyextravolumesscaleiowithsslenabled) + * [`fn withStorageMode(storageMode)`](#fn-specenvoyextravolumesscaleiowithstoragemode) + * [`fn withStoragePool(storagePool)`](#fn-specenvoyextravolumesscaleiowithstoragepool) + * [`fn withSystem(system)`](#fn-specenvoyextravolumesscaleiowithsystem) + * [`fn withVolumeName(volumeName)`](#fn-specenvoyextravolumesscaleiowithvolumename) + * [`obj spec.envoy.extraVolumes.scaleIO.secretRef`](#obj-specenvoyextravolumesscaleiosecretref) + * [`fn withName(name)`](#fn-specenvoyextravolumesscaleiosecretrefwithname) + * [`obj spec.envoy.extraVolumes.secret`](#obj-specenvoyextravolumessecret) + * [`fn withDefaultMode(defaultMode)`](#fn-specenvoyextravolumessecretwithdefaultmode) + * [`fn withItems(items)`](#fn-specenvoyextravolumessecretwithitems) + * [`fn withItemsMixin(items)`](#fn-specenvoyextravolumessecretwithitemsmixin) + * [`fn withOptional(optional)`](#fn-specenvoyextravolumessecretwithoptional) + * [`fn withSecretName(secretName)`](#fn-specenvoyextravolumessecretwithsecretname) + * [`obj spec.envoy.extraVolumes.secret.items`](#obj-specenvoyextravolumessecretitems) + * [`fn withKey(key)`](#fn-specenvoyextravolumessecretitemswithkey) + * [`fn withMode(mode)`](#fn-specenvoyextravolumessecretitemswithmode) + * [`fn withPath(path)`](#fn-specenvoyextravolumessecretitemswithpath) + * [`obj spec.envoy.extraVolumes.storageos`](#obj-specenvoyextravolumesstorageos) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesstorageoswithfstype) + * [`fn withReadOnly(readOnly)`](#fn-specenvoyextravolumesstorageoswithreadonly) + * [`fn withVolumeName(volumeName)`](#fn-specenvoyextravolumesstorageoswithvolumename) + * [`fn withVolumeNamespace(volumeNamespace)`](#fn-specenvoyextravolumesstorageoswithvolumenamespace) + * [`obj spec.envoy.extraVolumes.storageos.secretRef`](#obj-specenvoyextravolumesstorageossecretref) + * [`fn withName(name)`](#fn-specenvoyextravolumesstorageossecretrefwithname) + * [`obj spec.envoy.extraVolumes.vsphereVolume`](#obj-specenvoyextravolumesvspherevolume) + * [`fn withFsType(fsType)`](#fn-specenvoyextravolumesvspherevolumewithfstype) + * [`fn withStoragePolicyID(storagePolicyID)`](#fn-specenvoyextravolumesvspherevolumewithstoragepolicyid) + * [`fn withStoragePolicyName(storagePolicyName)`](#fn-specenvoyextravolumesvspherevolumewithstoragepolicyname) + * [`fn withVolumePath(volumePath)`](#fn-specenvoyextravolumesvspherevolumewithvolumepath) + * [`obj spec.envoy.networkPublishing`](#obj-specenvoynetworkpublishing) + * [`fn withExternalTrafficPolicy(externalTrafficPolicy)`](#fn-specenvoynetworkpublishingwithexternaltrafficpolicy) + * [`fn withIpFamilyPolicy(ipFamilyPolicy)`](#fn-specenvoynetworkpublishingwithipfamilypolicy) + * [`fn withServiceAnnotations(serviceAnnotations)`](#fn-specenvoynetworkpublishingwithserviceannotations) + * [`fn withServiceAnnotationsMixin(serviceAnnotations)`](#fn-specenvoynetworkpublishingwithserviceannotationsmixin) + * [`fn withType(type)`](#fn-specenvoynetworkpublishingwithtype) + * [`obj spec.envoy.nodePlacement`](#obj-specenvoynodeplacement) + * [`fn withNodeSelector(nodeSelector)`](#fn-specenvoynodeplacementwithnodeselector) + * [`fn withNodeSelectorMixin(nodeSelector)`](#fn-specenvoynodeplacementwithnodeselectormixin) + * [`fn withTolerations(tolerations)`](#fn-specenvoynodeplacementwithtolerations) + * [`fn withTolerationsMixin(tolerations)`](#fn-specenvoynodeplacementwithtolerationsmixin) + * [`obj spec.envoy.nodePlacement.tolerations`](#obj-specenvoynodeplacementtolerations) + * [`fn withEffect(effect)`](#fn-specenvoynodeplacementtolerationswitheffect) + * [`fn withKey(key)`](#fn-specenvoynodeplacementtolerationswithkey) + * [`fn withOperator(operator)`](#fn-specenvoynodeplacementtolerationswithoperator) + * [`fn withTolerationSeconds(tolerationSeconds)`](#fn-specenvoynodeplacementtolerationswithtolerationseconds) + * [`fn withValue(value)`](#fn-specenvoynodeplacementtolerationswithvalue) + * [`obj spec.envoy.resources`](#obj-specenvoyresources) + * [`fn withClaims(claims)`](#fn-specenvoyresourceswithclaims) + * [`fn withClaimsMixin(claims)`](#fn-specenvoyresourceswithclaimsmixin) + * [`fn withLimits(limits)`](#fn-specenvoyresourceswithlimits) + * [`fn withLimitsMixin(limits)`](#fn-specenvoyresourceswithlimitsmixin) + * [`fn withRequests(requests)`](#fn-specenvoyresourceswithrequests) + * [`fn withRequestsMixin(requests)`](#fn-specenvoyresourceswithrequestsmixin) + * [`obj spec.envoy.resources.claims`](#obj-specenvoyresourcesclaims) + * [`fn withName(name)`](#fn-specenvoyresourcesclaimswithname) + * [`obj spec.runtimeSettings`](#obj-specruntimesettings) + * [`fn withEnableExternalNameService(enableExternalNameService)`](#fn-specruntimesettingswithenableexternalnameservice) + * [`fn withFeatureFlags(featureFlags)`](#fn-specruntimesettingswithfeatureflags) + * [`fn withFeatureFlagsMixin(featureFlags)`](#fn-specruntimesettingswithfeatureflagsmixin) + * [`obj spec.runtimeSettings.debug`](#obj-specruntimesettingsdebug) + * [`fn withAddress(address)`](#fn-specruntimesettingsdebugwithaddress) + * [`fn withPort(port)`](#fn-specruntimesettingsdebugwithport) + * [`obj spec.runtimeSettings.envoy`](#obj-specruntimesettingsenvoy) + * [`fn withDefaultHTTPVersions(defaultHTTPVersions)`](#fn-specruntimesettingsenvoywithdefaulthttpversions) + * [`fn withDefaultHTTPVersionsMixin(defaultHTTPVersions)`](#fn-specruntimesettingsenvoywithdefaulthttpversionsmixin) + * [`obj spec.runtimeSettings.envoy.clientCertificate`](#obj-specruntimesettingsenvoyclientcertificate) + * [`fn withName(name)`](#fn-specruntimesettingsenvoyclientcertificatewithname) + * [`fn withNamespace(namespace)`](#fn-specruntimesettingsenvoyclientcertificatewithnamespace) + * [`obj spec.runtimeSettings.envoy.cluster`](#obj-specruntimesettingsenvoycluster) + * [`fn withDnsLookupFamily(dnsLookupFamily)`](#fn-specruntimesettingsenvoyclusterwithdnslookupfamily) + * [`fn withMaxRequestsPerConnection(maxRequestsPerConnection)`](#fn-specruntimesettingsenvoyclusterwithmaxrequestsperconnection) + * [`fn withPer-Connection-Buffer-Limit-Bytes(per_connection_buffer_limit_bytes)`](#fn-specruntimesettingsenvoyclusterwithper-connection-buffer-limit-bytes) + * [`obj spec.runtimeSettings.envoy.cluster.circuitBreakers`](#obj-specruntimesettingsenvoyclustercircuitbreakers) + * [`fn withMaxConnections(maxConnections)`](#fn-specruntimesettingsenvoyclustercircuitbreakerswithmaxconnections) + * [`fn withMaxPendingRequests(maxPendingRequests)`](#fn-specruntimesettingsenvoyclustercircuitbreakerswithmaxpendingrequests) + * [`fn withMaxRequests(maxRequests)`](#fn-specruntimesettingsenvoyclustercircuitbreakerswithmaxrequests) + * [`fn withMaxRetries(maxRetries)`](#fn-specruntimesettingsenvoyclustercircuitbreakerswithmaxretries) + * [`obj spec.runtimeSettings.envoy.cluster.upstreamTLS`](#obj-specruntimesettingsenvoyclusterupstreamtls) + * [`fn withCipherSuites(cipherSuites)`](#fn-specruntimesettingsenvoyclusterupstreamtlswithciphersuites) + * [`fn withCipherSuitesMixin(cipherSuites)`](#fn-specruntimesettingsenvoyclusterupstreamtlswithciphersuitesmixin) + * [`fn withMaximumProtocolVersion(maximumProtocolVersion)`](#fn-specruntimesettingsenvoyclusterupstreamtlswithmaximumprotocolversion) + * [`fn withMinimumProtocolVersion(minimumProtocolVersion)`](#fn-specruntimesettingsenvoyclusterupstreamtlswithminimumprotocolversion) + * [`obj spec.runtimeSettings.envoy.health`](#obj-specruntimesettingsenvoyhealth) + * [`fn withAddress(address)`](#fn-specruntimesettingsenvoyhealthwithaddress) + * [`fn withPort(port)`](#fn-specruntimesettingsenvoyhealthwithport) + * [`obj spec.runtimeSettings.envoy.http`](#obj-specruntimesettingsenvoyhttp) + * [`fn withAccessLog(accessLog)`](#fn-specruntimesettingsenvoyhttpwithaccesslog) + * [`fn withAddress(address)`](#fn-specruntimesettingsenvoyhttpwithaddress) + * [`fn withPort(port)`](#fn-specruntimesettingsenvoyhttpwithport) + * [`obj spec.runtimeSettings.envoy.https`](#obj-specruntimesettingsenvoyhttps) + * [`fn withAccessLog(accessLog)`](#fn-specruntimesettingsenvoyhttpswithaccesslog) + * [`fn withAddress(address)`](#fn-specruntimesettingsenvoyhttpswithaddress) + * [`fn withPort(port)`](#fn-specruntimesettingsenvoyhttpswithport) + * [`obj spec.runtimeSettings.envoy.listener`](#obj-specruntimesettingsenvoylistener) + * [`fn withConnectionBalancer(connectionBalancer)`](#fn-specruntimesettingsenvoylistenerwithconnectionbalancer) + * [`fn withDisableAllowChunkedLength(disableAllowChunkedLength)`](#fn-specruntimesettingsenvoylistenerwithdisableallowchunkedlength) + * [`fn withDisableMergeSlashes(disableMergeSlashes)`](#fn-specruntimesettingsenvoylistenerwithdisablemergeslashes) + * [`fn withHttpMaxConcurrentStreams(httpMaxConcurrentStreams)`](#fn-specruntimesettingsenvoylistenerwithhttpmaxconcurrentstreams) + * [`fn withMaxConnectionsPerListener(maxConnectionsPerListener)`](#fn-specruntimesettingsenvoylistenerwithmaxconnectionsperlistener) + * [`fn withMaxRequestsPerConnection(maxRequestsPerConnection)`](#fn-specruntimesettingsenvoylistenerwithmaxrequestsperconnection) + * [`fn withMaxRequestsPerIOCycle(maxRequestsPerIOCycle)`](#fn-specruntimesettingsenvoylistenerwithmaxrequestsperiocycle) + * [`fn withPer-Connection-Buffer-Limit-Bytes(per_connection_buffer_limit_bytes)`](#fn-specruntimesettingsenvoylistenerwithper-connection-buffer-limit-bytes) + * [`fn withServerHeaderTransformation(serverHeaderTransformation)`](#fn-specruntimesettingsenvoylistenerwithserverheadertransformation) + * [`fn withUseProxyProtocol(useProxyProtocol)`](#fn-specruntimesettingsenvoylistenerwithuseproxyprotocol) + * [`obj spec.runtimeSettings.envoy.listener.socketOptions`](#obj-specruntimesettingsenvoylistenersocketoptions) + * [`fn withTos(tos)`](#fn-specruntimesettingsenvoylistenersocketoptionswithtos) + * [`fn withTrafficClass(trafficClass)`](#fn-specruntimesettingsenvoylistenersocketoptionswithtrafficclass) + * [`obj spec.runtimeSettings.envoy.listener.tls`](#obj-specruntimesettingsenvoylistenertls) + * [`fn withCipherSuites(cipherSuites)`](#fn-specruntimesettingsenvoylistenertlswithciphersuites) + * [`fn withCipherSuitesMixin(cipherSuites)`](#fn-specruntimesettingsenvoylistenertlswithciphersuitesmixin) + * [`fn withMaximumProtocolVersion(maximumProtocolVersion)`](#fn-specruntimesettingsenvoylistenertlswithmaximumprotocolversion) + * [`fn withMinimumProtocolVersion(minimumProtocolVersion)`](#fn-specruntimesettingsenvoylistenertlswithminimumprotocolversion) + * [`obj spec.runtimeSettings.envoy.logging`](#obj-specruntimesettingsenvoylogging) + * [`fn withAccessLogFormat(accessLogFormat)`](#fn-specruntimesettingsenvoyloggingwithaccesslogformat) + * [`fn withAccessLogFormatString(accessLogFormatString)`](#fn-specruntimesettingsenvoyloggingwithaccesslogformatstring) + * [`fn withAccessLogJSONFields(accessLogJSONFields)`](#fn-specruntimesettingsenvoyloggingwithaccesslogjsonfields) + * [`fn withAccessLogJSONFieldsMixin(accessLogJSONFields)`](#fn-specruntimesettingsenvoyloggingwithaccesslogjsonfieldsmixin) + * [`fn withAccessLogLevel(accessLogLevel)`](#fn-specruntimesettingsenvoyloggingwithaccessloglevel) + * [`obj spec.runtimeSettings.envoy.metrics`](#obj-specruntimesettingsenvoymetrics) + * [`fn withAddress(address)`](#fn-specruntimesettingsenvoymetricswithaddress) + * [`fn withPort(port)`](#fn-specruntimesettingsenvoymetricswithport) + * [`obj spec.runtimeSettings.envoy.metrics.tls`](#obj-specruntimesettingsenvoymetricstls) + * [`fn withCaFile(caFile)`](#fn-specruntimesettingsenvoymetricstlswithcafile) + * [`fn withCertFile(certFile)`](#fn-specruntimesettingsenvoymetricstlswithcertfile) + * [`fn withKeyFile(keyFile)`](#fn-specruntimesettingsenvoymetricstlswithkeyfile) + * [`obj spec.runtimeSettings.envoy.network`](#obj-specruntimesettingsenvoynetwork) + * [`fn withAdminPort(adminPort)`](#fn-specruntimesettingsenvoynetworkwithadminport) + * [`fn withNumTrustedHops(numTrustedHops)`](#fn-specruntimesettingsenvoynetworkwithnumtrustedhops) + * [`obj spec.runtimeSettings.envoy.service`](#obj-specruntimesettingsenvoyservice) + * [`fn withName(name)`](#fn-specruntimesettingsenvoyservicewithname) + * [`fn withNamespace(namespace)`](#fn-specruntimesettingsenvoyservicewithnamespace) + * [`obj spec.runtimeSettings.envoy.timeouts`](#obj-specruntimesettingsenvoytimeouts) + * [`fn withConnectTimeout(connectTimeout)`](#fn-specruntimesettingsenvoytimeoutswithconnecttimeout) + * [`fn withConnectionIdleTimeout(connectionIdleTimeout)`](#fn-specruntimesettingsenvoytimeoutswithconnectionidletimeout) + * [`fn withConnectionShutdownGracePeriod(connectionShutdownGracePeriod)`](#fn-specruntimesettingsenvoytimeoutswithconnectionshutdowngraceperiod) + * [`fn withDelayedCloseTimeout(delayedCloseTimeout)`](#fn-specruntimesettingsenvoytimeoutswithdelayedclosetimeout) + * [`fn withMaxConnectionDuration(maxConnectionDuration)`](#fn-specruntimesettingsenvoytimeoutswithmaxconnectionduration) + * [`fn withRequestTimeout(requestTimeout)`](#fn-specruntimesettingsenvoytimeoutswithrequesttimeout) + * [`fn withStreamIdleTimeout(streamIdleTimeout)`](#fn-specruntimesettingsenvoytimeoutswithstreamidletimeout) + * [`obj spec.runtimeSettings.gateway`](#obj-specruntimesettingsgateway) + * [`obj spec.runtimeSettings.gateway.gatewayRef`](#obj-specruntimesettingsgatewaygatewayref) + * [`fn withName(name)`](#fn-specruntimesettingsgatewaygatewayrefwithname) + * [`fn withNamespace(namespace)`](#fn-specruntimesettingsgatewaygatewayrefwithnamespace) + * [`obj spec.runtimeSettings.globalExtAuth`](#obj-specruntimesettingsglobalextauth) + * [`fn withFailOpen(failOpen)`](#fn-specruntimesettingsglobalextauthwithfailopen) + * [`fn withResponseTimeout(responseTimeout)`](#fn-specruntimesettingsglobalextauthwithresponsetimeout) + * [`obj spec.runtimeSettings.globalExtAuth.authPolicy`](#obj-specruntimesettingsglobalextauthauthpolicy) + * [`fn withContext(context)`](#fn-specruntimesettingsglobalextauthauthpolicywithcontext) + * [`fn withContextMixin(context)`](#fn-specruntimesettingsglobalextauthauthpolicywithcontextmixin) + * [`fn withDisabled(disabled)`](#fn-specruntimesettingsglobalextauthauthpolicywithdisabled) + * [`obj spec.runtimeSettings.globalExtAuth.extensionRef`](#obj-specruntimesettingsglobalextauthextensionref) + * [`fn withApiVersion(apiVersion)`](#fn-specruntimesettingsglobalextauthextensionrefwithapiversion) + * [`fn withName(name)`](#fn-specruntimesettingsglobalextauthextensionrefwithname) + * [`fn withNamespace(namespace)`](#fn-specruntimesettingsglobalextauthextensionrefwithnamespace) + * [`obj spec.runtimeSettings.globalExtAuth.withRequestBody`](#obj-specruntimesettingsglobalextauthwithrequestbody) + * [`fn withAllowPartialMessage(allowPartialMessage)`](#fn-specruntimesettingsglobalextauthwithrequestbodywithallowpartialmessage) + * [`fn withMaxRequestBytes(maxRequestBytes)`](#fn-specruntimesettingsglobalextauthwithrequestbodywithmaxrequestbytes) + * [`fn withPackAsBytes(packAsBytes)`](#fn-specruntimesettingsglobalextauthwithrequestbodywithpackasbytes) + * [`obj spec.runtimeSettings.health`](#obj-specruntimesettingshealth) + * [`fn withAddress(address)`](#fn-specruntimesettingshealthwithaddress) + * [`fn withPort(port)`](#fn-specruntimesettingshealthwithport) + * [`obj spec.runtimeSettings.httpproxy`](#obj-specruntimesettingshttpproxy) + * [`fn withDisablePermitInsecure(disablePermitInsecure)`](#fn-specruntimesettingshttpproxywithdisablepermitinsecure) + * [`fn withRootNamespaces(rootNamespaces)`](#fn-specruntimesettingshttpproxywithrootnamespaces) + * [`fn withRootNamespacesMixin(rootNamespaces)`](#fn-specruntimesettingshttpproxywithrootnamespacesmixin) + * [`obj spec.runtimeSettings.httpproxy.fallbackCertificate`](#obj-specruntimesettingshttpproxyfallbackcertificate) + * [`fn withName(name)`](#fn-specruntimesettingshttpproxyfallbackcertificatewithname) + * [`fn withNamespace(namespace)`](#fn-specruntimesettingshttpproxyfallbackcertificatewithnamespace) + * [`obj spec.runtimeSettings.ingress`](#obj-specruntimesettingsingress) + * [`fn withClassNames(classNames)`](#fn-specruntimesettingsingresswithclassnames) + * [`fn withClassNamesMixin(classNames)`](#fn-specruntimesettingsingresswithclassnamesmixin) + * [`fn withStatusAddress(statusAddress)`](#fn-specruntimesettingsingresswithstatusaddress) + * [`obj spec.runtimeSettings.metrics`](#obj-specruntimesettingsmetrics) + * [`fn withAddress(address)`](#fn-specruntimesettingsmetricswithaddress) + * [`fn withPort(port)`](#fn-specruntimesettingsmetricswithport) + * [`obj spec.runtimeSettings.metrics.tls`](#obj-specruntimesettingsmetricstls) + * [`fn withCaFile(caFile)`](#fn-specruntimesettingsmetricstlswithcafile) + * [`fn withCertFile(certFile)`](#fn-specruntimesettingsmetricstlswithcertfile) + * [`fn withKeyFile(keyFile)`](#fn-specruntimesettingsmetricstlswithkeyfile) + * [`obj spec.runtimeSettings.policy`](#obj-specruntimesettingspolicy) + * [`fn withApplyToIngress(applyToIngress)`](#fn-specruntimesettingspolicywithapplytoingress) + * [`obj spec.runtimeSettings.policy.requestHeaders`](#obj-specruntimesettingspolicyrequestheaders) + * [`fn withRemove(remove)`](#fn-specruntimesettingspolicyrequestheaderswithremove) + * [`fn withRemoveMixin(remove)`](#fn-specruntimesettingspolicyrequestheaderswithremovemixin) + * [`fn withSet(set)`](#fn-specruntimesettingspolicyrequestheaderswithset) + * [`fn withSetMixin(set)`](#fn-specruntimesettingspolicyrequestheaderswithsetmixin) + * [`obj spec.runtimeSettings.policy.responseHeaders`](#obj-specruntimesettingspolicyresponseheaders) + * [`fn withRemove(remove)`](#fn-specruntimesettingspolicyresponseheaderswithremove) + * [`fn withRemoveMixin(remove)`](#fn-specruntimesettingspolicyresponseheaderswithremovemixin) + * [`fn withSet(set)`](#fn-specruntimesettingspolicyresponseheaderswithset) + * [`fn withSetMixin(set)`](#fn-specruntimesettingspolicyresponseheaderswithsetmixin) + * [`obj spec.runtimeSettings.rateLimitService`](#obj-specruntimesettingsratelimitservice) + * [`fn withDomain(domain)`](#fn-specruntimesettingsratelimitservicewithdomain) + * [`fn withEnableResourceExhaustedCode(enableResourceExhaustedCode)`](#fn-specruntimesettingsratelimitservicewithenableresourceexhaustedcode) + * [`fn withEnableXRateLimitHeaders(enableXRateLimitHeaders)`](#fn-specruntimesettingsratelimitservicewithenablexratelimitheaders) + * [`fn withFailOpen(failOpen)`](#fn-specruntimesettingsratelimitservicewithfailopen) + * [`obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy`](#obj-specruntimesettingsratelimitservicedefaultglobalratelimitpolicy) + * [`fn withDescriptors(descriptors)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicywithdescriptors) + * [`fn withDescriptorsMixin(descriptors)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicywithdescriptorsmixin) + * [`fn withDisabled(disabled)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicywithdisabled) + * [`obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors`](#obj-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptors) + * [`fn withEntries(entries)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorswithentries) + * [`fn withEntriesMixin(entries)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorswithentriesmixin) + * [`obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries`](#obj-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentries) + * [`fn withRemoteAddress(remoteAddress)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentrieswithremoteaddress) + * [`fn withRemoteAddressMixin(remoteAddress)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentrieswithremoteaddressmixin) + * [`obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.genericKey`](#obj-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesgenerickey) + * [`fn withKey(key)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesgenerickeywithkey) + * [`fn withValue(value)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesgenerickeywithvalue) + * [`obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeader`](#obj-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheader) + * [`fn withDescriptorKey(descriptorKey)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheaderwithdescriptorkey) + * [`fn withHeaderName(headerName)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheaderwithheadername) + * [`obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch`](#obj-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematch) + * [`fn withExpectMatch(expectMatch)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchwithexpectmatch) + * [`fn withHeaders(headers)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchwithheaders) + * [`fn withHeadersMixin(headers)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchwithheadersmixin) + * [`fn withValue(value)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchwithvalue) + * [`obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers`](#obj-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaders) + * [`fn withContains(contains)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithcontains) + * [`fn withExact(exact)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithexact) + * [`fn withIgnoreCase(ignoreCase)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithignorecase) + * [`fn withName(name)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithname) + * [`fn withNotcontains(notcontains)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithnotcontains) + * [`fn withNotexact(notexact)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithnotexact) + * [`fn withNotpresent(notpresent)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithnotpresent) + * [`fn withPresent(present)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithpresent) + * [`fn withRegex(regex)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithregex) + * [`fn withTreatMissingAsEmpty(treatMissingAsEmpty)`](#fn-specruntimesettingsratelimitservicedefaultglobalratelimitpolicydescriptorsentriesrequestheadervaluematchheaderswithtreatmissingasempty) + * [`obj spec.runtimeSettings.rateLimitService.extensionService`](#obj-specruntimesettingsratelimitserviceextensionservice) + * [`fn withName(name)`](#fn-specruntimesettingsratelimitserviceextensionservicewithname) + * [`fn withNamespace(namespace)`](#fn-specruntimesettingsratelimitserviceextensionservicewithnamespace) + * [`obj spec.runtimeSettings.tracing`](#obj-specruntimesettingstracing) + * [`fn withCustomTags(customTags)`](#fn-specruntimesettingstracingwithcustomtags) + * [`fn withCustomTagsMixin(customTags)`](#fn-specruntimesettingstracingwithcustomtagsmixin) + * [`fn withIncludePodDetail(includePodDetail)`](#fn-specruntimesettingstracingwithincludepoddetail) + * [`fn withMaxPathTagLength(maxPathTagLength)`](#fn-specruntimesettingstracingwithmaxpathtaglength) + * [`fn withOverallSampling(overallSampling)`](#fn-specruntimesettingstracingwithoverallsampling) + * [`fn withServiceName(serviceName)`](#fn-specruntimesettingstracingwithservicename) + * [`obj spec.runtimeSettings.tracing.customTags`](#obj-specruntimesettingstracingcustomtags) + * [`fn withLiteral(literal)`](#fn-specruntimesettingstracingcustomtagswithliteral) + * [`fn withRequestHeaderName(requestHeaderName)`](#fn-specruntimesettingstracingcustomtagswithrequestheadername) + * [`fn withTagName(tagName)`](#fn-specruntimesettingstracingcustomtagswithtagname) + * [`obj spec.runtimeSettings.tracing.extensionService`](#obj-specruntimesettingstracingextensionservice) + * [`fn withName(name)`](#fn-specruntimesettingstracingextensionservicewithname) + * [`fn withNamespace(namespace)`](#fn-specruntimesettingstracingextensionservicewithnamespace) + * [`obj spec.runtimeSettings.xdsServer`](#obj-specruntimesettingsxdsserver) + * [`fn withAddress(address)`](#fn-specruntimesettingsxdsserverwithaddress) + * [`fn withPort(port)`](#fn-specruntimesettingsxdsserverwithport) + * [`fn withType(type)`](#fn-specruntimesettingsxdsserverwithtype) + * [`obj spec.runtimeSettings.xdsServer.tls`](#obj-specruntimesettingsxdsservertls) + * [`fn withCaFile(caFile)`](#fn-specruntimesettingsxdsservertlswithcafile) + * [`fn withCertFile(certFile)`](#fn-specruntimesettingsxdsservertlswithcertfile) + * [`fn withInsecure(insecure)`](#fn-specruntimesettingsxdsservertlswithinsecure) + * [`fn withKeyFile(keyFile)`](#fn-specruntimesettingsxdsservertlswithkeyfile) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ContourDeployment + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"ContourDeploymentSpec specifies options for how a Contour\ninstance should be provisioned." + +### fn spec.withResourceLabels + +```ts +withResourceLabels(resourceLabels) +``` + +"ResourceLabels is a set of labels to add to the provisioned Contour resources.\nDeprecated: use Gateway.Spec.Infrastructure.Labels instead. This field will be\nremoved in a future release." + +### fn spec.withResourceLabelsMixin + +```ts +withResourceLabelsMixin(resourceLabels) +``` + +"ResourceLabels is a set of labels to add to the provisioned Contour resources.\nDeprecated: use Gateway.Spec.Infrastructure.Labels instead. This field will be\nremoved in a future release." + +**Note:** This function appends passed data to existing values + +## obj spec.contour + +"Contour specifies deployment-time settings for the Contour\npart of the installation, i.e. the xDS server/control plane\nand associated resources, including things like replica count\nfor the Deployment, and node placement constraints for the pods." + +### fn spec.contour.withDisabledFeatures + +```ts +withDisabledFeatures(disabledFeatures) +``` + +"DisabledFeatures defines an array of resources that will be ignored by\ncontour reconciler." + +### fn spec.contour.withDisabledFeaturesMixin + +```ts +withDisabledFeaturesMixin(disabledFeatures) +``` + +"DisabledFeatures defines an array of resources that will be ignored by\ncontour reconciler." + +**Note:** This function appends passed data to existing values + +### fn spec.contour.withKubernetesLogLevel + +```ts +withKubernetesLogLevel(kubernetesLogLevel) +``` + +"KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset,\ndefaults to 0." + +### fn spec.contour.withLogLevel + +```ts +withLogLevel(logLevel) +``` + +"LogLevel sets the log level for Contour\nAllowed values are \"info\", \"debug\"." + +### fn spec.contour.withPodAnnotations + +```ts +withPodAnnotations(podAnnotations) +``` + +"PodAnnotations defines annotations to add to the Contour pods.\nthe annotations for Prometheus will be appended or overwritten with predefined value." + +### fn spec.contour.withPodAnnotationsMixin + +```ts +withPodAnnotationsMixin(podAnnotations) +``` + +"PodAnnotations defines annotations to add to the Contour pods.\nthe annotations for Prometheus will be appended or overwritten with predefined value." + +**Note:** This function appends passed data to existing values + +### fn spec.contour.withReplicas + +```ts +withReplicas(replicas) +``` + +"Deprecated: Use `DeploymentSettings.Replicas` instead.\nReplicas is the desired number of Contour replicas. If if unset,\ndefaults to 2.\nif both `DeploymentSettings.Replicas` and this one is set, use `DeploymentSettings.Replicas`." + +### fn spec.contour.withWatchNamespaces + +```ts +withWatchNamespaces(watchNamespaces) +``` + +"WatchNamespaces is an array of namespaces. Setting it will instruct the contour instance\nto only watch this subset of namespaces." + +### fn spec.contour.withWatchNamespacesMixin + +```ts +withWatchNamespacesMixin(watchNamespaces) +``` + +"WatchNamespaces is an array of namespaces. Setting it will instruct the contour instance\nto only watch this subset of namespaces." + +**Note:** This function appends passed data to existing values + +## obj spec.contour.deployment + +"Deployment describes the settings for running contour as a `Deployment`." + +### fn spec.contour.deployment.withReplicas + +```ts +withReplicas(replicas) +``` + +"Replicas is the desired number of replicas." + +## obj spec.contour.deployment.strategy + +"Strategy describes the deployment strategy to use to replace existing pods with new pods." + +### fn spec.contour.deployment.strategy.withType + +```ts +withType(type) +``` + +"Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate." + +## obj spec.contour.deployment.strategy.rollingUpdate + +"Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + +### fn spec.contour.deployment.strategy.rollingUpdate.withMaxSurge + +```ts +withMaxSurge(maxSurge) +``` + +"The maximum number of pods that can be scheduled above the desired number of\npods.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up.\nDefaults to 25%.\nExample: when this is set to 30%, the new ReplicaSet can be scaled up immediately when\nthe rolling update starts, such that the total number of old and new pods do not exceed\n130% of desired pods. Once old pods have been killed,\nnew ReplicaSet can be scaled up further, ensuring that total number of pods running\nat any time during the update is at most 130% of desired pods." + +### fn spec.contour.deployment.strategy.rollingUpdate.withMaxUnavailable + +```ts +withMaxUnavailable(maxUnavailable) +``` + +"The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nDefaults to 25%.\nExample: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods\nimmediately when the rolling update starts. Once new pods are ready, old ReplicaSet\ncan be scaled down further, followed by scaling up the new ReplicaSet, ensuring\nthat the total number of pods available at all times during the update is at\nleast 70% of desired pods." + +## obj spec.contour.nodePlacement + +"NodePlacement describes node scheduling configuration of Contour pods." + +### fn spec.contour.nodePlacement.withNodeSelector + +```ts +withNodeSelector(nodeSelector) +``` + +"NodeSelector is the simplest recommended form of node selection constraint\nand specifies a map of key-value pairs. For the pod to be eligible\nto run on a node, the node must have each of the indicated key-value pairs\nas labels (it can have additional labels as well).\nIf unset, the pod(s) will be scheduled to any available node." + +### fn spec.contour.nodePlacement.withNodeSelectorMixin + +```ts +withNodeSelectorMixin(nodeSelector) +``` + +"NodeSelector is the simplest recommended form of node selection constraint\nand specifies a map of key-value pairs. For the pod to be eligible\nto run on a node, the node must have each of the indicated key-value pairs\nas labels (it can have additional labels as well).\nIf unset, the pod(s) will be scheduled to any available node." + +**Note:** This function appends passed data to existing values + +### fn spec.contour.nodePlacement.withTolerations + +```ts +withTolerations(tolerations) +``` + +"Tolerations work with taints to ensure that pods are not scheduled\nonto inappropriate nodes. One or more taints are applied to a node; this\nmarks that the node should not accept any pods that do not tolerate the\ntaints.\nThe default is an empty list.\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\nfor additional details." + +### fn spec.contour.nodePlacement.withTolerationsMixin + +```ts +withTolerationsMixin(tolerations) +``` + +"Tolerations work with taints to ensure that pods are not scheduled\nonto inappropriate nodes. One or more taints are applied to a node; this\nmarks that the node should not accept any pods that do not tolerate the\ntaints.\nThe default is an empty list.\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\nfor additional details." + +**Note:** This function appends passed data to existing values + +## obj spec.contour.nodePlacement.tolerations + +"Tolerations work with taints to ensure that pods are not scheduled\nonto inappropriate nodes. One or more taints are applied to a node; this\nmarks that the node should not accept any pods that do not tolerate the\ntaints.\nThe default is an empty list.\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\nfor additional details." + +### fn spec.contour.nodePlacement.tolerations.withEffect + +```ts +withEffect(effect) +``` + +"Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + +### fn spec.contour.nodePlacement.tolerations.withKey + +```ts +withKey(key) +``` + +"Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + +### fn spec.contour.nodePlacement.tolerations.withOperator + +```ts +withOperator(operator) +``` + +"Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + +### fn spec.contour.nodePlacement.tolerations.withTolerationSeconds + +```ts +withTolerationSeconds(tolerationSeconds) +``` + +"TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + +### fn spec.contour.nodePlacement.tolerations.withValue + +```ts +withValue(value) +``` + +"Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + +## obj spec.contour.resources + +"Compute Resources required by contour container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +### fn spec.contour.resources.withClaims + +```ts +withClaims(claims) +``` + +"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\nThis field is immutable. It can only be set for containers." + +### fn spec.contour.resources.withClaimsMixin + +```ts +withClaimsMixin(claims) +``` + +"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\nThis field is immutable. It can only be set for containers." + +**Note:** This function appends passed data to existing values + +### fn spec.contour.resources.withLimits + +```ts +withLimits(limits) +``` + +"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +### fn spec.contour.resources.withLimitsMixin + +```ts +withLimitsMixin(limits) +``` + +"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +**Note:** This function appends passed data to existing values + +### fn spec.contour.resources.withRequests + +```ts +withRequests(requests) +``` + +"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +### fn spec.contour.resources.withRequestsMixin + +```ts +withRequestsMixin(requests) +``` + +"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +**Note:** This function appends passed data to existing values + +## obj spec.contour.resources.claims + +"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\nThis field is immutable. It can only be set for containers." + +### fn spec.contour.resources.claims.withName + +```ts +withName(name) +``` + +"Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + +## obj spec.envoy + +"Envoy specifies deployment-time settings for the Envoy\npart of the installation, i.e. the xDS client/data plane\nand associated resources, including things like the workload\ntype to use (DaemonSet or Deployment), node placement constraints\nfor the pods, and various options for the Envoy service." + +### fn spec.envoy.withBaseID + +```ts +withBaseID(baseID) +``` + +"The base ID to use when allocating shared memory regions.\nif Envoy needs to be run multiple times on the same machine, each running Envoy will need a unique base ID\nso that the shared memory regions do not conflict.\ndefaults to 0." + +### fn spec.envoy.withExtraVolumeMounts + +```ts +withExtraVolumeMounts(extraVolumeMounts) +``` + +"ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes)." + +### fn spec.envoy.withExtraVolumeMountsMixin + +```ts +withExtraVolumeMountsMixin(extraVolumeMounts) +``` + +"ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes)." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.withExtraVolumes + +```ts +withExtraVolumes(extraVolumes) +``` + +"ExtraVolumes holds the extra volumes to add." + +### fn spec.envoy.withExtraVolumesMixin + +```ts +withExtraVolumesMixin(extraVolumes) +``` + +"ExtraVolumes holds the extra volumes to add." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.withLogLevel + +```ts +withLogLevel(logLevel) +``` + +"LogLevel sets the log level for Envoy.\nAllowed values are \"trace\", \"debug\", \"info\", \"warn\", \"error\", \"critical\", \"off\"." + +### fn spec.envoy.withOverloadMaxHeapSize + +```ts +withOverloadMaxHeapSize(overloadMaxHeapSize) +``` + +"OverloadMaxHeapSize defines the maximum heap memory of the envoy controlled by the overload manager.\nWhen the value is greater than 0, the overload manager is enabled,\nand when envoy reaches 95% of the maximum heap size, it performs a shrink heap operation,\nWhen it reaches 98% of the maximum heap size, Envoy Will stop accepting requests.\nMore info: https://projectcontour.io/docs/main/config/overload-manager/" + +### fn spec.envoy.withPodAnnotations + +```ts +withPodAnnotations(podAnnotations) +``` + +"PodAnnotations defines annotations to add to the Envoy pods.\nthe annotations for Prometheus will be appended or overwritten with predefined value." + +### fn spec.envoy.withPodAnnotationsMixin + +```ts +withPodAnnotationsMixin(podAnnotations) +``` + +"PodAnnotations defines annotations to add to the Envoy pods.\nthe annotations for Prometheus will be appended or overwritten with predefined value." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.withReplicas + +```ts +withReplicas(replicas) +``` + +"Deprecated: Use `DeploymentSettings.Replicas` instead.\nReplicas is the desired number of Envoy replicas. If WorkloadType\nis not \"Deployment\", this field is ignored. Otherwise, if unset,\ndefaults to 2.\nif both `DeploymentSettings.Replicas` and this one is set, use `DeploymentSettings.Replicas`." + +### fn spec.envoy.withWorkloadType + +```ts +withWorkloadType(workloadType) +``` + +"WorkloadType is the type of workload to install Envoy\nas. Choices are DaemonSet and Deployment. If unset, defaults\nto DaemonSet." + +## obj spec.envoy.daemonSet + +"DaemonSet describes the settings for running envoy as a `DaemonSet`.\nif `WorkloadType` is `Deployment`,it's must be nil" + +## obj spec.envoy.daemonSet.updateStrategy + +"Strategy describes the deployment strategy to use to replace existing DaemonSet pods with new pods." + +### fn spec.envoy.daemonSet.updateStrategy.withType + +```ts +withType(type) +``` + +"Type of daemon set update. Can be \"RollingUpdate\" or \"OnDelete\". Default is RollingUpdate." + +## obj spec.envoy.daemonSet.updateStrategy.rollingUpdate + +"Rolling update config params. Present only if type = \"RollingUpdate\".\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be. Same as Deployment `strategy.rollingUpdate`.\nSee https://github.com/kubernetes/kubernetes/issues/35345" + +### fn spec.envoy.daemonSet.updateStrategy.rollingUpdate.withMaxSurge + +```ts +withMaxSurge(maxSurge) +``` + +"The maximum number of nodes with an existing available DaemonSet pod that\ncan have an updated DaemonSet pod during during an update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up to a minimum of 1.\nDefault value is 0.\nExample: when this is set to 30%, at most 30% of the total number of nodes\nthat should be running the daemon pod (i.e. status.desiredNumberScheduled)\ncan have their a new pod created before the old pod is marked as deleted.\nThe update starts by launching new pods on 30% of nodes. Once an updated\npod is available (Ready for at least minReadySeconds) the old DaemonSet pod\non that node is marked deleted. If the old pod becomes unavailable for any\nreason (Ready transitions to false, is evicted, or is drained) an updated\npod is immediatedly created on that node without considering surge limits.\nAllowing surge implies the possibility that the resources consumed by the\ndaemonset on any given node can double if the readiness check fails, and\nso resource intensive daemonsets should take into account that they may\ncause evictions during disruption." + +### fn spec.envoy.daemonSet.updateStrategy.rollingUpdate.withMaxUnavailable + +```ts +withMaxUnavailable(maxUnavailable) +``` + +"The maximum number of DaemonSet pods that can be unavailable during the\nupdate. Value can be an absolute number (ex: 5) or a percentage of total\nnumber of DaemonSet pods at the start of the update (ex: 10%). Absolute\nnumber is calculated from percentage by rounding up.\nThis cannot be 0 if MaxSurge is 0\nDefault value is 1.\nExample: when this is set to 30%, at most 30% of the total number of nodes\nthat should be running the daemon pod (i.e. status.desiredNumberScheduled)\ncan have their pods stopped for an update at any given time. The update\nstarts by stopping at most 30% of those DaemonSet pods and then brings\nup new DaemonSet pods in their place. Once the new pods are available,\nit then proceeds onto other DaemonSet pods, thus ensuring that at least\n70% of original number of DaemonSet pods are available at all times during\nthe update." + +## obj spec.envoy.deployment + +"Deployment describes the settings for running envoy as a `Deployment`.\nif `WorkloadType` is `DaemonSet`,it's must be nil" + +### fn spec.envoy.deployment.withReplicas + +```ts +withReplicas(replicas) +``` + +"Replicas is the desired number of replicas." + +## obj spec.envoy.deployment.strategy + +"Strategy describes the deployment strategy to use to replace existing pods with new pods." + +### fn spec.envoy.deployment.strategy.withType + +```ts +withType(type) +``` + +"Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate." + +## obj spec.envoy.deployment.strategy.rollingUpdate + +"Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + +### fn spec.envoy.deployment.strategy.rollingUpdate.withMaxSurge + +```ts +withMaxSurge(maxSurge) +``` + +"The maximum number of pods that can be scheduled above the desired number of\npods.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nThis can not be 0 if MaxUnavailable is 0.\nAbsolute number is calculated from percentage by rounding up.\nDefaults to 25%.\nExample: when this is set to 30%, the new ReplicaSet can be scaled up immediately when\nthe rolling update starts, such that the total number of old and new pods do not exceed\n130% of desired pods. Once old pods have been killed,\nnew ReplicaSet can be scaled up further, ensuring that total number of pods running\nat any time during the update is at most 130% of desired pods." + +### fn spec.envoy.deployment.strategy.rollingUpdate.withMaxUnavailable + +```ts +withMaxUnavailable(maxUnavailable) +``` + +"The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding down.\nThis can not be 0 if MaxSurge is 0.\nDefaults to 25%.\nExample: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods\nimmediately when the rolling update starts. Once new pods are ready, old ReplicaSet\ncan be scaled down further, followed by scaling up the new ReplicaSet, ensuring\nthat the total number of pods available at all times during the update is at\nleast 70% of desired pods." + +## obj spec.envoy.extraVolumeMounts + +"ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes)." + +### fn spec.envoy.extraVolumeMounts.withMountPath + +```ts +withMountPath(mountPath) +``` + +"Path within the container at which the volume should be mounted. Must\nnot contain ':'." + +### fn spec.envoy.extraVolumeMounts.withMountPropagation + +```ts +withMountPropagation(mountPropagation) +``` + +"mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." + +### fn spec.envoy.extraVolumeMounts.withName + +```ts +withName(name) +``` + +"This must match the Name of a Volume." + +### fn spec.envoy.extraVolumeMounts.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." + +### fn spec.envoy.extraVolumeMounts.withRecursiveReadOnly + +```ts +withRecursiveReadOnly(recursiveReadOnly) +``` + +"RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\nIf ReadOnly is false, this field has no meaning and must be unspecified.\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\nIf this field is not specified, it is treated as an equivalent of Disabled." + +### fn spec.envoy.extraVolumeMounts.withSubPath + +```ts +withSubPath(subPath) +``` + +"Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." + +### fn spec.envoy.extraVolumeMounts.withSubPathExpr + +```ts +withSubPathExpr(subPathExpr) +``` + +"Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive." + +## obj spec.envoy.extraVolumes + +"ExtraVolumes holds the extra volumes to add." + +### fn spec.envoy.extraVolumes.withName + +```ts +withName(name) +``` + +"name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + +## obj spec.envoy.extraVolumes.awsElasticBlockStore + +"awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + +### fn spec.envoy.extraVolumes.awsElasticBlockStore.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + +### fn spec.envoy.extraVolumes.awsElasticBlockStore.withPartition + +```ts +withPartition(partition) +``` + +"partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." + +### fn spec.envoy.extraVolumes.awsElasticBlockStore.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + +### fn spec.envoy.extraVolumes.awsElasticBlockStore.withVolumeID + +```ts +withVolumeID(volumeID) +``` + +"volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" + +## obj spec.envoy.extraVolumes.azureDisk + +"azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod." + +### fn spec.envoy.extraVolumes.azureDisk.withCachingMode + +```ts +withCachingMode(cachingMode) +``` + +"cachingMode is the Host Caching mode: None, Read Only, Read Write." + +### fn spec.envoy.extraVolumes.azureDisk.withDiskName + +```ts +withDiskName(diskName) +``` + +"diskName is the Name of the data disk in the blob storage" + +### fn spec.envoy.extraVolumes.azureDisk.withDiskURI + +```ts +withDiskURI(diskURI) +``` + +"diskURI is the URI of data disk in the blob storage" + +### fn spec.envoy.extraVolumes.azureDisk.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + +### fn spec.envoy.extraVolumes.azureDisk.withKind + +```ts +withKind(kind) +``` + +"kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" + +### fn spec.envoy.extraVolumes.azureDisk.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + +## obj spec.envoy.extraVolumes.azureFile + +"azureFile represents an Azure File Service mount on the host and bind mount to the pod." + +### fn spec.envoy.extraVolumes.azureFile.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + +### fn spec.envoy.extraVolumes.azureFile.withSecretName + +```ts +withSecretName(secretName) +``` + +"secretName is the name of secret that contains Azure Storage Account Name and Key" + +### fn spec.envoy.extraVolumes.azureFile.withShareName + +```ts +withShareName(shareName) +``` + +"shareName is the azure share Name" + +## obj spec.envoy.extraVolumes.cephfs + +"cephFS represents a Ceph FS mount on the host that shares a pod's lifetime" + +### fn spec.envoy.extraVolumes.cephfs.withMonitors + +```ts +withMonitors(monitors) +``` + +"monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.cephfs.withMonitorsMixin + +```ts +withMonitorsMixin(monitors) +``` + +"monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.cephfs.withPath + +```ts +withPath(path) +``` + +"path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" + +### fn spec.envoy.extraVolumes.cephfs.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.cephfs.withSecretFile + +```ts +withSecretFile(secretFile) +``` + +"secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.cephfs.withUser + +```ts +withUser(user) +``` + +"user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + +## obj spec.envoy.extraVolumes.cephfs.secretRef + +"secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.cephfs.secretRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +## obj spec.envoy.extraVolumes.cinder + +"cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + +### fn spec.envoy.extraVolumes.cinder.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + +### fn spec.envoy.extraVolumes.cinder.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + +### fn spec.envoy.extraVolumes.cinder.withVolumeID + +```ts +withVolumeID(volumeID) +``` + +"volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md" + +## obj spec.envoy.extraVolumes.cinder.secretRef + +"secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." + +### fn spec.envoy.extraVolumes.cinder.secretRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +## obj spec.envoy.extraVolumes.configMap + +"configMap represents a configMap that should populate this volume" + +### fn spec.envoy.extraVolumes.configMap.withDefaultMode + +```ts +withDefaultMode(defaultMode) +``` + +"defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.configMap.withItems + +```ts +withItems(items) +``` + +"items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +### fn spec.envoy.extraVolumes.configMap.withItemsMixin + +```ts +withItemsMixin(items) +``` + +"items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.configMap.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +### fn spec.envoy.extraVolumes.configMap.withOptional + +```ts +withOptional(optional) +``` + +"optional specify whether the ConfigMap or its keys must be defined" + +## obj spec.envoy.extraVolumes.configMap.items + +"items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +### fn spec.envoy.extraVolumes.configMap.items.withKey + +```ts +withKey(key) +``` + +"key is the key to project." + +### fn spec.envoy.extraVolumes.configMap.items.withMode + +```ts +withMode(mode) +``` + +"mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.configMap.items.withPath + +```ts +withPath(path) +``` + +"path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + +## obj spec.envoy.extraVolumes.csi + +"csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature)." + +### fn spec.envoy.extraVolumes.csi.withDriver + +```ts +withDriver(driver) +``` + +"driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster." + +### fn spec.envoy.extraVolumes.csi.withFsType + +```ts +withFsType(fsType) +``` + +"fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply." + +### fn spec.envoy.extraVolumes.csi.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write)." + +### fn spec.envoy.extraVolumes.csi.withVolumeAttributes + +```ts +withVolumeAttributes(volumeAttributes) +``` + +"volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." + +### fn spec.envoy.extraVolumes.csi.withVolumeAttributesMixin + +```ts +withVolumeAttributesMixin(volumeAttributes) +``` + +"volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values." + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.csi.nodePublishSecretRef + +"nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." + +### fn spec.envoy.extraVolumes.csi.nodePublishSecretRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +## obj spec.envoy.extraVolumes.downwardAPI + +"downwardAPI represents downward API about the pod that should populate this volume" + +### fn spec.envoy.extraVolumes.downwardAPI.withDefaultMode + +```ts +withDefaultMode(defaultMode) +``` + +"Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.downwardAPI.withItems + +```ts +withItems(items) +``` + +"Items is a list of downward API volume file" + +### fn spec.envoy.extraVolumes.downwardAPI.withItemsMixin + +```ts +withItemsMixin(items) +``` + +"Items is a list of downward API volume file" + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.downwardAPI.items + +"Items is a list of downward API volume file" + +### fn spec.envoy.extraVolumes.downwardAPI.items.withMode + +```ts +withMode(mode) +``` + +"Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.downwardAPI.items.withPath + +```ts +withPath(path) +``` + +"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + +## obj spec.envoy.extraVolumes.downwardAPI.items.fieldRef + +"Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." + +### fn spec.envoy.extraVolumes.downwardAPI.items.fieldRef.withApiVersion + +```ts +withApiVersion(apiVersion) +``` + +"Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + +### fn spec.envoy.extraVolumes.downwardAPI.items.fieldRef.withFieldPath + +```ts +withFieldPath(fieldPath) +``` + +"Path of the field to select in the specified API version." + +## obj spec.envoy.extraVolumes.downwardAPI.items.resourceFieldRef + +"Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + +### fn spec.envoy.extraVolumes.downwardAPI.items.resourceFieldRef.withContainerName + +```ts +withContainerName(containerName) +``` + +"Container name: required for volumes, optional for env vars" + +### fn spec.envoy.extraVolumes.downwardAPI.items.resourceFieldRef.withDivisor + +```ts +withDivisor(divisor) +``` + +"Specifies the output format of the exposed resources, defaults to \"1\ + +### fn spec.envoy.extraVolumes.downwardAPI.items.resourceFieldRef.withResource + +```ts +withResource(resource) +``` + +"Required: resource to select" + +## obj spec.envoy.extraVolumes.emptyDir + +"emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + +### fn spec.envoy.extraVolumes.emptyDir.withMedium + +```ts +withMedium(medium) +``` + +"medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + +### fn spec.envoy.extraVolumes.emptyDir.withSizeLimit + +```ts +withSizeLimit(sizeLimit) +``` + +"sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + +## obj spec.envoy.extraVolumes.ephemeral + +"ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + +## obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate + +"Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\nRequired, must not be nil." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.withMetadata + +```ts +withMetadata(metadata) +``` + +"May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.withMetadataMixin + +```ts +withMetadataMixin(metadata) +``` + +"May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec + +"The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withAccessModes + +```ts +withAccessModes(accessModes) +``` + +"accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withAccessModesMixin + +```ts +withAccessModesMixin(accessModes) +``` + +"accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withStorageClassName + +```ts +withStorageClassName(storageClassName) +``` + +"storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withVolumeAttributesClassName + +```ts +withVolumeAttributesClassName(volumeAttributesClassName) +``` + +"volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withVolumeMode + +```ts +withVolumeMode(volumeMode) +``` + +"volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.withVolumeName + +```ts +withVolumeName(volumeName) +``` + +"volumeName is the binding reference to the PersistentVolume backing this claim." + +## obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSource + +"dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSource.withApiGroup + +```ts +withApiGroup(apiGroup) +``` + +"APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSource.withKind + +```ts +withKind(kind) +``` + +"Kind is the type of resource being referenced" + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSource.withName + +```ts +withName(name) +``` + +"Name is the name of resource being referenced" + +## obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef + +"dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef.withApiGroup + +```ts +withApiGroup(apiGroup) +``` + +"APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef.withKind + +```ts +withKind(kind) +``` + +"Kind is the type of resource being referenced" + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef.withName + +```ts +withName(name) +``` + +"Name is the name of resource being referenced" + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.dataSourceRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled." + +## obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources + +"resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withLimits + +```ts +withLimits(limits) +``` + +"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withLimitsMixin + +```ts +withLimitsMixin(limits) +``` + +"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withRequests + +```ts +withRequests(requests) +``` + +"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.resources.withRequestsMixin + +```ts +withRequestsMixin(requests) +``` + +"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector + +"selector is a label query over volumes to consider for binding." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +### fn spec.envoy.extraVolumes.ephemeral.volumeClaimTemplate.spec.selector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.fc + +"fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." + +### fn spec.envoy.extraVolumes.fc.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + +### fn spec.envoy.extraVolumes.fc.withLun + +```ts +withLun(lun) +``` + +"lun is Optional: FC target lun number" + +### fn spec.envoy.extraVolumes.fc.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + +### fn spec.envoy.extraVolumes.fc.withTargetWWNs + +```ts +withTargetWWNs(targetWWNs) +``` + +"targetWWNs is Optional: FC target worldwide names (WWNs)" + +### fn spec.envoy.extraVolumes.fc.withTargetWWNsMixin + +```ts +withTargetWWNsMixin(targetWWNs) +``` + +"targetWWNs is Optional: FC target worldwide names (WWNs)" + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.fc.withWwids + +```ts +withWwids(wwids) +``` + +"wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + +### fn spec.envoy.extraVolumes.fc.withWwidsMixin + +```ts +withWwidsMixin(wwids) +``` + +"wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.flexVolume + +"flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." + +### fn spec.envoy.extraVolumes.flexVolume.withDriver + +```ts +withDriver(driver) +``` + +"driver is the name of the driver to use for this volume." + +### fn spec.envoy.extraVolumes.flexVolume.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script." + +### fn spec.envoy.extraVolumes.flexVolume.withOptions + +```ts +withOptions(options) +``` + +"options is Optional: this field holds extra command options if any." + +### fn spec.envoy.extraVolumes.flexVolume.withOptionsMixin + +```ts +withOptionsMixin(options) +``` + +"options is Optional: this field holds extra command options if any." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.flexVolume.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + +## obj spec.envoy.extraVolumes.flexVolume.secretRef + +"secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." + +### fn spec.envoy.extraVolumes.flexVolume.secretRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +## obj spec.envoy.extraVolumes.flocker + +"flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running" + +### fn spec.envoy.extraVolumes.flocker.withDatasetName + +```ts +withDatasetName(datasetName) +``` + +"datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated" + +### fn spec.envoy.extraVolumes.flocker.withDatasetUUID + +```ts +withDatasetUUID(datasetUUID) +``` + +"datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset" + +## obj spec.envoy.extraVolumes.gcePersistentDisk + +"gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + +### fn spec.envoy.extraVolumes.gcePersistentDisk.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + +### fn spec.envoy.extraVolumes.gcePersistentDisk.withPartition + +```ts +withPartition(partition) +``` + +"partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + +### fn spec.envoy.extraVolumes.gcePersistentDisk.withPdName + +```ts +withPdName(pdName) +``` + +"pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + +### fn spec.envoy.extraVolumes.gcePersistentDisk.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" + +## obj spec.envoy.extraVolumes.gitRepo + +"gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container." + +### fn spec.envoy.extraVolumes.gitRepo.withDirectory + +```ts +withDirectory(directory) +``` + +"directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name." + +### fn spec.envoy.extraVolumes.gitRepo.withRepository + +```ts +withRepository(repository) +``` + +"repository is the URL" + +### fn spec.envoy.extraVolumes.gitRepo.withRevision + +```ts +withRevision(revision) +``` + +"revision is the commit hash for the specified revision." + +## obj spec.envoy.extraVolumes.glusterfs + +"glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md" + +### fn spec.envoy.extraVolumes.glusterfs.withEndpoints + +```ts +withEndpoints(endpoints) +``` + +"endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + +### fn spec.envoy.extraVolumes.glusterfs.withPath + +```ts +withPath(path) +``` + +"path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + +### fn spec.envoy.extraVolumes.glusterfs.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" + +## obj spec.envoy.extraVolumes.hostPath + +"hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + +### fn spec.envoy.extraVolumes.hostPath.withPath + +```ts +withPath(path) +``` + +"path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + +### fn spec.envoy.extraVolumes.hostPath.withType + +```ts +withType(type) +``` + +"type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" + +## obj spec.envoy.extraVolumes.iscsi + +"iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" + +### fn spec.envoy.extraVolumes.iscsi.withChapAuthDiscovery + +```ts +withChapAuthDiscovery(chapAuthDiscovery) +``` + +"chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication" + +### fn spec.envoy.extraVolumes.iscsi.withChapAuthSession + +```ts +withChapAuthSession(chapAuthSession) +``` + +"chapAuthSession defines whether support iSCSI Session CHAP authentication" + +### fn spec.envoy.extraVolumes.iscsi.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + +### fn spec.envoy.extraVolumes.iscsi.withInitiatorName + +```ts +withInitiatorName(initiatorName) +``` + +"initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." + +### fn spec.envoy.extraVolumes.iscsi.withIqn + +```ts +withIqn(iqn) +``` + +"iqn is the target iSCSI Qualified Name." + +### fn spec.envoy.extraVolumes.iscsi.withIscsiInterface + +```ts +withIscsiInterface(iscsiInterface) +``` + +"iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." + +### fn spec.envoy.extraVolumes.iscsi.withLun + +```ts +withLun(lun) +``` + +"lun represents iSCSI Target Lun number." + +### fn spec.envoy.extraVolumes.iscsi.withPortals + +```ts +withPortals(portals) +``` + +"portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + +### fn spec.envoy.extraVolumes.iscsi.withPortalsMixin + +```ts +withPortalsMixin(portals) +``` + +"portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.iscsi.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." + +### fn spec.envoy.extraVolumes.iscsi.withTargetPortal + +```ts +withTargetPortal(targetPortal) +``` + +"targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260)." + +## obj spec.envoy.extraVolumes.iscsi.secretRef + +"secretRef is the CHAP Secret for iSCSI target and initiator authentication" + +### fn spec.envoy.extraVolumes.iscsi.secretRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +## obj spec.envoy.extraVolumes.nfs + +"nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + +### fn spec.envoy.extraVolumes.nfs.withPath + +```ts +withPath(path) +``` + +"path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + +### fn spec.envoy.extraVolumes.nfs.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + +### fn spec.envoy.extraVolumes.nfs.withServer + +```ts +withServer(server) +``` + +"server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" + +## obj spec.envoy.extraVolumes.persistentVolumeClaim + +"persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + +### fn spec.envoy.extraVolumes.persistentVolumeClaim.withClaimName + +```ts +withClaimName(claimName) +``` + +"claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" + +### fn spec.envoy.extraVolumes.persistentVolumeClaim.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false." + +## obj spec.envoy.extraVolumes.photonPersistentDisk + +"photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine" + +### fn spec.envoy.extraVolumes.photonPersistentDisk.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + +### fn spec.envoy.extraVolumes.photonPersistentDisk.withPdID + +```ts +withPdID(pdID) +``` + +"pdID is the ID that identifies Photon Controller persistent disk" + +## obj spec.envoy.extraVolumes.portworxVolume + +"portworxVolume represents a portworx volume attached and mounted on kubelets host machine" + +### fn spec.envoy.extraVolumes.portworxVolume.withFsType + +```ts +withFsType(fsType) +``` + +"fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified." + +### fn spec.envoy.extraVolumes.portworxVolume.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + +### fn spec.envoy.extraVolumes.portworxVolume.withVolumeID + +```ts +withVolumeID(volumeID) +``` + +"volumeID uniquely identifies a Portworx volume" + +## obj spec.envoy.extraVolumes.projected + +"projected items for all in one resources secrets, configmaps, and downward API" + +### fn spec.envoy.extraVolumes.projected.withDefaultMode + +```ts +withDefaultMode(defaultMode) +``` + +"defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.projected.withSources + +```ts +withSources(sources) +``` + +"sources is the list of volume projections" + +### fn spec.envoy.extraVolumes.projected.withSourcesMixin + +```ts +withSourcesMixin(sources) +``` + +"sources is the list of volume projections" + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.projected.sources + +"sources is the list of volume projections" + +## obj spec.envoy.extraVolumes.projected.sources.clusterTrustBundle + +"ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.withName + +```ts +withName(name) +``` + +"Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.withOptional + +```ts +withOptional(optional) +``` + +"If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.withPath + +```ts +withPath(path) +``` + +"Relative path from the volume root to write the bundle." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.withSignerName + +```ts +withSignerName(signerName) +``` + +"Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated." + +## obj spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector + +"Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.withMatchExpressions + +```ts +withMatchExpressions(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.withMatchExpressionsMixin + +```ts +withMatchExpressionsMixin(matchExpressions) +``` + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.withMatchLabels + +```ts +withMatchLabels(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.withMatchLabelsMixin + +```ts +withMatchLabelsMixin(matchLabels) +``` + +"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.matchExpressions + +"matchExpressions is a list of label selector requirements. The requirements are ANDed." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.matchExpressions.withKey + +```ts +withKey(key) +``` + +"key is the label key that the selector applies to." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.matchExpressions.withOperator + +```ts +withOperator(operator) +``` + +"operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.matchExpressions.withValues + +```ts +withValues(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +### fn spec.envoy.extraVolumes.projected.sources.clusterTrustBundle.labelSelector.matchExpressions.withValuesMixin + +```ts +withValuesMixin(values) +``` + +"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.projected.sources.configMap + +"configMap information about the configMap data to project" + +### fn spec.envoy.extraVolumes.projected.sources.configMap.withItems + +```ts +withItems(items) +``` + +"items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +### fn spec.envoy.extraVolumes.projected.sources.configMap.withItemsMixin + +```ts +withItemsMixin(items) +``` + +"items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.projected.sources.configMap.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +### fn spec.envoy.extraVolumes.projected.sources.configMap.withOptional + +```ts +withOptional(optional) +``` + +"optional specify whether the ConfigMap or its keys must be defined" + +## obj spec.envoy.extraVolumes.projected.sources.configMap.items + +"items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +### fn spec.envoy.extraVolumes.projected.sources.configMap.items.withKey + +```ts +withKey(key) +``` + +"key is the key to project." + +### fn spec.envoy.extraVolumes.projected.sources.configMap.items.withMode + +```ts +withMode(mode) +``` + +"mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.projected.sources.configMap.items.withPath + +```ts +withPath(path) +``` + +"path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + +## obj spec.envoy.extraVolumes.projected.sources.downwardAPI + +"downwardAPI information about the downwardAPI data to project" + +### fn spec.envoy.extraVolumes.projected.sources.downwardAPI.withItems + +```ts +withItems(items) +``` + +"Items is a list of DownwardAPIVolume file" + +### fn spec.envoy.extraVolumes.projected.sources.downwardAPI.withItemsMixin + +```ts +withItemsMixin(items) +``` + +"Items is a list of DownwardAPIVolume file" + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.extraVolumes.projected.sources.downwardAPI.items + +"Items is a list of DownwardAPIVolume file" + +### fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.withMode + +```ts +withMode(mode) +``` + +"Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.withPath + +```ts +withPath(path) +``` + +"Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" + +## obj spec.envoy.extraVolumes.projected.sources.downwardAPI.items.fieldRef + +"Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." + +### fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.fieldRef.withApiVersion + +```ts +withApiVersion(apiVersion) +``` + +"Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + +### fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.fieldRef.withFieldPath + +```ts +withFieldPath(fieldPath) +``` + +"Path of the field to select in the specified API version." + +## obj spec.envoy.extraVolumes.projected.sources.downwardAPI.items.resourceFieldRef + +"Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." + +### fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.resourceFieldRef.withContainerName + +```ts +withContainerName(containerName) +``` + +"Container name: required for volumes, optional for env vars" + +### fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.resourceFieldRef.withDivisor + +```ts +withDivisor(divisor) +``` + +"Specifies the output format of the exposed resources, defaults to \"1\ + +### fn spec.envoy.extraVolumes.projected.sources.downwardAPI.items.resourceFieldRef.withResource + +```ts +withResource(resource) +``` + +"Required: resource to select" + +## obj spec.envoy.extraVolumes.projected.sources.secret + +"secret information about the secret data to project" + +### fn spec.envoy.extraVolumes.projected.sources.secret.withItems + +```ts +withItems(items) +``` + +"items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +### fn spec.envoy.extraVolumes.projected.sources.secret.withItemsMixin + +```ts +withItemsMixin(items) +``` + +"items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.projected.sources.secret.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +### fn spec.envoy.extraVolumes.projected.sources.secret.withOptional + +```ts +withOptional(optional) +``` + +"optional field specify whether the Secret or its key must be defined" + +## obj spec.envoy.extraVolumes.projected.sources.secret.items + +"items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +### fn spec.envoy.extraVolumes.projected.sources.secret.items.withKey + +```ts +withKey(key) +``` + +"key is the key to project." + +### fn spec.envoy.extraVolumes.projected.sources.secret.items.withMode + +```ts +withMode(mode) +``` + +"mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.projected.sources.secret.items.withPath + +```ts +withPath(path) +``` + +"path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + +## obj spec.envoy.extraVolumes.projected.sources.serviceAccountToken + +"serviceAccountToken is information about the serviceAccountToken data to project" + +### fn spec.envoy.extraVolumes.projected.sources.serviceAccountToken.withAudience + +```ts +withAudience(audience) +``` + +"audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver." + +### fn spec.envoy.extraVolumes.projected.sources.serviceAccountToken.withExpirationSeconds + +```ts +withExpirationSeconds(expirationSeconds) +``` + +"expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes." + +### fn spec.envoy.extraVolumes.projected.sources.serviceAccountToken.withPath + +```ts +withPath(path) +``` + +"path is the path relative to the mount point of the file to project the\ntoken into." + +## obj spec.envoy.extraVolumes.quobyte + +"quobyte represents a Quobyte mount on the host that shares a pod's lifetime" + +### fn spec.envoy.extraVolumes.quobyte.withGroup + +```ts +withGroup(group) +``` + +"group to map volume access to\nDefault is no group" + +### fn spec.envoy.extraVolumes.quobyte.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false." + +### fn spec.envoy.extraVolumes.quobyte.withRegistry + +```ts +withRegistry(registry) +``` + +"registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes" + +### fn spec.envoy.extraVolumes.quobyte.withTenant + +```ts +withTenant(tenant) +``` + +"tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin" + +### fn spec.envoy.extraVolumes.quobyte.withUser + +```ts +withUser(user) +``` + +"user to map volume access to\nDefaults to serivceaccount user" + +### fn spec.envoy.extraVolumes.quobyte.withVolume + +```ts +withVolume(volume) +``` + +"volume is a string that references an already created Quobyte volume by name." + +## obj spec.envoy.extraVolumes.rbd + +"rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" + +### fn spec.envoy.extraVolumes.rbd.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + +### fn spec.envoy.extraVolumes.rbd.withImage + +```ts +withImage(image) +``` + +"image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.rbd.withKeyring + +```ts +withKeyring(keyring) +``` + +"keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.rbd.withMonitors + +```ts +withMonitors(monitors) +``` + +"monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.rbd.withMonitorsMixin + +```ts +withMonitorsMixin(monitors) +``` + +"monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.rbd.withPool + +```ts +withPool(pool) +``` + +"pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.rbd.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.rbd.withUser + +```ts +withUser(user) +``` + +"user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + +## obj spec.envoy.extraVolumes.rbd.secretRef + +"secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" + +### fn spec.envoy.extraVolumes.rbd.secretRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +## obj spec.envoy.extraVolumes.scaleIO + +"scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." + +### fn spec.envoy.extraVolumes.scaleIO.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." + +### fn spec.envoy.extraVolumes.scaleIO.withGateway + +```ts +withGateway(gateway) +``` + +"gateway is the host address of the ScaleIO API Gateway." + +### fn spec.envoy.extraVolumes.scaleIO.withProtectionDomain + +```ts +withProtectionDomain(protectionDomain) +``` + +"protectionDomain is the name of the ScaleIO Protection Domain for the configured storage." + +### fn spec.envoy.extraVolumes.scaleIO.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + +### fn spec.envoy.extraVolumes.scaleIO.withSslEnabled + +```ts +withSslEnabled(sslEnabled) +``` + +"sslEnabled Flag enable/disable SSL communication with Gateway, default false" + +### fn spec.envoy.extraVolumes.scaleIO.withStorageMode + +```ts +withStorageMode(storageMode) +``` + +"storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." + +### fn spec.envoy.extraVolumes.scaleIO.withStoragePool + +```ts +withStoragePool(storagePool) +``` + +"storagePool is the ScaleIO Storage Pool associated with the protection domain." + +### fn spec.envoy.extraVolumes.scaleIO.withSystem + +```ts +withSystem(system) +``` + +"system is the name of the storage system as configured in ScaleIO." + +### fn spec.envoy.extraVolumes.scaleIO.withVolumeName + +```ts +withVolumeName(volumeName) +``` + +"volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source." + +## obj spec.envoy.extraVolumes.scaleIO.secretRef + +"secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." + +### fn spec.envoy.extraVolumes.scaleIO.secretRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +## obj spec.envoy.extraVolumes.secret + +"secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + +### fn spec.envoy.extraVolumes.secret.withDefaultMode + +```ts +withDefaultMode(defaultMode) +``` + +"defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.secret.withItems + +```ts +withItems(items) +``` + +"items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +### fn spec.envoy.extraVolumes.secret.withItemsMixin + +```ts +withItemsMixin(items) +``` + +"items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.extraVolumes.secret.withOptional + +```ts +withOptional(optional) +``` + +"optional field specify whether the Secret or its keys must be defined" + +### fn spec.envoy.extraVolumes.secret.withSecretName + +```ts +withSecretName(secretName) +``` + +"secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + +## obj spec.envoy.extraVolumes.secret.items + +"items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'." + +### fn spec.envoy.extraVolumes.secret.items.withKey + +```ts +withKey(key) +``` + +"key is the key to project." + +### fn spec.envoy.extraVolumes.secret.items.withMode + +```ts +withMode(mode) +``` + +"mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set." + +### fn spec.envoy.extraVolumes.secret.items.withPath + +```ts +withPath(path) +``` + +"path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'." + +## obj spec.envoy.extraVolumes.storageos + +"storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes." + +### fn spec.envoy.extraVolumes.storageos.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + +### fn spec.envoy.extraVolumes.storageos.withReadOnly + +```ts +withReadOnly(readOnly) +``` + +"readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." + +### fn spec.envoy.extraVolumes.storageos.withVolumeName + +```ts +withVolumeName(volumeName) +``` + +"volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace." + +### fn spec.envoy.extraVolumes.storageos.withVolumeNamespace + +```ts +withVolumeNamespace(volumeNamespace) +``` + +"volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created." + +## obj spec.envoy.extraVolumes.storageos.secretRef + +"secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." + +### fn spec.envoy.extraVolumes.storageos.secretRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + +## obj spec.envoy.extraVolumes.vsphereVolume + +"vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine" + +### fn spec.envoy.extraVolumes.vsphereVolume.withFsType + +```ts +withFsType(fsType) +``` + +"fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." + +### fn spec.envoy.extraVolumes.vsphereVolume.withStoragePolicyID + +```ts +withStoragePolicyID(storagePolicyID) +``` + +"storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName." + +### fn spec.envoy.extraVolumes.vsphereVolume.withStoragePolicyName + +```ts +withStoragePolicyName(storagePolicyName) +``` + +"storagePolicyName is the storage Policy Based Management (SPBM) profile name." + +### fn spec.envoy.extraVolumes.vsphereVolume.withVolumePath + +```ts +withVolumePath(volumePath) +``` + +"volumePath is the path that identifies vSphere volume vmdk" + +## obj spec.envoy.networkPublishing + +"NetworkPublishing defines how to expose Envoy to a network." + +### fn spec.envoy.networkPublishing.withExternalTrafficPolicy + +```ts +withExternalTrafficPolicy(externalTrafficPolicy) +``` + +"ExternalTrafficPolicy describes how nodes distribute service traffic they\nreceive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs,\nand LoadBalancer IPs).\nIf unset, defaults to \"Local\"." + +### fn spec.envoy.networkPublishing.withIpFamilyPolicy + +```ts +withIpFamilyPolicy(ipFamilyPolicy) +``` + +"IPFamilyPolicy represents the dual-stack-ness requested or required by\nthis Service. If there is no value provided, then this field will be set\nto SingleStack. Services can be \"SingleStack\" (a single IP family),\n\"PreferDualStack\" (two IP families on dual-stack configured clusters or\na single IP family on single-stack clusters), or \"RequireDualStack\"\n(two IP families on dual-stack configured clusters, otherwise fail)." + +### fn spec.envoy.networkPublishing.withServiceAnnotations + +```ts +withServiceAnnotations(serviceAnnotations) +``` + +"ServiceAnnotations is the annotations to add to\nthe provisioned Envoy service." + +### fn spec.envoy.networkPublishing.withServiceAnnotationsMixin + +```ts +withServiceAnnotationsMixin(serviceAnnotations) +``` + +"ServiceAnnotations is the annotations to add to\nthe provisioned Envoy service." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.networkPublishing.withType + +```ts +withType(type) +``` + +"NetworkPublishingType is the type of publishing strategy to use. Valid values are:\n* LoadBalancerService\nIn this configuration, network endpoints for Envoy use container networking.\nA Kubernetes LoadBalancer Service is created to publish Envoy network\nendpoints.\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n* NodePortService\nPublishes Envoy network endpoints using a Kubernetes NodePort Service.\nIn this configuration, Envoy network endpoints use container networking. A Kubernetes\nNodePort Service is created to publish the network endpoints.\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport\nNOTE:\nWhen provisioning an Envoy `NodePortService`, use Gateway Listeners' port numbers to populate\nthe Service's node port values, there's no way to auto-allocate them.\nSee: https://github.com/projectcontour/contour/issues/4499\n* ClusterIPService\nPublishes Envoy network endpoints using a Kubernetes ClusterIP Service.\nIn this configuration, Envoy network endpoints use container networking. A Kubernetes\nClusterIP Service is created to publish the network endpoints.\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\nIf unset, defaults to LoadBalancerService." + +## obj spec.envoy.nodePlacement + +"NodePlacement describes node scheduling configuration of Envoy pods." + +### fn spec.envoy.nodePlacement.withNodeSelector + +```ts +withNodeSelector(nodeSelector) +``` + +"NodeSelector is the simplest recommended form of node selection constraint\nand specifies a map of key-value pairs. For the pod to be eligible\nto run on a node, the node must have each of the indicated key-value pairs\nas labels (it can have additional labels as well).\nIf unset, the pod(s) will be scheduled to any available node." + +### fn spec.envoy.nodePlacement.withNodeSelectorMixin + +```ts +withNodeSelectorMixin(nodeSelector) +``` + +"NodeSelector is the simplest recommended form of node selection constraint\nand specifies a map of key-value pairs. For the pod to be eligible\nto run on a node, the node must have each of the indicated key-value pairs\nas labels (it can have additional labels as well).\nIf unset, the pod(s) will be scheduled to any available node." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.nodePlacement.withTolerations + +```ts +withTolerations(tolerations) +``` + +"Tolerations work with taints to ensure that pods are not scheduled\nonto inappropriate nodes. One or more taints are applied to a node; this\nmarks that the node should not accept any pods that do not tolerate the\ntaints.\nThe default is an empty list.\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\nfor additional details." + +### fn spec.envoy.nodePlacement.withTolerationsMixin + +```ts +withTolerationsMixin(tolerations) +``` + +"Tolerations work with taints to ensure that pods are not scheduled\nonto inappropriate nodes. One or more taints are applied to a node; this\nmarks that the node should not accept any pods that do not tolerate the\ntaints.\nThe default is an empty list.\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\nfor additional details." + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.nodePlacement.tolerations + +"Tolerations work with taints to ensure that pods are not scheduled\nonto inappropriate nodes. One or more taints are applied to a node; this\nmarks that the node should not accept any pods that do not tolerate the\ntaints.\nThe default is an empty list.\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\nfor additional details." + +### fn spec.envoy.nodePlacement.tolerations.withEffect + +```ts +withEffect(effect) +``` + +"Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + +### fn spec.envoy.nodePlacement.tolerations.withKey + +```ts +withKey(key) +``` + +"Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + +### fn spec.envoy.nodePlacement.tolerations.withOperator + +```ts +withOperator(operator) +``` + +"Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + +### fn spec.envoy.nodePlacement.tolerations.withTolerationSeconds + +```ts +withTolerationSeconds(tolerationSeconds) +``` + +"TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + +### fn spec.envoy.nodePlacement.tolerations.withValue + +```ts +withValue(value) +``` + +"Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + +## obj spec.envoy.resources + +"Compute Resources required by envoy container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +### fn spec.envoy.resources.withClaims + +```ts +withClaims(claims) +``` + +"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\nThis field is immutable. It can only be set for containers." + +### fn spec.envoy.resources.withClaimsMixin + +```ts +withClaimsMixin(claims) +``` + +"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\nThis field is immutable. It can only be set for containers." + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.resources.withLimits + +```ts +withLimits(limits) +``` + +"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +### fn spec.envoy.resources.withLimitsMixin + +```ts +withLimitsMixin(limits) +``` + +"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +**Note:** This function appends passed data to existing values + +### fn spec.envoy.resources.withRequests + +```ts +withRequests(requests) +``` + +"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +### fn spec.envoy.resources.withRequestsMixin + +```ts +withRequestsMixin(requests) +``` + +"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + +**Note:** This function appends passed data to existing values + +## obj spec.envoy.resources.claims + +"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\nThis field is immutable. It can only be set for containers." + +### fn spec.envoy.resources.claims.withName + +```ts +withName(name) +``` + +"Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + +## obj spec.runtimeSettings + +"RuntimeSettings is a ContourConfiguration spec to be used when\nprovisioning a Contour instance that will influence aspects of\nthe Contour instance's runtime behavior." + +### fn spec.runtimeSettings.withEnableExternalNameService + +```ts +withEnableExternalNameService(enableExternalNameService) +``` + +"EnableExternalNameService allows processing of ExternalNameServices\nContour's default is false for security reasons." + +### fn spec.runtimeSettings.withFeatureFlags + +```ts +withFeatureFlags(featureFlags) +``` + +"FeatureFlags defines toggle to enable new contour features.\nAvailable toggles are:\nuseEndpointSlices - Configures contour to fetch endpoint data\nfrom k8s endpoint slices. defaults to true,\nIf false then reads endpoint data from the k8s endpoints." + +### fn spec.runtimeSettings.withFeatureFlagsMixin + +```ts +withFeatureFlagsMixin(featureFlags) +``` + +"FeatureFlags defines toggle to enable new contour features.\nAvailable toggles are:\nuseEndpointSlices - Configures contour to fetch endpoint data\nfrom k8s endpoint slices. defaults to true,\nIf false then reads endpoint data from the k8s endpoints." + +**Note:** This function appends passed data to existing values + +## obj spec.runtimeSettings.debug + +"Debug contains parameters to enable debug logging\nand debug interfaces inside Contour." + +### fn spec.runtimeSettings.debug.withAddress + +```ts +withAddress(address) +``` + +"Defines the Contour debug address interface.\nContour's default is \"127.0.0.1\"." + +### fn spec.runtimeSettings.debug.withPort + +```ts +withPort(port) +``` + +"Defines the Contour debug address port.\nContour's default is 6060." + +## obj spec.runtimeSettings.envoy + +"Envoy contains parameters for Envoy as well\nas how to optionally configure a managed Envoy fleet." + +### fn spec.runtimeSettings.envoy.withDefaultHTTPVersions + +```ts +withDefaultHTTPVersions(defaultHTTPVersions) +``` + +"DefaultHTTPVersions defines the default set of HTTPS\nversions the proxy should accept. HTTP versions are\nstrings of the form \"HTTP/xx\". Supported versions are\n\"HTTP/1.1\" and \"HTTP/2\".\nValues: `HTTP/1.1`, `HTTP/2` (default: both).\nOther values will produce an error." + +### fn spec.runtimeSettings.envoy.withDefaultHTTPVersionsMixin + +```ts +withDefaultHTTPVersionsMixin(defaultHTTPVersions) +``` + +"DefaultHTTPVersions defines the default set of HTTPS\nversions the proxy should accept. HTTP versions are\nstrings of the form \"HTTP/xx\". Supported versions are\n\"HTTP/1.1\" and \"HTTP/2\".\nValues: `HTTP/1.1`, `HTTP/2` (default: both).\nOther values will produce an error." + +**Note:** This function appends passed data to existing values + +## obj spec.runtimeSettings.envoy.clientCertificate + +"ClientCertificate defines the namespace/name of the Kubernetes\nsecret containing the client certificate and private key\nto be used when establishing TLS connection to upstream\ncluster." + +### fn spec.runtimeSettings.envoy.clientCertificate.withName + +```ts +withName(name) +``` + + + +### fn spec.runtimeSettings.envoy.clientCertificate.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.runtimeSettings.envoy.cluster + +"Cluster holds various configurable Envoy cluster values that can\nbe set in the config file." + +### fn spec.runtimeSettings.envoy.cluster.withDnsLookupFamily + +```ts +withDnsLookupFamily(dnsLookupFamily) +``` + +"DNSLookupFamily defines how external names are looked up\nWhen configured as V4, the DNS resolver will only perform a lookup\nfor addresses in the IPv4 family. If V6 is configured, the DNS resolver\nwill only perform a lookup for addresses in the IPv6 family.\nIf AUTO is configured, the DNS resolver will first perform a lookup\nfor addresses in the IPv6 family and fallback to a lookup for addresses\nin the IPv4 family. If ALL is specified, the DNS resolver will perform a lookup for\nboth IPv4 and IPv6 families, and return all resolved addresses.\nWhen this is used, Happy Eyeballs will be enabled for upstream connections.\nRefer to Happy Eyeballs Support for more information.\nNote: This only applies to externalName clusters.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily\nfor more information.\nValues: `auto` (default), `v4`, `v6`, `all`.\nOther values will produce an error." + +### fn spec.runtimeSettings.envoy.cluster.withMaxRequestsPerConnection + +```ts +withMaxRequestsPerConnection(maxRequestsPerConnection) +``` + +"Defines the maximum requests for upstream connections. If not specified, there is no limit.\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions\nfor more information." + +### fn spec.runtimeSettings.envoy.cluster.withPer-Connection-Buffer-Limit-Bytes + +```ts +withPer-Connection-Buffer-Limit-Bytes(per_connection_buffer_limit_bytes) +``` + +"Defines the soft limit on size of the cluster’s new connection read and write buffers in bytes.\nIf unspecified, an implementation defined default is applied (1MiB).\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes\nfor more information." + +## obj spec.runtimeSettings.envoy.cluster.circuitBreakers + +"GlobalCircuitBreakerDefaults specifies default circuit breaker budget across all services.\nIf defined, this will be used as the default for all services." + +### fn spec.runtimeSettings.envoy.cluster.circuitBreakers.withMaxConnections + +```ts +withMaxConnections(maxConnections) +``` + +"The maximum number of connections that a single Envoy instance allows to the Kubernetes Service; defaults to 1024." + +### fn spec.runtimeSettings.envoy.cluster.circuitBreakers.withMaxPendingRequests + +```ts +withMaxPendingRequests(maxPendingRequests) +``` + +"The maximum number of pending requests that a single Envoy instance allows to the Kubernetes Service; defaults to 1024." + +### fn spec.runtimeSettings.envoy.cluster.circuitBreakers.withMaxRequests + +```ts +withMaxRequests(maxRequests) +``` + +"The maximum parallel requests a single Envoy instance allows to the Kubernetes Service; defaults to 1024" + +### fn spec.runtimeSettings.envoy.cluster.circuitBreakers.withMaxRetries + +```ts +withMaxRetries(maxRetries) +``` + +"The maximum number of parallel retries a single Envoy instance allows to the Kubernetes Service; defaults to 3." + +## obj spec.runtimeSettings.envoy.cluster.upstreamTLS + +"UpstreamTLS contains the TLS policy parameters for upstream connections" + +### fn spec.runtimeSettings.envoy.cluster.upstreamTLS.withCipherSuites + +```ts +withCipherSuites(cipherSuites) +``` + +"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\nset that Envoy supports by default. This parameter should only be used\nby advanced users. Note that these will be ignored when TLS 1.3 is in\nuse.\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\nwill be used, which may be updated to keep it secure.\nContour's default list is:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\nCiphers provided are validated against the following list:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES128-GCM-SHA256\"\n - \"ECDHE-RSA-AES128-GCM-SHA256\"\n - \"ECDHE-ECDSA-AES128-SHA\"\n - \"ECDHE-RSA-AES128-SHA\"\n - \"AES128-GCM-SHA256\"\n - \"AES128-SHA\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\n - \"ECDHE-ECDSA-AES256-SHA\"\n - \"ECDHE-RSA-AES256-SHA\"\n - \"AES256-GCM-SHA384\"\n - \"AES256-SHA\"\nContour recommends leaving this undefined unless you are sure you must.\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS." + +### fn spec.runtimeSettings.envoy.cluster.upstreamTLS.withCipherSuitesMixin + +```ts +withCipherSuitesMixin(cipherSuites) +``` + +"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\nset that Envoy supports by default. This parameter should only be used\nby advanced users. Note that these will be ignored when TLS 1.3 is in\nuse.\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\nwill be used, which may be updated to keep it secure.\nContour's default list is:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\nCiphers provided are validated against the following list:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES128-GCM-SHA256\"\n - \"ECDHE-RSA-AES128-GCM-SHA256\"\n - \"ECDHE-ECDSA-AES128-SHA\"\n - \"ECDHE-RSA-AES128-SHA\"\n - \"AES128-GCM-SHA256\"\n - \"AES128-SHA\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\n - \"ECDHE-ECDSA-AES256-SHA\"\n - \"ECDHE-RSA-AES256-SHA\"\n - \"AES256-GCM-SHA384\"\n - \"AES256-SHA\"\nContour recommends leaving this undefined unless you are sure you must.\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS." + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.envoy.cluster.upstreamTLS.withMaximumProtocolVersion + +```ts +withMaximumProtocolVersion(maximumProtocolVersion) +``` + +"MaximumProtocolVersion is the maximum TLS version this vhost should\nnegotiate.\nValues: `1.2`, `1.3`(default).\nOther values will produce an error." + +### fn spec.runtimeSettings.envoy.cluster.upstreamTLS.withMinimumProtocolVersion + +```ts +withMinimumProtocolVersion(minimumProtocolVersion) +``` + +"MinimumProtocolVersion is the minimum TLS version this vhost should\nnegotiate.\nValues: `1.2` (default), `1.3`.\nOther values will produce an error." + +## obj spec.runtimeSettings.envoy.health + +"Health defines the endpoint Envoy uses to serve health checks.\nContour's default is { address: \"0.0.0.0\", port: 8002 }." + +### fn spec.runtimeSettings.envoy.health.withAddress + +```ts +withAddress(address) +``` + +"Defines the health address interface." + +### fn spec.runtimeSettings.envoy.health.withPort + +```ts +withPort(port) +``` + +"Defines the health port." + +## obj spec.runtimeSettings.envoy.http + +"Defines the HTTP Listener for Envoy.\nContour's default is { address: \"0.0.0.0\", port: 8080, accessLog: \"/dev/stdout\" }." + +### fn spec.runtimeSettings.envoy.http.withAccessLog + +```ts +withAccessLog(accessLog) +``` + +"AccessLog defines where Envoy logs are outputted for this listener." + +### fn spec.runtimeSettings.envoy.http.withAddress + +```ts +withAddress(address) +``` + +"Defines an Envoy Listener Address." + +### fn spec.runtimeSettings.envoy.http.withPort + +```ts +withPort(port) +``` + +"Defines an Envoy listener Port." + +## obj spec.runtimeSettings.envoy.https + +"Defines the HTTPS Listener for Envoy.\nContour's default is { address: \"0.0.0.0\", port: 8443, accessLog: \"/dev/stdout\" }." + +### fn spec.runtimeSettings.envoy.https.withAccessLog + +```ts +withAccessLog(accessLog) +``` + +"AccessLog defines where Envoy logs are outputted for this listener." + +### fn spec.runtimeSettings.envoy.https.withAddress + +```ts +withAddress(address) +``` + +"Defines an Envoy Listener Address." + +### fn spec.runtimeSettings.envoy.https.withPort + +```ts +withPort(port) +``` + +"Defines an Envoy listener Port." + +## obj spec.runtimeSettings.envoy.listener + +"Listener hold various configurable Envoy listener values." + +### fn spec.runtimeSettings.envoy.listener.withConnectionBalancer + +```ts +withConnectionBalancer(connectionBalancer) +``` + +"ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig\nfor more information.\nValues: (empty string): use the default ConnectionBalancer, `exact`: use the Exact ConnectionBalancer.\nOther values will produce an error." + +### fn spec.runtimeSettings.envoy.listener.withDisableAllowChunkedLength + +```ts +withDisableAllowChunkedLength(disableAllowChunkedLength) +``` + +"DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to\nstrip the \"Content-Length\" header if \"Transfer-Encoding: chunked\" is\nalso set. This is an emergency off-switch to revert back to Envoy's\ndefault behavior in case of failures. Please file an issue if failures\nare encountered.\nSee: https://github.com/projectcontour/contour/issues/3221\nContour's default is false." + +### fn spec.runtimeSettings.envoy.listener.withDisableMergeSlashes + +```ts +withDisableMergeSlashes(disableMergeSlashes) +``` + +"DisableMergeSlashes disables Envoy's non-standard merge_slashes path transformation option\nwhich strips duplicate slashes from request URL paths.\nContour's default is false." + +### fn spec.runtimeSettings.envoy.listener.withHttpMaxConcurrentStreams + +```ts +withHttpMaxConcurrentStreams(httpMaxConcurrentStreams) +``` + +"Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the\nSETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed\nfor a peer on a single HTTP/2 connection. It is recommended to not set this lower\nthan 100 but this field can be used to bound resource usage by HTTP/2 connections\nand mitigate attacks like CVE-2023-44487. The default value when this is not set is\nunlimited." + +### fn spec.runtimeSettings.envoy.listener.withMaxConnectionsPerListener + +```ts +withMaxConnectionsPerListener(maxConnectionsPerListener) +``` + +"Defines the limit on number of active connections to a listener. The limit is applied\nper listener. The default value when this is not set is unlimited." + +### fn spec.runtimeSettings.envoy.listener.withMaxRequestsPerConnection + +```ts +withMaxRequestsPerConnection(maxRequestsPerConnection) +``` + +"Defines the maximum requests for downstream connections. If not specified, there is no limit.\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions\nfor more information." + +### fn spec.runtimeSettings.envoy.listener.withMaxRequestsPerIOCycle + +```ts +withMaxRequestsPerIOCycle(maxRequestsPerIOCycle) +``` + +"Defines the limit on number of HTTP requests that Envoy will process from a single\nconnection in a single I/O cycle. Requests over this limit are processed in subsequent\nI/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is\ndetected. Configures the http.max_requests_per_io_cycle Envoy runtime setting. The default\nvalue when this is not set is no limit." + +### fn spec.runtimeSettings.envoy.listener.withPer-Connection-Buffer-Limit-Bytes + +```ts +withPer-Connection-Buffer-Limit-Bytes(per_connection_buffer_limit_bytes) +``` + +"Defines the soft limit on size of the listener’s new connection read and write buffers in bytes.\nIf unspecified, an implementation defined default is applied (1MiB).\nsee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-per-connection-buffer-limit-bytes\nfor more information." + +### fn spec.runtimeSettings.envoy.listener.withServerHeaderTransformation + +```ts +withServerHeaderTransformation(serverHeaderTransformation) +``` + +"Defines the action to be applied to the Server header on the response path.\nWhen configured as overwrite, overwrites any Server header with \"envoy\".\nWhen configured as append_if_absent, if a Server header is present, pass it through, otherwise set it to \"envoy\".\nWhen configured as pass_through, pass through the value of the Server header, and do not append a header if none is present.\nValues: `overwrite` (default), `append_if_absent`, `pass_through`\nOther values will produce an error.\nContour's default is overwrite." + +### fn spec.runtimeSettings.envoy.listener.withUseProxyProtocol + +```ts +withUseProxyProtocol(useProxyProtocol) +``` + +"Use PROXY protocol for all listeners.\nContour's default is false." + +## obj spec.runtimeSettings.envoy.listener.socketOptions + +"SocketOptions defines configurable socket options for the listeners.\nSingle set of options are applied to all listeners." + +### fn spec.runtimeSettings.envoy.listener.socketOptions.withTos + +```ts +withTos(tos) +``` + +"Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners.\nSingle value is applied to all listeners.\nIf listeners are bound to IPv6-only addresses, setting this option will cause an error." + +### fn spec.runtimeSettings.envoy.listener.socketOptions.withTrafficClass + +```ts +withTrafficClass(trafficClass) +``` + +"Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners.\nSingle value is applied to all listeners.\nIf listeners are bound to IPv4-only addresses, setting this option will cause an error." + +## obj spec.runtimeSettings.envoy.listener.tls + +"TLS holds various configurable Envoy TLS listener values." + +### fn spec.runtimeSettings.envoy.listener.tls.withCipherSuites + +```ts +withCipherSuites(cipherSuites) +``` + +"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\nset that Envoy supports by default. This parameter should only be used\nby advanced users. Note that these will be ignored when TLS 1.3 is in\nuse.\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\nwill be used, which may be updated to keep it secure.\nContour's default list is:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\nCiphers provided are validated against the following list:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES128-GCM-SHA256\"\n - \"ECDHE-RSA-AES128-GCM-SHA256\"\n - \"ECDHE-ECDSA-AES128-SHA\"\n - \"ECDHE-RSA-AES128-SHA\"\n - \"AES128-GCM-SHA256\"\n - \"AES128-SHA\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\n - \"ECDHE-ECDSA-AES256-SHA\"\n - \"ECDHE-RSA-AES256-SHA\"\n - \"AES256-GCM-SHA384\"\n - \"AES256-SHA\"\nContour recommends leaving this undefined unless you are sure you must.\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS." + +### fn spec.runtimeSettings.envoy.listener.tls.withCipherSuitesMixin + +```ts +withCipherSuitesMixin(cipherSuites) +``` + +"CipherSuites defines the TLS ciphers to be supported by Envoy TLS\nlisteners when negotiating TLS 1.2. Ciphers are validated against the\nset that Envoy supports by default. This parameter should only be used\nby advanced users. Note that these will be ignored when TLS 1.3 is in\nuse.\nThis field is optional; when it is undefined, a Contour-managed ciphersuite list\nwill be used, which may be updated to keep it secure.\nContour's default list is:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\nCiphers provided are validated against the following list:\n - \"[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]\"\n - \"[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]\"\n - \"ECDHE-ECDSA-AES128-GCM-SHA256\"\n - \"ECDHE-RSA-AES128-GCM-SHA256\"\n - \"ECDHE-ECDSA-AES128-SHA\"\n - \"ECDHE-RSA-AES128-SHA\"\n - \"AES128-GCM-SHA256\"\n - \"AES128-SHA\"\n - \"ECDHE-ECDSA-AES256-GCM-SHA384\"\n - \"ECDHE-RSA-AES256-GCM-SHA384\"\n - \"ECDHE-ECDSA-AES256-SHA\"\n - \"ECDHE-RSA-AES256-SHA\"\n - \"AES256-GCM-SHA384\"\n - \"AES256-SHA\"\nContour recommends leaving this undefined unless you are sure you must.\nSee: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters\nNote: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS." + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.envoy.listener.tls.withMaximumProtocolVersion + +```ts +withMaximumProtocolVersion(maximumProtocolVersion) +``` + +"MaximumProtocolVersion is the maximum TLS version this vhost should\nnegotiate.\nValues: `1.2`, `1.3`(default).\nOther values will produce an error." + +### fn spec.runtimeSettings.envoy.listener.tls.withMinimumProtocolVersion + +```ts +withMinimumProtocolVersion(minimumProtocolVersion) +``` + +"MinimumProtocolVersion is the minimum TLS version this vhost should\nnegotiate.\nValues: `1.2` (default), `1.3`.\nOther values will produce an error." + +## obj spec.runtimeSettings.envoy.logging + +"Logging defines how Envoy's logs can be configured." + +### fn spec.runtimeSettings.envoy.logging.withAccessLogFormat + +```ts +withAccessLogFormat(accessLogFormat) +``` + +"AccessLogFormat sets the global access log format.\nValues: `envoy` (default), `json`.\nOther values will produce an error." + +### fn spec.runtimeSettings.envoy.logging.withAccessLogFormatString + +```ts +withAccessLogFormatString(accessLogFormatString) +``` + +"AccessLogFormatString sets the access log format when format is set to `envoy`.\nWhen empty, Envoy's default format is used." + +### fn spec.runtimeSettings.envoy.logging.withAccessLogJSONFields + +```ts +withAccessLogJSONFields(accessLogJSONFields) +``` + +"AccessLogJSONFields sets the fields that JSON logging will\noutput when AccessLogFormat is json." + +### fn spec.runtimeSettings.envoy.logging.withAccessLogJSONFieldsMixin + +```ts +withAccessLogJSONFieldsMixin(accessLogJSONFields) +``` + +"AccessLogJSONFields sets the fields that JSON logging will\noutput when AccessLogFormat is json." + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.envoy.logging.withAccessLogLevel + +```ts +withAccessLogLevel(accessLogLevel) +``` + +"AccessLogLevel sets the verbosity level of the access log.\nValues: `info` (default, all requests are logged), `error` (all non-success requests, i.e. 300+ response code, are logged), `critical` (all 5xx requests are logged) and `disabled`.\nOther values will produce an error." + +## obj spec.runtimeSettings.envoy.metrics + +"Metrics defines the endpoint Envoy uses to serve metrics.\nContour's default is { address: \"0.0.0.0\", port: 8002 }." + +### fn spec.runtimeSettings.envoy.metrics.withAddress + +```ts +withAddress(address) +``` + +"Defines the metrics address interface." + +### fn spec.runtimeSettings.envoy.metrics.withPort + +```ts +withPort(port) +``` + +"Defines the metrics port." + +## obj spec.runtimeSettings.envoy.metrics.tls + +"TLS holds TLS file config details.\nMetrics and health endpoints cannot have same port number when metrics is served over HTTPS." + +### fn spec.runtimeSettings.envoy.metrics.tls.withCaFile + +```ts +withCaFile(caFile) +``` + +"CA filename." + +### fn spec.runtimeSettings.envoy.metrics.tls.withCertFile + +```ts +withCertFile(certFile) +``` + +"Client certificate filename." + +### fn spec.runtimeSettings.envoy.metrics.tls.withKeyFile + +```ts +withKeyFile(keyFile) +``` + +"Client key filename." + +## obj spec.runtimeSettings.envoy.network + +"Network holds various configurable Envoy network values." + +### fn spec.runtimeSettings.envoy.network.withAdminPort + +```ts +withAdminPort(adminPort) +``` + +"Configure the port used to access the Envoy Admin interface.\nIf configured to port \"0\" then the admin interface is disabled.\nContour's default is 9001." + +### fn spec.runtimeSettings.envoy.network.withNumTrustedHops + +```ts +withNumTrustedHops(numTrustedHops) +``` + +"XffNumTrustedHops defines the number of additional ingress proxy hops from the\nright side of the x-forwarded-for HTTP header to trust when determining the origin\nclient’s IP address.\nSee https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops\nfor more information.\nContour's default is 0." + +## obj spec.runtimeSettings.envoy.service + +"Service holds Envoy service parameters for setting Ingress status.\nContour's default is { namespace: \"projectcontour\", name: \"envoy\" }." + +### fn spec.runtimeSettings.envoy.service.withName + +```ts +withName(name) +``` + + + +### fn spec.runtimeSettings.envoy.service.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.runtimeSettings.envoy.timeouts + +"Timeouts holds various configurable timeouts that can\nbe set in the config file." + +### fn spec.runtimeSettings.envoy.timeouts.withConnectTimeout + +```ts +withConnectTimeout(connectTimeout) +``` + +"ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service.\nIf not set, a default value of 2 seconds will be used.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout\nfor more information." + +### fn spec.runtimeSettings.envoy.timeouts.withConnectionIdleTimeout + +```ts +withConnectionIdleTimeout(connectionIdleTimeout) +``` + +"ConnectionIdleTimeout defines how long the proxy should wait while there are\nno active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating\nan HTTP connection. Set to \"infinity\" to disable the timeout entirely.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout\nfor more information." + +### fn spec.runtimeSettings.envoy.timeouts.withConnectionShutdownGracePeriod + +```ts +withConnectionShutdownGracePeriod(connectionShutdownGracePeriod) +``` + +"ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an\ninitial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection.\nDuring this grace period, the proxy will continue to respond to new streams. After the final\nGOAWAY frame has been sent, the proxy will refuse new streams.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout\nfor more information." + +### fn spec.runtimeSettings.envoy.timeouts.withDelayedCloseTimeout + +```ts +withDelayedCloseTimeout(delayedCloseTimeout) +``` + +"DelayedCloseTimeout defines how long envoy will wait, once connection\nclose processing has been initiated, for the downstream peer to close\nthe connection before Envoy closes the socket associated with the connection.\nSetting this timeout to 'infinity' will disable it, equivalent to setting it to '0'\nin Envoy. Leaving it unset will result in the Envoy default value being used.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout\nfor more information." + +### fn spec.runtimeSettings.envoy.timeouts.withMaxConnectionDuration + +```ts +withMaxConnectionDuration(maxConnectionDuration) +``` + +"MaxConnectionDuration defines the maximum period of time after an HTTP connection\nhas been established from the client to the proxy before it is closed by the proxy,\nregardless of whether there has been activity or not. Omit or set to \"infinity\" for\nno max duration.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration\nfor more information." + +### fn spec.runtimeSettings.envoy.timeouts.withRequestTimeout + +```ts +withRequestTimeout(requestTimeout) +``` + +"RequestTimeout sets the client request timeout globally for Contour. Note that\nthis is a timeout for the entire request, not an idle timeout. Omit or set to\n\"infinity\" to disable the timeout entirely.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout\nfor more information." + +### fn spec.runtimeSettings.envoy.timeouts.withStreamIdleTimeout + +```ts +withStreamIdleTimeout(streamIdleTimeout) +``` + +"StreamIdleTimeout defines how long the proxy should wait while there is no\nrequest activity (for HTTP/1.1) or stream activity (for HTTP/2) before\nterminating the HTTP request or stream. Set to \"infinity\" to disable the\ntimeout entirely.\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout\nfor more information." + +## obj spec.runtimeSettings.gateway + +"Gateway contains parameters for the gateway-api Gateway that Contour\nis configured to serve traffic." + +## obj spec.runtimeSettings.gateway.gatewayRef + +"GatewayRef defines the specific Gateway that this Contour\ninstance corresponds to." + +### fn spec.runtimeSettings.gateway.gatewayRef.withName + +```ts +withName(name) +``` + + + +### fn spec.runtimeSettings.gateway.gatewayRef.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.runtimeSettings.globalExtAuth + +"GlobalExternalAuthorization allows envoys external authorization filter\nto be enabled for all virtual hosts." + +### fn spec.runtimeSettings.globalExtAuth.withFailOpen + +```ts +withFailOpen(failOpen) +``` + +"If FailOpen is true, the client request is forwarded to the upstream service\neven if the authorization server fails to respond. This field should not be\nset in most cases. It is intended for use only while migrating applications\nfrom internal authorization to Contour external authorization." + +### fn spec.runtimeSettings.globalExtAuth.withResponseTimeout + +```ts +withResponseTimeout(responseTimeout) +``` + +"ResponseTimeout configures maximum time to wait for a check response from the authorization server.\nTimeout durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration).\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".\nThe string \"infinity\" is also a valid input and specifies no timeout." + +## obj spec.runtimeSettings.globalExtAuth.authPolicy + +"AuthPolicy sets a default authorization policy for client requests.\nThis policy will be used unless overridden by individual routes." + +### fn spec.runtimeSettings.globalExtAuth.authPolicy.withContext + +```ts +withContext(context) +``` + +"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope." + +### fn spec.runtimeSettings.globalExtAuth.authPolicy.withContextMixin + +```ts +withContextMixin(context) +``` + +"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope." + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.globalExtAuth.authPolicy.withDisabled + +```ts +withDisabled(disabled) +``` + +"When true, this field disables client request authentication\nfor the scope of the policy." + +## obj spec.runtimeSettings.globalExtAuth.extensionRef + +"ExtensionServiceRef specifies the extension resource that will authorize client requests." + +### fn spec.runtimeSettings.globalExtAuth.extensionRef.withApiVersion + +```ts +withApiVersion(apiVersion) +``` + +"API version of the referent.\nIf this field is not specified, the default \"projectcontour.io/v1alpha1\" will be used" + +### fn spec.runtimeSettings.globalExtAuth.extensionRef.withName + +```ts +withName(name) +``` + +"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + +### fn spec.runtimeSettings.globalExtAuth.extensionRef.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace of the referent.\nIf this field is not specifies, the namespace of the resource that targets the referent will be used.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + +## obj spec.runtimeSettings.globalExtAuth.withRequestBody + +"WithRequestBody specifies configuration for sending the client request's body to authorization server." + +### fn spec.runtimeSettings.globalExtAuth.withRequestBody.withAllowPartialMessage + +```ts +withAllowPartialMessage(allowPartialMessage) +``` + +"If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached." + +### fn spec.runtimeSettings.globalExtAuth.withRequestBody.withMaxRequestBytes + +```ts +withMaxRequestBytes(maxRequestBytes) +``` + +"MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory." + +### fn spec.runtimeSettings.globalExtAuth.withRequestBody.withPackAsBytes + +```ts +withPackAsBytes(packAsBytes) +``` + +"If PackAsBytes is true, the body sent to Authorization Server is in raw bytes." + +## obj spec.runtimeSettings.health + +"Health defines the endpoints Contour uses to serve health checks.\nContour's default is { address: \"0.0.0.0\", port: 8000 }." + +### fn spec.runtimeSettings.health.withAddress + +```ts +withAddress(address) +``` + +"Defines the health address interface." + +### fn spec.runtimeSettings.health.withPort + +```ts +withPort(port) +``` + +"Defines the health port." + +## obj spec.runtimeSettings.httpproxy + +"HTTPProxy defines parameters on HTTPProxy." + +### fn spec.runtimeSettings.httpproxy.withDisablePermitInsecure + +```ts +withDisablePermitInsecure(disablePermitInsecure) +``` + +"DisablePermitInsecure disables the use of the\npermitInsecure field in HTTPProxy.\nContour's default is false." + +### fn spec.runtimeSettings.httpproxy.withRootNamespaces + +```ts +withRootNamespaces(rootNamespaces) +``` + +"Restrict Contour to searching these namespaces for root ingress routes." + +### fn spec.runtimeSettings.httpproxy.withRootNamespacesMixin + +```ts +withRootNamespacesMixin(rootNamespaces) +``` + +"Restrict Contour to searching these namespaces for root ingress routes." + +**Note:** This function appends passed data to existing values + +## obj spec.runtimeSettings.httpproxy.fallbackCertificate + +"FallbackCertificate defines the namespace/name of the Kubernetes secret to\nuse as fallback when a non-SNI request is received." + +### fn spec.runtimeSettings.httpproxy.fallbackCertificate.withName + +```ts +withName(name) +``` + + + +### fn spec.runtimeSettings.httpproxy.fallbackCertificate.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.runtimeSettings.ingress + +"Ingress contains parameters for ingress options." + +### fn spec.runtimeSettings.ingress.withClassNames + +```ts +withClassNames(classNames) +``` + +"Ingress Class Names Contour should use." + +### fn spec.runtimeSettings.ingress.withClassNamesMixin + +```ts +withClassNamesMixin(classNames) +``` + +"Ingress Class Names Contour should use." + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.ingress.withStatusAddress + +```ts +withStatusAddress(statusAddress) +``` + +"Address to set in Ingress object status." + +## obj spec.runtimeSettings.metrics + +"Metrics defines the endpoint Contour uses to serve metrics.\nContour's default is { address: \"0.0.0.0\", port: 8000 }." + +### fn spec.runtimeSettings.metrics.withAddress + +```ts +withAddress(address) +``` + +"Defines the metrics address interface." + +### fn spec.runtimeSettings.metrics.withPort + +```ts +withPort(port) +``` + +"Defines the metrics port." + +## obj spec.runtimeSettings.metrics.tls + +"TLS holds TLS file config details.\nMetrics and health endpoints cannot have same port number when metrics is served over HTTPS." + +### fn spec.runtimeSettings.metrics.tls.withCaFile + +```ts +withCaFile(caFile) +``` + +"CA filename." + +### fn spec.runtimeSettings.metrics.tls.withCertFile + +```ts +withCertFile(certFile) +``` + +"Client certificate filename." + +### fn spec.runtimeSettings.metrics.tls.withKeyFile + +```ts +withKeyFile(keyFile) +``` + +"Client key filename." + +## obj spec.runtimeSettings.policy + +"Policy specifies default policy applied if not overridden by the user" + +### fn spec.runtimeSettings.policy.withApplyToIngress + +```ts +withApplyToIngress(applyToIngress) +``` + +"ApplyToIngress determines if the Policies will apply to ingress objects\nContour's default is false." + +## obj spec.runtimeSettings.policy.requestHeaders + +"RequestHeadersPolicy defines the request headers set/removed on all routes" + +### fn spec.runtimeSettings.policy.requestHeaders.withRemove + +```ts +withRemove(remove) +``` + + + +### fn spec.runtimeSettings.policy.requestHeaders.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + + + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.policy.requestHeaders.withSet + +```ts +withSet(set) +``` + + + +### fn spec.runtimeSettings.policy.requestHeaders.withSetMixin + +```ts +withSetMixin(set) +``` + + + +**Note:** This function appends passed data to existing values + +## obj spec.runtimeSettings.policy.responseHeaders + +"ResponseHeadersPolicy defines the response headers set/removed on all routes" + +### fn spec.runtimeSettings.policy.responseHeaders.withRemove + +```ts +withRemove(remove) +``` + + + +### fn spec.runtimeSettings.policy.responseHeaders.withRemoveMixin + +```ts +withRemoveMixin(remove) +``` + + + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.policy.responseHeaders.withSet + +```ts +withSet(set) +``` + + + +### fn spec.runtimeSettings.policy.responseHeaders.withSetMixin + +```ts +withSetMixin(set) +``` + + + +**Note:** This function appends passed data to existing values + +## obj spec.runtimeSettings.rateLimitService + +"RateLimitService optionally holds properties of the Rate Limit Service\nto be used for global rate limiting." + +### fn spec.runtimeSettings.rateLimitService.withDomain + +```ts +withDomain(domain) +``` + +"Domain is passed to the Rate Limit Service." + +### fn spec.runtimeSettings.rateLimitService.withEnableResourceExhaustedCode + +```ts +withEnableResourceExhaustedCode(enableResourceExhaustedCode) +``` + +"EnableResourceExhaustedCode enables translating error code 429 to\ngrpc code RESOURCE_EXHAUSTED. When disabled it's translated to UNAVAILABLE" + +### fn spec.runtimeSettings.rateLimitService.withEnableXRateLimitHeaders + +```ts +withEnableXRateLimitHeaders(enableXRateLimitHeaders) +``` + +"EnableXRateLimitHeaders defines whether to include the X-RateLimit\nheaders X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset\n(as defined by the IETF Internet-Draft linked below), on responses\nto clients when the Rate Limit Service is consulted for a request.\nref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html" + +### fn spec.runtimeSettings.rateLimitService.withFailOpen + +```ts +withFailOpen(failOpen) +``` + +"FailOpen defines whether to allow requests to proceed when the\nRate Limit Service fails to respond with a valid rate limit\ndecision within the timeout defined on the extension service." + +## obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy + +"DefaultGlobalRateLimitPolicy allows setting a default global rate limit policy for every HTTPProxy.\nHTTPProxy can overwrite this configuration." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.withDescriptors + +```ts +withDescriptors(descriptors) +``` + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.withDescriptorsMixin + +```ts +withDescriptorsMixin(descriptors) +``` + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.withDisabled + +```ts +withDisabled(disabled) +``` + +"Disabled configures the HTTPProxy to not use\nthe default global rate limit policy defined by the Contour configuration." + +## obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors + +"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.withEntries + +```ts +withEntries(entries) +``` + +"Entries is the list of key-value pair generators." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.withEntriesMixin + +```ts +withEntriesMixin(entries) +``` + +"Entries is the list of key-value pair generators." + +**Note:** This function appends passed data to existing values + +## obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries + +"Entries is the list of key-value pair generators." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.withRemoteAddress + +```ts +withRemoteAddress(remoteAddress) +``` + +"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.withRemoteAddressMixin + +```ts +withRemoteAddressMixin(remoteAddress) +``` + +"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)." + +**Note:** This function appends passed data to existing values + +## obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.genericKey + +"GenericKey defines a descriptor entry with a static key and value." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.genericKey.withKey + +```ts +withKey(key) +``` + +"Key defines the key of the descriptor entry. If not set, the\nkey is set to \"generic_key\"." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.genericKey.withValue + +```ts +withValue(value) +``` + +"Value defines the value of the descriptor entry." + +## obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeader + +"RequestHeader defines a descriptor entry that's populated only if\na given header is present on the request. The descriptor key is static,\nand the descriptor value is equal to the value of the header." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeader.withDescriptorKey + +```ts +withDescriptorKey(descriptorKey) +``` + +"DescriptorKey defines the key to use on the descriptor entry." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeader.withHeaderName + +```ts +withHeaderName(headerName) +``` + +"HeaderName defines the name of the header to look for on the request." + +## obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch + +"RequestHeaderValueMatch defines a descriptor entry that's populated\nif the request's headers match a set of 1+ match criteria. The\ndescriptor key is \"header_match\", and the descriptor value is static." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.withExpectMatch + +```ts +withExpectMatch(expectMatch) +``` + +"ExpectMatch defines whether the request must positively match the match\ncriteria in order to generate a descriptor entry (i.e. true), or not\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\nThe default is true." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.withHeaders + +```ts +withHeaders(headers) +``` + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.withHeadersMixin + +```ts +withHeadersMixin(headers) +``` + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.withValue + +```ts +withValue(value) +``` + +"Value defines the value of the descriptor entry." + +## obj spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers + +"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withContains + +```ts +withContains(contains) +``` + +"Contains specifies a substring that must be present in\nthe header value." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withExact + +```ts +withExact(exact) +``` + +"Exact specifies a string that the header value must be equal to." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withIgnoreCase + +```ts +withIgnoreCase(ignoreCase) +``` + +"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withName + +```ts +withName(name) +``` + +"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains + +```ts +withNotcontains(notcontains) +``` + +"NotContains specifies a substring that must not be present\nin the header value." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withNotexact + +```ts +withNotexact(notexact) +``` + +"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent + +```ts +withNotpresent(notpresent) +``` + +"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withPresent + +```ts +withPresent(present) +``` + +"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withRegex + +```ts +withRegex(regex) +``` + +"Regex specifies a regular expression pattern that must match the header\nvalue." + +### fn spec.runtimeSettings.rateLimitService.defaultGlobalRateLimitPolicy.descriptors.entries.requestHeaderValueMatch.headers.withTreatMissingAsEmpty + +```ts +withTreatMissingAsEmpty(treatMissingAsEmpty) +``` + +"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is **only** supported for\nnegative matches (e.g. NotContains, NotExact)." + +## obj spec.runtimeSettings.rateLimitService.extensionService + +"ExtensionService identifies the extension service defining the RLS." + +### fn spec.runtimeSettings.rateLimitService.extensionService.withName + +```ts +withName(name) +``` + + + +### fn spec.runtimeSettings.rateLimitService.extensionService.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.runtimeSettings.tracing + +"Tracing defines properties for exporting trace data to OpenTelemetry." + +### fn spec.runtimeSettings.tracing.withCustomTags + +```ts +withCustomTags(customTags) +``` + +"CustomTags defines a list of custom tags with unique tag name." + +### fn spec.runtimeSettings.tracing.withCustomTagsMixin + +```ts +withCustomTagsMixin(customTags) +``` + +"CustomTags defines a list of custom tags with unique tag name." + +**Note:** This function appends passed data to existing values + +### fn spec.runtimeSettings.tracing.withIncludePodDetail + +```ts +withIncludePodDetail(includePodDetail) +``` + +"IncludePodDetail defines a flag.\nIf it is true, contour will add the pod name and namespace to the span of the trace.\nthe default is true.\nNote: The Envoy pods MUST have the HOSTNAME and CONTOUR_NAMESPACE environment variables set for this to work properly." + +### fn spec.runtimeSettings.tracing.withMaxPathTagLength + +```ts +withMaxPathTagLength(maxPathTagLength) +``` + +"MaxPathTagLength defines maximum length of the request path\nto extract and include in the HttpUrl tag.\ncontour's default is 256." + +### fn spec.runtimeSettings.tracing.withOverallSampling + +```ts +withOverallSampling(overallSampling) +``` + +"OverallSampling defines the sampling rate of trace data.\ncontour's default is 100." + +### fn spec.runtimeSettings.tracing.withServiceName + +```ts +withServiceName(serviceName) +``` + +"ServiceName defines the name for the service.\ncontour's default is contour." + +## obj spec.runtimeSettings.tracing.customTags + +"CustomTags defines a list of custom tags with unique tag name." + +### fn spec.runtimeSettings.tracing.customTags.withLiteral + +```ts +withLiteral(literal) +``` + +"Literal is a static custom tag value.\nPrecisely one of Literal, RequestHeaderName must be set." + +### fn spec.runtimeSettings.tracing.customTags.withRequestHeaderName + +```ts +withRequestHeaderName(requestHeaderName) +``` + +"RequestHeaderName indicates which request header\nthe label value is obtained from.\nPrecisely one of Literal, RequestHeaderName must be set." + +### fn spec.runtimeSettings.tracing.customTags.withTagName + +```ts +withTagName(tagName) +``` + +"TagName is the unique name of the custom tag." + +## obj spec.runtimeSettings.tracing.extensionService + +"ExtensionService identifies the extension service defining the otel-collector." + +### fn spec.runtimeSettings.tracing.extensionService.withName + +```ts +withName(name) +``` + + + +### fn spec.runtimeSettings.tracing.extensionService.withNamespace + +```ts +withNamespace(namespace) +``` + + + +## obj spec.runtimeSettings.xdsServer + +"XDSServer contains parameters for the xDS server." + +### fn spec.runtimeSettings.xdsServer.withAddress + +```ts +withAddress(address) +``` + +"Defines the xDS gRPC API address which Contour will serve.\nContour's default is \"0.0.0.0\"." + +### fn spec.runtimeSettings.xdsServer.withPort + +```ts +withPort(port) +``` + +"Defines the xDS gRPC API port which Contour will serve.\nContour's default is 8001." + +### fn spec.runtimeSettings.xdsServer.withType + +```ts +withType(type) +``` + +"Defines the XDSServer to use for `contour serve`.\nValues: `envoy` (default), `contour (deprecated)`.\nOther values will produce an error." + +## obj spec.runtimeSettings.xdsServer.tls + +"TLS holds TLS file config details.\nContour's default is { caFile: \"/certs/ca.crt\", certFile: \"/certs/tls.cert\", keyFile: \"/certs/tls.key\", insecure: false }." + +### fn spec.runtimeSettings.xdsServer.tls.withCaFile + +```ts +withCaFile(caFile) +``` + +"CA filename." + +### fn spec.runtimeSettings.xdsServer.tls.withCertFile + +```ts +withCertFile(certFile) +``` + +"Client certificate filename." + +### fn spec.runtimeSettings.xdsServer.tls.withInsecure + +```ts +withInsecure(insecure) +``` + +"Allow serving the xDS gRPC API without TLS." + +### fn spec.runtimeSettings.xdsServer.tls.withKeyFile + +```ts +withKeyFile(keyFile) +``` + +"Client key filename." \ No newline at end of file diff --git a/docs/1.29/projectcontour/v1alpha1/extensionService.md b/docs/1.29/projectcontour/v1alpha1/extensionService.md new file mode 100644 index 0000000..93bd6cf --- /dev/null +++ b/docs/1.29/projectcontour/v1alpha1/extensionService.md @@ -0,0 +1,440 @@ +--- +permalink: /1.29/projectcontour/v1alpha1/extensionService/ +--- + +# projectcontour.v1alpha1.extensionService + +"ExtensionService is the schema for the Contour extension services API.\nAn ExtensionService resource binds a network service to the Contour\nAPI so that Contour API features can be implemented by collaborating\ncomponents." + +## Index + +* [`fn new(name)`](#fn-new) +* [`obj metadata`](#obj-metadata) + * [`fn withAnnotations(annotations)`](#fn-metadatawithannotations) + * [`fn withAnnotationsMixin(annotations)`](#fn-metadatawithannotationsmixin) + * [`fn withClusterName(clusterName)`](#fn-metadatawithclustername) + * [`fn withCreationTimestamp(creationTimestamp)`](#fn-metadatawithcreationtimestamp) + * [`fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)`](#fn-metadatawithdeletiongraceperiodseconds) + * [`fn withDeletionTimestamp(deletionTimestamp)`](#fn-metadatawithdeletiontimestamp) + * [`fn withFinalizers(finalizers)`](#fn-metadatawithfinalizers) + * [`fn withFinalizersMixin(finalizers)`](#fn-metadatawithfinalizersmixin) + * [`fn withGenerateName(generateName)`](#fn-metadatawithgeneratename) + * [`fn withGeneration(generation)`](#fn-metadatawithgeneration) + * [`fn withLabels(labels)`](#fn-metadatawithlabels) + * [`fn withLabelsMixin(labels)`](#fn-metadatawithlabelsmixin) + * [`fn withName(name)`](#fn-metadatawithname) + * [`fn withNamespace(namespace)`](#fn-metadatawithnamespace) + * [`fn withOwnerReferences(ownerReferences)`](#fn-metadatawithownerreferences) + * [`fn withOwnerReferencesMixin(ownerReferences)`](#fn-metadatawithownerreferencesmixin) + * [`fn withResourceVersion(resourceVersion)`](#fn-metadatawithresourceversion) + * [`fn withSelfLink(selfLink)`](#fn-metadatawithselflink) + * [`fn withUid(uid)`](#fn-metadatawithuid) +* [`obj spec`](#obj-spec) + * [`fn withProtocol(protocol)`](#fn-specwithprotocol) + * [`fn withProtocolVersion(protocolVersion)`](#fn-specwithprotocolversion) + * [`fn withServices(services)`](#fn-specwithservices) + * [`fn withServicesMixin(services)`](#fn-specwithservicesmixin) + * [`obj spec.loadBalancerPolicy`](#obj-specloadbalancerpolicy) + * [`fn withRequestHashPolicies(requestHashPolicies)`](#fn-specloadbalancerpolicywithrequesthashpolicies) + * [`fn withRequestHashPoliciesMixin(requestHashPolicies)`](#fn-specloadbalancerpolicywithrequesthashpoliciesmixin) + * [`fn withStrategy(strategy)`](#fn-specloadbalancerpolicywithstrategy) + * [`obj spec.loadBalancerPolicy.requestHashPolicies`](#obj-specloadbalancerpolicyrequesthashpolicies) + * [`fn withHashSourceIP(hashSourceIP)`](#fn-specloadbalancerpolicyrequesthashpolicieswithhashsourceip) + * [`fn withTerminal(terminal)`](#fn-specloadbalancerpolicyrequesthashpolicieswithterminal) + * [`obj spec.loadBalancerPolicy.requestHashPolicies.headerHashOptions`](#obj-specloadbalancerpolicyrequesthashpoliciesheaderhashoptions) + * [`fn withHeaderName(headerName)`](#fn-specloadbalancerpolicyrequesthashpoliciesheaderhashoptionswithheadername) + * [`obj spec.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions`](#obj-specloadbalancerpolicyrequesthashpoliciesqueryparameterhashoptions) + * [`fn withParameterName(parameterName)`](#fn-specloadbalancerpolicyrequesthashpoliciesqueryparameterhashoptionswithparametername) + * [`obj spec.services`](#obj-specservices) + * [`fn withName(name)`](#fn-specserviceswithname) + * [`fn withPort(port)`](#fn-specserviceswithport) + * [`fn withWeight(weight)`](#fn-specserviceswithweight) + * [`obj spec.timeoutPolicy`](#obj-spectimeoutpolicy) + * [`fn withIdle(idle)`](#fn-spectimeoutpolicywithidle) + * [`fn withIdleConnection(idleConnection)`](#fn-spectimeoutpolicywithidleconnection) + * [`fn withResponse(response)`](#fn-spectimeoutpolicywithresponse) + * [`obj spec.validation`](#obj-specvalidation) + * [`fn withCaSecret(caSecret)`](#fn-specvalidationwithcasecret) + * [`fn withSubjectName(subjectName)`](#fn-specvalidationwithsubjectname) + * [`fn withSubjectNames(subjectNames)`](#fn-specvalidationwithsubjectnames) + * [`fn withSubjectNamesMixin(subjectNames)`](#fn-specvalidationwithsubjectnamesmixin) + +## Fields + +### fn new + +```ts +new(name) +``` + +new returns an instance of ExtensionService + +## obj metadata + +"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + +### fn metadata.withAnnotations + +```ts +withAnnotations(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +### fn metadata.withAnnotationsMixin + +```ts +withAnnotationsMixin(annotations) +``` + +"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" + +**Note:** This function appends passed data to existing values + +### fn metadata.withClusterName + +```ts +withClusterName(clusterName) +``` + +"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request." + +### fn metadata.withCreationTimestamp + +```ts +withCreationTimestamp(creationTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withDeletionGracePeriodSeconds + +```ts +withDeletionGracePeriodSeconds(deletionGracePeriodSeconds) +``` + +"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only." + +### fn metadata.withDeletionTimestamp + +```ts +withDeletionTimestamp(deletionTimestamp) +``` + +"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers." + +### fn metadata.withFinalizers + +```ts +withFinalizers(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +### fn metadata.withFinalizersMixin + +```ts +withFinalizersMixin(finalizers) +``` + +"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list." + +**Note:** This function appends passed data to existing values + +### fn metadata.withGenerateName + +```ts +withGenerateName(generateName) +``` + +"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + +### fn metadata.withGeneration + +```ts +withGeneration(generation) +``` + +"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only." + +### fn metadata.withLabels + +```ts +withLabels(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +### fn metadata.withLabelsMixin + +```ts +withLabelsMixin(labels) +``` + +"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" + +**Note:** This function appends passed data to existing values + +### fn metadata.withName + +```ts +withName(name) +``` + +"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" + +### fn metadata.withNamespace + +```ts +withNamespace(namespace) +``` + +"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + +### fn metadata.withOwnerReferences + +```ts +withOwnerReferences(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +### fn metadata.withOwnerReferencesMixin + +```ts +withOwnerReferencesMixin(ownerReferences) +``` + +"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller." + +**Note:** This function appends passed data to existing values + +### fn metadata.withResourceVersion + +```ts +withResourceVersion(resourceVersion) +``` + +"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + +### fn metadata.withSelfLink + +```ts +withSelfLink(selfLink) +``` + +"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release." + +### fn metadata.withUid + +```ts +withUid(uid) +``` + +"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids" + +## obj spec + +"ExtensionServiceSpec defines the desired state of an ExtensionService resource." + +### fn spec.withProtocol + +```ts +withProtocol(protocol) +``` + +"Protocol may be used to specify (or override) the protocol used to reach this Service.\nValues may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations." + +### fn spec.withProtocolVersion + +```ts +withProtocolVersion(protocolVersion) +``` + +"This field sets the version of the GRPC protocol that Envoy uses to\nsend requests to the extension service. Since Contour always uses the\nv3 Envoy API, this is currently fixed at \"v3\". However, other\nprotocol options will be available in future." + +### fn spec.withServices + +```ts +withServices(services) +``` + +"Services specifies the set of Kubernetes Service resources that\nreceive GRPC extension API requests.\nIf no weights are specified for any of the entries in\nthis array, traffic will be spread evenly across all the\nservices.\nOtherwise, traffic is balanced proportionally to the\nWeight field in each entry." + +### fn spec.withServicesMixin + +```ts +withServicesMixin(services) +``` + +"Services specifies the set of Kubernetes Service resources that\nreceive GRPC extension API requests.\nIf no weights are specified for any of the entries in\nthis array, traffic will be spread evenly across all the\nservices.\nOtherwise, traffic is balanced proportionally to the\nWeight field in each entry." + +**Note:** This function appends passed data to existing values + +## obj spec.loadBalancerPolicy + +"The policy for load balancing GRPC service requests. Note that the\n`Cookie` and `RequestHash` load balancing strategies cannot be used\nhere." + +### fn spec.loadBalancerPolicy.withRequestHashPolicies + +```ts +withRequestHashPolicies(requestHashPolicies) +``` + +"RequestHashPolicies contains a list of hash policies to apply when the\n`RequestHash` load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default `RoundRobin`." + +### fn spec.loadBalancerPolicy.withRequestHashPoliciesMixin + +```ts +withRequestHashPoliciesMixin(requestHashPolicies) +``` + +"RequestHashPolicies contains a list of hash policies to apply when the\n`RequestHash` load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default `RoundRobin`." + +**Note:** This function appends passed data to existing values + +### fn spec.loadBalancerPolicy.withStrategy + +```ts +withStrategy(strategy) +``` + +"Strategy specifies the policy used to balance requests\nacross the pool of backend pods. Valid policy names are\n`Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`,\nand `RequestHash`. If an unknown strategy name is specified\nor no policy is supplied, the default `RoundRobin` policy\nis used." + +## obj spec.loadBalancerPolicy.requestHashPolicies + +"RequestHashPolicies contains a list of hash policies to apply when the\n`RequestHash` load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default `RoundRobin`." + +### fn spec.loadBalancerPolicy.requestHashPolicies.withHashSourceIP + +```ts +withHashSourceIP(hashSourceIP) +``` + +"HashSourceIP should be set to true when request source IP hash based\nload balancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored." + +### fn spec.loadBalancerPolicy.requestHashPolicies.withTerminal + +```ts +withTerminal(terminal) +``` + +"Terminal is a flag that allows for short-circuiting computing of a hash\nfor a given request. If set to true, and the request attribute specified\nin the attribute hash options is present, no further hash policies will\nbe used to calculate a hash for the request." + +## obj spec.loadBalancerPolicy.requestHashPolicies.headerHashOptions + +"HeaderHashOptions should be set when request header hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored." + +### fn spec.loadBalancerPolicy.requestHashPolicies.headerHashOptions.withHeaderName + +```ts +withHeaderName(headerName) +``` + +"HeaderName is the name of the HTTP request header that will be used to\ncalculate the hash key. If the header specified is not present on a\nrequest, no hash will be produced." + +## obj spec.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions + +"QueryParameterHashOptions should be set when request query parameter hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored." + +### fn spec.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions.withParameterName + +```ts +withParameterName(parameterName) +``` + +"ParameterName is the name of the HTTP request query parameter that will be used to\ncalculate the hash key. If the query parameter specified is not present on a\nrequest, no hash will be produced." + +## obj spec.services + +"Services specifies the set of Kubernetes Service resources that\nreceive GRPC extension API requests.\nIf no weights are specified for any of the entries in\nthis array, traffic will be spread evenly across all the\nservices.\nOtherwise, traffic is balanced proportionally to the\nWeight field in each entry." + +### fn spec.services.withName + +```ts +withName(name) +``` + +"Name is the name of Kubernetes service that will accept service\ntraffic." + +### fn spec.services.withPort + +```ts +withPort(port) +``` + +"Port (defined as Integer) to proxy traffic to since a service can have multiple defined." + +### fn spec.services.withWeight + +```ts +withWeight(weight) +``` + +"Weight defines proportion of traffic to balance to the Kubernetes Service." + +## obj spec.timeoutPolicy + +"The timeout policy for requests to the services." + +### fn spec.timeoutPolicy.withIdle + +```ts +withIdle(idle) +``` + +"Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2).\nTimeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests.\nIf not specified, there is no per-route idle timeout, though a connection manager-wide\nstream_idle_timeout default of 5m still applies." + +### fn spec.timeoutPolicy.withIdleConnection + +```ts +withIdleConnection(idleConnection) +``` + +"Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests.\nIf not supplied, Envoy's default value of 1h applies." + +### fn spec.timeoutPolicy.withResponse + +```ts +withResponse(response) +``` + +"Timeout for receiving a response from the server after processing a request from client.\nIf not supplied, Envoy's default value of 15s applies." + +## obj spec.validation + +"UpstreamValidation defines how to verify the backend service's certificate" + +### fn spec.validation.withCaSecret + +```ts +withCaSecret(caSecret) +``` + +"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\nThe secret must contain key named ca.crt.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)" + +### fn spec.validation.withSubjectName + +```ts +withSubjectName(subjectName) +``` + +"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\nDeprecated: migrate to using the plural field subjectNames." + +### fn spec.validation.withSubjectNames + +```ts +withSubjectNames(subjectNames) +``` + +"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate." + +### fn spec.validation.withSubjectNamesMixin + +```ts +withSubjectNamesMixin(subjectNames) +``` + +"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate." + +**Note:** This function appends passed data to existing values \ No newline at end of file diff --git a/docs/1.29/projectcontour/v1alpha1/index.md b/docs/1.29/projectcontour/v1alpha1/index.md new file mode 100644 index 0000000..aa6a285 --- /dev/null +++ b/docs/1.29/projectcontour/v1alpha1/index.md @@ -0,0 +1,11 @@ +--- +permalink: /1.29/projectcontour/v1alpha1/ +--- + +# projectcontour.v1alpha1 + + + +* [contourConfiguration](contourConfiguration.md) +* [contourDeployment](contourDeployment.md) +* [extensionService](extensionService.md) \ No newline at end of file diff --git a/docs/README.md b/docs/README.md index a946d0b..30c7309 100644 --- a/docs/README.md +++ b/docs/README.md @@ -2,6 +2,7 @@ This library is generated with [`k8s`](https://github.com/jsonnet-libs/k8s). +- [1.29](1.29/README.md) - [1.28](1.28/README.md) - [1.27](1.27/README.md) - [1.26](1.26/README.md)