cilium.io / v2 / CiliumLocalRedirectPolicy

• string

  .apiVersion

  APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

• string

  .kind

  Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

• object required

  .metadata

• object

  .spec

  Spec is the desired behavior of the local redirect policy.

• string

  .spec .description

  Description can be used by the creator of the policy to describe the purpose of this policy.

• object required

  .spec .redirectBackend

  RedirectBackend specifies backend configuration to redirect traffic to. It can not be empty.

• object required

  .spec .redirectBackend .localEndpointSelector

  LocalEndpointSelector selects node local pod(s) where traffic is redirected to.

• array

  .spec .redirectBackend .localEndpointSelector .matchExpressions

  matchExpressions is a list of label selector requirements. The requirements are ANDed.

• string required

  .spec .redirectBackend .localEndpointSelector .matchExpressions[] .key

  key is the label key that the selector applies to.

• string required

  .spec .redirectBackend .localEndpointSelector .matchExpressions[] .operator

  operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

• array

  .spec .redirectBackend .localEndpointSelector .matchExpressions[] .values

  values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

• object

  .spec .redirectBackend .localEndpointSelector .matchLabels

  matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed.

• array required

  .spec .redirectBackend .toPorts

  ToPorts is a list of L4 ports with protocol of node local pod(s) where traffic is redirected to. When multiple ports are specified, the ports must be named.

• string

  .spec .redirectBackend .toPorts[] .name

  Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and ‘-’ anywhere except adjacent to another ‘-’ or in the beginning or the end.

• string required

  .spec .redirectBackend .toPorts[] .port

  Port is an L4 port number. The string will be strictly parsed as a single uint16.

• string required

  .spec .redirectBackend .toPorts[] .protocol

  Protocol is the L4 protocol. Accepted values: “TCP”, “UDP”

• object required

  .spec .redirectFrontend

  RedirectFrontend specifies frontend configuration to redirect traffic from. It can not be empty.

• object

  .spec .redirectFrontend .addressMatcher

  AddressMatcher is a tuple {IP, port, protocol} that matches traffic to be redirected.

• string required

  .spec .redirectFrontend .addressMatcher .ip

  IP is a destination ip address for traffic to be redirected.

  Example: When it is set to “169.254.169.254”, traffic destined to “169.254.169.254” is redirected.

• array required

  .spec .redirectFrontend .addressMatcher .toPorts

  ToPorts is a list of destination L4 ports with protocol for traffic to be redirected. When multiple ports are specified, the ports must be named.

  Example: When set to Port: “53” and Protocol: UDP, traffic destined to port ’53’ with UDP protocol is redirected.

• string

  .spec .redirectFrontend .addressMatcher .toPorts[] .name

  Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and ‘-’ anywhere except adjacent to another ‘-’ or in the beginning or the end.

• string required

  .spec .redirectFrontend .addressMatcher .toPorts[] .port

  Port is an L4 port number. The string will be strictly parsed as a single uint16.

• string required

  .spec .redirectFrontend .addressMatcher .toPorts[] .protocol

  Protocol is the L4 protocol. Accepted values: “TCP”, “UDP”

• object

  .spec .redirectFrontend .serviceMatcher

  ServiceMatcher specifies Kubernetes service and port that matches traffic to be redirected.

• string required

  .spec .redirectFrontend .serviceMatcher .namespace

  Namespace is the Kubernetes service namespace. The service namespace must match the namespace of the parent Local Redirect Policy. For Cluster-wide Local Redirect Policy, this can be any namespace.

• string required

  .spec .redirectFrontend .serviceMatcher .serviceName

  Name is the name of a destination Kubernetes service that identifies traffic to be redirected. The service type needs to be ClusterIP.

  Example: When this field is populated with ‘serviceName:myService’, all the traffic destined to the cluster IP of this service at the (specified) service port(s) will be redirected.

• array

  .spec .redirectFrontend .serviceMatcher .toPorts

  ToPorts is a list of destination service L4 ports with protocol for traffic to be redirected. If not specified, traffic for all the service ports will be redirected. When multiple ports are specified, the ports must be named.

• string

  .spec .redirectFrontend .serviceMatcher .toPorts[] .name

  Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and ‘-’ anywhere except adjacent to another ‘-’ or in the beginning or the end.

• string required

  .spec .redirectFrontend .serviceMatcher .toPorts[] .port

  Port is an L4 port number. The string will be strictly parsed as a single uint16.

• string required

  .spec .redirectFrontend .serviceMatcher .toPorts[] .protocol

  Protocol is the L4 protocol. Accepted values: “TCP”, “UDP”

• boolean

  .spec .skipRedirectFromBackend

  SkipRedirectFromBackend indicates whether traffic matching RedirectFrontend from RedirectBackend should skip redirection, and hence the traffic will be forwarded as-is.

  The default is false which means traffic matching RedirectFrontend will get redirected from all pods, including the RedirectBackend(s).

  Example: If RedirectFrontend is configured to “169.254.169.254:80” as the traffic that needs to be redirected to backends selected by RedirectBackend, if SkipRedirectFromBackend is set to true, traffic going to “169.254.169.254:80” from such backends will not be redirected back to the backends. Instead, the matched traffic from the backends will be forwarded to the original destination “169.254.169.254:80”.

• object

  .status

  Status is the most recent status of the local redirect policy. It is a read-only field.

• boolean

  .status .ok