Skip to main content
Version: Next

Custom Resource Definitions API Reference

This document provides the API resource description the APISIX Ingress Controller custom resource definitions (CRDs).

Packages#

apisix.apache.org/v1alpha1#

Package v1alpha1 contains API Schema definitions for the apisix.apache.org v1alpha1 API group

BackendTrafficPolicy#

FieldDescription
apiVersion stringapisix.apache.org/v1alpha1
kind stringBackendTrafficPolicy
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec BackendTrafficPolicySpecBackendTrafficPolicySpec defines traffic handling policies applied to backend services, such as load balancing strategy, connection settings, and failover behavior.

Consumer#

FieldDescription
apiVersion stringapisix.apache.org/v1alpha1
kind stringConsumer
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec ConsumerSpecConsumerSpec defines the configuration for a consumer, including consumer name, authentication credentials, and plugin settings.

GatewayProxy#

GatewayProxy is the Schema for the gatewayproxies API.

FieldDescription
apiVersion stringapisix.apache.org/v1alpha1
kind stringGatewayProxy
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec GatewayProxySpecGatewayProxySpec defines the desired state and configuration of a GatewayProxy, including networking settings, global plugins, and plugin metadata.

HTTPRoutePolicy#

HTTPRoutePolicy is the Schema for the httproutepolicies API.

FieldDescription
apiVersion stringapisix.apache.org/v1alpha1
kind stringHTTPRoutePolicy
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec HTTPRoutePolicySpecHTTPRoutePolicySpec defines the desired state and configuration of a HTTPRoutePolicy, including route priority and request matching conditions.

PluginConfig#

PluginConfig is the Schema for the PluginConfigs API.

FieldDescription
apiVersion stringapisix.apache.org/v1alpha1
kind stringPluginConfig
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec PluginConfigSpecPluginConfigSpec defines the desired state of a PluginConfig, in which plugins and their configurations are specified.

Types#

In this section you will find types that the CRDs rely on.

AdminKeyAuth#

AdminKeyAuth defines the admin key authentication configuration.

FieldDescription
value stringValue sets the admin key value explicitly (not recommended for production).
valueFrom AdminKeyValueFromValueFrom specifies the source of the admin key.

Appears in:

AdminKeyValueFrom#

AdminKeyValueFrom defines the source of the admin key.

FieldDescription
secretKeyRef SecretKeySelectorSecretKeyRef references a key in a Secret.

Appears in:

AuthType#

Base type: string

AuthType defines the type of authentication.

Appears in:

BackendPolicyTargetReferenceWithSectionName#

Base type: LocalPolicyTargetReferenceWithSectionName

FieldDescription
group GroupGroup is the group of the target resource.
kind KindKind is kind of the target resource.
name ObjectNameName is the name of the target resource.
sectionName SectionNameSectionName is the name of a section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionName is interpreted as the following:

• Gateway: Listener name
• HTTPRoute: HTTPRouteRule name
• Service: Port name

If a SectionName is specified, but does not exist on the targeted object, the Policy must fail to attach, and the policy implementation should record a ResolvedRefs or similar Condition in the Policy's status.

Appears in:

BackendTrafficPolicySpec#

FieldDescription
targetRefs BackendPolicyTargetReferenceWithSectionName arrayTargetRef identifies an API object to apply policy to. Currently, Backends (i.e. Service, ServiceImport, or any implementation-specific backendRef) are the only valid API target references.
loadbalancer LoadBalancerLoadBalancer represents the load balancer configuration for Kubernetes Service. The default strategy is round robin.
scheme stringScheme is the protocol used to communicate with the upstream. Default is http. Can be one of http, https, grpc, or grpcs.
retries integerRetries specify the number of times the gateway should retry sending requests when errors such as timeouts or 502 errors occur.
timeout TimeoutTimeout sets the read, send, and connect timeouts to the upstream.
passHost stringPassHost configures how the host header should be determined when a request is forwarded to the upstream. Default is pass. Can be one of pass, node or rewrite.
upstreamHost HostnameUpstreamHost specifies the host of the Upstream request. Used only if passHost is set to rewrite.

Appears in:

ConsumerSpec#

FieldDescription
gatewayRef GatewayRefGatewayRef specifies the gateway details.
credentials Credential arrayCredentials specifies the credential details of a consumer.
plugins Plugin arrayPlugins define the plugins associated with a consumer.

Appears in:

ControlPlaneAuth#

ControlPlaneAuth defines the authentication configuration for control plane.

FieldDescription
type AuthTypeType specifies the type of authentication. Can only be AdminKey.
adminKey AdminKeyAuthAdminKey specifies the admin key authentication configuration.

Appears in:

ControlPlaneProvider#

ControlPlaneProvider defines the configuration for control plane provider.

FieldDescription
endpoints string arrayEndpoints specifies the list of control plane endpoints.
service ProviderService
tlsVerify booleanTlsVerify specifies whether to verify the TLS certificate of the control plane.
auth ControlPlaneAuthAuth specifies the authentication configurations.

Appears in:

Credential#

FieldDescription
type stringType specifies the type of authentication to configure credentials for. Can be one of jwt-auth, basic-auth, key-auth, or hmac-auth.
config JSONConfig specifies the credential details for authentication.
secretRef SecretReferenceSecretRef references to the Secret that contains the credentials.
name stringName is the name of the credential.

Appears in:

GatewayProxyPlugin#

GatewayProxyPlugin contains plugin configurations.

FieldDescription
name stringName is the name of the plugin.
enabled booleanEnabled defines whether the plugin is enabled.
config JSONConfig defines the plugin's configuration details.

Appears in:

GatewayProxyProvider#

GatewayProxyProvider defines the provider configuration for GatewayProxy.

FieldDescription
type ProviderTypeType specifies the type of provider. Can only be ControlPlane.
controlPlane ControlPlaneProviderControlPlane specifies the configuration for control plane provider.

Appears in:

GatewayProxySpec#

GatewayProxySpec defines the desired state of GatewayProxy.

FieldDescription
publishService stringPublishService specifies the LoadBalancer-type Service whose external address the controller uses to update the status of Ingress resources.
statusAddress string arrayStatusAddress specifies the external IP addresses that the controller uses to populate the status field of GatewayProxy or Ingress resources for developers to access.
provider GatewayProxyProviderProvider configures the provider details.
plugins GatewayProxyPlugin arrayPlugins configure global plugins.
pluginMetadata object (keys:string, values:JSON)PluginMetadata configures common configurations shared by all plugin instances of the same name.

Appears in:

GatewayRef#

FieldDescription
name stringName is the name of the gateway.
kind stringKind is the type of Kubernetes object. Default is Gateway.
group stringGroup is the API group the resource belongs to. Default is gateway.networking.k8s.io.
namespace stringNamespace is namespace of the resource.

Appears in:

HTTPRoutePolicySpec#

HTTPRoutePolicySpec defines the desired state of HTTPRoutePolicy.

FieldDescription
targetRefs LocalPolicyTargetReferenceWithSectionName arrayTargetRef identifies an API object (i.e. HTTPRoute, Ingress) to apply HTTPRoutePolicy to.
priority integerPriority sets the priority for route. A higher value sets a higher priority in route matching.
vars JSON arrayVars sets the request matching conditions.

Appears in:

Hostname#

Base type: string

Appears in:

LoadBalancer#

LoadBalancer describes the load balancing parameters.

FieldDescription
type stringType specifies the load balancing algorithms. Default is roundrobin. Can be one of roundrobin, chash, ewma, or least_conn.
hashOn stringHashOn specified the type of field used for hashing, required when Type is chash. Default is vars. Can be one of vars, header, cookie, consumer, or vars_combinations.
key stringKey is used with HashOn, generally required when Type is chash. When HashOn is header or cookie, specifies the name of the header or cookie. When HashOn is consumer, key is not required, as the consumer name is used automatically. When HashOn is vars or vars_combinations, key refers to one or a combination of APISIX variable.

Appears in:

Plugin#

FieldDescription
name stringName is the name of the plugin.
config JSONConfig is plugin configuration details.

Appears in:

PluginConfigSpec#

PluginConfigSpec defines the desired state of PluginConfig.

FieldDescription
plugins Plugin arrayPlugins are an array of plugins and their configurations to be applied.

Appears in:

ProviderService#

FieldDescription
name string
port integer

Appears in:

ProviderType#

Base type: string

ProviderType defines the type of provider.

Appears in:

SecretKeySelector#

SecretKeySelector defines a reference to a specific key within a Secret.

FieldDescription
name stringName is the name of the secret.
key stringKey is the key in the secret to retrieve the secret from.

Appears in:

SecretReference#

FieldDescription
name stringName is the name of the secret.
namespace stringNamespace is the namespace of the secret.

Appears in:

Status#

FieldDescription
conditions Condition array

Appears in:

Timeout#

FieldDescription
connect DurationConnection timeout. Default is 60s.
send DurationSend timeout. Default is 60s.
read DurationRead timeout. Default is 60s.

Appears in:

apisix.apache.org/v2#

Package v2 contains API Schema definitions for the apisix.apache.org v2 API group.

ApisixConsumer#

ApisixConsumer is the Schema for the apisixconsumers API.

FieldDescription
apiVersion stringapisix.apache.org/v2
kind stringApisixConsumer
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec ApisixConsumerSpec

ApisixGlobalRule#

ApisixGlobalRule is the Schema for the apisixglobalrules API.

FieldDescription
apiVersion stringapisix.apache.org/v2
kind stringApisixGlobalRule
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec ApisixGlobalRuleSpec

ApisixPluginConfig#

ApisixPluginConfig is the Schema for the apisixpluginconfigs API.

FieldDescription
apiVersion stringapisix.apache.org/v2
kind stringApisixPluginConfig
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec ApisixPluginConfigSpec

ApisixRoute#

ApisixRoute is the Schema for the apisixroutes API.

FieldDescription
apiVersion stringapisix.apache.org/v2
kind stringApisixRoute
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec ApisixRouteSpec

ApisixTls#

ApisixTls is the Schema for the apisixtls API.

FieldDescription
apiVersion stringapisix.apache.org/v2
kind stringApisixTls
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec ApisixTlsSpec

ApisixUpstream#

ApisixUpstream is the Schema for the apisixupstreams API.

FieldDescription
apiVersion stringapisix.apache.org/v2
kind stringApisixUpstream
metadata ObjectMetaPlease refer to the Kubernetes API documentation for details on the metadata field.
spec ApisixUpstreamSpec

Types#

In this section you will find types that the CRDs rely on.

ActiveHealthCheck#

ActiveHealthCheck defines the active kind of upstream health check.

FieldDescription
type string
timeout Duration
concurrency integer
host string
port integer
httpPath string
strictTLS boolean
requestHeaders string array
healthy ActiveHealthCheckHealthy
unhealthy ActiveHealthCheckUnhealthy

Appears in:

ActiveHealthCheckHealthy#

ActiveHealthCheckHealthy defines the conditions to judge whether an upstream node is healthy with the active manner.

FieldDescription
httpCodes integer array
successes integer
interval Duration

Appears in:

ActiveHealthCheckUnhealthy#

ActiveHealthCheckUnhealthy defines the conditions to judge whether an upstream node is unhealthy with the active manager.

FieldDescription
httpCodes integer array
httpFailures integer
tcpFailures integer
timeout integer
interval Duration

Appears in:

ApisixConsumerAuthParameter#

FieldDescription
basicAuth ApisixConsumerBasicAuth
keyAuth ApisixConsumerKeyAuth
wolfRBAC ApisixConsumerWolfRBAC
jwtAuth ApisixConsumerJwtAuth
hmacAuth ApisixConsumerHMACAuth
ldapAuth ApisixConsumerLDAPAuth

Appears in:

ApisixConsumerBasicAuth#

ApisixConsumerBasicAuth defines the configuration for basic auth.

FieldDescription
secretRef LocalObjectReference
value ApisixConsumerBasicAuthValue

Appears in:

ApisixConsumerBasicAuthValue#

ApisixConsumerBasicAuthValue defines the in-place username and password configuration for basic auth.

FieldDescription
username string
password string

Appears in:

ApisixConsumerHMACAuth#

ApisixConsumerHMACAuth defines the configuration for the hmac auth.

FieldDescription
secretRef LocalObjectReference
value ApisixConsumerHMACAuthValue

Appears in:

ApisixConsumerHMACAuthValue#

ApisixConsumerHMACAuthValue defines the in-place configuration for hmac auth.

FieldDescription
access_key string
secret_key string
algorithm string
clock_skew integer
signed_headers string array
keep_headers boolean
encode_uri_params boolean
validate_request_body boolean
max_req_body integer

Appears in:

ApisixConsumerJwtAuth#

ApisixConsumerJwtAuth defines the configuration for the jwt auth.

FieldDescription
secretRef LocalObjectReference
value ApisixConsumerJwtAuthValue

Appears in:

ApisixConsumerJwtAuthValue#

ApisixConsumerJwtAuthValue defines the in-place configuration for jwt auth.

FieldDescription
key string
secret string
public_key string
private_key string
algorithm string
exp integer
base64_secret boolean
lifetime_grace_period integer

Appears in:

ApisixConsumerKeyAuth#

ApisixConsumerKeyAuth defines the configuration for the key auth.

FieldDescription
secretRef LocalObjectReference
value ApisixConsumerKeyAuthValue

Appears in:

ApisixConsumerKeyAuthValue#

ApisixConsumerKeyAuthValue defines the in-place configuration for basic auth.

FieldDescription
key string

Appears in:

ApisixConsumerLDAPAuth#

ApisixConsumerLDAPAuth defines the configuration for the ldap auth.

FieldDescription
secretRef LocalObjectReference
value ApisixConsumerLDAPAuthValue

Appears in:

ApisixConsumerLDAPAuthValue#

ApisixConsumerLDAPAuthValue defines the in-place configuration for ldap auth.

FieldDescription
user_dn string

Appears in:

ApisixConsumerSpec#

ApisixConsumerSpec defines the desired state of ApisixConsumer.

FieldDescription
ingressClassName stringIngressClassName is the name of an IngressClass cluster resource. controller implementations use this field to know whether they should be serving this ApisixConsumer resource, by a transitive connection (controller -> IngressClass -> ApisixConsumer resource).
authParameter ApisixConsumerAuthParameter

Appears in:

ApisixConsumerWolfRBAC#

ApisixConsumerWolfRBAC defines the configuration for the wolf-rbac auth.

FieldDescription
secretRef LocalObjectReference
value ApisixConsumerWolfRBACValue

Appears in:

ApisixConsumerWolfRBACValue#

ApisixConsumerWolfRBAC defines the in-place server and appid and header_prefix configuration for wolf-rbac auth.

FieldDescription
server string
appid string
header_prefix string

Appears in:

ApisixGlobalRuleSpec#

ApisixGlobalRuleSpec defines the desired state of ApisixGlobalRule.

FieldDescription
ingressClassName stringIngressClassName is the name of an IngressClass cluster resource. The controller uses this field to decide whether the resource should be managed or not.
plugins ApisixRoutePlugin arrayPlugins contains a list of ApisixRoutePlugin

Appears in:

ApisixMutualTlsClientConfig#

ApisixMutualTlsClientConfig describes the mutual TLS CA and verify depth

FieldDescription
caSecret ApisixSecret
depth integer
skip_mtls_uri_regex string array

Appears in:

ApisixPluginConfigSpec#

ApisixPluginConfigSpec defines the desired state of ApisixPluginConfigSpec.

FieldDescription
ingressClassName stringIngressClassName is the name of an IngressClass cluster resource. The controller uses this field to decide whether the resource should be managed or not.
plugins ApisixRoutePlugin arrayPlugins contain a list of ApisixRoutePlugin

Appears in:

ApisixRouteAuthentication#

ApisixRouteAuthentication is the authentication-related configuration in ApisixRoute.

FieldDescription
enable boolean
type string
keyAuth ApisixRouteAuthenticationKeyAuth
jwtAuth ApisixRouteAuthenticationJwtAuth
ldapAuth ApisixRouteAuthenticationLDAPAuth

Appears in:

ApisixRouteAuthenticationJwtAuth#

ApisixRouteAuthenticationJwtAuth is the jwt auth related configuration in ApisixRouteAuthentication.

FieldDescription
header string
query string
cookie string

Appears in:

ApisixRouteAuthenticationKeyAuth#

ApisixRouteAuthenticationKeyAuth is the keyAuth-related configuration in ApisixRouteAuthentication.

FieldDescription
header string

Appears in:

ApisixRouteAuthenticationLDAPAuth#

ApisixRouteAuthenticationLDAPAuth is the LDAP auth related configuration in ApisixRouteAuthentication.

FieldDescription
base_dn string
ldap_uri string
use_tls boolean
uid string

Appears in:

ApisixRouteHTTP#

ApisixRouteHTTP represents a single route in for HTTP traffic.

FieldDescription
name stringThe rule name, cannot be empty.
priority integerRoute priority, when multiple routes contains same URI path (for path matching), route with higher priority will take effect.
timeout UpstreamTimeout
match ApisixRouteHTTPMatch
backends ApisixRouteHTTPBackend arrayBackends represents potential backends to proxy after the route rule matched. When number of backends are more than one, traffic-split plugin in APISIX will be used to split traffic based on the backend weight.
upstreams ApisixRouteUpstreamReference arrayUpstreams refer to ApisixUpstream CRD
websocket boolean
plugin_config_name string
plugin_config_namespace stringBy default, PluginConfigNamespace will be the same as the namespace of ApisixRoute
plugins ApisixRoutePlugin array
authentication ApisixRouteAuthentication

Appears in:

ApisixRouteHTTPBackend#

ApisixRouteHTTPBackend represents an HTTP backend (a Kubernetes Service).

FieldDescription
serviceName stringThe name (short) of the service, note cross namespace is forbidden, so be sure the ApisixRoute and Service are in the same namespace.
servicePort IntOrStringThe service port, could be the name or the port number.
resolveGranularity stringThe resolve granularity, can be "endpoints" or "service", when set to "endpoints", the pod ips will be used; other wise, the service ClusterIP or ExternalIP will be used, default is endpoints.
weight integerWeight of this backend.
subset stringSubset specifies a subset for the target Service. The subset should be pre-defined in ApisixUpstream about this service.

Appears in:

ApisixRouteHTTPMatch#

ApisixRouteHTTPMatch represents the match condition for hitting this route.

FieldDescription
paths string arrayURI path predicates, at least one path should be configured, path could be exact or prefix, for prefix path, append "" after it, for instance, "/foo".
methods string arrayHTTP request method predicates.
hosts string arrayHTTP Host predicates, host can be a wildcard domain or an exact domain. For wildcard domain, only one generic level is allowed, for instance, ".foo.com" is valid but ".*.foo.com" is not.
remoteAddrs string arrayRemote address predicates, items can be valid IPv4 address or IPv6 address or CIDR.
exprs ApisixRouteHTTPMatchExprsNginxVars represents generic match predicates, it uses Nginx variable systems, so any predicate like headers, querystring and etc can be leveraged here to match the route. For instance, it can be: nginxVars: - subject: "$remote_addr" op: in value: - "127.0.0.1" - "10.0.5.11"
filter_func stringMatches based on a user-defined filtering function. These functions can accept an input parameter vars which can be used to access the Nginx variables.

Appears in:

ApisixRouteHTTPMatchExpr#

ApisixRouteHTTPMatchExpr represents a binary route match expression .

FieldDescription
subject ApisixRouteHTTPMatchExprSubjectSubject is the expression subject, it can be any string composed by literals and nginx vars.
op stringOp is the operator.
set string arraySet is an array type object of the expression. It should be used when the Op is "in" or "not_in";
value stringValue is the normal type object for the expression, it should be used when the Op is not "in" and "not_in". Set and Value are exclusive so only of them can be set in the same time.

Appears in:

ApisixRouteHTTPMatchExprSubject#

ApisixRouteHTTPMatchExprSubject describes the route match expression subject.

FieldDescription
scope stringThe subject scope, can be: ScopeQuery, ScopeHeader, ScopePath when subject is ScopePath, Name field will be ignored.
name stringThe name of subject.

Appears in:

ApisixRouteHTTPMatchExprs#

Base type: [ApisixRouteHTTPMatchExpr](#apisixroutehttpmatchexpr)

FieldDescription
subject ApisixRouteHTTPMatchExprSubjectSubject is the expression subject, it can be any string composed by literals and nginx vars.
op stringOp is the operator.
set string arraySet is an array type object of the expression. It should be used when the Op is "in" or "not_in";
value stringValue is the normal type object for the expression, it should be used when the Op is not "in" and "not_in". Set and Value are exclusive so only of them can be set in the same time.

Appears in:

ApisixRoutePlugin#

ApisixRoutePlugin represents an APISIX plugin.

FieldDescription
name stringThe plugin name.
enable booleanWhether this plugin is in use, default is true.
config JSONPlugin configuration.
secretRef stringPlugin configuration secretRef.

Appears in:

ApisixRouteSpec#

ApisixRouteSpec is the spec definition for ApisixRouteSpec.

FieldDescription
ingressClassName string
http ApisixRouteHTTP array
stream ApisixRouteStream array

Appears in:

ApisixRouteStream#

ApisixRouteStream is the configuration for level 4 route

FieldDescription
name stringThe rule name cannot be empty.
protocol string
match ApisixRouteStreamMatch
backend ApisixRouteStreamBackend
plugins ApisixRoutePlugin array

Appears in:

ApisixRouteStreamBackend#

ApisixRouteStreamBackend represents a TCP backend (a Kubernetes Service).

FieldDescription
serviceName stringThe name (short) of the service, note cross namespace is forbidden, so be sure the ApisixRoute and Service are in the same namespace.
servicePort IntOrStringThe service port, could be the name or the port number.
resolveGranularity stringThe resolve granularity, can be "endpoints" or "service", when set to "endpoints", the pod ips will be used; other wise, the service ClusterIP or ExternalIP will be used, default is endpoints.
subset stringSubset specifies a subset for the target Service. The subset should be pre-defined in ApisixUpstream about this service.

Appears in:

ApisixRouteStreamMatch#

ApisixRouteStreamMatch represents the match conditions of stream route.

FieldDescription
ingressPort integerIngressPort represents the port listening on the Ingress proxy server. It should be pre-defined as APISIX doesn't support dynamic listening.
host string

Appears in:

ApisixRouteUpstreamReference#

ApisixRouteUpstreamReference contains a ApisixUpstream CRD reference

FieldDescription
name string
weight integer

Appears in:

ApisixSecret#

ApisixSecret describes the Kubernetes Secret name and namespace.

FieldDescription
name string
namespace string

Appears in:

ApisixTlsSpec#

ApisixTlsSpec defines the desired state of ApisixTls.

FieldDescription
ingressClassName stringIngressClassName is the name of an IngressClass cluster resource. controller implementations use this field to know whether they should be serving this ApisixTls resource, by a transitive connection (controller -> IngressClass -> ApisixTls resource).
hosts HostType array
secret ApisixSecret
client ApisixMutualTlsClientConfig

Appears in:

ApisixUpstreamConfig#

ApisixUpstreamConfig contains rich features on APISIX Upstream, for instance load balancer, health check, etc.

FieldDescription
loadbalancer LoadBalancerLoadBalancer represents the load balancer configuration for Kubernetes Service. The default strategy is round robin.
scheme stringThe scheme used to talk with the upstream. Now value can be http, grpc.
retries integerHow many times that the proxy (Apache APISIX) should do when errors occur (error, timeout or bad http status codes like 500, 502).
timeout UpstreamTimeoutTimeout settings for the read, send and connect to the upstream.
healthCheck HealthCheckDeprecated: this is no longer support on standalone mode. The health check configurations for the upstream.
tlsSecret ApisixSecretSet the client certificate when connecting to TLS upstream.
subsets ApisixUpstreamSubset arraySubsets groups the service endpoints by their labels. Usually used to differentiate service versions.
passHost stringConfigures the host when the request is forwarded to the upstream. Can be one of pass, node or rewrite.
upstreamHost stringSpecifies the host of the Upstream request. This is only valid if the pass_host is set to rewrite
discovery DiscoveryDeprecated: this is no longer support on standalone mode. Discovery is used to configure service discovery for upstream.

Appears in:

ApisixUpstreamExternalNode#

ApisixUpstreamExternalNode is the external node conf

FieldDescription
name string
type ApisixUpstreamExternalType
weight integer
port integerPort defines the port of the external node

Appears in:

ApisixUpstreamExternalType#

Base type: string

ApisixUpstreamExternalType is the external service type

Appears in:

ApisixUpstreamSpec#

ApisixUpstreamSpec describes the specification of ApisixUpstream.

FieldDescription
ingressClassName stringIngressClassName is the name of an IngressClass cluster resource. controller implementations use this field to know whether they should be serving this ApisixUpstream resource, by a transitive connection (controller -> IngressClass -> ApisixUpstream resource).
externalNodes ApisixUpstreamExternalNode arrayExternalNodes contains external nodes the Upstream should use If this field is set, the upstream will use these nodes directly without any further resolves
loadbalancer LoadBalancerLoadBalancer represents the load balancer configuration for Kubernetes Service. The default strategy is round robin.
scheme stringThe scheme used to talk with the upstream. Now value can be http, grpc.
retries integerHow many times that the proxy (Apache APISIX) should do when errors occur (error, timeout or bad http status codes like 500, 502).
timeout UpstreamTimeoutTimeout settings for the read, send and connect to the upstream.
healthCheck HealthCheckDeprecated: this is no longer support on standalone mode. The health check configurations for the upstream.
tlsSecret ApisixSecretSet the client certificate when connecting to TLS upstream.
subsets ApisixUpstreamSubset arraySubsets groups the service endpoints by their labels. Usually used to differentiate service versions.
passHost stringConfigures the host when the request is forwarded to the upstream. Can be one of pass, node or rewrite.
upstreamHost stringSpecifies the host of the Upstream request. This is only valid if the pass_host is set to rewrite
discovery DiscoveryDeprecated: this is no longer support on standalone mode. Discovery is used to configure service discovery for upstream.
portLevelSettings PortLevelSettings array

Appears in:

ApisixUpstreamSubset#

ApisixUpstreamSubset defines a single endpoints group of one Service.

FieldDescription
name stringName is the name of subset.
labels object (keys:string, values:string)Labels is the label set of this subset.

Appears in:

Discovery#

Discovery defines Service discovery related configuration.

FieldDescription
serviceName string
type string
args object (keys:string, values:string)

Appears in:

HealthCheck#

HealthCheck describes the upstream health check parameters.

FieldDescription
active ActiveHealthCheck
passive PassiveHealthCheck

Appears in:

HostType#

Base type: string

Appears in:

LoadBalancer#

LoadBalancer describes the load balancing parameters.

FieldDescription
type string
hashOn stringThe HashOn and Key fields are required when Type is "chash". HashOn represents the key fetching scope.
key stringKey represents the hash key.

Appears in:

PassiveHealthCheck#

PassiveHealthCheck defines the conditions to judge whether an upstream node is healthy with the passive manager.

FieldDescription
type string
healthy PassiveHealthCheckHealthy
unhealthy PassiveHealthCheckUnhealthy

Appears in:

PassiveHealthCheckHealthy#

PassiveHealthCheckHealthy defines the conditions to judge whether an upstream node is healthy with the passive manner.

FieldDescription
httpCodes integer array
successes integer

Appears in:

PassiveHealthCheckUnhealthy#

PassiveHealthCheckUnhealthy defines the conditions to judge whether an upstream node is unhealthy with the passive manager.

FieldDescription
httpCodes integer array
httpFailures integer
tcpFailures integer
timeout integer

Appears in:

PortLevelSettings#

PortLevelSettings configures the ApisixUpstreamConfig for each individual port. It inherits configurations from the outer level (the whole Kubernetes Service) and overrides some of them if they are set on the port level.

FieldDescription
loadbalancer LoadBalancerLoadBalancer represents the load balancer configuration for Kubernetes Service. The default strategy is round robin.
scheme stringThe scheme used to talk with the upstream. Now value can be http, grpc.
retries integerHow many times that the proxy (Apache APISIX) should do when errors occur (error, timeout or bad http status codes like 500, 502).
timeout UpstreamTimeoutTimeout settings for the read, send and connect to the upstream.
healthCheck HealthCheckDeprecated: this is no longer support on standalone mode. The health check configurations for the upstream.
tlsSecret ApisixSecretSet the client certificate when connecting to TLS upstream.
subsets ApisixUpstreamSubset arraySubsets groups the service endpoints by their labels. Usually used to differentiate service versions.
passHost stringConfigures the host when the request is forwarded to the upstream. Can be one of pass, node or rewrite.
upstreamHost stringSpecifies the host of the Upstream request. This is only valid if the pass_host is set to rewrite
discovery DiscoveryDeprecated: this is no longer support on standalone mode. Discovery is used to configure service discovery for upstream.
port integerPort is a Kubernetes Service port, it should be already defined.

Appears in:

UpstreamTimeout#

UpstreamTimeout is settings for the read, send and connect to the upstream.

FieldDescription
connect Duration
send Duration
read Duration

Appears in: