Application Load Balancer API, gRPC: HttpRouterService.Create
- gRPC request
- CreateHttpRouterRequest
- VirtualHost
- Route
- HttpRoute
- HttpRouteMatch
- StringMatch
- HttpRouteAction
- RateLimit
- Limit
- RedirectAction
- DirectResponseAction
- Payload
- GrpcRoute
- GrpcRouteMatch
- GrpcRouteAction
- GrpcStatusResponseAction
- RouteOptions
- HeaderModification
- RBAC
- Principals
- Principal
- HeaderMatcher
- operation.Operation
- CreateHttpRouterMetadata
- HttpRouter
- VirtualHost
- Route
- HttpRoute
- HttpRouteMatch
- StringMatch
- HttpRouteAction
- RateLimit
- Limit
- RedirectAction
- DirectResponseAction
- Payload
- GrpcRoute
- GrpcRouteMatch
- GrpcRouteAction
- GrpcStatusResponseAction
- RouteOptions
- HeaderModification
- RBAC
- Principals
- Principal
- HeaderMatcher
Creates an HTTP router in the specified folder.
gRPC request
rpc Create (CreateHttpRouterRequest) returns (operation.Operation)
CreateHttpRouterRequest
{
"folderId": "string",
"name": "string",
"description": "string",
"labels": "string",
"virtualHosts": [
{
"name": "string",
"authority": [
"string"
],
"routes": [
{
"name": "string",
// Includes only one of the fields `http`, `grpc`
"http": {
"match": {
"httpMethod": [
"string"
],
"path": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
// Includes only one of the fields `route`, `redirect`, `directResponse`
"route": {
"backendGroupId": "string",
"timeout": "google.protobuf.Duration",
"idleTimeout": "google.protobuf.Duration",
// Includes only one of the fields `hostRewrite`, `autoHostRewrite`
"hostRewrite": "string",
"autoHostRewrite": "bool",
// end of the list of possible fields
"prefixRewrite": "string",
"upgradeTypes": [
"string"
],
"rateLimit": {
"allRequests": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
},
"requestsPerIp": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
}
}
},
"redirect": {
"replaceScheme": "string",
"replaceHost": "string",
"replacePort": "int64",
// Includes only one of the fields `replacePath`, `replacePrefix`
"replacePath": "string",
"replacePrefix": "string",
// end of the list of possible fields
"removeQuery": "bool",
"responseCode": "RedirectResponseCode"
},
"directResponse": {
"status": "int64",
"body": {
// Includes only one of the fields `text`
"text": "string"
// end of the list of possible fields
}
}
// end of the list of possible fields
},
"grpc": {
"match": {
"fqmn": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
// Includes only one of the fields `route`, `statusResponse`
"route": {
"backendGroupId": "string",
"maxTimeout": "google.protobuf.Duration",
"idleTimeout": "google.protobuf.Duration",
// Includes only one of the fields `hostRewrite`, `autoHostRewrite`
"hostRewrite": "string",
"autoHostRewrite": "bool",
// end of the list of possible fields
"rateLimit": {
"allRequests": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
},
"requestsPerIp": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
}
}
},
"statusResponse": {
"status": "Status"
}
// end of the list of possible fields
},
// end of the list of possible fields
"routeOptions": {
"modifyRequestHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"modifyResponseHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"rbac": {
"action": "Action",
"principals": [
{
"andPrincipals": [
{
// Includes only one of the fields `header`, `remoteIp`, `any`
"header": {
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
"remoteIp": "string",
"any": "bool"
// end of the list of possible fields
}
]
}
]
},
"securityProfileId": "string"
}
}
],
"modifyRequestHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"modifyResponseHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"routeOptions": {
"modifyRequestHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"modifyResponseHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"rbac": {
"action": "Action",
"principals": [
{
"andPrincipals": [
{
// Includes only one of the fields `header`, `remoteIp`, `any`
"header": {
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
"remoteIp": "string",
"any": "bool"
// end of the list of possible fields
}
]
}
]
},
"securityProfileId": "string"
},
"rateLimit": {
"allRequests": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
},
"requestsPerIp": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
}
}
}
],
"routeOptions": {
"modifyRequestHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"modifyResponseHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"rbac": {
"action": "Action",
"principals": [
{
"andPrincipals": [
{
// Includes only one of the fields `header`, `remoteIp`, `any`
"header": {
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
"remoteIp": "string",
"any": "bool"
// end of the list of possible fields
}
]
}
]
},
"securityProfileId": "string"
}
}
Field |
Description |
folderId |
string Required field. ID of the folder to create an HTTP router in. To get the folder ID, make a yandex.cloud.resourcemanager.v1.FolderService.List request. |
name |
string Name of the HTTP router. |
description |
string Description of the HTTP router. |
labels |
string HTTP router labels as |
virtualHosts[] |
Virtual hosts that combine routes inside the router. Only one virtual host with no authority (default match) can be specified. |
routeOptions |
Route options for the HTTP router. |
VirtualHost
A virtual host resource.
For details about the concept, see documentation.
Field |
Description |
name |
string Required field. Name of the virtual host. The name is unique within the HTTP router. |
authority[] |
string List of domains that are attributed to the virtual host. The host is selected to process the request received by the load balancer A wildcard asterisk character ( If not specified, all domains are attributed to the host, which is the same as specifying a |
routes[] |
Routes of the virtual host. A route contains a set of conditions (predicates) that are used by the load balancer to select the route The order of routes matters: the first route whose predicate matches the request is selected. |
modifyRequestHeaders[] |
Deprecated, use route_options.modify_request_headers. |
modifyResponseHeaders[] |
Deprecated, use route_options.modify_response_headers. |
routeOptions |
|
rateLimit |
RateLimit is a rate limit configuration applied for a whole virtual host. |
Route
A route resource.
For details about the concept, see documentation.
Field |
Description |
name |
string Required field. Name of the route. |
http |
HTTP route configuration. Includes only one of the fields Route configuration. |
grpc |
gRPC route configuration. Includes only one of the fields Route configuration. |
routeOptions |
HttpRoute
An HTTP route configuration resource.
Field |
Description |
match |
Condition (predicate) used to select the route. |
route |
Forwards the request to a backend group for processing as configured. Includes only one of the fields Action performed on the request if the route is selected. |
redirect |
Redirects the request as configured. Includes only one of the fields Action performed on the request if the route is selected. |
directResponse |
Instructs the load balancer to respond directly as configured. Includes only one of the fields Action performed on the request if the route is selected. |
HttpRouteMatch
An HTTP route condition (predicate) resource.
Field |
Description |
httpMethod[] |
string HTTP method specified in the request. |
path |
Match settings for the path specified in the request. If not specified, the route matches all paths. |
StringMatch
A string matcher resource.
Field |
Description |
exactMatch |
string Exact match string. Includes only one of the fields Match string for either exact or prefix match. |
prefixMatch |
string Prefix match string. Includes only one of the fields Match string for either exact or prefix match. |
regexMatch |
string Regular expression match string. Includes only one of the fields Match string for either exact or prefix match. |
HttpRouteAction
An HTTP route action resource.
Field |
Description |
backendGroupId |
string Required field. Backend group to forward requests to. Stream (TCP) backend groups are not supported. |
timeout |
Overall timeout for an HTTP connection between a load balancer node an a backend from the backend group: If a connection times out, the load balancer responds to the client with a Default value: |
idleTimeout |
Idle timeout for an HTTP connection between a load balancer node an a backend from the backend group: Specifying meaningful values for both If a connection times out, the load balancer responds to the client with a If not specified, no idle timeout is used, and an alive connection may be idle for any duration (see |
hostRewrite |
string Host replacement. Includes only one of the fields Value rewrite settings for HTTP/1.1 If not specified, the host is not changed. |
autoHostRewrite |
bool Automatically replaces the host with that of the target. Includes only one of the fields Value rewrite settings for HTTP/1.1 If not specified, the host is not changed. |
prefixRewrite |
string Replacement for the path prefix matched by StringMatch. For instance, if StringMatch.prefixMatch value is If not specified, the path is not changed. |
upgradeTypes[] |
string Supported values for HTTP |
rateLimit |
RateLimit is a rate limit configuration applied for route. |
RateLimit
RateLimit is a set of settings for global rate limiting.
Field |
Description |
allRequests |
AllRequests is a rate limit configuration applied to all incoming requests. |
requestsPerIp |
RequestsPerIp is a rate limit configuration applied separately for each set of requests |
Limit
Limit is a rate limit value settings.
Field |
Description |
perSecond |
int64 PerSecond is a limit value specified with per second time unit. Includes only one of the fields |
perMinute |
int64 PerMinute is a limit value specified with per minute time unit. Includes only one of the fields |
RedirectAction
A redirect action resource.
Field |
Description |
replaceScheme |
string URI scheme replacement. If If not specified, the original scheme and port are used. |
replaceHost |
string URI host replacement. If not specified, the original host is used. |
replacePort |
int64 URI host replacement. If not specified, the original host is used. |
replacePath |
string Replacement for the whole path. Includes only one of the fields URI path replacement. If not specified, the original path is used. |
replacePrefix |
string Replacement for the path prefix matched by StringMatch. For instance, if StringMatch.prefixMatch value is Includes only one of the fields URI path replacement. If not specified, the original path is used. |
removeQuery |
bool Removes URI query. |
responseCode |
enum RedirectResponseCode HTTP status code to use in redirect responses.
|
DirectResponseAction
A direct response action resource.
Field |
Description |
status |
int64 HTTP status code to use in responses. |
body |
Response body. |
Payload
A health check payload resource.
Field |
Description |
text |
string Payload text. Includes only one of the fields Payload. |
GrpcRoute
A gRPC route configuration resource.
Field |
Description |
match |
Condition (predicate) used to select the route. |
route |
Forwards the request to a backend group for processing as configured. Includes only one of the fields Action performed on the request if the route is selected. |
statusResponse |
Instructs the load balancer to respond directly with a specified status. Includes only one of the fields Action performed on the request if the route is selected. |
GrpcRouteMatch
A gRPC route condition (predicate) resource.
Field |
Description |
fqmn |
Match settings for gRPC service method called in the request. A match string must be a fully qualified method name, e.g. If not specified, the route matches all methods. |
GrpcRouteAction
A gRPC route action resource.
Field |
Description |
backendGroupId |
string Required field. Backend group to forward requests to. |
maxTimeout |
Overall timeout for an underlying HTTP connection between a load balancer node an a backend from the backend group: If a client specifies a lower timeout in HTTP If a connection times out, the load balancer responds to the client with an Default value: |
idleTimeout |
Idle timeout for an underlying HTTP connection between a load balancer node an a backend from the backend group: Specifying meaningful values for both If a connection times out, the load balancer responds to the client with an If not specified, no idle timeout is used, and an alive connection may be idle for any duration |
hostRewrite |
string Host replacement. Includes only one of the fields Value rewrite settings for HTTP/1.1 If not specified, the host is not changed. |
autoHostRewrite |
bool Automatically replaces the host with that of the target. Includes only one of the fields Value rewrite settings for HTTP/1.1 If not specified, the host is not changed. |
rateLimit |
RateLimit is a rate limit configuration applied for route. |
GrpcStatusResponseAction
A gRPC status response action resource.
Field |
Description |
status |
enum Status gRPC status code
|
RouteOptions
Field |
Description |
modifyRequestHeaders[] |
Apply the following modifications to the request headers. |
modifyResponseHeaders[] |
Apply the following modifications to the response headers. |
rbac |
|
securityProfileId |
string Security profile that will take effect to all requests routed via particular virtual host. |
HeaderModification
A header modification resource.
Field |
Description |
name |
string Name of the header. |
append |
string Appends the specified string to the header value. Variables defined for Envoy proxy Includes only one of the fields Operation to perform on the header. |
replace |
string Replaces the value of the header with the specified string. Variables defined for Envoy proxy Includes only one of the fields Operation to perform on the header. |
remove |
bool Removes the header. Includes only one of the fields Operation to perform on the header. |
rename |
string Replaces the name of the header with the specified string. Includes only one of the fields Operation to perform on the header. |
RBAC
Role Based Access Control (RBAC) provides router, virtual host, and route access control for the ALB
service. Requests are allowed or denied based on the action
and whether a matching principal is
found. For instance, if the action is ALLOW and a matching principal is found the request should be
allowed.
Field |
Description |
action |
enum Action Required field. The action to take if a principal matches. Every action either allows or denies a request.
|
principals[] |
Required. A match occurs when at least one matches the request. |
Principals
Principals define a group of identities for a request.
Field |
Description |
andPrincipals[] |
Required. A match occurs when all principals match the request. |
Principal
Principal defines an identity for a request.
Field |
Description |
header |
A header (or pseudo-header such as :path or :method) of the incoming HTTP request. Includes only one of the fields |
remoteIp |
string A CIDR block or IP that describes the request remote/origin address, e.g. Includes only one of the fields |
any |
bool When any is set, it matches any request. Includes only one of the fields |
HeaderMatcher
Field |
Description |
name |
string Required field. Specifies the name of the header in the request. |
value |
Specifies how the header match will be performed to route the request. |
operation.Operation
{
"id": "string",
"description": "string",
"createdAt": "google.protobuf.Timestamp",
"createdBy": "string",
"modifiedAt": "google.protobuf.Timestamp",
"done": "bool",
"metadata": {
"httpRouterId": "string"
},
// Includes only one of the fields `error`, `response`
"error": "google.rpc.Status",
"response": {
"id": "string",
"name": "string",
"description": "string",
"folderId": "string",
"labels": "string",
"virtualHosts": [
{
"name": "string",
"authority": [
"string"
],
"routes": [
{
"name": "string",
// Includes only one of the fields `http`, `grpc`
"http": {
"match": {
"httpMethod": [
"string"
],
"path": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
// Includes only one of the fields `route`, `redirect`, `directResponse`
"route": {
"backendGroupId": "string",
"timeout": "google.protobuf.Duration",
"idleTimeout": "google.protobuf.Duration",
// Includes only one of the fields `hostRewrite`, `autoHostRewrite`
"hostRewrite": "string",
"autoHostRewrite": "bool",
// end of the list of possible fields
"prefixRewrite": "string",
"upgradeTypes": [
"string"
],
"rateLimit": {
"allRequests": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
},
"requestsPerIp": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
}
}
},
"redirect": {
"replaceScheme": "string",
"replaceHost": "string",
"replacePort": "int64",
// Includes only one of the fields `replacePath`, `replacePrefix`
"replacePath": "string",
"replacePrefix": "string",
// end of the list of possible fields
"removeQuery": "bool",
"responseCode": "RedirectResponseCode"
},
"directResponse": {
"status": "int64",
"body": {
// Includes only one of the fields `text`
"text": "string"
// end of the list of possible fields
}
}
// end of the list of possible fields
},
"grpc": {
"match": {
"fqmn": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
// Includes only one of the fields `route`, `statusResponse`
"route": {
"backendGroupId": "string",
"maxTimeout": "google.protobuf.Duration",
"idleTimeout": "google.protobuf.Duration",
// Includes only one of the fields `hostRewrite`, `autoHostRewrite`
"hostRewrite": "string",
"autoHostRewrite": "bool",
// end of the list of possible fields
"rateLimit": {
"allRequests": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
},
"requestsPerIp": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
}
}
},
"statusResponse": {
"status": "Status"
}
// end of the list of possible fields
},
// end of the list of possible fields
"routeOptions": {
"modifyRequestHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"modifyResponseHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"rbac": {
"action": "Action",
"principals": [
{
"andPrincipals": [
{
// Includes only one of the fields `header`, `remoteIp`, `any`
"header": {
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
"remoteIp": "string",
"any": "bool"
// end of the list of possible fields
}
]
}
]
},
"securityProfileId": "string"
}
}
],
"modifyRequestHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"modifyResponseHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"routeOptions": {
"modifyRequestHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"modifyResponseHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"rbac": {
"action": "Action",
"principals": [
{
"andPrincipals": [
{
// Includes only one of the fields `header`, `remoteIp`, `any`
"header": {
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
"remoteIp": "string",
"any": "bool"
// end of the list of possible fields
}
]
}
]
},
"securityProfileId": "string"
},
"rateLimit": {
"allRequests": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
},
"requestsPerIp": {
// Includes only one of the fields `perSecond`, `perMinute`
"perSecond": "int64",
"perMinute": "int64"
// end of the list of possible fields
}
}
}
],
"createdAt": "google.protobuf.Timestamp",
"routeOptions": {
"modifyRequestHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"modifyResponseHeaders": [
{
"name": "string",
// Includes only one of the fields `append`, `replace`, `remove`, `rename`
"append": "string",
"replace": "string",
"remove": "bool",
"rename": "string"
// end of the list of possible fields
}
],
"rbac": {
"action": "Action",
"principals": [
{
"andPrincipals": [
{
// Includes only one of the fields `header`, `remoteIp`, `any`
"header": {
"name": "string",
"value": {
// Includes only one of the fields `exactMatch`, `prefixMatch`, `regexMatch`
"exactMatch": "string",
"prefixMatch": "string",
"regexMatch": "string"
// end of the list of possible fields
}
},
"remoteIp": "string",
"any": "bool"
// end of the list of possible fields
}
]
}
]
},
"securityProfileId": "string"
}
}
// end of the list of possible fields
}
An Operation resource. For more information, see Operation.
Field |
Description |
id |
string ID of the operation. |
description |
string Description of the operation. 0-256 characters long. |
createdAt |
Creation timestamp. |
createdBy |
string ID of the user or service account who initiated the operation. |
modifiedAt |
The time when the Operation resource was last modified. |
done |
bool If the value is |
metadata |
Service-specific metadata associated with the operation. |
error |
The error result of the operation in case of failure or cancellation. Includes only one of the fields The operation result. |
response |
The normal response of the operation in case of success. Includes only one of the fields The operation result. |
CreateHttpRouterMetadata
Field |
Description |
httpRouterId |
string ID of the HTTP router that is being created. |
HttpRouter
An HTTP router resource.
For details about the concept, see documentation.
Field |
Description |
id |
string ID of the router. Generated at creation time. |
name |
string Name of the router. The name is unique within the folder. |
description |
string Description of the router. |
folderId |
string ID of the folder that the router belongs to. |
labels |
string Router labels as |
virtualHosts[] |
Virtual hosts that combine routes inside the router. Only one virtual host with no authority (default match) can be specified. |
createdAt |
Creation timestamp. |
routeOptions |
VirtualHost
A virtual host resource.
For details about the concept, see documentation.
Field |
Description |
name |
string Required field. Name of the virtual host. The name is unique within the HTTP router. |
authority[] |
string List of domains that are attributed to the virtual host. The host is selected to process the request received by the load balancer A wildcard asterisk character ( If not specified, all domains are attributed to the host, which is the same as specifying a |
routes[] |
Routes of the virtual host. A route contains a set of conditions (predicates) that are used by the load balancer to select the route The order of routes matters: the first route whose predicate matches the request is selected. |
modifyRequestHeaders[] |
Deprecated, use route_options.modify_request_headers. |
modifyResponseHeaders[] |
Deprecated, use route_options.modify_response_headers. |
routeOptions |
|
rateLimit |
RateLimit is a rate limit configuration applied for a whole virtual host. |
Route
A route resource.
For details about the concept, see documentation.
Field |
Description |
name |
string Required field. Name of the route. |
http |
HTTP route configuration. Includes only one of the fields Route configuration. |
grpc |
gRPC route configuration. Includes only one of the fields Route configuration. |
routeOptions |
HttpRoute
An HTTP route configuration resource.
Field |
Description |
match |
Condition (predicate) used to select the route. |
route |
Forwards the request to a backend group for processing as configured. Includes only one of the fields Action performed on the request if the route is selected. |
redirect |
Redirects the request as configured. Includes only one of the fields Action performed on the request if the route is selected. |
directResponse |
Instructs the load balancer to respond directly as configured. Includes only one of the fields Action performed on the request if the route is selected. |
HttpRouteMatch
An HTTP route condition (predicate) resource.
Field |
Description |
httpMethod[] |
string HTTP method specified in the request. |
path |
Match settings for the path specified in the request. If not specified, the route matches all paths. |
StringMatch
A string matcher resource.
Field |
Description |
exactMatch |
string Exact match string. Includes only one of the fields Match string for either exact or prefix match. |
prefixMatch |
string Prefix match string. Includes only one of the fields Match string for either exact or prefix match. |
regexMatch |
string Regular expression match string. Includes only one of the fields Match string for either exact or prefix match. |
HttpRouteAction
An HTTP route action resource.
Field |
Description |
backendGroupId |
string Required field. Backend group to forward requests to. Stream (TCP) backend groups are not supported. |
timeout |
Overall timeout for an HTTP connection between a load balancer node an a backend from the backend group: If a connection times out, the load balancer responds to the client with a Default value: |
idleTimeout |
Idle timeout for an HTTP connection between a load balancer node an a backend from the backend group: Specifying meaningful values for both If a connection times out, the load balancer responds to the client with a If not specified, no idle timeout is used, and an alive connection may be idle for any duration (see |
hostRewrite |
string Host replacement. Includes only one of the fields Value rewrite settings for HTTP/1.1 If not specified, the host is not changed. |
autoHostRewrite |
bool Automatically replaces the host with that of the target. Includes only one of the fields Value rewrite settings for HTTP/1.1 If not specified, the host is not changed. |
prefixRewrite |
string Replacement for the path prefix matched by StringMatch. For instance, if StringMatch.prefixMatch value is If not specified, the path is not changed. |
upgradeTypes[] |
string Supported values for HTTP |
rateLimit |
RateLimit is a rate limit configuration applied for route. |
RateLimit
RateLimit is a set of settings for global rate limiting.
Field |
Description |
allRequests |
AllRequests is a rate limit configuration applied to all incoming requests. |
requestsPerIp |
RequestsPerIp is a rate limit configuration applied separately for each set of requests |
Limit
Limit is a rate limit value settings.
Field |
Description |
perSecond |
int64 PerSecond is a limit value specified with per second time unit. Includes only one of the fields |
perMinute |
int64 PerMinute is a limit value specified with per minute time unit. Includes only one of the fields |
RedirectAction
A redirect action resource.
Field |
Description |
replaceScheme |
string URI scheme replacement. If If not specified, the original scheme and port are used. |
replaceHost |
string URI host replacement. If not specified, the original host is used. |
replacePort |
int64 URI host replacement. If not specified, the original host is used. |
replacePath |
string Replacement for the whole path. Includes only one of the fields URI path replacement. If not specified, the original path is used. |
replacePrefix |
string Replacement for the path prefix matched by StringMatch. For instance, if StringMatch.prefixMatch value is Includes only one of the fields URI path replacement. If not specified, the original path is used. |
removeQuery |
bool Removes URI query. |
responseCode |
enum RedirectResponseCode HTTP status code to use in redirect responses.
|
DirectResponseAction
A direct response action resource.
Field |
Description |
status |
int64 HTTP status code to use in responses. |
body |
Response body. |
Payload
A health check payload resource.
Field |
Description |
text |
string Payload text. Includes only one of the fields Payload. |
GrpcRoute
A gRPC route configuration resource.
Field |
Description |
match |
Condition (predicate) used to select the route. |
route |
Forwards the request to a backend group for processing as configured. Includes only one of the fields Action performed on the request if the route is selected. |
statusResponse |
Instructs the load balancer to respond directly with a specified status. Includes only one of the fields Action performed on the request if the route is selected. |
GrpcRouteMatch
A gRPC route condition (predicate) resource.
Field |
Description |
fqmn |
Match settings for gRPC service method called in the request. A match string must be a fully qualified method name, e.g. If not specified, the route matches all methods. |
GrpcRouteAction
A gRPC route action resource.
Field |
Description |
backendGroupId |
string Required field. Backend group to forward requests to. |
maxTimeout |
Overall timeout for an underlying HTTP connection between a load balancer node an a backend from the backend group: If a client specifies a lower timeout in HTTP If a connection times out, the load balancer responds to the client with an Default value: |
idleTimeout |
Idle timeout for an underlying HTTP connection between a load balancer node an a backend from the backend group: Specifying meaningful values for both If a connection times out, the load balancer responds to the client with an If not specified, no idle timeout is used, and an alive connection may be idle for any duration |
hostRewrite |
string Host replacement. Includes only one of the fields Value rewrite settings for HTTP/1.1 If not specified, the host is not changed. |
autoHostRewrite |
bool Automatically replaces the host with that of the target. Includes only one of the fields Value rewrite settings for HTTP/1.1 If not specified, the host is not changed. |
rateLimit |
RateLimit is a rate limit configuration applied for route. |
GrpcStatusResponseAction
A gRPC status response action resource.
Field |
Description |
status |
enum Status gRPC status code
|
RouteOptions
Field |
Description |
modifyRequestHeaders[] |
Apply the following modifications to the request headers. |
modifyResponseHeaders[] |
Apply the following modifications to the response headers. |
rbac |
|
securityProfileId |
string Security profile that will take effect to all requests routed via particular virtual host. |
HeaderModification
A header modification resource.
Field |
Description |
name |
string Name of the header. |
append |
string Appends the specified string to the header value. Variables defined for Envoy proxy Includes only one of the fields Operation to perform on the header. |
replace |
string Replaces the value of the header with the specified string. Variables defined for Envoy proxy Includes only one of the fields Operation to perform on the header. |
remove |
bool Removes the header. Includes only one of the fields Operation to perform on the header. |
rename |
string Replaces the name of the header with the specified string. Includes only one of the fields Operation to perform on the header. |
RBAC
Role Based Access Control (RBAC) provides router, virtual host, and route access control for the ALB
service. Requests are allowed or denied based on the action
and whether a matching principal is
found. For instance, if the action is ALLOW and a matching principal is found the request should be
allowed.
Field |
Description |
action |
enum Action Required field. The action to take if a principal matches. Every action either allows or denies a request.
|
principals[] |
Required. A match occurs when at least one matches the request. |
Principals
Principals define a group of identities for a request.
Field |
Description |
andPrincipals[] |
Required. A match occurs when all principals match the request. |
Principal
Principal defines an identity for a request.
Field |
Description |
header |
A header (or pseudo-header such as :path or :method) of the incoming HTTP request. Includes only one of the fields |
remoteIp |
string A CIDR block or IP that describes the request remote/origin address, e.g. Includes only one of the fields |
any |
bool When any is set, it matches any request. Includes only one of the fields |
HeaderMatcher
Field |
Description |
name |
string Required field. Specifies the name of the header in the request. |
value |
Specifies how the header match will be performed to route the request. |