The alb module: Custom Resources

ALBInstance

Scope: Namespaced
Version: v1alpha1

Example:

apiVersion: network.deckhouse.io/v1alpha1
kind: ALBInstance
metadata:
  name: app-gw
  namespace: app
spec:
  gatewayName: app-gw
  inlet:
    type: LoadBalancer

• spec

  object
  • spec.acceptRequestsFrom

    array of strings

    Whitelist of sources allowed to send requests.
    • spec.acceptRequestsFrom.Element of the array

      string

      Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

  • spec.additionalHeaders

    object

    Additional headers to include in upstream requests.
  • spec.basicAuth

    object

    Specifies if basic authentication has to be enabled globally.
    • spec.basicAuth.enabled

      boolean

      Specifies whether basic authentication is enabled.
    • spec.basicAuth.secret

      object

      Specifies the secret name and namespace to use with basic authentication.
      • spec.basicAuth.secret.name

        string

        Required value
      • spec.basicAuth.secret.namespace

        string

        Required value
  • spec.controllerPodsAdditionalAnnotations

    object

    Additional annotations for controller/data plane pods.
  • spec.enableHTTP3

    boolean

    Enable HTTP3 support.

    Warning. HTTP3 can’t be enabled if Proxy Protocol is in use.

  • spec.envoyLogLevel

    string

    Defines log level of Envoy proxies.

    Default: Warning

    Allowed values: Off, Critical, Error, Warning, Info, Debug, Trace

  • spec.gatewayName

    string

    Required value

    Name of the Gateway resource this instance belongs to.

    Length: 1..45

  • spec.geoIP

    object

    GeoIP database downloader configuration for proxy pods.
    • spec.geoIP.headers

      object

      HTTP headers with GeoIP data to attach to requests.
      • spec.geoIP.headers.anon

        string

        The header for anonymous IP information, such as VPN, proxy, Tor, or hosting-provider detection.
      • spec.geoIP.headers.asn

        string

        The ASN header.
      • spec.geoIP.headers.city

        string

        The city header.
      • spec.geoIP.headers.country

        string

        The country code header.
      • spec.geoIP.headers.isp

        string

        The ISP header.
      • spec.geoIP.headers.region

        string

        The region or subdivision header.
    • spec.geoIP.licenseKeySecretRef

      object

      Secret reference with the MaxMind license key.

      For ALBInstance, the referenced secret must be located in the same namespace as the resource.

      • spec.geoIP.licenseKeySecretRef.name

        string

        Required value
    • spec.geoIP.maxmindEditionIDs

      array of strings

      A list of database editions to use.

      Warning. Current implementation supports using up to 4 editions.

      Default: [ "GeoLite2-City" ]

      • spec.geoIP.maxmindEditionIDs.Element of the array

        string

        Allowed values: GeoIP2-Anonymous-IP, GeoIP2-City, GeoIP2-ISP, GeoIP2-ASN, GeoLite2-ASN, GeoLite2-City

    • spec.geoIP.maxmindMirror

      object

      Mirror configuration for downloading GeoIP databases. If the parameter is not set, the databases are downloaded directly from https://download.maxmind.com.
      • spec.geoIP.maxmindMirror.insecureSkipVerify

        boolean

        Skip TLS certificate verification for the mirror.
      • spec.geoIP.maxmindMirror.url

        string

        Required value

        The URL for downloading GeoIP databases.

        Pattern: ^https?://.+$

        Examples:

        
        

        url: https://mirror.local
        

        url: https://mirror.local/GeoLite2-City.tar.gz
        

  • spec.inlet

    object

    Required value

    Inlet defines how traffic enters the data plane.
    • spec.inlet.additionalPorts

      array of objects

      Additional Service ports published besides default 80/443.
      • spec.inlet.additionalPorts.port

        integer

        Additional Service port number.

        Allowed values: 1 <= X <= 65535

      • spec.inlet.additionalPorts.protocol

        string

        Network protocol for the additional Service port. Currently only TCP is supported.

        Allowed values: TCP

    • spec.inlet.loadBalancer

      object

      Settings for the LoadBalancer inlet.

      Default: {}

      • spec.inlet.loadBalancer.httpPort

        integer

        Port for insecure HTTP connections. If it is not set, 80 port is assumed. Can be set to 0 to disable accepting HTTP connections.

        Allowed values: 0 <= X <= 65535

      • spec.inlet.loadBalancer.httpsPort

        integer

        Port for secure HTTPS connections. If it is not set, 443 port is assumed. Can be set to 0 to disable accepting HTTPS connections.

        Allowed values: 0 <= X <= 65535

      • spec.inlet.loadBalancer.serviceAnnotations

        object

        Additional annotations for the LoadBalancer Service.
    • spec.inlet.type

      string

      Required value

      Supported inlet type.

      Allowed values: LoadBalancer

  • spec.istioSidecar

    object

    Settings for Istio sidecar injection into proxy pods.
    • spec.istioSidecar.enabled

      boolean

      Attaches annotations to the proxy pods to automatically inject Istio sidecar containers.
    • spec.istioSidecar.resources

      object

      Resource requests and limits for the injected Istio sidecar container.
      • spec.istioSidecar.resources.limits

        object

        Resource limits.
        • spec.istioSidecar.resources.limits.cpu

          string

          CPU limits.
        • spec.istioSidecar.resources.limits.memory

          string

          Memory limits.
      • spec.istioSidecar.resources.requests

        object

        Resource requests.
        • spec.istioSidecar.resources.requests.cpu

          string

          CPU requests.
        • spec.istioSidecar.resources.requests.memory

          string

          Memory requests.
  • spec.minReplicas

    integer

    Minimum number of Envoy Proxy replicas. If a value greater than 1 is set, a PodDisruptionBudged object is provided.

    Default: 1

    Allowed values: 1 <= X

  • spec.nodeSelector

    object

    Node selector for pods.
  • spec.openTelemetry

    object

    OpenTelemetry configuration for Envoy proxies.
    • spec.openTelemetry.tracing

      object

      OpenTelemetry tracing configuration.
      • spec.openTelemetry.tracing.randomSamplingPercentage

        number

        Percentage of requests that Envoy randomly selects for trace generation.

        Default: 25

        Allowed values: 1 <= X <= 100

      • spec.openTelemetry.tracing.tls

        object

        TLS settings used by Envoy when connecting to the OpenTelemetry collector.
        • spec.openTelemetry.tracing.tls.caSecretName

          string

          Name of the Kubernetes Secret containing the CA certificate used to verify the OpenTelemetry collector certificate. The Secret must be in the same namespace as the ALBInstance object.

          Example:

          
          

          caSecretName: otel-tracing-ca
          

        • spec.openTelemetry.tracing.tls.insecureSkipVerify

          boolean

          Allows Envoy to connect to the OpenTelemetry collector even if certificate verification fails.
        • spec.openTelemetry.tracing.tls.sni

          string

          Server Name Indication (SNI) value sent by Envoy during the TLS handshake.

          Warning. This setting is required if the OpenTelemetry collector is behind a TLS proxy or load balancer that routes connections based on SNI.

        • spec.openTelemetry.tracing.tls.subjectAltNames

          array of strings

          List of Subject Alternative Names (SANs) used to verify the OpenTelemetry collector certificate.
      • spec.openTelemetry.tracing.url

        string

        OpenTelemetry collector endpoint URL used for exporting traces.

        Pattern: ^(https?|grpc)://([A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?)(?:\.([A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?))+(?::(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}))?(?:/[A-Za-z0-9._~!$&'()*+,;=:@%/-]*)?$

        Examples:

        
        

        url: http://opentelemetry.collector.local
        

        url: grpc://opentelemetry.collector.local
        

        url: https://opentelemetry.collector.local
        

        url: https://opentelemetry.collector.local:4018
        

        url: https://opentelemetry.collector.local:4018/v1/traces
        

  • spec.originalIPDetection

    object

    Defines if the Envoy Proxy has to detect original IP using headers.
    • spec.originalIPDetection.realIPHeader

      string

      Defines a header to use for original client IP detection.

      Default: X-Forwarded-For

      Example:

      
      

      realIPHeader: X-Real-IP
      

    • spec.originalIPDetection.setRealIPFrom

      array of strings

      Required value

      Specifies CIDR ranges allowed to provide headers for origin IP detection.
      • spec.originalIPDetection.setRealIPFrom.Element of the array

        string

        Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

  • spec.resourcesManagement

    object

    CPU and memory request and limit settings for the controller Pods.
    • spec.resourcesManagement.mode

      string

      Required value

      Resource management mode.

      Default: VPA

      Allowed values: VPA, Static

    • spec.resourcesManagement.static

      object

      Static mode settings.
      • spec.resourcesManagement.static.limits

        object

        Resource limits.

        Default: {}

        • spec.resourcesManagement.static.limits.cpu

          string

          CPU limits.
        • spec.resourcesManagement.static.limits.memory

          string

          Memory limits.
      • spec.resourcesManagement.static.requests

        object

        Resource requests.

        Default: {}

        • spec.resourcesManagement.static.requests.cpu

          string

          CPU requests.

          Default: 350m

        • spec.resourcesManagement.static.requests.memory

          string

          Memory requests.

          Default: 500Mi

    • spec.resourcesManagement.vpa

      object

      Resource management settings for the VPA mode.
      • spec.resourcesManagement.vpa.cpu

        object

        CPU-related VPA settings.

        Default: {}

        • spec.resourcesManagement.vpa.cpu.limitRatio

          number

          The CPU limits/requests ratio.

          If set, the limits are calculated based on the requests and the specified ratio.

        • spec.resourcesManagement.vpa.cpu.max

          string

          Maximum value of allowed CPU requests to be submitted by the VPA.

          Default: 1500m

        • spec.resourcesManagement.vpa.cpu.min

          string

          Minimum value of allowed CPU requests to be submitted by the VPA.

          Default: 100m

      • spec.resourcesManagement.vpa.memory

        object

        Memory-related VPA settings.

        Default: {}

        • spec.resourcesManagement.vpa.memory.limitRatio

          number

          The memory limits/requests ratio.

          If set, the limits are calculated based on the requests and the specified ratio.

        • spec.resourcesManagement.vpa.memory.max

          string

          Maximum value of allowed memory requests to be submitted by the VPA.

          Default: 2000Mi

        • spec.resourcesManagement.vpa.memory.min

          string

          Minimum value of allowed memory requests to be submitted by the VPA.

          Default: 500Mi

      • spec.resourcesManagement.vpa.mode

        string

        VPA operating mode.

        Default: Initial

        Allowed values: Initial, InPlaceOrRecreate

  • spec.tolerations

    array of objects

    Pod tolerations.
    • spec.tolerations.effect

      string

      Allowed values: NoSchedule, PreferNoSchedule, NoExecute

    • spec.tolerations.key

      string
    • spec.tolerations.operator

      string

      Allowed values: Exists, Equal

    • spec.tolerations.tolerationSeconds

      integer

      Allowed values: 0 <= X

    • spec.tolerations.value

      string
  • spec.useProxyProtocol

    boolean

    Enable PROXY protocol support.

    Warning. Proxy Protocol can’t be enabled if HTTP3 is in use.

• status

  object
  • status.conflictPorts

    boolean

    True when this instance additionalPorts are ignored because another older instance with the same gatewayName is authoritative.
  • status.conflictPortsOwner

    string

    Reference to the older instance that defines effective additionalPorts for this gatewayName.
  • status.gateway

    string

    Effective Gateway name served by this instance.
  • status.observedGeneration

    integer

    Allowed values: 0 <= X

  • status.ready

    boolean

    True when this instance is ready to serve traffic.
  • status.synced

    boolean

    True when desired and actual resources are in sync.

ClusterALBInstance

Scope: Cluster
Version: v1alpha1

Example:

apiVersion: network.deckhouse.io/v1alpha1
kind: ClusterALBInstance
metadata:
  name: public-gw
spec:
  gatewayName: public-gw
  inlet:
    type: LoadBalancer

• spec

  object
  • spec.acceptRequestsFrom

    array of strings

    Whitelist of sources allowed to send requests.
    • spec.acceptRequestsFrom.Element of the array

      string

      Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

  • spec.additionalHeaders

    object

    Additional HTTP headers to add.
  • spec.basicAuth

    object

    Specifies if basic authentication has to be enabled globally.
    • spec.basicAuth.enabled

      boolean

      Specifies whether basic authentication is enabled.
    • spec.basicAuth.secret

      object

      Specifies the secret name and namespace to use with basic authentication.
      • spec.basicAuth.secret.name

        string

        Required value

        Secret name.
      • spec.basicAuth.secret.namespace

        string

        Required value

        Namespace name.
  • spec.controllerPodsAdditionalAnnotations

    object

    Additional annotations for controller/data plane pods.
  • spec.defaultDeckhouseGateway

    boolean

    Marks the gateway as a default Deckhouse Gateway in the cluster. This gateway is used to serve Deckhouse HTTP/HTTPS endpoints.

    Warning. If more than one gateway is marked as a default, the oldest gateway is selected as the default gateway.

  • spec.enableHTTP3

    boolean

    Enable HTTP3 support.

    Warning. HTTP3 can’t be enabled if Proxy Protocol is in use.

  • spec.envoyLogLevel

    string

    Defines log level of Envoy proxies.

    Default: Warning

    Allowed values: Off, Critical, Error, Warning, Info, Debug, Trace

  • spec.gatewayName

    string

    Required value

    Name of the Gateway resource this instance belongs to.

    Length: 1..45

  • spec.geoIP

    object

    GeoIP database downloader configuration for proxy pods.
    • spec.geoIP.headers

      object

      HTTP headers with GeoIP data to attach to requests.
      • spec.geoIP.headers.anon

        string

        The header for anonymous IP information, such as VPN, proxy, Tor, or hosting-provider detection.
      • spec.geoIP.headers.asn

        string

        The ASN header.
      • spec.geoIP.headers.city

        string

        The city header.
      • spec.geoIP.headers.country

        string

        The country code header.
      • spec.geoIP.headers.isp

        string

        The ISP header.
      • spec.geoIP.headers.region

        string

        The region or subdivision header.
    • spec.geoIP.licenseKeySecretRef

      object

      Secret reference with the MaxMind license key.

      For ClusterALBInstance, the secret may reside in any namespace, with a preference for d8-alb.

      • spec.geoIP.licenseKeySecretRef.name

        string

        Required value
      • spec.geoIP.licenseKeySecretRef.namespace

        string

        Required value
    • spec.geoIP.maxmindEditionIDs

      array of strings

      A list of database editions to use.

      Warning. Current implementation supports using up to 4 editions.

      Default: [ "GeoLite2-City" ]

      • spec.geoIP.maxmindEditionIDs.Element of the array

        string

        Allowed values: GeoIP2-Anonymous-IP, GeoIP2-City, GeoIP2-ISP, GeoIP2-ASN, GeoLite2-ASN, GeoLite2-City

    • spec.geoIP.maxmindMirror

      object

      Mirror configuration for downloading GeoIP databases. If the parameter is not set, the databases are downloaded directly from https://download.maxmind.com.
      • spec.geoIP.maxmindMirror.insecureSkipVerify

        boolean

        Skip TLS certificate verification for the mirror.
      • spec.geoIP.maxmindMirror.url

        string

        Required value

        The URL for downloading GeoIP databases.

        Pattern: ^https?://.+$

        Examples:

        
        

        url: https://mirror.local
        

        url: https://mirror.local/GeoLite2-City.tar.gz
        

  • spec.inlet

    object

    Required value

    Inlet defines how traffic enters the data plane.
    • spec.inlet.additionalPorts

      array of objects

      Additional Service ports published besides default 80/443. For HostPort inlets these ports are also bound as Pod hostPorts on the managed DaemonSet.
      • spec.inlet.additionalPorts.port

        integer

        Additional Service port number.

        Allowed values: 1 <= X <= 65535

      • spec.inlet.additionalPorts.protocol

        string

        Network protocol for the additional Service port. Currently only TCP is supported.

        Allowed values: TCP

    • spec.inlet.hostPort

      object

      HostPort inlet settings.
      • spec.inlet.hostPort.httpPort

        integer

        Port for insecure HTTP connections.

        If the parameter is not set, the connection over HTTP cannot be established.

        This parameter is mandatory if httpsPort is not set.

        Allowed values: 1 <= X <= 65535

      • spec.inlet.hostPort.httpsPort

        integer

        Port for secure HTTPS connections.

        If the parameter is not set, the connection over HTTPS cannot be established.

        This parameter is mandatory if httpPort is not set.

        Allowed values: 1 <= X <= 65535

    • spec.inlet.loadBalancer

      object

      Settings for the LoadBalancer inlet.
      • spec.inlet.loadBalancer.httpPort

        integer

        Port for insecure HTTP connections. If it is not set, 80 port is assumed. Can be set to 0 to disable accepting HTTP connections.

        Allowed values: 0 <= X <= 65535

      • spec.inlet.loadBalancer.httpsPort

        integer

        Port for secure HTTPS connections. If it is not set, 443 port is assumed. Can be set to 0 to disable accepting HTTPS connections.

        Allowed values: 0 <= X <= 65535

      • spec.inlet.loadBalancer.serviceAnnotations

        object

        Additional annotations for the LoadBalancer Service.
    • spec.inlet.type

      string

      Required value

      Supported inlet type.

      Allowed values: LoadBalancer, HostPort

  • spec.istioSidecar

    object

    Settings for Istio sidecar injection into proxy pods.
    • spec.istioSidecar.enabled

      boolean

      Attaches annotations to the proxy pods to automatically inject Istio sidecar containers.
    • spec.istioSidecar.resources

      object

      Resource requests and limits for the injected Istio sidecar container.
      • spec.istioSidecar.resources.limits

        object

        Resource limits.
        • spec.istioSidecar.resources.limits.cpu

          string

          CPU limits.
        • spec.istioSidecar.resources.limits.memory

          string

          Memory limits.
      • spec.istioSidecar.resources.requests

        object

        Resource requests.
        • spec.istioSidecar.resources.requests.cpu

          string

          CPU requests.
        • spec.istioSidecar.resources.requests.memory

          string

          Memory requests.
  • spec.nodeSelector

    object

    Node selector for pods.
  • spec.openTelemetry

    object

    OpenTelemetry configuration for Envoy proxies.
    • spec.openTelemetry.tracing

      object

      OpenTelemetry tracing configuration.
      • spec.openTelemetry.tracing.randomSamplingPercentage

        number

        Percentage of requests that Envoy randomly selects for trace generation.

        Default: 25

        Allowed values: 1 <= X <= 100

      • spec.openTelemetry.tracing.tls

        object

        TLS settings used by Envoy when connecting to the OpenTelemetry collector.
        • spec.openTelemetry.tracing.tls.caSecretName

          string

          Name of the Kubernetes Secret containing the CA certificate used to verify the OpenTelemetry collector certificate. The Secret must be in the d8-alb namespace.

          Example:

          
          

          caSecretName: otel-tracing-ca
          

        • spec.openTelemetry.tracing.tls.insecureSkipVerify

          boolean

          Allows Envoy to connect to the OpenTelemetry collector even if certificate verification fails.
        • spec.openTelemetry.tracing.tls.sni

          string

          Server Name Indication (SNI) value sent by Envoy during the TLS handshake.

          Warning. This setting is required if the OpenTelemetry collector is behind a TLS proxy or load balancer that routes connections based on SNI.

        • spec.openTelemetry.tracing.tls.subjectAltNames

          array of strings

          List of Subject Alternative Names (SANs) used to verify the OpenTelemetry collector certificate.
      • spec.openTelemetry.tracing.url

        string

        OpenTelemetry collector endpoint URL used for exporting traces.

        Pattern: ^(https?|grpc)://([A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?)(?:\.([A-Za-z0-9](?:[-A-Za-z0-9]*[A-Za-z0-9])?))+(?::(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}))?(?:/[A-Za-z0-9._~!$&'()*+,;=:@%/-]*)?$

        Examples:

        
        

        url: http://opentelemetry.collector.local
        

        url: grpc://opentelemetry.collector.local
        

        url: https://opentelemetry.collector.local
        

        url: https://opentelemetry.collector.local:4018
        

        url: https://opentelemetry.collector.local:4018/v1/traces
        

  • spec.originalIPDetection

    object

    Defines if the Envoy Proxy has to detect original IP using headers.
    • spec.originalIPDetection.realIPHeader

      string

      Defines a header to use for original client IP detection.

      Default: X-Forwarded-For

      Example:

      
      

      realIPHeader: X-Real-IP
      

    • spec.originalIPDetection.setRealIPFrom

      array of strings

      Required value

      Specifies CIDR ranges allowed to provide headers for origin IP detection.
      • spec.originalIPDetection.setRealIPFrom.Element of the array

        string

        Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

  • spec.resourcesManagement

    object

    CPU and memory request and limit settings for the controller Pods.
    • spec.resourcesManagement.mode

      string

      Required value

      Resource management mode.

      Default: VPA

      Allowed values: VPA, Static

    • spec.resourcesManagement.static

      object

      Static mode settings.
      • spec.resourcesManagement.static.limits

        object

        Resource limits.

        Default: {}

        • spec.resourcesManagement.static.limits.cpu

          string

          CPU limits.
        • spec.resourcesManagement.static.limits.memory

          string

          Memory limits.
      • spec.resourcesManagement.static.requests

        object

        Resource requests.

        Default: {}

        • spec.resourcesManagement.static.requests.cpu

          string

          CPU requests.

          Default: 350m

        • spec.resourcesManagement.static.requests.memory

          string

          Memory requests.

          Default: 500Mi

    • spec.resourcesManagement.vpa

      object

      Resource management settings for the VPA mode.
      • spec.resourcesManagement.vpa.cpu

        object

        CPU-related VPA settings.

        Default: {}

        • spec.resourcesManagement.vpa.cpu.limitRatio

          number

          The CPU limits/requests ratio.

          If set, the limits are calculated based on the requests and the specified ratio.

        • spec.resourcesManagement.vpa.cpu.max

          string

          Maximum value of allowed CPU requests to be submitted by the VPA.

          Default: 1500m

        • spec.resourcesManagement.vpa.cpu.min

          string

          Minimum value of allowed CPU requests to be submitted by the VPA.

          Default: 100m

      • spec.resourcesManagement.vpa.memory

        object

        Memory-related VPA settings.

        Default: {}

        • spec.resourcesManagement.vpa.memory.limitRatio

          number

          The memory limits/requests ratio.

          If set, the limits are calculated based on the requests and the specified ratio.

        • spec.resourcesManagement.vpa.memory.max

          string

          Maximum value of allowed memory requests to be submitted by the VPA.

          Default: 2000Mi

        • spec.resourcesManagement.vpa.memory.min

          string

          Minimum value of allowed memory requests to be submitted by the VPA.

          Default: 500Mi

      • spec.resourcesManagement.vpa.mode

        string

        VPA operating mode.

        Default: Initial

        Allowed values: Initial, InPlaceOrRecreate

  • spec.tolerations

    array of objects

    Pod tolerations.
    • spec.tolerations.effect

      string

      Allowed values: NoSchedule, PreferNoSchedule, NoExecute

    • spec.tolerations.key

      string
    • spec.tolerations.operator

      string

      Allowed values: Exists, Equal

    • spec.tolerations.tolerationSeconds

      integer

      Allowed values: 0 <= X

    • spec.tolerations.value

      string
  • spec.useProxyProtocol

    boolean

    Enable PROXY protocol support.

    Warning. Proxy Protocol can’t be enabled if HTTP3 is in use.

• status

  object
  • status.conflictPorts

    boolean

    True when this instance additionalPorts are ignored because another older instance with the same gatewayName is authoritative.
  • status.conflictPortsOwner

    string

    Reference to the older instance that defines effective additionalPorts for this gatewayName.
  • status.defaultGateway

    boolean

    True when this cluster ClusterALBInstance is selected as default gateway source.
  • status.gateway

    string

    Effective Gateway name served by this instance.
  • status.observedGeneration

    integer

    Allowed values: 0 <= X

  • status.ready

    boolean

    True when this instance is ready to serve traffic.
  • status.synced

    boolean

    True when desired and actual resources are in sync.