diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 2caf33acb4b..bc9bb9f0f13 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -39,9 +39,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `http/1.0` | HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN
|
-| `http/1.1` | HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN
|
-| `h2` | HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN
|
+| `http/1.0` | HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN
|
+| `http/1.1` | HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN
|
+| `h2` | HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN
|
#### ALSEnvoyProxyAccessLog
@@ -78,8 +78,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `HTTP` | ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.
|
-| `TCP` | ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.
|
+| `HTTP` | ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.
|
+| `TCP` | ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.
|
#### ALSEnvoyProxyHTTPAccessLogConfig
@@ -163,8 +163,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Text` | ActiveHealthCheckPayloadTypeText defines the Text type payload.
|
-| `Binary` | ActiveHealthCheckPayloadTypeBinary defines the Binary type payload.
|
+| `Text` | ActiveHealthCheckPayloadTypeText defines the Text type payload.
|
+| `Binary` | ActiveHealthCheckPayloadTypeBinary defines the Binary type payload.
|
#### ActiveHealthCheckerType
@@ -178,9 +178,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `HTTP` | ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking.
|
-| `TCP` | ActiveHealthCheckerTypeTCP defines the TCP type of health checking.
|
-| `GRPC` | ActiveHealthCheckerTypeGRPC defines the GRPC type of health checking.
|
+| `HTTP` | ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking.
|
+| `TCP` | ActiveHealthCheckerTypeTCP defines the TCP type of health checking.
|
+| `GRPC` | ActiveHealthCheckerTypeGRPC defines the GRPC type of health checking.
|
#### AppProtocolType
@@ -194,9 +194,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `gateway.envoyproxy.io/h2c` | AppProtocolTypeH2C defines the HTTP/2 application protocol.
|
-| `gateway.envoyproxy.io/ws` | AppProtocolTypeWS defines the WebSocket over HTTP protocol.
|
-| `gateway.envoyproxy.io/wss` | AppProtocolTypeWSS defines the WebSocket over HTTPS protocol.
|
+| `gateway.envoyproxy.io/h2c` | AppProtocolTypeH2C defines the HTTP/2 application protocol.
|
+| `gateway.envoyproxy.io/ws` | AppProtocolTypeWS defines the WebSocket over HTTP protocol.
|
+| `gateway.envoyproxy.io/wss` | AppProtocolTypeWSS defines the WebSocket over HTTPS protocol.
|
#### Authorization
@@ -229,8 +229,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Allow` | AuthorizationActionAllow is the action to allow the request.
|
-| `Deny` | AuthorizationActionDeny is the action to deny the request.
|
+| `Allow` | AuthorizationActionAllow is the action to allow the request.
|
+| `Deny` | AuthorizationActionDeny is the action to deny the request.
|
#### AuthorizationRule
@@ -511,9 +511,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Merge` | Merge merges the provided bootstrap with the default one. The provided bootstrap can add or override a value
within a map, or add a new value to a list.
Please note that the provided bootstrap can't override a value within a list.
|
-| `Replace` | Replace replaces the default bootstrap with the provided one.
|
-| `JSONPatch` | JSONPatch applies the provided JSONPatches to the default bootstrap.
|
+| `Merge` | Merge merges the provided bootstrap with the default one. The provided bootstrap can add or override a value
within a map, or add a new value to a list.
Please note that the provided bootstrap can't override a value within a list.
|
+| `Replace` | Replace replaces the default bootstrap with the provided one.
|
+| `JSONPatch` | JSONPatch applies the provided JSONPatches to the default bootstrap.
|
#### BrotliCompressor
@@ -787,8 +787,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Gzip` | |
-| `Brotli` | |
+| `Gzip` | |
+| `Brotli` | |
#### ConnectionLimit
@@ -835,9 +835,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `SourceIP` | SourceIPConsistentHashType hashes based on the source IP address.
|
-| `Header` | HeaderConsistentHashType hashes based on a request header.
|
-| `Cookie` | CookieConsistentHashType hashes based on a cookie.
|
+| `SourceIP` | SourceIPConsistentHashType hashes based on the source IP address.
|
+| `Header` | HeaderConsistentHashType hashes based on a request header.
|
+| `Cookie` | CookieConsistentHashType hashes based on a cookie.
|
#### Cookie
@@ -950,9 +950,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Literal` | CustomTagTypeLiteral adds hard-coded value to each span.
|
-| `Environment` | CustomTagTypeEnvironment adds value from environment variable to each span.
|
-| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
+| `Literal` | CustomTagTypeLiteral adds hard-coded value to each span.
|
+| `Environment` | CustomTagTypeEnvironment adds value from environment variable to each span.
|
+| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
#### DNS
@@ -1032,23 +1032,23 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `envoy.filters.http.health_check` | EnvoyFilterHealthCheck defines the Envoy HTTP health check filter.
|
-| `envoy.filters.http.fault` | EnvoyFilterFault defines the Envoy HTTP fault filter.
|
-| `envoy.filters.http.cors` | EnvoyFilterCORS defines the Envoy HTTP CORS filter.
|
-| `envoy.filters.http.ext_authz` | EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter.
|
-| `envoy.filters.http.api_key_auth` | EnvoyFilterAPIKeyAuth defines the Envoy HTTP api key authentication filter.
|
-| `envoy.filters.http.basic_auth` | EnvoyFilterBasicAuth defines the Envoy HTTP basic authentication filter.
|
-| `envoy.filters.http.oauth2` | EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter.
|
-| `envoy.filters.http.jwt_authn` | EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter.
|
-| `envoy.filters.http.stateful_session` | EnvoyFilterSessionPersistence defines the Envoy HTTP session persistence filter.
|
-| `envoy.filters.http.ext_proc` | EnvoyFilterExtProc defines the Envoy HTTP external process filter.
|
-| `envoy.filters.http.wasm` | EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter.
|
-| `envoy.filters.http.rbac` | EnvoyFilterRBAC defines the Envoy RBAC filter.
|
-| `envoy.filters.http.local_ratelimit` | EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter.
|
-| `envoy.filters.http.ratelimit` | EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.
|
-| `envoy.filters.http.custom_response` | EnvoyFilterCustomResponse defines the Envoy HTTP custom response filter.
|
-| `envoy.filters.http.compressor` | EnvoyFilterCompressor defines the Envoy HTTP compressor filter.
|
-| `envoy.filters.http.router` | EnvoyFilterRouter defines the Envoy HTTP router filter.
|
+| `envoy.filters.http.health_check` | EnvoyFilterHealthCheck defines the Envoy HTTP health check filter.
|
+| `envoy.filters.http.fault` | EnvoyFilterFault defines the Envoy HTTP fault filter.
|
+| `envoy.filters.http.cors` | EnvoyFilterCORS defines the Envoy HTTP CORS filter.
|
+| `envoy.filters.http.ext_authz` | EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter.
|
+| `envoy.filters.http.api_key_auth` | EnvoyFilterAPIKeyAuth defines the Envoy HTTP api key authentication filter.
|
+| `envoy.filters.http.basic_auth` | EnvoyFilterBasicAuth defines the Envoy HTTP basic authentication filter.
|
+| `envoy.filters.http.oauth2` | EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter.
|
+| `envoy.filters.http.jwt_authn` | EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter.
|
+| `envoy.filters.http.stateful_session` | EnvoyFilterSessionPersistence defines the Envoy HTTP session persistence filter.
|
+| `envoy.filters.http.ext_proc` | EnvoyFilterExtProc defines the Envoy HTTP external process filter.
|
+| `envoy.filters.http.wasm` | EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter.
|
+| `envoy.filters.http.rbac` | EnvoyFilterRBAC defines the Envoy RBAC filter.
|
+| `envoy.filters.http.local_ratelimit` | EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter.
|
+| `envoy.filters.http.ratelimit` | EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.
|
+| `envoy.filters.http.custom_response` | EnvoyFilterCustomResponse defines the Envoy HTTP custom response filter.
|
+| `envoy.filters.http.compressor` | EnvoyFilterCompressor defines the Envoy HTTP compressor filter.
|
+| `envoy.filters.http.router` | EnvoyFilterRouter defines the Envoy HTTP router filter.
|
#### EnvoyGateway
@@ -1189,13 +1189,13 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `default` | LogComponentGatewayDefault defines the "default"-wide logging component. When specified,
all other logging components are ignored.
|
-| `provider` | LogComponentProviderRunner defines the "provider" runner component.
|
-| `gateway-api` | LogComponentGatewayAPIRunner defines the "gateway-api" runner component.
|
-| `xds-translator` | LogComponentXdsTranslatorRunner defines the "xds-translator" runner component.
|
-| `xds-server` | LogComponentXdsServerRunner defines the "xds-server" runner component.
|
-| `infrastructure` | LogComponentInfrastructureRunner defines the "infrastructure" runner component.
|
-| `global-ratelimit` | LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component.
|
+| `default` | LogComponentGatewayDefault defines the "default"-wide logging component. When specified,
all other logging components are ignored.
|
+| `provider` | LogComponentProviderRunner defines the "provider" runner component.
|
+| `gateway-api` | LogComponentGatewayAPIRunner defines the "gateway-api" runner component.
|
+| `xds-translator` | LogComponentXdsTranslatorRunner defines the "xds-translator" runner component.
|
+| `xds-server` | LogComponentXdsServerRunner defines the "xds-server" runner component.
|
+| `infrastructure` | LogComponentInfrastructureRunner defines the "infrastructure" runner component.
|
+| `global-ratelimit` | LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component.
|
#### EnvoyGatewayLogging
@@ -1408,7 +1408,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `JSONPatch` | JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics.
For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902
|
+| `JSONPatch` | JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics.
For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902
|
#### EnvoyProxy
@@ -1512,10 +1512,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `type.googleapis.com/envoy.config.listener.v3.Listener` | ListenerEnvoyResourceType defines the Type URL of the Listener resource
|
-| `type.googleapis.com/envoy.config.route.v3.RouteConfiguration` | RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource
|
-| `type.googleapis.com/envoy.config.cluster.v3.Cluster` | ClusterEnvoyResourceType defines the Type URL of the Cluster resource
|
-| `type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment` | ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource
|
+| `type.googleapis.com/envoy.config.listener.v3.Listener` | ListenerEnvoyResourceType defines the Type URL of the Listener resource
|
+| `type.googleapis.com/envoy.config.route.v3.RouteConfiguration` | RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource
|
+| `type.googleapis.com/envoy.config.cluster.v3.Cluster` | ClusterEnvoyResourceType defines the Type URL of the Cluster resource
|
+| `type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment` | ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource
|
#### ExtAuth
@@ -1568,9 +1568,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Streamed` | StreamedExtProcBodyProcessingMode will stream the body to the server in pieces as they arrive at the proxy.
|
-| `Buffered` | BufferedExtProcBodyProcessingMode will buffer the message body in memory and send the entire body at once. If the body exceeds the configured buffer limit, then the downstream system will receive an error.
|
-| `BufferedPartial` | BufferedPartialExtBodyHeaderProcessingMode will buffer the message body in memory and send the entire body in one chunk. If the body exceeds the configured buffer limit, then the body contents up to the buffer limit will be sent.
|
+| `Streamed` | StreamedExtProcBodyProcessingMode will stream the body to the server in pieces as they arrive at the proxy.
|
+| `Buffered` | BufferedExtProcBodyProcessingMode will buffer the message body in memory and send the entire body at once. If the body exceeds the configured buffer limit, then the downstream system will receive an error.
|
+| `BufferedPartial` | BufferedPartialExtBodyHeaderProcessingMode will buffer the message body in memory and send the entire body in one chunk. If the body exceeds the configured buffer limit, then the body contents up to the buffer limit will be sent.
|
#### ExtProcMetadata
@@ -1860,7 +1860,6 @@ _Appears in:_
| Field | Type | Required | Default | Description |
| --- | --- | --- | --- | --- |
| `rules` | _[RateLimitRule](#ratelimitrule) array_ | true | | Rules are a list of RateLimit selectors and limits. Each rule and its
associated limit is applied in a mutually exclusive way. If a request
matches multiple rules, each of their associated limits get applied, so a
single request might increase the rate limit counters for multiple rules
if selected. The rate limit service will return a logical OR of the individual
rate limit decisions of all matching rules. For example, if a request
matches two rules, one rate limited and one not, the final decision will be
to rate limit the request. |
-| `shared` | _boolean_ | false | false | Shared determines whether the rate limit rules apply across all the policy targets.
If set to true, the rule is treated as a common bucket and is shared across all policy targets (xRoutes).
Must have targetRef set to Gateway
Default: false. |
#### GroupVersionKind
@@ -2045,8 +2044,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Header` | HeaderHTTPHostnameModifier indicates that the Host header value would be replaced with the value of the header specified in header.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-host-rewrite-header
|
-| `Backend` | BackendHTTPHostnameModifier indicates that the Host header value would be replaced by the DNS name of the backend if it exists.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-auto-host-rewrite
|
+| `Header` | HeaderHTTPHostnameModifier indicates that the Host header value would be replaced with the value of the header specified in header.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-host-rewrite-header
|
+| `Backend` | BackendHTTPHostnameModifier indicates that the Host header value would be replaced by the DNS name of the backend if it exists.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-auto-host-rewrite
|
#### HTTPPathModifier
@@ -2075,7 +2074,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ReplaceRegexMatch` | RegexHTTPPathModifier This type of modifier indicates that the portions of the path that match the specified
regex would be substituted with the specified substitution value
https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/matcher/v3/regex.proto#type-matcher-v3-regexmatchandsubstitute
|
+| `ReplaceRegexMatch` | RegexHTTPPathModifier This type of modifier indicates that the portions of the path that match the specified
regex would be substituted with the specified substitution value
https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/matcher/v3/regex.proto#type-matcher-v3-regexmatchandsubstitute
|
#### HTTPRouteFilter
@@ -2212,9 +2211,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Exact` | HeaderMatchExact matches the exact value of the Value field against the value of
the specified HTTP Header.
|
-| `RegularExpression` | HeaderMatchRegularExpression matches a regular expression against the value of the
specified HTTP Header. The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
-| `Distinct` | HeaderMatchDistinct matches any and all possible unique values encountered in the
specified HTTP Header. Note that each unique value will receive its own rate limit
bucket.
Note: This is only supported for Global Rate Limits.
|
+| `Exact` | HeaderMatchExact matches the exact value of the Value field against the value of
the specified HTTP Header.
|
+| `RegularExpression` | HeaderMatchRegularExpression matches a regular expression against the value of the
specified HTTP Header. The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
+| `Distinct` | HeaderMatchDistinct matches any and all possible unique values encountered in the
specified HTTP Header. Note that each unique value will receive its own rate limit
bucket.
Note: This is only supported for Global Rate Limits.
|
#### HeaderSettings
@@ -2296,9 +2295,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `IPv4` | IPv4 defines the IPv4 family.
|
-| `IPv6` | IPv6 defines the IPv6 family.
|
-| `DualStack` | DualStack defines the dual-stack family.
When set to DualStack, Envoy proxy will listen on both IPv4 and IPv6 addresses
for incoming client traffic, enabling support for both IP protocol versions.
|
+| `IPv4` | IPv4 defines the IPv4 family.
|
+| `IPv6` | IPv6 defines the IPv6 family.
|
+| `DualStack` | DualStack defines the dual-stack family.
When set to DualStack, Envoy proxy will listen on both IPv4 and IPv6 addresses
for incoming client traffic, enabling support for both IP protocol versions.
|
#### ImagePullPolicy
@@ -2312,8 +2311,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `IfNotPresent` | ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache.
|
-| `Always` | ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes.
Note: EG does not update the Wasm module every time an Envoy proxy requests the Wasm module.
|
+| `IfNotPresent` | ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache.
|
+| `Always` | ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes.
Note: EG does not update the Wasm module every time an Envoy proxy requests the Wasm module.
|
#### ImageWasmCodeSource
@@ -2343,7 +2342,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
+| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
#### InvalidMessageAction
@@ -2357,8 +2356,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `TerminateConnection` | |
-| `TerminateStream` | |
+| `TerminateConnection` | |
+| `TerminateStream` | |
#### JSONPatchOperation
@@ -2434,8 +2433,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `String` | |
-| `StringArray` | |
+| `String` | |
+| `StringArray` | |
#### JWTExtractor
@@ -2795,10 +2794,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ConsistentHash` | ConsistentHashLoadBalancerType load balancer policy.
|
-| `LeastRequest` | LeastRequestLoadBalancerType load balancer policy.
|
-| `Random` | RandomLoadBalancerType load balancer policy.
|
-| `RoundRobin` | RoundRobinLoadBalancerType load balancer policy.
|
+| `ConsistentHash` | ConsistentHashLoadBalancerType load balancer policy.
|
+| `LeastRequest` | LeastRequestLoadBalancerType load balancer policy.
|
+| `Random` | RandomLoadBalancerType load balancer policy.
|
+| `RoundRobin` | RoundRobinLoadBalancerType load balancer policy.
|
#### LocalRateLimit
@@ -2827,10 +2826,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `debug` | LogLevelDebug defines the "debug" logging level.
|
-| `info` | LogLevelInfo defines the "Info" logging level.
|
-| `warn` | LogLevelWarn defines the "Warn" logging level.
|
-| `error` | LogLevelError defines the "Error" logging level.
|
+| `debug` | LogLevelDebug defines the "debug" logging level.
|
+| `info` | LogLevelInfo defines the "Info" logging level.
|
+| `warn` | LogLevelWarn defines the "Warn" logging level.
|
+| `error` | LogLevelError defines the "Error" logging level.
|
#### Lua
@@ -2861,8 +2860,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Inline` | LuaValueTypeInline defines the "Inline" Lua type.
|
-| `ValueRef` | LuaValueTypeValueRef defines the "ValueRef" Lua type.
|
+| `Inline` | LuaValueTypeInline defines the "Inline" Lua type.
|
+| `ValueRef` | LuaValueTypeValueRef defines the "ValueRef" Lua type.
|
#### MergeType
@@ -2876,8 +2875,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
|
-| `JSONMerge` | JSONMerge indicates a JSON merge patch type
|
+| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
|
+| `JSONMerge` | JSONMerge indicates a JSON merge patch type
|
#### MetricSinkType
@@ -2892,7 +2891,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `OpenTelemetry` | |
+| `OpenTelemetry` | |
#### OIDC
@@ -3031,10 +3030,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `KeepUnchanged` | KeepUnchangedAction keeps escaped slashes as they arrive without changes
|
-| `RejectRequest` | RejectRequestAction rejects client requests containing escaped slashes
with a 400 status. gRPC requests will be rejected with the INTERNAL (13)
error code.
The "httpN.downstream_rq_failed_path_normalization" counter is incremented
for each rejected request.
|
-| `UnescapeAndRedirect` | UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path
if these sequences were present.
Redirect occurs after path normalization and merge slashes transformations if
they were configured. gRPC requests will be rejected with the INTERNAL (13)
error code.
This option minimizes possibility of path confusion exploits by forcing request
with unescaped slashes to traverse all parties: downstream client, intermediate
proxies, Envoy and upstream server.
The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented
for each redirected request.
|
-| `UnescapeAndForward` | UnescapeAndForward unescapes %2F and %5C sequences and forwards the request.
Note: this option should not be enabled if intermediaries perform path based access
control as it may lead to path confusion vulnerabilities.
|
+| `KeepUnchanged` | KeepUnchangedAction keeps escaped slashes as they arrive without changes
|
+| `RejectRequest` | RejectRequestAction rejects client requests containing escaped slashes
with a 400 status. gRPC requests will be rejected with the INTERNAL (13)
error code.
The "httpN.downstream_rq_failed_path_normalization" counter is incremented
for each rejected request.
|
+| `UnescapeAndRedirect` | UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path
if these sequences were present.
Redirect occurs after path normalization and merge slashes transformations if
they were configured. gRPC requests will be rejected with the INTERNAL (13)
error code.
This option minimizes possibility of path confusion exploits by forcing request
with unescaped slashes to traverse all parties: downstream client, intermediate
proxies, Envoy and upstream server.
The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented
for each redirected request.
|
+| `UnescapeAndForward` | UnescapeAndForward unescapes %2F and %5C sequences and forwards the request.
Note: this option should not be enabled if intermediaries perform path based access
control as it may lead to path confusion vulnerabilities.
|
#### PathSettings
@@ -3129,8 +3128,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Kubernetes` | ProviderTypeKubernetes defines the "Kubernetes" provider.
|
-| `Custom` | ProviderTypeCustom defines the "Custom" provider.
|
+| `Kubernetes` | ProviderTypeKubernetes defines the "Kubernetes" provider.
|
+| `Custom` | ProviderTypeCustom defines the "Custom" provider.
|
#### ProxyAccessLog
@@ -3176,8 +3175,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Text` | ProxyAccessLogFormatTypeText defines the text accesslog format.
|
-| `JSON` | ProxyAccessLogFormatTypeJSON defines the JSON accesslog format.
|
+| `Text` | ProxyAccessLogFormatTypeText defines the text accesslog format.
|
+| `JSON` | ProxyAccessLogFormatTypeJSON defines the JSON accesslog format.
|
#### ProxyAccessLogSetting
@@ -3225,9 +3224,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ALS` | ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.
The service must implement the Envoy gRPC Access Log Service streaming API:
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
|
-| `File` | ProxyAccessLogSinkTypeFile defines the file accesslog sink.
|
-| `OpenTelemetry` | ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name`
and `k8s.pod.name` as additional attributes.
|
+| `ALS` | ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.
The service must implement the Envoy gRPC Access Log Service streaming API:
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
|
+| `File` | ProxyAccessLogSinkTypeFile defines the file accesslog sink.
|
+| `OpenTelemetry` | ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name`
and `k8s.pod.name` as additional attributes.
|
#### ProxyAccessLogType
@@ -3241,8 +3240,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Listener` | ProxyAccessLogTypeListener defines the accesslog for Listeners.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log
|
-| `Route` | ProxyAccessLogTypeRoute defines the accesslog for HTTP, GRPC, UDP and TCP Routes.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/udp/udp_proxy/v3/udp_proxy.proto#envoy-v3-api-field-extensions-filters-udp-udp-proxy-v3-udpproxyconfig-access-log
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto#envoy-v3-api-field-extensions-filters-network-tcp-proxy-v3-tcpproxy-access-log
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-access-log
|
+| `Listener` | ProxyAccessLogTypeListener defines the accesslog for Listeners.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log
|
+| `Route` | ProxyAccessLogTypeRoute defines the accesslog for HTTP, GRPC, UDP and TCP Routes.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/udp/udp_proxy/v3/udp_proxy.proto#envoy-v3-api-field-extensions-filters-udp-udp-proxy-v3-udpproxyconfig-access-log
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto#envoy-v3-api-field-extensions-filters-network-tcp-proxy-v3-tcpproxy-access-log
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-access-log
|
#### ProxyBootstrap
@@ -3272,16 +3271,16 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `default` | LogComponentDefault defines the default logging component.
See more details: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-l
|
-| `upstream` | LogComponentUpstream defines the "upstream" logging component.
|
-| `http` | LogComponentHTTP defines the "http" logging component.
|
-| `connection` | LogComponentConnection defines the "connection" logging component.
|
-| `admin` | LogComponentAdmin defines the "admin" logging component.
|
-| `client` | LogComponentClient defines the "client" logging component.
|
-| `filter` | LogComponentFilter defines the "filter" logging component.
|
-| `main` | LogComponentMain defines the "main" logging component.
|
-| `router` | LogComponentRouter defines the "router" logging component.
|
-| `runtime` | LogComponentRuntime defines the "runtime" logging component.
|
+| `default` | LogComponentDefault defines the default logging component.
See more details: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-l
|
+| `upstream` | LogComponentUpstream defines the "upstream" logging component.
|
+| `http` | LogComponentHTTP defines the "http" logging component.
|
+| `connection` | LogComponentConnection defines the "connection" logging component.
|
+| `admin` | LogComponentAdmin defines the "admin" logging component.
|
+| `client` | LogComponentClient defines the "client" logging component.
|
+| `filter` | LogComponentFilter defines the "filter" logging component.
|
+| `main` | LogComponentMain defines the "main" logging component.
|
+| `router` | LogComponentRouter defines the "router" logging component.
|
+| `runtime` | LogComponentRuntime defines the "runtime" logging component.
|
#### ProxyLogging
@@ -3393,8 +3392,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `V1` | ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format).
|
-| `V2` | ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format).
|
+| `V1` | ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format).
|
+| `V2` | ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format).
|
#### ProxyTelemetry
@@ -3476,8 +3475,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Number` | RateLimitCostFromNumber specifies the rate limit cost to be a fixed number.
|
-| `Metadata` | RateLimitCostFromMetadata specifies the rate limit cost to be retrieved from the per-request dynamic metadata.
|
+| `Number` | RateLimitCostFromNumber specifies the rate limit cost to be a fixed number.
|
+| `Metadata` | RateLimitCostFromMetadata specifies the rate limit cost to be retrieved from the per-request dynamic metadata.
|
#### RateLimitCostMetadata
@@ -3539,7 +3538,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Redis` | RedisBackendType uses a redis database for the rate limit service.
|
+| `Redis` | RedisBackendType uses a redis database for the rate limit service.
|
#### RateLimitMetrics
@@ -3703,8 +3702,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Global` | GlobalRateLimitType allows the rate limits to be applied across all Envoy
proxy instances.
|
-| `Local` | LocalRateLimitType allows the rate limits to be applied on a per Envoy
proxy instance basis.
|
+| `Global` | GlobalRateLimitType allows the rate limits to be applied across all Envoy
proxy instances.
|
+| `Local` | LocalRateLimitType allows the rate limits to be applied on a per Envoy
proxy instance basis.
|
#### RateLimitUnit
@@ -3719,10 +3718,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Second` | RateLimitUnitSecond specifies the rate limit interval to be 1 second.
|
-| `Minute` | RateLimitUnitMinute specifies the rate limit interval to be 1 minute.
|
-| `Hour` | RateLimitUnitHour specifies the rate limit interval to be 1 hour.
|
-| `Day` | RateLimitUnitDay specifies the rate limit interval to be 1 day.
|
+| `Second` | RateLimitUnitSecond specifies the rate limit interval to be 1 second.
|
+| `Minute` | RateLimitUnitMinute specifies the rate limit interval to be 1 minute.
|
+| `Hour` | RateLimitUnitHour specifies the rate limit interval to be 1 hour.
|
+| `Day` | RateLimitUnitDay specifies the rate limit interval to be 1 day.
|
#### RateLimitValue
@@ -3812,7 +3811,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `File` | ResourceProviderTypeFile defines the "File" provider.
|
+| `File` | ResourceProviderTypeFile defines the "File" provider.
|
#### ResponseOverride
@@ -3841,8 +3840,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Inline` | ResponseValueTypeInline defines the "Inline" response body type.
|
-| `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
|
+| `Inline` | ResponseValueTypeInline defines the "Inline" response body type.
|
+| `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
|
#### Retry
@@ -3888,8 +3887,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Service` | ServiceRoutingType is the RoutingType for Service Cluster IP routing.
|
-| `Endpoint` | EndpointRoutingType is the RoutingType for Endpoint routing.
|
+| `Service` | ServiceRoutingType is the RoutingType for Service Cluster IP routing.
|
+| `Endpoint` | EndpointRoutingType is the RoutingType for Endpoint routing.
|
#### SecurityPolicy
@@ -3946,8 +3945,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Cluster` | ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
|
-| `Local` | ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
routing only to endpoints on the same node as the traffic was received on
(dropping the traffic if there are no local endpoints).
|
+| `Cluster` | ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
|
+| `Local` | ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
routing only to endpoints on the same node as the traffic was received on
(dropping the traffic if there are no local endpoints).
|
#### ServiceType
@@ -3961,9 +3960,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ClusterIP` | ServiceTypeClusterIP means a service will only be accessible inside the
cluster, via the cluster IP.
|
-| `LoadBalancer` | ServiceTypeLoadBalancer means a service will be exposed via an
external load balancer (if the cloud provider supports it).
|
-| `NodePort` | ServiceTypeNodePort means a service will be exposed on each Kubernetes Node
at a static Port, common across all Nodes.
|
+| `ClusterIP` | ServiceTypeClusterIP means a service will only be accessible inside the
cluster, via the cluster IP.
|
+| `LoadBalancer` | ServiceTypeLoadBalancer means a service will be exposed via an
external load balancer (if the cloud provider supports it).
|
+| `NodePort` | ServiceTypeNodePort means a service will be exposed on each Kubernetes Node
at a static Port, common across all Nodes.
|
#### Session
@@ -4064,8 +4063,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Exact` | SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector
and share the same rate limit bucket.
|
-| `Distinct` | SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector
and uses a separate rate limit bucket/counter.
Note: This is only supported for Global Rate Limits.
|
+| `Exact` | SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector
and share the same rate limit bucket.
|
+| `Distinct` | SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector
and uses a separate rate limit bucket/counter.
Note: This is only supported for Global Rate Limits.
|
#### StatefulTLSSessionResumption
@@ -4141,8 +4140,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Value` | StatusCodeValueTypeValue defines the "Value" status code match type.
|
-| `Range` | StatusCodeValueTypeRange defines the "Range" status code match type.
|
+| `Value` | StatusCodeValueTypeValue defines the "Value" status code match type.
|
+| `Range` | StatusCodeValueTypeRange defines the "Range" status code match type.
|
#### StringMatch
@@ -4174,10 +4173,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Exact` | StringMatchExact :the input string must match exactly the match value.
|
-| `Prefix` | StringMatchPrefix :the input string must start with the match value.
|
-| `Suffix` | StringMatchSuffix :the input string must end with the match value.
|
-| `RegularExpression` | StringMatchRegularExpression :The input string must match the regular expression
specified in the match value.
The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
+| `Exact` | StringMatchExact :the input string must match exactly the match value.
|
+| `Prefix` | StringMatchPrefix :the input string must start with the match value.
|
+| `Suffix` | StringMatchSuffix :the input string must end with the match value.
|
+| `RegularExpression` | StringMatchRegularExpression :The input string must match the regular expression
specified in the match value.
The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
#### TCPActiveHealthChecker
@@ -4274,11 +4273,11 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Auto` | TLSAuto allows Envoy to choose the optimal TLS Version
|
-| `1.0` | TLS1.0 specifies TLS version 1.0
|
-| `1.1` | TLS1.1 specifies TLS version 1.1
|
-| `1.2` | TLSv1.2 specifies TLS version 1.2
|
-| `1.3` | TLSv1.3 specifies TLS version 1.3
|
+| `Auto` | TLSAuto allows Envoy to choose the optimal TLS Version
|
+| `1.0` | TLS1.0 specifies TLS version 1.0
|
+| `1.1` | TLS1.1 specifies TLS version 1.1
|
+| `1.2` | TLSv1.2 specifies TLS version 1.2
|
+| `1.3` | TLSv1.3 specifies TLS version 1.3
|
#### TargetSelector
@@ -4348,10 +4347,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `OpenTelemetry` | |
-| `OpenTelemetry` | |
-| `Zipkin` | |
-| `Datadog` | |
+| `OpenTelemetry` | |
+| `OpenTelemetry` | |
+| `Zipkin` | |
+| `Datadog` | |
#### TriggerEnum
@@ -4365,18 +4364,18 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `5xx` | The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
Includes connect-failure and refused-stream.
|
-| `gateway-error` | The response is a gateway error (502,503 or 504).
|
-| `reset` | The upstream server does not respond at all (disconnect/reset/read timeout.)
|
-| `connect-failure` | Connection failure to the upstream server (connect timeout, etc.). (Included in *5xx*)
|
-| `retriable-4xx` | The upstream server responds with a retriable 4xx response code.
Currently, the only response code in this category is 409.
|
-| `refused-stream` | The upstream server resets the stream with a REFUSED_STREAM error code.
|
-| `retriable-status-codes` | The upstream server responds with any response code matching one defined in the RetriableStatusCodes.
|
-| `cancelled` | The gRPC status code in the response headers is “cancelled”.
|
-| `deadline-exceeded` | The gRPC status code in the response headers is “deadline-exceeded”.
|
-| `internal` | The gRPC status code in the response headers is “internal”.
|
-| `resource-exhausted` | The gRPC status code in the response headers is “resource-exhausted”.
|
-| `unavailable` | The gRPC status code in the response headers is “unavailable”.
|
+| `5xx` | The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
Includes connect-failure and refused-stream.
|
+| `gateway-error` | The response is a gateway error (502,503 or 504).
|
+| `reset` | The upstream server does not respond at all (disconnect/reset/read timeout.)
|
+| `connect-failure` | Connection failure to the upstream server (connect timeout, etc.). (Included in *5xx*)
|
+| `retriable-4xx` | The upstream server responds with a retriable 4xx response code.
Currently, the only response code in this category is 409.
|
+| `refused-stream` | The upstream server resets the stream with a REFUSED_STREAM error code.
|
+| `retriable-status-codes` | The upstream server responds with any response code matching one defined in the RetriableStatusCodes.
|
+| `cancelled` | The gRPC status code in the response headers is “cancelled”.
|
+| `deadline-exceeded` | The gRPC status code in the response headers is “deadline-exceeded”.
|
+| `internal` | The gRPC status code in the response headers is “internal”.
|
+| `resource-exhausted` | The gRPC status code in the response headers is “resource-exhausted”.
|
+| `unavailable` | The gRPC status code in the response headers is “unavailable”.
|
#### UnixSocket
@@ -4446,8 +4445,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL.
|
-| `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
|
+| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL.
|
+| `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
|
#### WasmEnv
@@ -4476,9 +4475,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Allow` | WithUnderscoresActionAllow allows headers with underscores to be passed through.
|
-| `RejectRequest` | WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with
the 400 status. HTTP/2 requests end with the stream reset.
|
-| `DropHeader` | WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header
is dropped before the filter chain is invoked and as such filters will not see
dropped headers.
|
+| `Allow` | WithUnderscoresActionAllow allows headers with underscores to be passed through.
|
+| `RejectRequest` | WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with
the 400 status. HTTP/2 requests end with the stream reset.
|
+| `DropHeader` | WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header
is dropped before the filter chain is invoked and as such filters will not see
dropped headers.
|
#### XDSTranslatorHook
@@ -4493,10 +4492,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `VirtualHost` | |
-| `Route` | |
-| `HTTPListener` | |
-| `Translation` | |
+| `VirtualHost` | |
+| `Route` | |
+| `HTTPListener` | |
+| `Translation` | |
#### XDSTranslatorHooks
@@ -4525,11 +4524,11 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Subject` | XFCCCertDataSubject is the Subject field of the current client certificate.
|
-| `Cert` | XFCCCertDataCert is the entire client certificate in URL encoded PEM format.
|
-| `Chain` | XFCCCertDataChain is the entire client certificate chain (including the leaf certificate) in URL encoded PEM format.
|
-| `DNS` | XFCCCertDataDNS is the DNS type Subject Alternative Name field of the current client certificate.
|
-| `URI` | XFCCCertDataURI is the URI type Subject Alternative Name field of the current client certificate.
|
+| `Subject` | XFCCCertDataSubject is the Subject field of the current client certificate.
|
+| `Cert` | XFCCCertDataCert is the entire client certificate in URL encoded PEM format.
|
+| `Chain` | XFCCCertDataChain is the entire client certificate chain (including the leaf certificate) in URL encoded PEM format.
|
+| `DNS` | XFCCCertDataDNS is the DNS type Subject Alternative Name field of the current client certificate.
|
+| `URI` | XFCCCertDataURI is the URI type Subject Alternative Name field of the current client certificate.
|
#### XFCCForwardMode
@@ -4543,11 +4542,11 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Sanitize` | XFCCForwardModeSanitize removes the XFCC header from the request. This is the default mode.
|
-| `ForwardOnly` | XFCCForwardModeForwardOnly forwards the XFCC header in the request if the client connection is mTLS.
|
-| `AppendForward` | XFCCForwardModeAppendForward appends the client certificate information to the request’s XFCC header and forward it if the client connection is mTLS.
|
-| `SanitizeSet` | XFCCForwardModeSanitizeSet resets the XFCC header with the client certificate information and forward it if the client connection is mTLS.
The existing certificate information in the XFCC header is removed.
|
-| `AlwaysForwardOnly` | XFCCForwardModeAlwaysForwardOnly always forwards the XFCC header in the request, regardless of whether the client connection is mTLS.
|
+| `Sanitize` | XFCCForwardModeSanitize removes the XFCC header from the request. This is the default mode.
|
+| `ForwardOnly` | XFCCForwardModeForwardOnly forwards the XFCC header in the request if the client connection is mTLS.
|
+| `AppendForward` | XFCCForwardModeAppendForward appends the client certificate information to the request’s XFCC header and forward it if the client connection is mTLS.
|
+| `SanitizeSet` | XFCCForwardModeSanitizeSet resets the XFCC header with the client certificate information and forward it if the client connection is mTLS.
The existing certificate information in the XFCC header is removed.
|
+| `AlwaysForwardOnly` | XFCCForwardModeAlwaysForwardOnly always forwards the XFCC header in the request, regardless of whether the client connection is mTLS.
|
#### XForwardedClientCert
diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md
index 2caf33acb4b..bc9bb9f0f13 100644
--- a/site/content/zh/latest/api/extension_types.md
+++ b/site/content/zh/latest/api/extension_types.md
@@ -39,9 +39,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `http/1.0` | HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN
|
-| `http/1.1` | HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN
|
-| `h2` | HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN
|
+| `http/1.0` | HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN
|
+| `http/1.1` | HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN
|
+| `h2` | HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN
|
#### ALSEnvoyProxyAccessLog
@@ -78,8 +78,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `HTTP` | ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.
|
-| `TCP` | ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.
|
+| `HTTP` | ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.
|
+| `TCP` | ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.
|
#### ALSEnvoyProxyHTTPAccessLogConfig
@@ -163,8 +163,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Text` | ActiveHealthCheckPayloadTypeText defines the Text type payload.
|
-| `Binary` | ActiveHealthCheckPayloadTypeBinary defines the Binary type payload.
|
+| `Text` | ActiveHealthCheckPayloadTypeText defines the Text type payload.
|
+| `Binary` | ActiveHealthCheckPayloadTypeBinary defines the Binary type payload.
|
#### ActiveHealthCheckerType
@@ -178,9 +178,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `HTTP` | ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking.
|
-| `TCP` | ActiveHealthCheckerTypeTCP defines the TCP type of health checking.
|
-| `GRPC` | ActiveHealthCheckerTypeGRPC defines the GRPC type of health checking.
|
+| `HTTP` | ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking.
|
+| `TCP` | ActiveHealthCheckerTypeTCP defines the TCP type of health checking.
|
+| `GRPC` | ActiveHealthCheckerTypeGRPC defines the GRPC type of health checking.
|
#### AppProtocolType
@@ -194,9 +194,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `gateway.envoyproxy.io/h2c` | AppProtocolTypeH2C defines the HTTP/2 application protocol.
|
-| `gateway.envoyproxy.io/ws` | AppProtocolTypeWS defines the WebSocket over HTTP protocol.
|
-| `gateway.envoyproxy.io/wss` | AppProtocolTypeWSS defines the WebSocket over HTTPS protocol.
|
+| `gateway.envoyproxy.io/h2c` | AppProtocolTypeH2C defines the HTTP/2 application protocol.
|
+| `gateway.envoyproxy.io/ws` | AppProtocolTypeWS defines the WebSocket over HTTP protocol.
|
+| `gateway.envoyproxy.io/wss` | AppProtocolTypeWSS defines the WebSocket over HTTPS protocol.
|
#### Authorization
@@ -229,8 +229,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Allow` | AuthorizationActionAllow is the action to allow the request.
|
-| `Deny` | AuthorizationActionDeny is the action to deny the request.
|
+| `Allow` | AuthorizationActionAllow is the action to allow the request.
|
+| `Deny` | AuthorizationActionDeny is the action to deny the request.
|
#### AuthorizationRule
@@ -511,9 +511,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Merge` | Merge merges the provided bootstrap with the default one. The provided bootstrap can add or override a value
within a map, or add a new value to a list.
Please note that the provided bootstrap can't override a value within a list.
|
-| `Replace` | Replace replaces the default bootstrap with the provided one.
|
-| `JSONPatch` | JSONPatch applies the provided JSONPatches to the default bootstrap.
|
+| `Merge` | Merge merges the provided bootstrap with the default one. The provided bootstrap can add or override a value
within a map, or add a new value to a list.
Please note that the provided bootstrap can't override a value within a list.
|
+| `Replace` | Replace replaces the default bootstrap with the provided one.
|
+| `JSONPatch` | JSONPatch applies the provided JSONPatches to the default bootstrap.
|
#### BrotliCompressor
@@ -787,8 +787,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Gzip` | |
-| `Brotli` | |
+| `Gzip` | |
+| `Brotli` | |
#### ConnectionLimit
@@ -835,9 +835,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `SourceIP` | SourceIPConsistentHashType hashes based on the source IP address.
|
-| `Header` | HeaderConsistentHashType hashes based on a request header.
|
-| `Cookie` | CookieConsistentHashType hashes based on a cookie.
|
+| `SourceIP` | SourceIPConsistentHashType hashes based on the source IP address.
|
+| `Header` | HeaderConsistentHashType hashes based on a request header.
|
+| `Cookie` | CookieConsistentHashType hashes based on a cookie.
|
#### Cookie
@@ -950,9 +950,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Literal` | CustomTagTypeLiteral adds hard-coded value to each span.
|
-| `Environment` | CustomTagTypeEnvironment adds value from environment variable to each span.
|
-| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
+| `Literal` | CustomTagTypeLiteral adds hard-coded value to each span.
|
+| `Environment` | CustomTagTypeEnvironment adds value from environment variable to each span.
|
+| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
#### DNS
@@ -1032,23 +1032,23 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `envoy.filters.http.health_check` | EnvoyFilterHealthCheck defines the Envoy HTTP health check filter.
|
-| `envoy.filters.http.fault` | EnvoyFilterFault defines the Envoy HTTP fault filter.
|
-| `envoy.filters.http.cors` | EnvoyFilterCORS defines the Envoy HTTP CORS filter.
|
-| `envoy.filters.http.ext_authz` | EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter.
|
-| `envoy.filters.http.api_key_auth` | EnvoyFilterAPIKeyAuth defines the Envoy HTTP api key authentication filter.
|
-| `envoy.filters.http.basic_auth` | EnvoyFilterBasicAuth defines the Envoy HTTP basic authentication filter.
|
-| `envoy.filters.http.oauth2` | EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter.
|
-| `envoy.filters.http.jwt_authn` | EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter.
|
-| `envoy.filters.http.stateful_session` | EnvoyFilterSessionPersistence defines the Envoy HTTP session persistence filter.
|
-| `envoy.filters.http.ext_proc` | EnvoyFilterExtProc defines the Envoy HTTP external process filter.
|
-| `envoy.filters.http.wasm` | EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter.
|
-| `envoy.filters.http.rbac` | EnvoyFilterRBAC defines the Envoy RBAC filter.
|
-| `envoy.filters.http.local_ratelimit` | EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter.
|
-| `envoy.filters.http.ratelimit` | EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.
|
-| `envoy.filters.http.custom_response` | EnvoyFilterCustomResponse defines the Envoy HTTP custom response filter.
|
-| `envoy.filters.http.compressor` | EnvoyFilterCompressor defines the Envoy HTTP compressor filter.
|
-| `envoy.filters.http.router` | EnvoyFilterRouter defines the Envoy HTTP router filter.
|
+| `envoy.filters.http.health_check` | EnvoyFilterHealthCheck defines the Envoy HTTP health check filter.
|
+| `envoy.filters.http.fault` | EnvoyFilterFault defines the Envoy HTTP fault filter.
|
+| `envoy.filters.http.cors` | EnvoyFilterCORS defines the Envoy HTTP CORS filter.
|
+| `envoy.filters.http.ext_authz` | EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter.
|
+| `envoy.filters.http.api_key_auth` | EnvoyFilterAPIKeyAuth defines the Envoy HTTP api key authentication filter.
|
+| `envoy.filters.http.basic_auth` | EnvoyFilterBasicAuth defines the Envoy HTTP basic authentication filter.
|
+| `envoy.filters.http.oauth2` | EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter.
|
+| `envoy.filters.http.jwt_authn` | EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter.
|
+| `envoy.filters.http.stateful_session` | EnvoyFilterSessionPersistence defines the Envoy HTTP session persistence filter.
|
+| `envoy.filters.http.ext_proc` | EnvoyFilterExtProc defines the Envoy HTTP external process filter.
|
+| `envoy.filters.http.wasm` | EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter.
|
+| `envoy.filters.http.rbac` | EnvoyFilterRBAC defines the Envoy RBAC filter.
|
+| `envoy.filters.http.local_ratelimit` | EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter.
|
+| `envoy.filters.http.ratelimit` | EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.
|
+| `envoy.filters.http.custom_response` | EnvoyFilterCustomResponse defines the Envoy HTTP custom response filter.
|
+| `envoy.filters.http.compressor` | EnvoyFilterCompressor defines the Envoy HTTP compressor filter.
|
+| `envoy.filters.http.router` | EnvoyFilterRouter defines the Envoy HTTP router filter.
|
#### EnvoyGateway
@@ -1189,13 +1189,13 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `default` | LogComponentGatewayDefault defines the "default"-wide logging component. When specified,
all other logging components are ignored.
|
-| `provider` | LogComponentProviderRunner defines the "provider" runner component.
|
-| `gateway-api` | LogComponentGatewayAPIRunner defines the "gateway-api" runner component.
|
-| `xds-translator` | LogComponentXdsTranslatorRunner defines the "xds-translator" runner component.
|
-| `xds-server` | LogComponentXdsServerRunner defines the "xds-server" runner component.
|
-| `infrastructure` | LogComponentInfrastructureRunner defines the "infrastructure" runner component.
|
-| `global-ratelimit` | LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component.
|
+| `default` | LogComponentGatewayDefault defines the "default"-wide logging component. When specified,
all other logging components are ignored.
|
+| `provider` | LogComponentProviderRunner defines the "provider" runner component.
|
+| `gateway-api` | LogComponentGatewayAPIRunner defines the "gateway-api" runner component.
|
+| `xds-translator` | LogComponentXdsTranslatorRunner defines the "xds-translator" runner component.
|
+| `xds-server` | LogComponentXdsServerRunner defines the "xds-server" runner component.
|
+| `infrastructure` | LogComponentInfrastructureRunner defines the "infrastructure" runner component.
|
+| `global-ratelimit` | LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component.
|
#### EnvoyGatewayLogging
@@ -1408,7 +1408,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `JSONPatch` | JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics.
For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902
|
+| `JSONPatch` | JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics.
For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902
|
#### EnvoyProxy
@@ -1512,10 +1512,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `type.googleapis.com/envoy.config.listener.v3.Listener` | ListenerEnvoyResourceType defines the Type URL of the Listener resource
|
-| `type.googleapis.com/envoy.config.route.v3.RouteConfiguration` | RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource
|
-| `type.googleapis.com/envoy.config.cluster.v3.Cluster` | ClusterEnvoyResourceType defines the Type URL of the Cluster resource
|
-| `type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment` | ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource
|
+| `type.googleapis.com/envoy.config.listener.v3.Listener` | ListenerEnvoyResourceType defines the Type URL of the Listener resource
|
+| `type.googleapis.com/envoy.config.route.v3.RouteConfiguration` | RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource
|
+| `type.googleapis.com/envoy.config.cluster.v3.Cluster` | ClusterEnvoyResourceType defines the Type URL of the Cluster resource
|
+| `type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment` | ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource
|
#### ExtAuth
@@ -1568,9 +1568,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Streamed` | StreamedExtProcBodyProcessingMode will stream the body to the server in pieces as they arrive at the proxy.
|
-| `Buffered` | BufferedExtProcBodyProcessingMode will buffer the message body in memory and send the entire body at once. If the body exceeds the configured buffer limit, then the downstream system will receive an error.
|
-| `BufferedPartial` | BufferedPartialExtBodyHeaderProcessingMode will buffer the message body in memory and send the entire body in one chunk. If the body exceeds the configured buffer limit, then the body contents up to the buffer limit will be sent.
|
+| `Streamed` | StreamedExtProcBodyProcessingMode will stream the body to the server in pieces as they arrive at the proxy.
|
+| `Buffered` | BufferedExtProcBodyProcessingMode will buffer the message body in memory and send the entire body at once. If the body exceeds the configured buffer limit, then the downstream system will receive an error.
|
+| `BufferedPartial` | BufferedPartialExtBodyHeaderProcessingMode will buffer the message body in memory and send the entire body in one chunk. If the body exceeds the configured buffer limit, then the body contents up to the buffer limit will be sent.
|
#### ExtProcMetadata
@@ -1860,7 +1860,6 @@ _Appears in:_
| Field | Type | Required | Default | Description |
| --- | --- | --- | --- | --- |
| `rules` | _[RateLimitRule](#ratelimitrule) array_ | true | | Rules are a list of RateLimit selectors and limits. Each rule and its
associated limit is applied in a mutually exclusive way. If a request
matches multiple rules, each of their associated limits get applied, so a
single request might increase the rate limit counters for multiple rules
if selected. The rate limit service will return a logical OR of the individual
rate limit decisions of all matching rules. For example, if a request
matches two rules, one rate limited and one not, the final decision will be
to rate limit the request. |
-| `shared` | _boolean_ | false | false | Shared determines whether the rate limit rules apply across all the policy targets.
If set to true, the rule is treated as a common bucket and is shared across all policy targets (xRoutes).
Must have targetRef set to Gateway
Default: false. |
#### GroupVersionKind
@@ -2045,8 +2044,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Header` | HeaderHTTPHostnameModifier indicates that the Host header value would be replaced with the value of the header specified in header.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-host-rewrite-header
|
-| `Backend` | BackendHTTPHostnameModifier indicates that the Host header value would be replaced by the DNS name of the backend if it exists.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-auto-host-rewrite
|
+| `Header` | HeaderHTTPHostnameModifier indicates that the Host header value would be replaced with the value of the header specified in header.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-host-rewrite-header
|
+| `Backend` | BackendHTTPHostnameModifier indicates that the Host header value would be replaced by the DNS name of the backend if it exists.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-auto-host-rewrite
|
#### HTTPPathModifier
@@ -2075,7 +2074,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ReplaceRegexMatch` | RegexHTTPPathModifier This type of modifier indicates that the portions of the path that match the specified
regex would be substituted with the specified substitution value
https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/matcher/v3/regex.proto#type-matcher-v3-regexmatchandsubstitute
|
+| `ReplaceRegexMatch` | RegexHTTPPathModifier This type of modifier indicates that the portions of the path that match the specified
regex would be substituted with the specified substitution value
https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/matcher/v3/regex.proto#type-matcher-v3-regexmatchandsubstitute
|
#### HTTPRouteFilter
@@ -2212,9 +2211,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Exact` | HeaderMatchExact matches the exact value of the Value field against the value of
the specified HTTP Header.
|
-| `RegularExpression` | HeaderMatchRegularExpression matches a regular expression against the value of the
specified HTTP Header. The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
-| `Distinct` | HeaderMatchDistinct matches any and all possible unique values encountered in the
specified HTTP Header. Note that each unique value will receive its own rate limit
bucket.
Note: This is only supported for Global Rate Limits.
|
+| `Exact` | HeaderMatchExact matches the exact value of the Value field against the value of
the specified HTTP Header.
|
+| `RegularExpression` | HeaderMatchRegularExpression matches a regular expression against the value of the
specified HTTP Header. The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
+| `Distinct` | HeaderMatchDistinct matches any and all possible unique values encountered in the
specified HTTP Header. Note that each unique value will receive its own rate limit
bucket.
Note: This is only supported for Global Rate Limits.
|
#### HeaderSettings
@@ -2296,9 +2295,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `IPv4` | IPv4 defines the IPv4 family.
|
-| `IPv6` | IPv6 defines the IPv6 family.
|
-| `DualStack` | DualStack defines the dual-stack family.
When set to DualStack, Envoy proxy will listen on both IPv4 and IPv6 addresses
for incoming client traffic, enabling support for both IP protocol versions.
|
+| `IPv4` | IPv4 defines the IPv4 family.
|
+| `IPv6` | IPv6 defines the IPv6 family.
|
+| `DualStack` | DualStack defines the dual-stack family.
When set to DualStack, Envoy proxy will listen on both IPv4 and IPv6 addresses
for incoming client traffic, enabling support for both IP protocol versions.
|
#### ImagePullPolicy
@@ -2312,8 +2311,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `IfNotPresent` | ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache.
|
-| `Always` | ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes.
Note: EG does not update the Wasm module every time an Envoy proxy requests the Wasm module.
|
+| `IfNotPresent` | ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache.
|
+| `Always` | ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes.
Note: EG does not update the Wasm module every time an Envoy proxy requests the Wasm module.
|
#### ImageWasmCodeSource
@@ -2343,7 +2342,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
+| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
#### InvalidMessageAction
@@ -2357,8 +2356,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `TerminateConnection` | |
-| `TerminateStream` | |
+| `TerminateConnection` | |
+| `TerminateStream` | |
#### JSONPatchOperation
@@ -2434,8 +2433,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `String` | |
-| `StringArray` | |
+| `String` | |
+| `StringArray` | |
#### JWTExtractor
@@ -2795,10 +2794,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ConsistentHash` | ConsistentHashLoadBalancerType load balancer policy.
|
-| `LeastRequest` | LeastRequestLoadBalancerType load balancer policy.
|
-| `Random` | RandomLoadBalancerType load balancer policy.
|
-| `RoundRobin` | RoundRobinLoadBalancerType load balancer policy.
|
+| `ConsistentHash` | ConsistentHashLoadBalancerType load balancer policy.
|
+| `LeastRequest` | LeastRequestLoadBalancerType load balancer policy.
|
+| `Random` | RandomLoadBalancerType load balancer policy.
|
+| `RoundRobin` | RoundRobinLoadBalancerType load balancer policy.
|
#### LocalRateLimit
@@ -2827,10 +2826,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `debug` | LogLevelDebug defines the "debug" logging level.
|
-| `info` | LogLevelInfo defines the "Info" logging level.
|
-| `warn` | LogLevelWarn defines the "Warn" logging level.
|
-| `error` | LogLevelError defines the "Error" logging level.
|
+| `debug` | LogLevelDebug defines the "debug" logging level.
|
+| `info` | LogLevelInfo defines the "Info" logging level.
|
+| `warn` | LogLevelWarn defines the "Warn" logging level.
|
+| `error` | LogLevelError defines the "Error" logging level.
|
#### Lua
@@ -2861,8 +2860,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Inline` | LuaValueTypeInline defines the "Inline" Lua type.
|
-| `ValueRef` | LuaValueTypeValueRef defines the "ValueRef" Lua type.
|
+| `Inline` | LuaValueTypeInline defines the "Inline" Lua type.
|
+| `ValueRef` | LuaValueTypeValueRef defines the "ValueRef" Lua type.
|
#### MergeType
@@ -2876,8 +2875,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
|
-| `JSONMerge` | JSONMerge indicates a JSON merge patch type
|
+| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
|
+| `JSONMerge` | JSONMerge indicates a JSON merge patch type
|
#### MetricSinkType
@@ -2892,7 +2891,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `OpenTelemetry` | |
+| `OpenTelemetry` | |
#### OIDC
@@ -3031,10 +3030,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `KeepUnchanged` | KeepUnchangedAction keeps escaped slashes as they arrive without changes
|
-| `RejectRequest` | RejectRequestAction rejects client requests containing escaped slashes
with a 400 status. gRPC requests will be rejected with the INTERNAL (13)
error code.
The "httpN.downstream_rq_failed_path_normalization" counter is incremented
for each rejected request.
|
-| `UnescapeAndRedirect` | UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path
if these sequences were present.
Redirect occurs after path normalization and merge slashes transformations if
they were configured. gRPC requests will be rejected with the INTERNAL (13)
error code.
This option minimizes possibility of path confusion exploits by forcing request
with unescaped slashes to traverse all parties: downstream client, intermediate
proxies, Envoy and upstream server.
The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented
for each redirected request.
|
-| `UnescapeAndForward` | UnescapeAndForward unescapes %2F and %5C sequences and forwards the request.
Note: this option should not be enabled if intermediaries perform path based access
control as it may lead to path confusion vulnerabilities.
|
+| `KeepUnchanged` | KeepUnchangedAction keeps escaped slashes as they arrive without changes
|
+| `RejectRequest` | RejectRequestAction rejects client requests containing escaped slashes
with a 400 status. gRPC requests will be rejected with the INTERNAL (13)
error code.
The "httpN.downstream_rq_failed_path_normalization" counter is incremented
for each rejected request.
|
+| `UnescapeAndRedirect` | UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path
if these sequences were present.
Redirect occurs after path normalization and merge slashes transformations if
they were configured. gRPC requests will be rejected with the INTERNAL (13)
error code.
This option minimizes possibility of path confusion exploits by forcing request
with unescaped slashes to traverse all parties: downstream client, intermediate
proxies, Envoy and upstream server.
The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented
for each redirected request.
|
+| `UnescapeAndForward` | UnescapeAndForward unescapes %2F and %5C sequences and forwards the request.
Note: this option should not be enabled if intermediaries perform path based access
control as it may lead to path confusion vulnerabilities.
|
#### PathSettings
@@ -3129,8 +3128,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Kubernetes` | ProviderTypeKubernetes defines the "Kubernetes" provider.
|
-| `Custom` | ProviderTypeCustom defines the "Custom" provider.
|
+| `Kubernetes` | ProviderTypeKubernetes defines the "Kubernetes" provider.
|
+| `Custom` | ProviderTypeCustom defines the "Custom" provider.
|
#### ProxyAccessLog
@@ -3176,8 +3175,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Text` | ProxyAccessLogFormatTypeText defines the text accesslog format.
|
-| `JSON` | ProxyAccessLogFormatTypeJSON defines the JSON accesslog format.
|
+| `Text` | ProxyAccessLogFormatTypeText defines the text accesslog format.
|
+| `JSON` | ProxyAccessLogFormatTypeJSON defines the JSON accesslog format.
|
#### ProxyAccessLogSetting
@@ -3225,9 +3224,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ALS` | ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.
The service must implement the Envoy gRPC Access Log Service streaming API:
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
|
-| `File` | ProxyAccessLogSinkTypeFile defines the file accesslog sink.
|
-| `OpenTelemetry` | ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name`
and `k8s.pod.name` as additional attributes.
|
+| `ALS` | ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.
The service must implement the Envoy gRPC Access Log Service streaming API:
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
|
+| `File` | ProxyAccessLogSinkTypeFile defines the file accesslog sink.
|
+| `OpenTelemetry` | ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name`
and `k8s.pod.name` as additional attributes.
|
#### ProxyAccessLogType
@@ -3241,8 +3240,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Listener` | ProxyAccessLogTypeListener defines the accesslog for Listeners.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log
|
-| `Route` | ProxyAccessLogTypeRoute defines the accesslog for HTTP, GRPC, UDP and TCP Routes.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/udp/udp_proxy/v3/udp_proxy.proto#envoy-v3-api-field-extensions-filters-udp-udp-proxy-v3-udpproxyconfig-access-log
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto#envoy-v3-api-field-extensions-filters-network-tcp-proxy-v3-tcpproxy-access-log
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-access-log
|
+| `Listener` | ProxyAccessLogTypeListener defines the accesslog for Listeners.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log
|
+| `Route` | ProxyAccessLogTypeRoute defines the accesslog for HTTP, GRPC, UDP and TCP Routes.
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/udp/udp_proxy/v3/udp_proxy.proto#envoy-v3-api-field-extensions-filters-udp-udp-proxy-v3-udpproxyconfig-access-log
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto#envoy-v3-api-field-extensions-filters-network-tcp-proxy-v3-tcpproxy-access-log
https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-access-log
|
#### ProxyBootstrap
@@ -3272,16 +3271,16 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `default` | LogComponentDefault defines the default logging component.
See more details: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-l
|
-| `upstream` | LogComponentUpstream defines the "upstream" logging component.
|
-| `http` | LogComponentHTTP defines the "http" logging component.
|
-| `connection` | LogComponentConnection defines the "connection" logging component.
|
-| `admin` | LogComponentAdmin defines the "admin" logging component.
|
-| `client` | LogComponentClient defines the "client" logging component.
|
-| `filter` | LogComponentFilter defines the "filter" logging component.
|
-| `main` | LogComponentMain defines the "main" logging component.
|
-| `router` | LogComponentRouter defines the "router" logging component.
|
-| `runtime` | LogComponentRuntime defines the "runtime" logging component.
|
+| `default` | LogComponentDefault defines the default logging component.
See more details: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-l
|
+| `upstream` | LogComponentUpstream defines the "upstream" logging component.
|
+| `http` | LogComponentHTTP defines the "http" logging component.
|
+| `connection` | LogComponentConnection defines the "connection" logging component.
|
+| `admin` | LogComponentAdmin defines the "admin" logging component.
|
+| `client` | LogComponentClient defines the "client" logging component.
|
+| `filter` | LogComponentFilter defines the "filter" logging component.
|
+| `main` | LogComponentMain defines the "main" logging component.
|
+| `router` | LogComponentRouter defines the "router" logging component.
|
+| `runtime` | LogComponentRuntime defines the "runtime" logging component.
|
#### ProxyLogging
@@ -3393,8 +3392,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `V1` | ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format).
|
-| `V2` | ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format).
|
+| `V1` | ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format).
|
+| `V2` | ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format).
|
#### ProxyTelemetry
@@ -3476,8 +3475,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Number` | RateLimitCostFromNumber specifies the rate limit cost to be a fixed number.
|
-| `Metadata` | RateLimitCostFromMetadata specifies the rate limit cost to be retrieved from the per-request dynamic metadata.
|
+| `Number` | RateLimitCostFromNumber specifies the rate limit cost to be a fixed number.
|
+| `Metadata` | RateLimitCostFromMetadata specifies the rate limit cost to be retrieved from the per-request dynamic metadata.
|
#### RateLimitCostMetadata
@@ -3539,7 +3538,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Redis` | RedisBackendType uses a redis database for the rate limit service.
|
+| `Redis` | RedisBackendType uses a redis database for the rate limit service.
|
#### RateLimitMetrics
@@ -3703,8 +3702,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Global` | GlobalRateLimitType allows the rate limits to be applied across all Envoy
proxy instances.
|
-| `Local` | LocalRateLimitType allows the rate limits to be applied on a per Envoy
proxy instance basis.
|
+| `Global` | GlobalRateLimitType allows the rate limits to be applied across all Envoy
proxy instances.
|
+| `Local` | LocalRateLimitType allows the rate limits to be applied on a per Envoy
proxy instance basis.
|
#### RateLimitUnit
@@ -3719,10 +3718,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Second` | RateLimitUnitSecond specifies the rate limit interval to be 1 second.
|
-| `Minute` | RateLimitUnitMinute specifies the rate limit interval to be 1 minute.
|
-| `Hour` | RateLimitUnitHour specifies the rate limit interval to be 1 hour.
|
-| `Day` | RateLimitUnitDay specifies the rate limit interval to be 1 day.
|
+| `Second` | RateLimitUnitSecond specifies the rate limit interval to be 1 second.
|
+| `Minute` | RateLimitUnitMinute specifies the rate limit interval to be 1 minute.
|
+| `Hour` | RateLimitUnitHour specifies the rate limit interval to be 1 hour.
|
+| `Day` | RateLimitUnitDay specifies the rate limit interval to be 1 day.
|
#### RateLimitValue
@@ -3812,7 +3811,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `File` | ResourceProviderTypeFile defines the "File" provider.
|
+| `File` | ResourceProviderTypeFile defines the "File" provider.
|
#### ResponseOverride
@@ -3841,8 +3840,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Inline` | ResponseValueTypeInline defines the "Inline" response body type.
|
-| `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
|
+| `Inline` | ResponseValueTypeInline defines the "Inline" response body type.
|
+| `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
|
#### Retry
@@ -3888,8 +3887,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Service` | ServiceRoutingType is the RoutingType for Service Cluster IP routing.
|
-| `Endpoint` | EndpointRoutingType is the RoutingType for Endpoint routing.
|
+| `Service` | ServiceRoutingType is the RoutingType for Service Cluster IP routing.
|
+| `Endpoint` | EndpointRoutingType is the RoutingType for Endpoint routing.
|
#### SecurityPolicy
@@ -3946,8 +3945,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Cluster` | ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
|
-| `Local` | ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
routing only to endpoints on the same node as the traffic was received on
(dropping the traffic if there are no local endpoints).
|
+| `Cluster` | ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
|
+| `Local` | ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
routing only to endpoints on the same node as the traffic was received on
(dropping the traffic if there are no local endpoints).
|
#### ServiceType
@@ -3961,9 +3960,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ClusterIP` | ServiceTypeClusterIP means a service will only be accessible inside the
cluster, via the cluster IP.
|
-| `LoadBalancer` | ServiceTypeLoadBalancer means a service will be exposed via an
external load balancer (if the cloud provider supports it).
|
-| `NodePort` | ServiceTypeNodePort means a service will be exposed on each Kubernetes Node
at a static Port, common across all Nodes.
|
+| `ClusterIP` | ServiceTypeClusterIP means a service will only be accessible inside the
cluster, via the cluster IP.
|
+| `LoadBalancer` | ServiceTypeLoadBalancer means a service will be exposed via an
external load balancer (if the cloud provider supports it).
|
+| `NodePort` | ServiceTypeNodePort means a service will be exposed on each Kubernetes Node
at a static Port, common across all Nodes.
|
#### Session
@@ -4064,8 +4063,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Exact` | SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector
and share the same rate limit bucket.
|
-| `Distinct` | SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector
and uses a separate rate limit bucket/counter.
Note: This is only supported for Global Rate Limits.
|
+| `Exact` | SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector
and share the same rate limit bucket.
|
+| `Distinct` | SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector
and uses a separate rate limit bucket/counter.
Note: This is only supported for Global Rate Limits.
|
#### StatefulTLSSessionResumption
@@ -4141,8 +4140,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Value` | StatusCodeValueTypeValue defines the "Value" status code match type.
|
-| `Range` | StatusCodeValueTypeRange defines the "Range" status code match type.
|
+| `Value` | StatusCodeValueTypeValue defines the "Value" status code match type.
|
+| `Range` | StatusCodeValueTypeRange defines the "Range" status code match type.
|
#### StringMatch
@@ -4174,10 +4173,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Exact` | StringMatchExact :the input string must match exactly the match value.
|
-| `Prefix` | StringMatchPrefix :the input string must start with the match value.
|
-| `Suffix` | StringMatchSuffix :the input string must end with the match value.
|
-| `RegularExpression` | StringMatchRegularExpression :The input string must match the regular expression
specified in the match value.
The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
+| `Exact` | StringMatchExact :the input string must match exactly the match value.
|
+| `Prefix` | StringMatchPrefix :the input string must start with the match value.
|
+| `Suffix` | StringMatchSuffix :the input string must end with the match value.
|
+| `RegularExpression` | StringMatchRegularExpression :The input string must match the regular expression
specified in the match value.
The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
#### TCPActiveHealthChecker
@@ -4274,11 +4273,11 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Auto` | TLSAuto allows Envoy to choose the optimal TLS Version
|
-| `1.0` | TLS1.0 specifies TLS version 1.0
|
-| `1.1` | TLS1.1 specifies TLS version 1.1
|
-| `1.2` | TLSv1.2 specifies TLS version 1.2
|
-| `1.3` | TLSv1.3 specifies TLS version 1.3
|
+| `Auto` | TLSAuto allows Envoy to choose the optimal TLS Version
|
+| `1.0` | TLS1.0 specifies TLS version 1.0
|
+| `1.1` | TLS1.1 specifies TLS version 1.1
|
+| `1.2` | TLSv1.2 specifies TLS version 1.2
|
+| `1.3` | TLSv1.3 specifies TLS version 1.3
|
#### TargetSelector
@@ -4348,10 +4347,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `OpenTelemetry` | |
-| `OpenTelemetry` | |
-| `Zipkin` | |
-| `Datadog` | |
+| `OpenTelemetry` | |
+| `OpenTelemetry` | |
+| `Zipkin` | |
+| `Datadog` | |
#### TriggerEnum
@@ -4365,18 +4364,18 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `5xx` | The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
Includes connect-failure and refused-stream.
|
-| `gateway-error` | The response is a gateway error (502,503 or 504).
|
-| `reset` | The upstream server does not respond at all (disconnect/reset/read timeout.)
|
-| `connect-failure` | Connection failure to the upstream server (connect timeout, etc.). (Included in *5xx*)
|
-| `retriable-4xx` | The upstream server responds with a retriable 4xx response code.
Currently, the only response code in this category is 409.
|
-| `refused-stream` | The upstream server resets the stream with a REFUSED_STREAM error code.
|
-| `retriable-status-codes` | The upstream server responds with any response code matching one defined in the RetriableStatusCodes.
|
-| `cancelled` | The gRPC status code in the response headers is “cancelled”.
|
-| `deadline-exceeded` | The gRPC status code in the response headers is “deadline-exceeded”.
|
-| `internal` | The gRPC status code in the response headers is “internal”.
|
-| `resource-exhausted` | The gRPC status code in the response headers is “resource-exhausted”.
|
-| `unavailable` | The gRPC status code in the response headers is “unavailable”.
|
+| `5xx` | The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
Includes connect-failure and refused-stream.
|
+| `gateway-error` | The response is a gateway error (502,503 or 504).
|
+| `reset` | The upstream server does not respond at all (disconnect/reset/read timeout.)
|
+| `connect-failure` | Connection failure to the upstream server (connect timeout, etc.). (Included in *5xx*)
|
+| `retriable-4xx` | The upstream server responds with a retriable 4xx response code.
Currently, the only response code in this category is 409.
|
+| `refused-stream` | The upstream server resets the stream with a REFUSED_STREAM error code.
|
+| `retriable-status-codes` | The upstream server responds with any response code matching one defined in the RetriableStatusCodes.
|
+| `cancelled` | The gRPC status code in the response headers is “cancelled”.
|
+| `deadline-exceeded` | The gRPC status code in the response headers is “deadline-exceeded”.
|
+| `internal` | The gRPC status code in the response headers is “internal”.
|
+| `resource-exhausted` | The gRPC status code in the response headers is “resource-exhausted”.
|
+| `unavailable` | The gRPC status code in the response headers is “unavailable”.
|
#### UnixSocket
@@ -4446,8 +4445,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL.
|
-| `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
|
+| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL.
|
+| `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
|
#### WasmEnv
@@ -4476,9 +4475,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Allow` | WithUnderscoresActionAllow allows headers with underscores to be passed through.
|
-| `RejectRequest` | WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with
the 400 status. HTTP/2 requests end with the stream reset.
|
-| `DropHeader` | WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header
is dropped before the filter chain is invoked and as such filters will not see
dropped headers.
|
+| `Allow` | WithUnderscoresActionAllow allows headers with underscores to be passed through.
|
+| `RejectRequest` | WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with
the 400 status. HTTP/2 requests end with the stream reset.
|
+| `DropHeader` | WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header
is dropped before the filter chain is invoked and as such filters will not see
dropped headers.
|
#### XDSTranslatorHook
@@ -4493,10 +4492,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `VirtualHost` | |
-| `Route` | |
-| `HTTPListener` | |
-| `Translation` | |
+| `VirtualHost` | |
+| `Route` | |
+| `HTTPListener` | |
+| `Translation` | |
#### XDSTranslatorHooks
@@ -4525,11 +4524,11 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Subject` | XFCCCertDataSubject is the Subject field of the current client certificate.
|
-| `Cert` | XFCCCertDataCert is the entire client certificate in URL encoded PEM format.
|
-| `Chain` | XFCCCertDataChain is the entire client certificate chain (including the leaf certificate) in URL encoded PEM format.
|
-| `DNS` | XFCCCertDataDNS is the DNS type Subject Alternative Name field of the current client certificate.
|
-| `URI` | XFCCCertDataURI is the URI type Subject Alternative Name field of the current client certificate.
|
+| `Subject` | XFCCCertDataSubject is the Subject field of the current client certificate.
|
+| `Cert` | XFCCCertDataCert is the entire client certificate in URL encoded PEM format.
|
+| `Chain` | XFCCCertDataChain is the entire client certificate chain (including the leaf certificate) in URL encoded PEM format.
|
+| `DNS` | XFCCCertDataDNS is the DNS type Subject Alternative Name field of the current client certificate.
|
+| `URI` | XFCCCertDataURI is the URI type Subject Alternative Name field of the current client certificate.
|
#### XFCCForwardMode
@@ -4543,11 +4542,11 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Sanitize` | XFCCForwardModeSanitize removes the XFCC header from the request. This is the default mode.
|
-| `ForwardOnly` | XFCCForwardModeForwardOnly forwards the XFCC header in the request if the client connection is mTLS.
|
-| `AppendForward` | XFCCForwardModeAppendForward appends the client certificate information to the request’s XFCC header and forward it if the client connection is mTLS.
|
-| `SanitizeSet` | XFCCForwardModeSanitizeSet resets the XFCC header with the client certificate information and forward it if the client connection is mTLS.
The existing certificate information in the XFCC header is removed.
|
-| `AlwaysForwardOnly` | XFCCForwardModeAlwaysForwardOnly always forwards the XFCC header in the request, regardless of whether the client connection is mTLS.
|
+| `Sanitize` | XFCCForwardModeSanitize removes the XFCC header from the request. This is the default mode.
|
+| `ForwardOnly` | XFCCForwardModeForwardOnly forwards the XFCC header in the request if the client connection is mTLS.
|
+| `AppendForward` | XFCCForwardModeAppendForward appends the client certificate information to the request’s XFCC header and forward it if the client connection is mTLS.
|
+| `SanitizeSet` | XFCCForwardModeSanitizeSet resets the XFCC header with the client certificate information and forward it if the client connection is mTLS.
The existing certificate information in the XFCC header is removed.
|
+| `AlwaysForwardOnly` | XFCCForwardModeAlwaysForwardOnly always forwards the XFCC header in the request, regardless of whether the client connection is mTLS.
|
#### XForwardedClientCert