Documentation
About
Policies
HTTPListenerPolicy

HTTPListenerPolicy

You can use an HTTPListenerPolicy resource to attach policies to HTTP or HTTPs listeners on the gateway.

Policy attachment

You can apply a policy to all HTTP and HTTPS listeners that are defined on the gateway by using the spec.targetRefs section in the HTTPListenerPolicy resource.

The following HTTPListenerPolicy resource configures access logs on a Gateway that is named http. The policy applies to all the HTTP and HTTPS listeners that are defined on the gateway.

apiVersion: gateway.kgateway.dev/v1alpha1
kind: HTTPListenerPolicy
metadata:
  name: access-logs
  namespace: kgateway-system
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: http
  accessLog:
  - fileSink:
      path: /dev/stdout
      jsonFormat:
          start_time: "%START_TIME%"
          method: "%REQ(X-ENVOY-ORIGINAL-METHOD?:METHOD)%"
          path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"
          protocol: "%PROTOCOL%"
          response_code: "%RESPONSE_CODE%"
          response_flags: "%RESPONSE_FLAGS%"
          bytes_received: "%BYTES_RECEIVED%"
          bytes_sent: "%BYTES_SENT%"
          total_duration: "%DURATION%"
          resp_backend_service_time: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%"
          req_x_forwarded_for: "%REQ(X-FORWARDED-FOR)%"
          user_agent: "%REQ(USER-AGENT)%"
          request_id: "%REQ(X-REQUEST-ID)%"
          authority: "%REQ(:AUTHORITY)%"
          backendHost: "%UPSTREAM_HOST%"
          backendCluster: "%UPSTREAM_CLUSTER%"

Conflicting policies

If you create multiple HTTPListenerPolicy resources that define the same type of top-level policy, and attach them to the same gateway by using the targetRefs option, only the HTTPListenerPolicy that was last applied is enforced.

TrafficPolicy