ListenerPolicy
You can use a ListenerPolicy resource to attach policies to all gateway listeners.
Policy attachment
All listeners on a gateway
You can apply a policy to all the listeners that are defined on the gateway by using the spec.targetRef section in the ListenerPolicy resource.
The following ListenerPolicy resource sets a request read and write buffer limit and applies this policy to a Gateway resource that is named http.
kubectl apply -f- <<EOF
apiVersion: gateway.kgateway.dev/v1alpha1
kind: ListenerPolicy
metadata:
name: bufferlimits
namespace: kgateway-system
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: http
default:
perConnectionBufferLimitBytes: 1024
EOFSpecific port
Instead of attaching a policy to all the listeners that are defined on the gateway, you can target a particular port by using the spec.perPort field in the ListenerPolicy resource.
The following Gateway resource defines two listeners, an HTTP (http) and HTTPS (https) listener.
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
name: http
spec:
gatewayClassName: kgateway
listeners:
- name: http
protocol: HTTP
port: 8080
allowedRoutes:
namespaces:
from: All
hostname: www.example.com
- name: https
port: 443
protocol: HTTPS
hostname: https.example.com
tls:
mode: Terminate
certificateRefs:
- name: https
kind: Secret
allowedRoutes:
namespaces:
from: AllTo apply the policy to only the https listener, you specify the port in the spec.perPort field in the ListenerPolicy resource as shown in the following example.
apiVersion: gateway.kgateway.dev/v1alpha1
kind: ListenerPolicy
metadata:
name: access-logs
namespace: kgateway-system
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: http
perPort:
- port: 443
listener:
perConnectionBufferLimitBytes: 1024Conflicting policies
If you create multiple ListenerPolicy resources that define the same type of top-level policy, and attach them to the same gateway by using the targetRefs option, only the ListenerPolicy that was last applied is enforced.