HTTPListenerPolicy
You can use an HTTPListenerPolicy resource to attach policies to HTTP or HTTPS listeners on the gateway.
ℹ️
By default, you must attach policies to resources that are in the same namespace. To create global policies that can attach to resources in any namespace, see the Global policy attachment guide.
Policy attachment
You can apply a policy to all HTTP and HTTPS listeners that are defined on the gateway by using the spec.targetRefs section in the HTTPListenerPolicy resource.
The following HTTPListenerPolicy resource configures access logs on a Gateway that is named http. The policy applies to all the HTTP and HTTPS listeners that are defined on the gateway.
apiVersion: gateway.kgateway.dev/v1alpha1
kind: HTTPListenerPolicy
metadata:
name: access-logs
namespace: kgateway-system
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: http
accessLog:
- fileSink:
path: /dev/stdout
jsonFormat:
start_time: "%START_TIME%"
method: "%REQ(X-ENVOY-ORIGINAL-METHOD?:METHOD)%"
path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"
protocol: "%PROTOCOL%"
response_code: "%RESPONSE_CODE%"
response_flags: "%RESPONSE_FLAGS%"
bytes_received: "%BYTES_RECEIVED%"
bytes_sent: "%BYTES_SENT%"
total_duration: "%DURATION%"
resp_backend_service_time: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%"
req_x_forwarded_for: "%REQ(X-FORWARDED-FOR)%"
user_agent: "%REQ(USER-AGENT)%"
request_id: "%REQ(X-REQUEST-ID)%"
authority: "%REQ(:AUTHORITY)%"
backendHost: "%UPSTREAM_HOST%"
backendCluster: "%UPSTREAM_CLUSTER%"Conflicting policies
If you create multiple HTTPListenerPolicy resources that define the same type of top-level policy, and attach them to the same gateway by using the targetRefs option, only the HTTPListenerPolicy that was last applied is enforced.