Skip to content

For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.

Page as Markdown 

    

  
  


            
Policies

            
Learn more about the custom resources that you can use to apply policies in kgateway.


While the Kubernetes Gateway API allows you to do simple routing, such as to match, redirect, or rewrite requests, you might want additional capabilities in your API gateway, such direct responses, local rate limiting, or request and response transformations. Policies allow you to apply intelligent traffic management, resiliency, and security standards to an HTTPRoute or Gateway.


Policy CRDs
    
Kgateway uses the following custom resources to attach policies to routes and gateway listeners.



  
  Direct responseDirectly respond to incoming requests with a custom HTTP response code and body.
  

  HTTPListenerPolicyApply policies to all HTTP and HTTPS listeners.
  

  TrafficPolicyAttach policies to routes in an HTTPRoute or Gateway resource.
  






Supported policies
    
Review the policies that you can configure in kgateway and the level at which you can apply them.



  

    
      

        Policy
        Applied via
      

    
    
      
Access loggingHTTPListenerPolicy
      

      
BufferingTrafficPolicy
      

      
CSRFTrafficPolicy
      

      
Direct responseDirectResponse
      

      
Dynamic Forward Proxy (DFP)Backend and HTTPRoute
      

      
External authorizationGatewayExtension and TrafficPolicy
      

      
External processing (ExtProc)TrafficPolicy
      

      
Health checks for the GatewayHTTPListenerPolicy
      

      
Health checks for the BackendsBackendConfigPolicy
      

      
HTTP connection settingsBackendConfigPolicy
      

      
Outlier detectionBackendConfigPolicy
      

      
Rate limitingTrafficPolicy
      

      
Session affinity - Simple load balancingBackendConfigPolicy
      

      
Session affinity - Consistent hashingBackendConfigPolicy
      

      
TCP keepaliveBackendConfigPolicy
      

      
TransformationsTrafficPolicy
      

    
  




Policy behavior
    


            

          

            

              BackendConfigPolicy

              
Configure backend connection, TLS, and load balancing with BackendConfigPolicy.

          

        
          

            

              HTTPListenerPolicy

              
You can use an HTTPListenerPolicy resource to attach policies to HTTP or HTTPS listeners on the …

          

        
          

            

              ListenerPolicy

              
You can use a ListenerPolicy resource to attach policies to all gateway listeners.

          

        
          

            

              TrafficPolicy

              
Use a TrafficPolicy resource to attach policies to one, multiple, or all routes in an HTTPRoute …

          

        
          

            

              Global policy attachment

              
Attach policies across namespaces using label selectors for centralized policy management.

          

        
          

            

              Policy merging

              
Understand how the precedence and merging rules combine policies that target the same resource.

          

        
    

          

          

          
Gateway proxies

          

  

    Was this page helpful?