- Blog
- FAQ
- Product Demos
- API Guide
- GETGet an agent by name
- DELDelete an agent by name
- PATCHPerform a Patch on an agent by name
- GETQuery agent health
- GETGet all agents
- POSTCreate an agent
- POSTGet all agents based on a query
- GETGet the access report for an agent by name
- GETGet available permissions for an agent
- GETGet an audit context by name
- PATCHPerform a Patch on an audit context by name
- GETGet all audit contexts
- POSTCreate an audit context
- POSTGet all audit contexts based on a query
- GETGet the access report for an audit context by name
- GETGet available permissions for an audit context
- GETGet a cloud account by name
- DELDelete an cloud account by name
- PATCHPerform a Patch on a cloud account by name
- GETGet all cloud accounts
- POSTCreate a cloud account
- POSTGet all cloud accounts based on a query
- GETGet the access report for a cloud account by name
- GETGet available permissions for a cloud account resource type
- GETGet a domain by name
- DELDelete a domain by name
- PATCHPerform a Patch on a domain by name
- GETGet all domains
- POSTCreate a domain
- POSTGet all domains based on a query
- GETGet the access report for a domain by name
- GETGet available permissions for a domain resource type
- GETGet a group by name
- DELDelete a group by name
- PATCHPerform a Patch on a group by name
- GETGet all groups
- POSTCreate a group
- POSTGet all groups based on a query
- GETGet the access report for a group by name
- GETGet available permissions for a group resource type
- GETGet a GVC by name
- DELDelete a GVC by name
- PATCHPerform a Patch on a GVC by name
- GETGet all GVCs
- POSTCreate a GVC
- POSTGet all GVCs based on a query
- GETGet the access report for a GVC by name
- GETGet available permissions for a GVC resource type
- GETGet an identity by GVC and name
- DELDelete an identity by GVC and name
- PATCHPerform a Patch on an identity by name
- GETGet all identities in a GVC
- POSTCreate an identity
- GETGet all identities from all GVCs
- POSTGet all GVC identities based on a query
- GETGet the access report for an identity by GVC and name
- GETGet available permissions for an identity
- GETGet a image by name
- DELDelete an image by name
- PATCHPerform a Patch on an image by name
- GETGet all images
- POSTGet all images based on a query
- GETGet the access report for an image by name
- GETGet available permissions for an image resource type
- GETGet a location by name
- PATCHPerform a Patch on a location by name
- GETGet all locations
- POSTGet all locations based on a query
- GETGet the access report for a location by name
- GETGet available permissions for a location resource type
- GETGet an org by name
- PATCHPerform a Patch on an org by name
- GETGet all orgs
- POSTCreate an org
- POSTGet all orgs based on a query
- GETGet the access report for an org by name
- GETGet available permissions for an org resource type
- GETGet a policy by name
- DELDelete a policy by name
- PATCHPerform a Patch on a policy by name
- GETGet all policies
- POSTCreate a policy
- POSTGet all policies based on a query
- GETGet the access report for a policy by name
- GETGet available permissions for a policy resource type
- GETGet a quota by ID
- GETGet all quotas
- POSTGet all quotas based on a query
- GETGet available permissions for a quota resource type
- GETGet a secret by name
- DELDelete a secret by name
- PATCHPerform a Patch on a secret by name
- GETGet all secrets
- POSTCreate a secret
- GETGet the sensitive content of a secret by name
- POSTGet all secrets based on a query
- GETGet the access report for a secret by name
- GETGet available permissions for a secret resource type
- GETGet a service account by name
- DELDelete a service account by name
- PATCHPerform a Patch on a service account by name
- GETGet all service accounts
- POSTCreate a service account
- POSTGet all service accounts based on a query
- GETGet the access report for a service account by name
- POSTAdd a key to a service account
- GETGet available permissions for a service account resource type
- GETList tasks that you can accept to refuse
- GETList tasks that you can accept to refuse in a specific org
- GETGet a task by ID
- POSTPost
- DELDelete/Cancel a task by ID
- GETGet all tasks
- POSTGet all tasks based on a query
- GETGet available permissions for a task resource type
- GETGet a user by name
- DELDelete a user by name
- PATCHPerform a Patch on a user by name
- GETGet all users
- POSTGet all users based on a query
- POSTInvite users to this org
- GETGet the access report for a user by name
- GETGet available permissions for a user resource type
- GETGet a volumeset by GVC and name
- DELDelete a volumeset by name
- PATCHPerform a Patch on a volumeset by name
- GETList volumesets in a GVC you are authorized to view
- POSTCreate a volumeset
- GETGet all volumesets
- POSTGet all volumesets based on a query
- GETGet the access report for a volumeset by GVC and name
- GETGet available permissions for a volumeset resource type
- GETGet a workload by GVC and name
- DELDelete a workload by name
- PATCHPerform a Patch on a workload by name
- GETGet a deployment by GVC, workload and name
- GETList workloads in a GVC you are authorized to view
- POSTCreate a workload
- GETGet all workloads
- GETList deployments in a workload
- POSTGet all workloads based on a query
- GETGet the access report for a workload by GVC and name
- GETGet available permissions for a workload resource type
Overview
agent
auditctx
cloudaccount
domain
group
gvc
identity
image
location
org
policy
quota
secret
serviceaccount
task
user
volumeset
workload
Perform a Patch on a GVC by name
Service account key can be used as API keys
These environment variables will be available to any workload in the GVC. Note: a workload must opt-in to receive these variables.
Creates a dedicated load balancer in each location and enables additional Domain features: custom ports, protocols and wildcard hostnames. Charges apply for each location.
Controls the address used for request logging and for setting the X-Envoy-External-Address header. If set to 1, then the last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If set to 2, then the second to last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If the XFF header does not have at least two addresses or does not exist then the source client IP address will be used instead.
Creates a dedicated load balancer in each location and enables additional Domain features: custom ports, protocols and wildcard hostnames. Charges apply for each location.
Controls the address used for request logging and for setting the X-Envoy-External-Address header. If set to 1, then the last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If set to 2, then the second to last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If the XFF header does not have at least two addresses or does not exist then the source client IP address will be used instead.
These environment variables will be available to any workload in the GVC. Note: a workload must opt-in to receive these variables.
Creates a dedicated load balancer in each location and enables additional Domain features: custom ports, protocols and wildcard hostnames. Charges apply for each location.
Controls the address used for request logging and for setting the X-Envoy-External-Address header. If set to 1, then the last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If set to 2, then the second to last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If the XFF header does not have at least two addresses or does not exist then the source client IP address will be used instead.
Authorizations
Service account key can be used as API keys
Path Parameters
Body
description
, tags
, spec
staticPlacement
, pullSecretLinks
, domain
, tracing
, sidecar
, env
, loadBalancer
locationLinks
, locationQuery
kind
, spec
match
, terms
all
, any
, none
=
, >
, >=
, <
, <=
, !=
, ~
, exists
, !exists
=
, >
, >=
, <
, <=
, !=
, ~
, exists
, !exists
op
, property
, rel
, tag
, value
=
, >
, >=
, <
, <=
, !=
, ~
, exists
, !exists
all
, any
, none
=
, >
, >=
, <
, <=
, !=
, ~
, exists
, !exists
all
, any
, none
=
, >
, >=
, <
, <=
, !=
, ~
, exists
, !exists
all
, any
, none
=
, >
, >=
, <
, <=
, !=
, ~
, exists
, !exists
sampling
, lightstep
, customTags
, provider
endpoint
, credentials
otel
, lightstep
, controlplane
endpoint
endpoint
, credentials
envoy
accessLog
, clusters
, excludedExternalAuth
, excludedRateLimit
, http
, network
, volumes
envoy.http_grpc_access_log
AUTO
, V2
, V3
envoy.http_grpc_access_log
AUTO
, V2
, V3
priority
, excludedWorkloads
, typed_config
envoy.http_grpc_access_log
@type
, common_config
, additional_request_headers_to_log
, additional_response_headers_to_log
, additional_response_trailers_to_log
log_name
, grpc_service
, transport_api_version
, buffer_flush_interval
, buffer_size_bytes
, filter_state_objects_to_log
, grpc_stream_retry_policy
envoy_grpc
, google_grpc
, timeout
, initial_metadata
cluster_name
, authority
, retry_policy
retry_back_off
, num_retries
base_interval
, max_interval
target_uri
, channel_credentials
, call_credentials
, stat_prefix
, credentials_factory_name
, config
ssl_credentials
, google_default
root_certs
, private_key
, cert_chain
filename
, inline_bytes
, inline_string
, environment_variable
filename
, inline_bytes
, inline_string
, environment_variable
filename
, inline_bytes
, inline_string
, environment_variable
access_token
, google_compute_engine
, google_refresh_token
, service_account_jwt_access
, google_iam
, from_plugin
, sts_service
json_key
, token_lifetime_seconds
authorization_token
, authority_selector
typed_config
token_exchange_service_uri
, resource
, audience
, scope
, requested_token_type
, subject_token_path
, subject_token_type
, actor_token_path
, actor_token_type
key
, value
, raw_value
AUTO
, V2
, V3
retry_back_off
, num_retries
base_interval
, max_interval
AUTO
, V2
, V3
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
excludedWorkloads
, transport_socket_matches
, alt_stat_name
, type
, cluster_type
, eds_cluster_config
, connect_timeout
, per_connection_buffer_limit_bytes
, lb_policy
, load_assignment
, health_checks
, max_requests_per_connection
, circuit_breakers
, upstream_http_protocol_options
, common_http_protocol_options
, http_protocol_options
, http2_protocol_options
, typed_extension_protocol_options
, dns_refresh_rate
, dns_failure_refresh_rate
, respect_dns_ttl
, dns_lookup_family
, dns_resolvers
, use_tcp_for_dns_lookups
, dns_resolution_config
, typed_dns_resolver_config
, wait_for_warm_on_init
, outlier_detection
, cleanup_interval
, upstream_bind_config
, lb_subset_config
, ring_hash_lb_config
, maglev_lb_config
, least_request_lb_config
, common_lb_config
, transport_socket
, metadata
, protocol_selection
, upstream_connection_options
, close_connections_on_host_health_failure
, ignore_health_on_host_removal
, filters
, load_balancing_policy
, track_timeout_budgets
, upstream_config
, track_cluster_stats
, preconnect_policy
, connection_pool_per_downstream_connection
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
cluster_name
, endpoints
, policy
match
, port
, svcPort
prefix
, path
, safe_regex
, path_separated_prefix
, path_match_policy
, case_sensitive
, runtime_fraction
, headers
, query_parameters
, grpc
, tls_context
, dynamic_metadata
google_re2
, regex
max_program_size
typed_config
default_value
, runtime_key
numerator
, denominator
safe_regex_match
, range_match
, present_match
, string_match
, invert_match
, treat_missing_header_as_empty
google_re2
, regex
max_program_size
start
, end
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
string_match
, present_match
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
presented
, validated
presented
, validated
filter
, path
, value
, invert
key
null_match
, double_match
, string_match
, bool_match
, present_match
range
, exact
start
, end
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
match
, port
, svcPort
prefix
, path
, safe_regex
, path_separated_prefix
, path_match_policy
, case_sensitive
, runtime_fraction
, headers
, query_parameters
, grpc
, tls_context
, dynamic_metadata
google_re2
, regex
max_program_size
typed_config
default_value
, runtime_key
numerator
, denominator
safe_regex_match
, range_match
, present_match
, string_match
, invert_match
, treat_missing_header_as_empty
google_re2
, regex
max_program_size
start
, end
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
string_match
, present_match
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
presented
, validated
presented
, validated
filter
, path
, value
, invert
key
null_match
, double_match
, string_match
, bool_match
, present_match
range
, exact
start
, end
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
uri
, recoveryPolicy
, path
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
envoy.http_grpc_access_log
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
envoy.http_grpc_access_log
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
These environment variables will be available to any workload in the GVC. Note: a workload must opt-in to receive these variables.
value
dedicated
, trustedProxies
Creates a dedicated load balancer in each location and enables additional Domain features: custom ports, protocols and wildcard hostnames. Charges apply for each location.
Controls the address used for request logging and for setting the X-Envoy-External-Address header. If set to 1, then the last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If set to 2, then the second to last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If the XFF header does not have at least two addresses or does not exist then the source client IP address will be used instead.
Creates a dedicated load balancer in each location and enables additional Domain features: custom ports, protocols and wildcard hostnames. Charges apply for each location.
Controls the address used for request logging and for setting the X-Envoy-External-Address header. If set to 1, then the last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If set to 2, then the second to last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If the XFF header does not have at least two addresses or does not exist then the source client IP address will be used instead.
all
, any
, none
=
, >
, >=
, <
, <=
, !=
, ~
, exists
, !exists
envoy.http_grpc_access_log
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
These environment variables will be available to any workload in the GVC. Note: a workload must opt-in to receive these variables.
Creates a dedicated load balancer in each location and enables additional Domain features: custom ports, protocols and wildcard hostnames. Charges apply for each location.
Controls the address used for request logging and for setting the X-Envoy-External-Address header. If set to 1, then the last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If set to 2, then the second to last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If the XFF header does not have at least two addresses or does not exist then the source client IP address will be used instead.
Response
all
, any
, none
=
, >
, >=
, <
, <=
, !=
, ~
, exists
, !exists
envoy.http_grpc_access_log
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
These environment variables will be available to any workload in the GVC. Note: a workload must opt-in to receive these variables.
Creates a dedicated load balancer in each location and enables additional Domain features: custom ports, protocols and wildcard hostnames. Charges apply for each location.
Controls the address used for request logging and for setting the X-Envoy-External-Address header. If set to 1, then the last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If set to 2, then the second to last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If the XFF header does not have at least two addresses or does not exist then the source client IP address will be used instead.