ApplicationGateway is the Schema for the ApplicationGateways API. Manages an Application Gateway.
Type
CRD
Group
network.azure.upbound.io
Version
v1beta1
apiVersion: network.azure.upbound.io/v1beta1
kind: ApplicationGateway
ApplicationGatewaySpec defines the desired state of ApplicationGateway
No description provided.
One or more authentication_certificate blocks as defined below.
An autoscale_configuration block as defined below.
One or more backend_address_pool blocks as defined below.
A list of FQDN's which should be part of the Backend Address Pool.
A list of IP Addresses which should be part of the Backend Address Pool.
One or more backend_http_settings blocks as defined below.
One or more authentication_certificate_backend blocks as defined below.
A connection_draining block as defined below.
A list of trusted_root_certificate names.
One or more custom_error_configuration blocks as defined below.
One or more frontend_ip_configuration blocks as defined below.
Reference to a PublicIP to populate publicIpAddressId.
Policies for referencing.
Selector for a PublicIP to populate publicIpAddressId.
Policies for selection.
Reference to a Subnet to populate subnetId.
Policies for referencing.
Selector for a Subnet to populate subnetId.
Policies for selection.
One or more gateway_ip_configuration blocks as defined below.
Reference to a Subnet in network to populate subnetId.
Policies for referencing.
Selector for a Subnet in network to populate subnetId.
Policies for selection.
A global block as defined below.
One or more http_listener blocks as defined below.
One or more custom_error_configuration blocks as defined below.
A list of Hostname(s) should be used for this HTTP Listener. It allows special wildcard characters.
An identity block as defined below.
Specifies a list of User Assigned Managed Identity IDs to be assigned to this Application Gateway.
One or more private_link_configuration blocks as defined below.
One or more ip_configuration blocks as defined below.
Reference to a Subnet to populate subnetId.
Policies for referencing.
Selector for a Subnet to populate subnetId.
Policies for selection.
One or more probe blocks as defined below.
A match block as defined above.
A list of allowed status codes for this Health Probe.
One or more redirect_configuration blocks as defined below.
One or more request_routing_rule blocks as defined below.
Reference to a ResourceGroup in azure to populate resourceGroupName.
Policies for referencing.
Selector for a ResourceGroup in azure to populate resourceGroupName.
Policies for selection.
One or more rewrite_rule_set blocks as defined below. Only valid for v2 SKUs.
One or more rewrite_rule blocks as defined below.
One or more condition blocks as defined above.
One or more request_header_configuration blocks as defined above.
One or more response_header_configuration blocks as defined above.
One url block as defined below
One or more ssl_certificate blocks as defined below.
a ssl_policy block as defined below.
A List of accepted cipher suites. Possible values are: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384.
A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
One or more ssl_profile blocks as defined below.
a ssl_policy block as defined below.
A List of accepted cipher suites. Possible values are: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384.
A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
The name of the Trusted Client Certificate that will be used to authenticate requests from clients.
One or more trusted_client_certificate blocks as defined below.
One or more trusted_root_certificate blocks as defined below.
One or more url_path_map blocks as defined below.
One or more path_rule blocks as defined above.
A list of Paths used in this Path Rule.
A waf_configuration block as defined below.
One or more disabled_rule_group blocks as defined below.
A list of rules which should be disabled in that group. Disables all rules in the specified group if rules is not specified.
One or more exclusion blocks as defined below.
Specifies a list of Availability Zones in which this Application Gateway should be located. Changing this forces a new Application Gateway to be created.
THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
One or more authentication_certificate blocks as defined below.
An autoscale_configuration block as defined below.
One or more backend_address_pool blocks as defined below.
A list of FQDN's which should be part of the Backend Address Pool.
A list of IP Addresses which should be part of the Backend Address Pool.
One or more backend_http_settings blocks as defined below.
One or more authentication_certificate_backend blocks as defined below.
A connection_draining block as defined below.
A list of trusted_root_certificate names.
One or more custom_error_configuration blocks as defined below.
One or more frontend_ip_configuration blocks as defined below.
Reference to a PublicIP to populate publicIpAddressId.
Policies for referencing.
Selector for a PublicIP to populate publicIpAddressId.
Policies for selection.
Reference to a Subnet to populate subnetId.
Policies for referencing.
Selector for a Subnet to populate subnetId.
Policies for selection.
One or more gateway_ip_configuration blocks as defined below.
Reference to a Subnet in network to populate subnetId.
Policies for referencing.
Selector for a Subnet in network to populate subnetId.
Policies for selection.
A global block as defined below.
One or more http_listener blocks as defined below.
One or more custom_error_configuration blocks as defined below.
A list of Hostname(s) should be used for this HTTP Listener. It allows special wildcard characters.
An identity block as defined below.
Specifies a list of User Assigned Managed Identity IDs to be assigned to this Application Gateway.
One or more private_link_configuration blocks as defined below.
One or more ip_configuration blocks as defined below.
Reference to a Subnet to populate subnetId.
Policies for referencing.
Selector for a Subnet to populate subnetId.
Policies for selection.
One or more probe blocks as defined below.
A match block as defined above.
A list of allowed status codes for this Health Probe.
One or more redirect_configuration blocks as defined below.
One or more request_routing_rule blocks as defined below.
One or more rewrite_rule_set blocks as defined below. Only valid for v2 SKUs.
One or more rewrite_rule blocks as defined below.
One or more condition blocks as defined above.
One or more request_header_configuration blocks as defined above.
One or more response_header_configuration blocks as defined above.
One url block as defined below
One or more ssl_certificate blocks as defined below.
a ssl_policy block as defined below.
A List of accepted cipher suites. Possible values are: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384.
A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
One or more ssl_profile blocks as defined below.
a ssl_policy block as defined below.
A List of accepted cipher suites. Possible values are: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384.
A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
The name of the Trusted Client Certificate that will be used to authenticate requests from clients.
One or more trusted_client_certificate blocks as defined below.
One or more trusted_root_certificate blocks as defined below.
One or more url_path_map blocks as defined below.
One or more path_rule blocks as defined above.
A list of Paths used in this Path Rule.
A waf_configuration block as defined below.
One or more disabled_rule_group blocks as defined below.
A list of rules which should be disabled in that group. Disables all rules in the specified group if rules is not specified.
One or more exclusion blocks as defined below.
Specifies a list of Availability Zones in which this Application Gateway should be located. Changing this forces a new Application Gateway to be created.
THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
ApplicationGatewayStatus defines the observed state of ApplicationGateway.
No description provided.
An autoscale_configuration block as defined below.
One or more backend_address_pool blocks as defined below.
A list of FQDN's which should be part of the Backend Address Pool.
A list of IP Addresses which should be part of the Backend Address Pool.
One or more backend_http_settings blocks as defined below.
A connection_draining block as defined below.
A list of trusted_root_certificate names.
One or more custom_error_configuration blocks as defined below.
One or more frontend_ip_configuration blocks as defined below.
A global block as defined below.
One or more http_listener blocks as defined below.
One or more custom_error_configuration blocks as defined below.
A list of Hostname(s) should be used for this HTTP Listener. It allows special wildcard characters.
An identity block as defined below.
Specifies a list of User Assigned Managed Identity IDs to be assigned to this Application Gateway.
One or more private_link_configuration blocks as defined below.
One or more probe blocks as defined below.
A match block as defined above.
A list of allowed status codes for this Health Probe.
One or more redirect_configuration blocks as defined below.
One or more request_routing_rule blocks as defined below.
One or more rewrite_rule_set blocks as defined below. Only valid for v2 SKUs.
One or more rewrite_rule blocks as defined below.
One or more condition blocks as defined above.
One or more request_header_configuration blocks as defined above.
One or more response_header_configuration blocks as defined above.
One url block as defined below
One or more ssl_certificate blocks as defined below.
a ssl_policy block as defined below.
A List of accepted cipher suites. Possible values are: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384.
A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
One or more ssl_profile blocks as defined below.
a ssl_policy block as defined below.
A List of accepted cipher suites. Possible values are: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384.
A list of SSL Protocols which should be disabled on this Application Gateway. Possible values are TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
The name of the Trusted Client Certificate that will be used to authenticate requests from clients.
One or more trusted_root_certificate blocks as defined below.
One or more url_path_map blocks as defined below.
One or more path_rule blocks as defined above.
A list of Paths used in this Path Rule.
A waf_configuration block as defined below.
One or more disabled_rule_group blocks as defined below.
A list of rules which should be disabled in that group. Disables all rules in the specified group if rules is not specified.
One or more exclusion blocks as defined below.
Specifies a list of Availability Zones in which this Application Gateway should be located. Changing this forces a new Application Gateway to be created.
Conditions of the resource.
example
apiVersion: network.azure.upbound.io/v1beta1
kind: ApplicationGateway
metadata:
annotations:
meta.upbound.io/example-id: network/v1beta1/applicationgateway
uptest.upbound.io/timeout: "7200"
labels:
testing.upbound.io/example-name: network
name: example
spec:
forProvider:
backendAddressPool:
- name: example
backendHttpSettings:
- cookieBasedAffinity: Disabled
name: example
path: /path1/
port: 80
protocol: Http
requestTimeout: 60
frontendIpConfiguration:
- name: example
publicIpAddressIdSelector:
matchLabels:
testing.upbound.io/example-name: example
frontendPort:
- name: example
port: 80
gatewayIpConfiguration:
- name: my-gateway-ip-configuration
subnetIdSelector:
matchLabels:
testing.upbound.io/example-name: frontend
httpListener:
- frontendIpConfigurationName: example
frontendPortName: example
name: example
protocol: Http
location: West Europe
requestRoutingRule:
- backendAddressPoolName: example
backendHttpSettingsName: example
httpListenerName: example
name: example
priority: 9
ruleType: Basic
resourceGroupNameSelector:
matchLabels:
testing.upbound.io/example-name: example
sku:
- capacity: 2
name: Standard_v2
tier: Standard_v2
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.