GlobalConfig CRD

EnRoute Technical Reference

GlobalConfig CRD

GlobalConfig provides a mechanism to provide configuration global to the system. Such configuration may include configuring the rate-limit engine in EnRoute, configuring mesh integration options (like options for linkerd and istio), configuring a devportal for EnRoute

Here is an example GlobalConfig for the EnRoute devportal

---
apiVersion: enroute.saaras.io/v1
kind: GlobalConfig
metadata:
  name: devportal-config
  namespace: portal
spec:
  name: devportal-config
  type: globalconfig_devportal
  config: |
    {
      "service_docs" : [
        {"service" : "namespace2.httpbin", "doc_url" : "https://httpbin.org/spec.json" },
        {"service" : "namespace2.petstore","doc_url" : "https://petstore.swagger.io/v2/swagger.json" },
        {"service" : "namespace2.k8s-1-dot-24-api","doc_url" : "https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.24/api/openapi-spec/swagger.json" }
                       ]
    }

Similarly a GlobalConfig to enable/disable mesh integration (like Linkerd and istio) and specify global TLS options can be specified like this -

---
apiVersion: enroute.saaras.io/v1
kind: GlobalConfig
metadata:
  labels:
    app: web
  name: enable-linkerd
  namespace: default
spec:
  name: linkerd-global-config
  type: globalconfig_globals
  config: |
        {
          "linkerd_enabled": true,
          "linkerd_header_disabled": false,
          "linkerd_servicemode_disabled": false,
          "istio_enabled": false,
          "tlsContext" : { "alpnProtos" : ["http/1.1"], "minimumTlsVersion" : "1.2" },
          "cache_responses" : true
        }

GlobalConfig to Envoy configuration

GlobalConfig configuration influences multiple parts of Envoy config

This section controls global properties like integration with service caches, TLS configuration and response caching

To enable mTLS and integration of service mesh istio and linkerd, set the flags istio_enabled or linkerd_enabled . When integration with linkerd is enabled, a couple of other settings are provided. More information about service mesh integration can be found in the integration section of docs.

SSL termination and TLS settings can also be configured using GlobalConfig. These settings let you configure the alpn protocols and minimum TLS version to be used for SSL termination.

The cache_responses flag controls if responses will be cached

Complete GlobalConfig CRD Spec

A complete description of the GlobalConfig CRD spec is located in github

← GatewayHost CRD
HealthCheck Filter →