Consul
HTTP route configuration reference
This topic provides reference information for the gateway routes configuration entry. Refer to Route Resource Configuration for information about configuring API gateway routes in Kubernetes environments.
Configuration model
The following list outlines field hierarchy, language-specific data types, and
requirements in an http-route
configuration entry. Click on a property name
to view additional details, including default values.
Kind
: string | must behttp-route
Name
: string | no defaultNamespace
: string | no default EnterprisePartition
: string | no default EnterpriseMeta
: map | no defaultHostnames
: list | no defaultParents
: list | no defaultKind
: string | must beapi-gateway
Name
: string | no defaultNamespace
: string | no default EnterprisePartition
: string | no default EnterpriseSectionName
: string | no default
Rules
: list | no defaultFilters
: map | no defaultHeaders
: list | no defaultURLRewrite
: map | no defaultPath
: string | no default
RetryFilter
: mapNumRetries
: number |1
RetryOnConnectionFailure
: boolean |false
RetryOn
: list of stringsRetryOnStatusCodes
: list of numbers
TimeoutFilter
: mapIdleTimeout
: number |0
RequestTimeout
: number |0
JWT
: mapProviders
: listName
: stringVerifyClaims
: map
ResponseFilters
Matches
: list | no defaultServices
: list | no defaultName
: string | no defaultNamespace
: string EnterprisePartition
: string EnterpriseWeight
: number |1
Filters
: map | no defaultHeaders
: list | no defaultURLRewrite
: map | no defaultPath
: string | no default
RetryFilter
: mapNumRetries
: number |1
RetryOnConnectionFailure
: boolean |false
RetryOn
: list of stringsRetryOnStatusCodes
: list of numbers
TimeoutFilter
: mapIdleTimeout
: number |0
RequestTimeout
: number |0
JWT
: mapProviders
: listName
: stringVerifyClaims
: map
ResponseFilters
Complete configuration
When every field is defined, an http-route
configuration entry has the following form:
Kind = "http-route"
Name = "<name of the route>"
Namespace = "<enterprise: namespace of the service>"
Partition = "<enterprise: partition of the service>"
Meta = {
"<any key>" = "<any value>"
}
Hostnames = ["<hostnames for which this HTTPRoute should respond to requests>"]
Parents = [
{
Kind = "api-gateway"
Name = "<name of the api-gateway to bind to>"
Namespace = "<enterprise: namespace of the service>"
Partition = "<enterprise: partition of the service>"
SectionName = "<optional name of a specific listener on the api-gateway to bind to>"
}
]
Rules = [
{
Filters = {
Headers = [
{
Add = {
"<name of header to add>" = "<value of header to add>"
}
Remove = [
"<name of header to remove from request>"
]
Set = {
"<name of header to set>" = "<value of header to set>"
}
}
]
URLRewrite = {
Path = "<path to rewrite request to>"
}
JWT = {
Providers = [
Name = "<name of the provider>"
VerifyClaim = {
Path = ["<path to claim>"]
Value = "<value of claim>"
}
]
}
}
ResponseFilters = {
Headers = [
{
Add = {
"<name of header to add>" = "<value of header to add>"
}
Remove = [
"<name of header to remove from response>"
]
Set = {
"<name of header to set>" = "<value of header to set>"
}
}
]
}
Matches = [
{
Headers = [
{
Match = "<type of match: exact, prefix or regex>"
Name = "<name of header to match on>"
Value = "<value of header to match on>"
}
]
Method = "<method type to match on>"
Path = {
Match = "<type of match: exact, prefix or regex>"
Value = "<value to match on>"
}
Query = [
{
Match = "<type of match: exact, present or regex>"
Name = "<name of query parameter to match on>"
Value = "<value of query parameter to match on>"
}
]
}
]
Services = [
{
Name = "<name of Consul service to route to>"
Namespace = "<enterprise: namespace of the service>"
Partition = "<enterprise: partition of the service>"
Weight = "<number proportional to other weights>"
Filters = {
Headers = [
{
Add = {
"<name of header to add>" = "<value of header to add>"
}
Remove = [
"<name of header to remove from request>"
]
Set = {
"<name of header to set>" = "<value of header to set>"
}
}
]
URLRewrite = {
Path = "<path to rewrite request to>"
}
}
}
]
}
]
Specification
This section provides details about the fields you can configure in the http-route
configuration entry.
Kind
Specifies the type of configuration entry to implement. For HTTP routes, this must be http-route
.
Values
- Default: none
- This field is required.
- Data type: string value that must be set to
"http-route"
.
Name
Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster.
Values
- Default: Defaults to the name of the node after writing the entry to the Consul server.
- This field is required.
- Data type: string
Namespace
Enterprise
Specifies the Enterprise namespace to apply to the configuration entry.
Values
- Default:
"default"
in Enterprise - Data type: string
Partition
Enterprise
Specifies the Enterprise admin partition to apply to the configuration entry.
Values
- Default:
"default"
in Enterprise - Data type: string
Meta
Specifies an arbitrary set of key-value pairs to associate with the route.
Values
- Default: none
- Data type: map containing one or more keys and string values.
Parents[]
Specifies the list of gateways that this route binds to.
Values
- Default: none
- Data type: List of map. Each member of the list contains the following fields:
Kind
Name
Namespace
EnterprisePartition
EnterpriseSectionName
Parents[].Kind
Specifies the type of resource to bind to. This field is required and must be
set to "api-gateway"
Values
- Default: none
- This field is required.
- Data type: string value set to
"api-gateway"
Parents[].Name
Specifies the name of the api-gateway to bind to.
Values
- Default: none
- This field is required.
- Data type: string
Parents[].Namespace
Enterprise
Specifies the Enterprise namespace to apply to the configuration entry.
Values
- Default:
"default"
in Enterprise - Data type: string
Parents[].Partition
Enterprise
Specifies the Enterprise admin partition to apply to the configuration entry.
Values
- Default:
"default"
in Enterprise - Data type: string
Parents[].SectionName
Specifies the name of the listener to bind to on the api-gateway
. If left
empty, this route binds to all listeners on the parent gateway.
Values
- Default: ""
- Data type: string
Rules[]
Specifies the list of HTTP-based routing rules that this route uses to construct a route table.
Values
- Default:
- Data type: List of maps. Each member of the list contains the following fields:
Rules[].Filters[]
Specifies the list of HTTP-based filters used to modify a request prior to routing it to the upstream service.
Values
- Default: none
- Data type: Map that contains the following fields:
Rules[].Filters[].Headers[]
Defines operations to perform on matching request headers when an incoming request matches the Rules.Matches
configuration.
Values
This field contains the following configuration objects:
Parameter | Description | Type |
---|---|---|
set | Configure this field to rewrite the HTTP request header. It specifies the name of an HTTP header to overwrite and the new value to set. Any existing values associated with the header name are overwritten. You can specify the following configurations:
| List of maps |
add | Configure this field to append the request header with a new value. It specifies the name of an HTTP header to append and the values to add. You can specify the following configurations:
| List of maps |
remove | Configure this field to specify an array of header names to remove from the request header. | List of strings |
Rules[].Filters[].URLRewrite
Specifies rule for rewriting the URL of incoming requests when an incoming request matches the Rules.Matches
configuration.
Values
- Default: none
- This field is a map that contains a
Path
field.
Rules[].Filters[].URLRewrite.Path
Specifies a path that determines how Consul API Gateway rewrites a URL path. Refer to Reroute HTTP requests for additional information.
Values
The following table describes the parameters for path
:
Parameter | Description | Type |
---|---|---|
replacePrefixMatch | Specifies a value that replaces the path prefix for incoming HTTP requests. The operation only affects the path prefix. The rest of the path is unchanged. | String |
type | Specifies the type of replacement to use for the URL path. You can specify the following values:
| String |
Rules[].Filters[].RetryFilter
Specifies a block of settings Consul uses to retry a request if it fails.
Values
- Default: None
- Data type: Map containing the following parameters:
Rules[].Filters[].RetryFilter{}.NumRetries
Specifies the number of times to retry the request when a retry condition occurs.
Values
- Default:
1
- Data type: Integer
Rules[].Filters[].RetryFilter{}.RetryOnConnectFailure
Enables Consul to retry the request if the connection fails. Define the one or more retry configurations to define the retry logic for the route.
Values
- Default:
false
- Data type: Boolean
Rules[].Filters[].RetryFilter{}.RetryOn
Specifies a list of conditions for Consul to retry requests based on the response from an upstream service. The following retry conditions are supported:
Conditions | Description |
---|---|
5xx | Consul retries the request when an upstream responds with any 5xx error code or does not respond at all. |
gateway-error | Consul retries the request when the upstream responds with a 502, 503, or 504 error. |
reset | Consul retries the request when the upstream does not respond at all. |
connect-failure | Consul retries the request when the connection to the upstream fails. |
envoy-ratelimited | Consul retries the request when the header x-envoy-ratelimited is present. |
retriable-4xx | Consul retries the request when the upstream responds with a retriable 4xx code. |
refused-stream | Consul retries the request when the upstream resets the stream with a REFUSED_STREAM error code. |
cancelled | Consul retries the request when the gRPC status code in the response headers is cancelled . |
deadline-exceeded | Consul retries the request when the gRPC status code in the response headers is deadline-exceeded . |
internal | Consul retries the request when the gRPC status code in the response headers is internal . |
resource-exhausted | Consul retries the request when the gRPC status code in the response headers is resource-exhausted . |
unavailable | Consul retries the request when the gRPC status code in the response headers is unavailable . |
Values
Default: None
Data type: List of strings. Strings must match one of the following values:
Rules[].Filters[].RetryFilter{}.RetryOnStatusCodes
Specifies a list of integers for HTTP response status codes that trigger a retry request.
Values
- Default: None
- Data type: List of integers
Rules[].Filters[].TimeoutFilter
Specifies timeout settings for routes from an API gateway listener to the destination service in Consul service mesh.
Values
- Default: None
- Data type: Map
The following table describes the settings you can configure in the TimeoutFilter
map:
Parameter | Description | Data type | Default |
---|---|---|---|
IdleTimeout | Specifies the total amount of time permitted for the request stream to be idle. | Integer | 0 |
RequestTimeout | Specifies the total amount of time in nanoseconds, including retry attempts, Consul permits for the entire downstream request to be processed. | Integer | 0 |
Rules[].Filters{}.JWT
Specifies a block of JWT verification configurations to apply to the route. These route-specific settings have precedence over default configurations defined for listeners the route attaches to on the API gateway. Refer to Listeners[].default{}.JWT
for additional information.
Values
- Default: None
- Data type: Map
Rules[].Filters[].JWT{}.Providers
Specifies a list of JWT provider configurations to apply to the route. A provider configuration contains the name of the provider and claims.
Values
- Default: None
- Data type: List of maps
The following table describes the parameters you can specify in a member of the Providers
list:
Parameter | Description | Data type | Default |
---|---|---|---|
Name | Specifies the name of the provider. | String | None |
VerifyClaims | Specifies a list of paths and a value that define the claim. Consul verifies requests that match the claims declared in the listener JWT configuration and allow the request through the gateway. The VerifyClaims map specifies the following settings:
| Map | None |
Refer to Configure JWT verification settings for an example configuration.
Rules[].ResponseFilters[]
Specifies the list of HTTP-based filters used to modify a response prior to routing it to the calling client.
Values
- Default: none
- Data type: Map that contains the following fields:
Rules[].ResponseFilters[].Headers[]
Defines operations to perform on matching response headers when an incoming request matches the Rules.Matches
configuration.
Values
This field contains the following configuration objects:
Parameter | Description | Type |
---|---|---|
set | Configure this field to rewrite the HTTP response header. It specifies the name of an HTTP header to overwrite and the new value to set. Any existing values associated with the header name are overwritten. You can specify the following configurations:
| List of maps |
add | Configure this field to append the response header with a new value. It specifies the name of an HTTP header to append and the values to add. You can specify the following configurations:
| List of maps |
remove | Configure this field to specify an array of header names to remove from the response header. | List of strings |
Rules[].Matches[]
Specifies the matching criteria used in the routing table. When an incoming
request matches the given HTTPMatch configuration, traffic routes to
services specified in the Rules.Services
field.
Values
- Default: none
- Data type: List containing maps. Each member of the list contains the following fields:
Rules[].Matches[].Headers[]
Specifies rules for matching incoming request headers. You can specify multiple rules in a list, as well as multiple lists of rules. If all rules in a single list are satisfied, then the route forwards the request to the appropriate service defined in the Rules.Services
configuration. You can create multiple Header[]
lists to create a range of matching criteria. When at least one list of matching rules are satisfied, the route forwards the request to the appropriate service defined in the Rules.Services
configuration.
Values
Rules.Matches.Headers.Match
Specifies type of match for headers: "exact"
, "prefix"
, or "regex"
.
Values
- Default: none
- Data type: string
Rules.Matches.Headers.Name
Specifies the name of the header to match.
Values
- Default: none
- Data type: string
Rules[].Matches.Headers.Value
Specifies the value of the header to match.
Values
- Default: none
- Data type: string
Rules[].Matches[].Method
Specifies a list of strings that define matches based on HTTP request method.
Values
Specify one of the following string values:
Rules[].Matches[].Path
Specifies the HTTP method to match.
Values
Rules[].Matches[].Path.Match
Specifies type of match for the path: "exact"
, "prefix"
, or "regex"
.
If set to prefix
, Consul uses simple string matching to identify incoming request prefixes. For example, if the route is configured to match incoming requests to services prefixed with /dev
, then the gateway would match requests to /dev-
and /deviate
and route to the upstream.
This deviates from the
Kubernetes Gateway API specification, which matches on full path elements. In the previous example, only requests to /dev
or /dev/
would match.
Values
- Default: none
- Data type: string
Rules[].Matches[].Path.Value
Specifies the value of the path to match.
Values
- Default: none
- Data type: string
Rules[].Matches[].Query[]
Specifies how a match is completed on a request’s query parameters.
Values
Rules[].Matches[].Query[].Match
Specifies type of match for query parameters: "exact"
, "prefix"
, or "regex"
.
Values
- Default: none
- Data type: string
Rules[].Matches[].Query[].Name
Specifies the name of the query parameter to match.
Values
- Default: none
- Data type: string
Rules[].Matches[].Query[].Value
Specifies the value of the query parameter to match.
Values
- Default: none
- Data type: string
Rules[].Services[]
Specifies the service that the API gateway routes incoming requests to when the
requests match the Rules.Matches
configuration.
Values
- Default: none
- This field contains a list of maps. Each member of the list contains the following fields:
Rules[].Services[].Name
Specifies the name of an HTTP-based service to route to.
Values
- Default: none
- Data type: string
Rules[].Services[].Namespace
Enterprise
Specifies the Enterprise namespace to apply to the configuration entry.
Values
- Default:
"default"
in Enterprise - Data type: string
Rules[].Services.Partition
Enterprise
Specifies the Enterprise admin partition to apply to the configuration entry.
Values
- Default:
"default"
in Enterprise - Data type: string
Rules[].Services[].Weight
Specifies the proportion of requests forwarded to the specified service. If no weight is specified, or if the specified
weight is set to less than or equal to 0
, the weight is normalized to 1
. The
proportion is determined by dividing the value of the weight by the sum of all
weights in the service list. For non-zero values, there may be some deviation
from the exact proportion depending on the precision an implementation
supports. Weight is not a percentage and the sum of weights does not need to
equal 100.
Values
- Default: none
- Data type: integer
Rules[].Services[].Filters[]
Specifies the list of HTTP-based filters used to modify a request prior to routing it to this upstream service.
Values
- Default: none
- Data type: Map that contains the following fields:
Rules[].Services[].Filters[].Headers[]
Defines operations to perform on matching request headers.
Values
This field contains the following configuration objects:
Parameter | Description | Type |
---|---|---|
set | Configure this field to rewrite the HTTP request header. It specifies the name of an HTTP header to overwrite and the new value to set. Any existing values associated with the header name are overwritten. You can specify the following configurations:
| List of maps |
add | Configure this field to append the request header with a new value. It specifies the name of an HTTP header to append and the values to add. You can specify the following configurations:
| List of maps |
remove | Configure this field to specify an array of header names to remove from the request header. | List of strings |
Rules[].Services[].Filters[].URLRewrite
Specifies rule for rewriting the URL of incoming requests.
Values
- Default: none
- This field is a map that contains a
Path
field.
Rules[].Services[].Filters[].RetryFilters
Specifies a block of settings Consul uses to retry a request if it fails.
Values
- Default: None
- Data type: Map containing the following parameters:
Rules[].Services[].Filters[].RetryFilters{}.NumRetries
Specifies the number of times to retry the request when a retry condition occurs.
Values
- Default:
1
- Data type: Integer
Rules[].Services[].Filters[].RetryFilters{}.RetryOnConnectFailure
Enables Consul to retry the request if the connection fails. Define the one or more retry configurations to define the retry logic for the route.
Values
- Default:
false
- Data type: Boolean
Rules[].Services[].Filters[].RetryFilters{}.RetryOn
Specifies a list of conditions for Consul to retry requests based on the response from an upstream service. The following retry conditions are supported:
Conditions | Description |
---|---|
5xx | Consul retries the request when an upstream responds with any 5xx error code or does not respond at all. |
gateway-error | Consul retries the request when the upstream responds with a 502, 503, or 504 error. |
reset | Consul retries the request when the upstream does not respond at all. |
connect-failure | Consul retries the request when the connection to the upstream fails. |
envoy-ratelimited | Consul retries the request when the header x-envoy-ratelimited is present. |
retriable-4xx | Consul retries the request when the upstream responds with a retriable 4xx code. |
refused-stream | Consul retries the request when the upstream resets the stream with a REFUSED_STREAM error code. |
cancelled | Consul retries the request when the gRPC status code in the response headers is cancelled . |
deadline-exceeded | Consul retries the request when the gRPC status code in the response headers is deadline-exceeded . |
internal | Consul retries the request when the gRPC status code in the response headers is internal . |
resource-exhausted | Consul retries the request when the gRPC status code in the response headers is resource-exhausted . |
unavailable | Consul retries the request when the gRPC status code in the response headers is unavailable . |
Values
Default: None
Data type: List of strings. Strings must match one of the following values:
Rules[].Services[].Filters[].RetryFilters{}.RetryOnStatusCodes
Specifies a list of integers for HTTP response status codes that trigger a retry request.
Values
- Default: None
- Data type: List of integers
Rules[].Services[].Filters[].TimeoutFilter
Specifies timeout settings for routes from an API gateway listener to the destination service in Consul service mesh.
Values
- Default: None
- Data type: Map
The following table describes the settings you can configure in the TimeoutFilter
map:
Parameter | Description | Data type | Default |
---|---|---|---|
IdleTimeout | Specifies the total amount of time permitted for the request stream to be idle. | Integer | 0 |
RequestTimeout | Specifies the total amount of time in nanoseconds, including retry attempts, Consul permits for the entire downstream request to be processed. | Integer | 0 |
Rules[].Services[].ResponseFilters[]
Specifies the list of HTTP-based filters used to modify a response prior to routing it to the calling client.
Values
- Default: none
- Data type: Map that contains the following fields:
Rules[].Services[].ResponseFilters[].Headers[]
Defines operations to perform on matching response headers when an incoming request matches the Rules.Matches
configuration.
Values
This field contains the following configuration objects:
Parameter | Description | Type |
---|---|---|
set | Configure this field to rewrite the HTTP response header. It specifies the name of an HTTP header to overwrite and the new value to set. Any existing values associated with the header name are overwritten. You can specify the following configurations:
| List of maps |
add | Configure this field to append the response header with a new value. It specifies the name of an HTTP header to append and the values to add. You can specify the following configurations:
| List of maps |
remove | Configure this field to specify an array of header names to remove from the response header. | List of strings |
Examples
The following examples demonstrate common HTTP route configuration patterns for specific use cases.
Configure JWT verification settings
In the following example, the route is configured to accept incoming requests from the okta
provider that requires the client to have admin
permissions.
kind = "http-route"
name = "api-gateway-route"
parents = [
{
sectionName = "listener-one"
name = "api-gateway"
kind = "api-gateway"
},
]
rules = [
{
matches = /
}
{
matches = /admin
filters = {
JWT = {
Providers = [
{
Name = "okta", # this is referencing an existing JWT provider config entry
VerifyClaims = {
Path = ["perms", "role"],
Value = "admin",
}
}
]
}
}
services = [
{
name = "bender"
}
]
}
]