This resource is part of the v1alpha1 Envoy Gateway extension API and is subject to change. Fields and behavior may change in future releases.
Identity
| |
|---|
| Group | gateway.envoyproxy.io |
| Version | v1alpha1 |
| Kind | Backend |
| Scope | Project |
Overview
A Backend defines a set of network endpoints that traffic can be routed to, along with the behavior of the connection from the Datum Cloud gateway data plane to those endpoints. It is an Envoy Gateway extension to the Gateway API, defined by the Envoy Gateway API: instead of routing to a Service, a route can reference a Backend to reach fully qualified domain names, raw IP addresses, or Unix domain sockets — with optional TLS origination and fallback behavior.
Use a Backend when you need to send traffic to a destination that is described by an explicit address (for example, an external API reachable by FQDN) rather than a Service in your Project, or when you need per-backend TLS or failover controls.
Spec fields
| Field | Type | Required | Description |
|---|
spec.type | string | No | Backend type. One of Endpoints (default) or DynamicResolver. |
spec.endpoints | []Object | No | The endpoints to connect to. Each entry is exactly one of fqdn, ip, or unix. |
spec.endpoints[].fqdn | Object | No | A fully qualified domain name endpoint. |
spec.endpoints[].fqdn.hostname | string | Yes* | The FQDN hostname of the endpoint (*required when fqdn is set). |
spec.endpoints[].fqdn.port | integer | Yes* | The port of the endpoint (*required when fqdn is set). |
spec.endpoints[].ip | Object | No | An IP endpoint. Supports IPv4 and IPv6. |
spec.endpoints[].ip.address | string | Yes* | The IP address of the endpoint (*required when ip is set). |
spec.endpoints[].ip.port | integer | Yes* | The port of the endpoint (*required when ip is set). |
spec.endpoints[].unix | Object | No | A Unix domain socket endpoint. |
spec.endpoints[].hostname | string | No | Optional hostname for the endpoint. |
spec.endpoints[].zone | string | No | The service zone of the endpoint. |
spec.appProtocols | []string | No | Application protocols supported when connecting to the backend. |
spec.fallback | boolean | No | Marks the backend as a fallback. Fallback backends only receive traffic when the health of the active backends drops (they begin serving once active health falls below roughly 72%). Configure active or passive health checks so failover is detected and reversed automatically. |
spec.tls | Object | No | TLS settings for connecting to the backend. When both this and a BackendTLSPolicy apply, the settings are merged and the policy’s values win on overlap. |
spec.tls.caCertificateRefs | []Object | No | One or more references to objects containing the CA certificates used as trust anchors to validate the backend’s certificate (a single reference with the CA in a ca.crt key is currently supported). Either this or wellKnownCACertificates must be set, but not both. |
spec.tls.wellKnownCACertificates | string | No | Use system-provided CA certificates for the handshake. Only value is System. Either this or caCertificateRefs must be set, but not both. |
spec.tls.insecureSkipVerify | boolean | No | Skip verification of the backend’s certificate. Defaults to false. |
Status fields (read-only)
| Field | Type | Description |
|---|
status.conditions | []Object | Describes the current conditions of the Backend. |
Usage
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: Backend
metadata:
name: example-api
spec:
type: Endpoints
endpoints:
- fqdn:
hostname: api.example.com
port: 443
datumctl apply -f backend.yaml --project my-project
datumctl get backends --project my-project
datumctl describe backend example-api --project my-project
Run datumctl explain backends --recursive to see the full, live field tree for this resource.