Static Asset Route
StaticAssetRoute
Defines the high-level intent for serving static content via the public ingress layer.
Establishes routing topologies that map predictable URL paths directly to storage buckets. Operates in conjunction with load balancing topography to facilitate low-latency, edge-optimized delivery of frontend assets and immutable media payloads.
| Property | Type | Description |
|---|---|---|
| apiVersion | string | |
| kind | string | |
| metadata | map | |
| spec | Spec |
Spec
Contains the mapping between URL paths and storage buckets. Encapsulates configuration parameters for resolving traffic trajectories based on URL prefix matching.
| Property | Type | Description |
|---|---|---|
| description | string | This description is optional but will drastically improve the understand of the AI assistant about the structural elements of the organization |
| paths | list of PathsEntry | A map that defines how URL paths are routed to Bucket manifests. The key is the URL path prefix (e.g., /images), and the value specifies the name of the Bucket manifest to serve content from. Translates into path-based routing rules coupled with backend storage allocations on the ingress load balancer topology. |
PathsEntry
| Property | Type | Description |
|---|---|---|
| key | string | |
| value | BucketRouteConfig |
BucketRouteConfig
Configures authorization rules specifically for bucket backends.
Affects the associated URL map routing and attached authz extensions when a Load Balancer path serves static assets directly from GCS.
| Property | Type | Description |
|---|---|---|
| name | string | |
| authentication | list of RouteRuleAuthenticationConfig | Rule Authentication Configuration. Defines the authentication configuration for this rule. If not specified, the rule will be unauthenticated. |
| authorization | list of ComputedAuthorizationAccessRuleCheck | Rule Authorization Configuration. Defines the authorization configuration for this rule. If not specified, the rule will be open to all users. |
ComputedAuthorizationAccessRuleCheck
Represents a computed access check for a route rule.
Maps an expected identity tuple (namespace, relation, object) that the AuthZ extension must validate during the request flow.
| Property | Type | Description |
|---|---|---|
| namespace | string | This value is a direct reflection of 'spec.authorization.namespace' from a child 'HttpRoute' or 'GrpcRoute' manifest. |
| relation | string | This value is a direct reflection of 'spec.authorization.relation' from a child 'HttpRoute' or 'GrpcRoute' manifest. |
| object | string | This value is a direct reflection of 'spec.authorization.object' from a child 'HttpRoute' or 'GrpcRoute' manifest. |
RouteRuleAuthenticationConfig
Configures authentication exceptions or specifics for a route rule.
Translates into localized Gateway or Load Balancer configurations dictating how auth assertions are evaluated for specific matched paths.
| Property | Type | Description |
|---|---|---|
| type | string | |
| tenants | list of string | Tenant-specific authentication configuration. A list of IdentityProvider names allowed to access this route. Only applicable if type is IDENTITY_PROVIDER. |