Here’s an example of a MeshHTTPRoute resource:
Kubernetes
Universal
Terraform
apiVersion : kuma.io/v1alpha1 kind : MeshHTTPRoute metadata : name : edge-gateway-route namespace : kong-mesh-system labels : kuma.io/mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway tags : port : http-8080 to : - targetRef : kind : Mesh hostnames : - example.com rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : demo-app_kuma-demo_svc_5000
apiVersion : kuma.io/v1alpha1 kind : MeshHTTPRoute metadata : name : edge-gateway-route namespace : kong-mesh-system labels : kuma.io/mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway tags : port : http-8080 to : - targetRef : kind : Mesh hostnames : - example.com rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : demo-app namespace : kuma-demo port : 5000
type : MeshHTTPRoute name : edge-gateway-route mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway tags : port : http-8080 to : - targetRef : kind : Mesh hostnames : - example.com rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : demo-app
type : MeshHTTPRoute name : edge-gateway-route mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway tags : port : http-8080 to : - targetRef : kind : Mesh hostnames : - example.com rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : demo-app port : 5000
Adjust konnect_mesh_control_plane.my_meshcontrolplane.id and konnect_mesh.my_mesh.name according to your current configuration.
resource "konnect_mesh_http_route" "edge_gateway_route" { provider = konnect - beta type = "MeshHTTPRoute" name = "edge-gateway-route" spec = { target_ref = { kind = "MeshGateway" name = "edge-gateway" tags = { port = "http-8080" } } to = [ { target_ref = { kind = "Mesh" } hostnames = [ = "example.com" ] rules = [ { matches = [ { path = { type = "PathPrefix" value = "/" } } ] default = { backend_refs = [ { kind = "MeshService" name = "demo-app" port = "5000" } ] } } ] } ] } labels = { "kuma.io/mesh" = konnect_mesh.my_mesh.name } cp_id = konnect_mesh_control_plane . my_meshcontrolplane . id mesh = konnect_mesh . my_mesh . name }
MeshGatewayhostname field that limits the traffic accepted by the listener depending on the protocol:
HTTP: Host header must match
TLS: SNI must match
HTTPS: Both SNI and host must match
When attaching routes to specific listeners, the routes are isolated from each other. If we consider the following listeners:
conf : listeners : - port : 8080 protocol : HTTP hostname : foo.example.com tags : hostname : foo - port : 8080 protocol : HTTP hostname : * .example.com tags : hostname : wild
Along with the following MeshHTTPRoute
Kubernetes
Universal
Terraform
apiVersion : kuma.io/v1alpha1 kind : MeshHTTPRoute metadata : name : http-route namespace : kong-mesh-system labels : kuma.io/mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway tags : hostname : wild to : - targetRef : kind : Mesh rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example_app_svc_8080
apiVersion : kuma.io/v1alpha1 kind : MeshHTTPRoute metadata : name : http-route namespace : kong-mesh-system labels : kuma.io/mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway tags : hostname : wild to : - targetRef : kind : Mesh rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example namespace : app port : 8080
type : MeshHTTPRoute name : http-route mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway tags : hostname : wild to : - targetRef : kind : Mesh rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example
type : MeshHTTPRoute name : http-route mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway tags : hostname : wild to : - targetRef : kind : Mesh rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example port : 8080
Adjust konnect_mesh_control_plane.my_meshcontrolplane.id and konnect_mesh.my_mesh.name according to your current configuration.
resource "konnect_mesh_http_route" "http_route" { provider = konnect - beta type = "MeshHTTPRoute" name = "http-route" spec = { target_ref = { kind = "MeshGateway" name = "edge-gateway" tags = { hostname = "wild" } } to = [ { target_ref = { kind = "Mesh" } rules = [ { matches = [ { path = { type = "PathPrefix" value = "/" } } ] default = { backend_refs = [ { kind = "MeshService" name = "example" port = "8080" } ] } } ] } ] } labels = { "kuma.io/mesh" = konnect_mesh.my_mesh.name } cp_id = konnect_mesh_control_plane . my_meshcontrolplane . id mesh = konnect_mesh . my_mesh . name }
This route explicitly attaches to the second listener with hostname: *.example.com.
This means that requests to foo.example.com, which match the first listener because it’s more specific, will return a 404 because there are no routes attached for that listener.
MeshHTTPRoute
Kubernetes
Universal
Terraform
apiVersion : kuma.io/v1alpha1 kind : MeshHTTPRoute metadata : name : http-route namespace : kong-mesh-system labels : kuma.io/mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway to : - targetRef : kind : Mesh rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example-v1_app_svc_8080 - targetRef : kind : Mesh hostnames : - dev.example.com rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example-v2_app_svc_8080
apiVersion : kuma.io/v1alpha1 kind : MeshHTTPRoute metadata : name : http-route namespace : kong-mesh-system labels : kuma.io/mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway to : - targetRef : kind : Mesh rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example-v1 namespace : app port : 8080 - targetRef : kind : Mesh hostnames : - dev.example.com rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example-v2 namespace : app port : 8080
type : MeshHTTPRoute name : http-route mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway to : - targetRef : kind : Mesh rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example-v1 - targetRef : kind : Mesh hostnames : - dev.example.com rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example-v2
type : MeshHTTPRoute name : http-route mesh : default spec : targetRef : kind : MeshGateway name : edge-gateway to : - targetRef : kind : Mesh rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example-v1 port : 8080 - targetRef : kind : Mesh hostnames : - dev.example.com rules : - matches : - path : type : PathPrefix value : "/" default : backendRefs : - kind : MeshService name : example-v2 port : 8080
Adjust konnect_mesh_control_plane.my_meshcontrolplane.id and konnect_mesh.my_mesh.name according to your current configuration.
resource "konnect_mesh_http_route" "http_route" { provider = konnect - beta type = "MeshHTTPRoute" name = "http-route" spec = { target_ref = { kind = "MeshGateway" name = "edge-gateway" } to = [ { target_ref = { kind = "Mesh" } rules = [ { matches = [ { path = { type = "PathPrefix" value = "/" } } ] default = { backend_refs = [ { kind = "MeshService" name = "example-v1" port = "8080" } ] } } ] } , { target_ref = { kind = "Mesh" } hostnames = [ = "dev.example.com" ] rules = [ { matches = [ { path = { type = "PathPrefix" value = "/" } } ] default = { backend_refs = [ { kind = "MeshService" name = "example-v2" port = "8080" } ] } } ] } ] } labels = { "kuma.io/mesh" = konnect_mesh.my_mesh.name } cp_id = konnect_mesh_control_plane . my_meshcontrolplane . id mesh = konnect_mesh . my_mesh . name }
This route would send all traffic to dev.example.com to the v2 backend, but other traffic to v1.