Kong · Schema
ForwardToClusterBySNIConfig
The configuration to forward requests to virtual clusters configured with SNI routing.
API GatewayAI GatewayAI ConnectivityAgent GatewayEvent GatewayMCP RegistryService MeshLLMKafkaKonnectOpen Source
Properties
| Name | Type | Description |
|---|---|---|
| type | string | |
| sni_suffix | string | Optional suffix for TLS SNI validation. This suffix is concatenated with the virtual cluster "dns.label" label to form the base name for the SNI. If not provided, the virtual cluster "dns.label" label |
| advertised_port | integer | Virtual brokers are advertised to clients with this port instead of listen_port. Useful when proxy is behind loadbalancer listening on different port. |
| broker_host_format | object | Configures DNS names assigned to brokers in virtual clusters. - `per_cluster_suffix` is the default and allocates one level in the hierarchy for virtual clusters: `broker-{node_id}.{virtual_cluster}.{ |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/ForwardToClusterBySNIConfig",
"title": "ForwardToClusterBySNIConfig",
"description": "The configuration to forward requests to virtual clusters configured with SNI routing.\n",
"type": "object",
"properties": {
"type": {
"type": "string",
"const": "sni"
},
"sni_suffix": {
"description": "Optional suffix for TLS SNI validation.\n\nThis suffix is concatenated with the virtual cluster \"dns.label\" label to form the base name for the SNI.\nIf not provided, the virtual cluster \"dns.label\" label alone is used as the base name for the SNI.\nFor example with sni_suffix: `.example.com` and virtual cluster \"dns.label\" label: `my-cluster`,\nthe SNI suffix for it is `my-cluster.example.com`.\nIf \"dns.label\" label is absent on the virtual cluster, the traffic won't be routed there.\n\nThe bootstrap host is `bootstrap.my-cluster.example.com` and then each broker is addressable at `broker-0.my-cluster.example.com`, `broker-1.my-cluster.example.com`, etc.\nThis means that your deployment needs to have a wildcard certificate for the domain and a DNS resolver that routes `*.my-cluster.example.com` to the proxy.\n\nThe accepted format is a DNS subdomain starting with either `.` or `-`. For example, `-keg.example.com`, `.keg.example.com`, `.namespace.svc.cluster.local`, and `.localhost` are all valid,\nwhile `keg.example.com` is not.\n",
"type": "string",
"example": ".example.com",
"pattern": "^[\\.-]([a-z0-9]([a-z0-9-]*[a-z0-9])?\\.)*([a-z0-9-]*[a-z0-9])$"
},
"advertised_port": {
"description": "Virtual brokers are advertised to clients with this port instead of listen_port. Useful when proxy is\nbehind loadbalancer listening on different port.\n",
"type": "integer",
"maximum": 65535,
"minimum": 1
},
"broker_host_format": {
"description": "Configures DNS names assigned to brokers in virtual clusters.\n\n- `per_cluster_suffix` is the default and allocates one level in the hierarchy for virtual clusters: `broker-{node_id}.{virtual_cluster}.{sni_suffix}`\n- `shared_suffix` puts all brokers from every virtual clusters into the same level: `broker-{node_id}-{virtual_cluster}.{sni_suffix}`. This makes it easier to manage certificates for this listener.\n\n**Requires a minimum runtime version of `1.1`**.",
"type": "object",
"properties": {
"type": {
"type": "string",
"default": "per_cluster_suffix",
"enum": [
"per_cluster_suffix",
"shared_suffix"
],
"x-speakeasy-unknown-values": "allow"
}
},
"required": [
"type"
],
"x-min-runtime-version": "1.1"
}
},
"additionalProperties": false,
"required": [
"type"
]
}