Skip to main content

Rover Domain

The Rover domain is the primary user-facing entry point for the Control Plane. Users define their API exposures, subscriptions, and event configurations in a declarative Rover file, and the operator translates them into resources across multiple other domains.

Custom Resources

ApiSpecification

ApiSpecification is the Schema for the apispecifications API

Group: rover.cp.ei.telekom.de · Version: v1 · Scope: Namespaced

ApiSpecificationSpec

Appears in: ApiSpecification

FieldTypeDefaultValidation
basepathstringRequired, maxLength: 200, pattern: ^/.*$
categorystringotherRequired
hashstringRequired
scopesstring[]Optional
specificationstringRequired
versionstringRequired, pattern: ^\d+.*$
xvendorbooleanfalseOptional

ApiSpecificationStatus

Appears in: ApiSpecification

FieldTypeDefaultValidation
apiApiOptional
conditionsCondition[]Optional

Api

Appears in: ApiSpecificationStatus, EventSpecificationStatus, RoverStatus

API reference

FieldTypeDefaultValidation
namestringRequired
namespacestringRequired
uidstringOptional

Condition

Appears in: ApiSpecificationStatus, EventSpecificationStatus, RoverStatus

FieldTypeDefaultValidation
lastTransitionTimestringRequired, Format: date-time
messagestringRequired, maxLength: 32768
observedGenerationintegerOptional, Format: int64, minimum: 0
reasonstringRequired, minLength: 1, maxLength: 1024, pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
statusstringRequired, Enum: True \| False \| Unknown
typestringRequired, maxLength: 316, pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$

EventSpecification

EventSpecification is the Schema for the eventspecifications API. It defines an event type's metadata and creates the corresponding EventType singleton in the event domain, analogous to how ApiSpecification creates Api resources.

Group: rover.cp.ei.telekom.de · Version: v1 · Scope: Namespaced

EventSpecificationSpec

Appears in: EventSpecification

EventSpecificationSpec defines the desired state of EventSpecification.

FieldTypeDefaultValidation
descriptionstringOptional
specificationstringOptional
typestringRequired, minLength: 1, maxLength: 253, pattern: ^[a-z0-9]+(\.[a-z0-9]+)*$
versionstringRequired, pattern: ^\d+.*$

EventSpecificationStatus

Appears in: EventSpecification

EventSpecificationStatus defines the observed state of EventSpecification.

FieldTypeDefaultValidation
conditionsCondition[]Optional
eventTypeApiOptional

Rover

Rover is the Schema for the rovers API Rover resources define API exposures and subscriptions for applications

Group: rover.cp.ei.telekom.de · Version: v1 · Scope: Namespaced

RoverSpec

Appears in: Rover

Spec defines the desired state of the Rover resource

FieldTypeDefaultValidation
clientSecretstringOptional
exposuresExposures[]Optional
ipRestrictionsIpRestrictionsOptional
subscriptionsSubscriptions[]Optional
zonestringRequired, minLength: 1

Exposures

Appears in: RoverSpec

Exposures is a list of APIs and Events that this Rover exposes to consumers

FieldTypeDefaultValidation
apiRoverApiOptional
eventEventOptional

RoverApi

Appears in: Exposures

Api defines an API-based service exposure configuration

FieldTypeDefaultValidation
approvalApprovalRequired
basePathstringRequired, pattern: ^/.*$
securitySecurityOptional
trafficTrafficOptional
transformationTransformationOptional
upstreamsUpstreams[]Required, minItems: 1, maxItems: 12
visibilitystringEnterpriseRequired, Enum: World \| Zone \| Enterprise

Approval

Appears in: RoverApi, Event

Approval defines the approval workflow required for this API exposure

FieldTypeDefaultValidation
strategystringSimpleRequired, Enum: Auto \| Simple \| FourEyes
trustedTeamsTrustedTeam[]Optional, minItems: 0, maxItems: 10

TrustedTeam

Appears in: Approval

TrustedTeams identifies teams that are trusted for approving this API Per default your own team is trusted

FieldTypeDefaultValidation
groupstringRequired, minLength: 1
teamstringRequired, minLength: 1

Security

Appears in: RoverApi

Security defines optional security configuration for this API

FieldTypeDefaultValidation
m2mM2MOptional

M2M

Appears in: Security

M2M defines machine-to-machine authentication configuration

FieldTypeDefaultValidation
basicBasicOptional
externalIDPExternalIDPOptional
scopesstring[]Optional, maxItems: 10

Basic

Appears in: M2M, ExternalIDP, RoverM2M

Basic defines basic authentication configuration

FieldTypeDefaultValidation
passwordstringRequired, minLength: 1
usernamestringRequired, minLength: 1

ExternalIDP

Appears in: M2M

ExternalIDP defines external identity provider configuration

FieldTypeDefaultValidation
basicBasicOptional
clientClientOptional
grantTypestringOptional, Enum: client_credentials \| authorization_code \| password
tokenEndpointstringRequired, Format: uri
tokenRequeststringOptional, Enum: body \| header

Client

Appears in: ExternalIDP, RoverM2M

Client defines client credentials for the OAuth2 token request

FieldTypeDefaultValidation
clientIdstringOptional
clientKeystringOptional
clientSecretstringOptional

Traffic

Appears in: RoverApi

Traffic defines optional traffic management configuration for this API

FieldTypeDefaultValidation
circuitBreakerCircuitBreakerOptional
failoverFailoverOptional
loadBalancingLoadBalancingOptional
rateLimitRateLimitOptional

CircuitBreaker

Appears in: Traffic

CircuitBreaker defines the Kong circuit breaker configuration

FieldTypeDefaultValidation
enabledbooleanfalseOptional

Failover

Appears in: Traffic, RoverTraffic

Failover defines disaster recovery configuration for this API

FieldTypeDefaultValidation
zonesstring[]Optional, maxItems: 10

LoadBalancing

Appears in: Traffic

LoadBalancing defines how traffic is distributed among multiple upstream servers

FieldTypeDefaultValidation
strategystringRoundRobinOptional, Enum: RoundRobin \| LeastConnections

RateLimit

Appears in: Traffic

RateLimit defines request rate limiting for this API

FieldTypeDefaultValidation
consumersConsumersOptional
providerProviderOptional

Consumers

Appears in: RateLimit

Consumers defines rate limits applied to API consumers (clients)

FieldTypeDefaultValidation
defaultDefaultOptional
overridesOverrides[]Optional, maxItems: 10

Default

Appears in: Consumers

Default defines the rate limit applied to all consumers not specifically overridden

FieldTypeDefaultValidation
limitsLimitsRequired

Limits

Appears in: Default, Overrides, Provider

Limits defines the actual rate limit values for different time windows

FieldTypeDefaultValidation
hourintegerOptional, minimum: 0
minuteintegerOptional, minimum: 0
secondintegerOptional, minimum: 0

Overrides

Appears in: Consumers

Overrides defines consumer-specific rate limits

FieldTypeDefaultValidation
consumerstringRequired, minLength: 1
limitsLimitsRequired

Provider

Appears in: RateLimit

Provider defines rate limits applied by the API provider (owner)

FieldTypeDefaultValidation
limitsLimitsOptional
optionsRateLimitOptionsOptional

RateLimitOptions

Appears in: Provider

RateLimitOptions defines additional configuration options for rate limiting

FieldTypeDefaultValidation
faultTolerantbooleantrueOptional
hideClientHeadersbooleanfalseOptional

Transformation

Appears in: RoverApi, RoverApi2

Transformation defines optional request/response transformations for this API

FieldTypeDefaultValidation
requestRequestOptional

Request

Appears in: Transformation

Request defines transformations applied to incoming API requests

FieldTypeDefaultValidation
headersHeadersOptional

Headers

Appears in: Request

Headers defines HTTP header modifications for requests

FieldTypeDefaultValidation
addstring[]Optional, minItems: 1, maxItems: 5
removestring[]Optional, minItems: 1, maxItems: 5

Upstreams

Appears in: RoverApi

Upstreams defines the backend service endpoints for this API

FieldTypeDefaultValidation
urlstringRequired, Format: uri
weightinteger1Optional, minimum: 1, maximum: 100

Event

Appears in: Exposures

Event defines an Event-based service exposure configuration

FieldTypeDefaultValidation
additionalPublisherIdsstring[]Optional
approvalApprovalRequired
eventTypestringRequired, minLength: 1
scopesScopes[]Optional
visibilitystringEnterpriseRequired, Enum: World \| Zone \| Enterprise

Scopes

Appears in: Event

Scopes defines named scopes with optional publisher-side trigger filtering

FieldTypeDefaultValidation
namestringRequired, minLength: 1
triggerTriggerRequired

Trigger

Appears in: Scopes, RoverEvent

Trigger defines publisher-side filtering criteria for this scope. Every scope must define a trigger.

FieldTypeDefaultValidation
responseFilterResponseFilterOptional
selectionFilterSelectionFilterOptional

ResponseFilter

Appears in: Trigger

ResponseFilter controls payload shaping (which fields to return).

FieldTypeDefaultValidation
modestringIncludeOptional, Enum: Include \| Exclude
pathsstring[]Optional

SelectionFilter

Appears in: Trigger

SelectionFilter controls event matching (which events to deliver).

FieldTypeDefaultValidation
attributesmap<string, string>Optional
expressionobjectOptional

IpRestrictions

Appears in: RoverSpec

IpRestrictions defines IP-based access restrictions for the entire Application

FieldTypeDefaultValidation
allowstring[]Optional, minItems: 0, maxItems: 10
denystring[]Optional, minItems: 0, maxItems: 10

Subscriptions

Appears in: RoverSpec

Subscriptions is a list of APIs and Events that this Rover consumes from providers

FieldTypeDefaultValidation
apiRoverApi2Optional
eventRoverEventOptional

RoverApi2

Appears in: Subscriptions

Api defines an API-based service subscription configuration

FieldTypeDefaultValidation
basePathstringRequired, pattern: ^/.*$
organizationstringOptional
securityRoverSecurityOptional
trafficRoverTrafficOptional
transformationTransformationOptional

RoverSecurity

Appears in: RoverApi2

Security defines optional security configuration for this API

FieldTypeDefaultValidation
m2mRoverM2MOptional

RoverM2M

Appears in: RoverSecurity

M2M defines machine-to-machine authentication configuration

FieldTypeDefaultValidation
basicBasicOptional
clientClientOptional
scopesstring[]Optional, maxItems: 10

RoverTraffic

Appears in: RoverApi2

Traffic defines optional traffic management configuration for this API

FieldTypeDefaultValidation
failoverFailoverOptional

RoverEvent

Appears in: Subscriptions

Event defines an Event-based service subscription configuration

FieldTypeDefaultValidation
deliveryDeliveryRequired
eventTypestringRequired, minLength: 1
scopesstring[]Optional
triggerTriggerOptional

Delivery

Appears in: RoverEvent

Delivery configures how events are delivered to the subscriber

FieldTypeDefaultValidation
callbackstringOptional, Format: uri
circuitBreakerOptOutbooleanOptional
enforceGetHttpRequestMethodForHealthCheckbooleanOptional
eventRetentionTimestringOptional, Format: duration
payloadstringDataRequired, Enum: Data \| DataRef
redeliveriesPerSecondintegerOptional
retryableStatusCodesinteger[]Optional
typestringCallbackRequired, Enum: Callback \| ServerSentEvent

RoverStatus

Appears in: Rover

Status contains the observed state of the Rover resource

FieldTypeDefaultValidation
apiExposuresApi[]Optional
apiSubscriptionsApi[]Optional
applicationApiOptional
conditionsCondition[]Optional
eventExposuresApi[]Optional
eventSubscriptionsApi[]Optional

Entry Points

Users interact with the Rover domain through three paths:

PathDescription
Rover-CTLCommand-line tool. Reads a local Rover file and sends it to the Rover Server.
Rover ServerREST API. Validates the configuration, uploads specifications to the File Manager, obfuscates secrets through the Secret Manager, and creates the Rover resource in Kubernetes.
Direct kubectlApply a Rover resource directly to the Kubernetes API (for advanced users or automation).

Domain Interactions

  • Application domain — Creates Application resources.
  • API domain — Creates Api, ApiExposure, and ApiSubscription resources.
  • Event domain — Creates EventExposure and EventSubscription resources.
  • Gateway domain — Configures traffic management settings.
  • Identity domain — Configures authentication settings.
  • Approval domain — Integrates approval requirements for exposures.