The network proxy Deployment created per listener is fully configurable via the networkTemplate field in NetworkInfrastructure. The template is applied as a strategic merge patch on top of the controller’s defaults. The examples below use the built-in Velocity integration; the same networkTemplate mechanism applies to any custom proxy integration.
Adding Velocity modern forwarding
Velocity modern forwarding requires a forwarding.secret file inside the proxy container. Mount it from a Kubernetes Secret:
Create the secret:
Reference it in networkTemplate:
Mounting a custom velocity.toml
To supply a custom velocity.toml configuration file:
Create the ConfigMap:
Mount it in networkTemplate:
Setting resource requests and limits
Adding node selectors and tolerations
Combining multiple customizations
All customizations within networkTemplate are merged together. You can combine volumes, resource limits, and scheduling constraints in a single NetworkInfrastructure:
Fields you cannot override
The controller always manages the following — setting them in networkTemplate has no effect:
spec.selector
- Environment variables:
NAMESPACE, GATEWAY_NAME, LISTENER_NAME, GATEWAY_NETWORK_XDS_HOST, GATEWAY_NETWORK_XDS_PORT
Verifying the result
After applying your NetworkInfrastructure, check the generated Deployment to confirm your customizations were applied:
Last modified on April 19, 2026