NetworkInfrastructure - Minefleet Docs

NetworkInfrastructure configures how a gateway discovers backend game servers, how its network proxy Deployments are templated, and (at the GatewayClass level) how the edge proxy DaemonSet is configured. API group: gateway.networking.minefleet.dev/v1alpha1

Example

apiVersion: gateway.networking.minefleet.dev/v1alpha1
kind: NetworkInfrastructure
metadata:
  name: my-infrastructure
  namespace: default
spec:
  discovery:
    namespaceSelector:
      from: Same
    labelSelector:
      matchLabels:
        minefleet.dev/gameserver: "true"
  networkTemplate:
    replicas: 2
    template:
      spec:
        containers:
          - name: network
            volumeMounts:
              - mountPath: /velocity/forwarding.secret
                subPath: forwarding.secret
                name: forwarding-secret
                readOnly: true
        volumes:
          - name: forwarding-secret
            secret:
              secretName: velocity-forwarding-secret

Spec fields

`discovery`

Controls which Kubernetes Services are discovered as available backends.

Field	Type	Description
`namespaceSelector`	`RouteNamespaces`	Which namespaces to search. `from: Same` searches the gateway’s namespace; `from: All` searches all namespaces; `from: Selector` filters by `namespaceSelector.selector`.
`labelSelector`	`LabelSelector`	Labels that a Service must have to be included.

A Service is included if it matches the label selector and has a TCP port named minecraft, a TCP port numbered 25565, or (as a fallback) any TCP port. Port selection priority:

TCP port named minecraft
TCP port number 25565
First TCP port found

Discovered services are written into status.backendRefs and made available to routes as backends.

`networkTemplate`

Optional. Customizes the Velocity proxy Deployment created for each gateway listener. Fields are merged into the controller-managed default.

Field	Type	Description
`replicas`	`*int32`	Number of network proxy replicas per listener.
`template`	`PodTemplateSpec`	Pod template merged into the controller-managed default (containers, volumes, affinity, etc.).
`strategy`	`DeploymentStrategy`	Deployment rollout strategy.

networkTemplate:
  replicas: 2
  template:
    spec:
      containers:
        - name: network
          resources:
            requests:
              cpu: 100m
              memory: 256Mi
          volumeMounts:
            - mountPath: /velocity/forwarding.secret
              subPath: forwarding.secret
              name: forwarding-secret
              readOnly: true
      volumes:
        - name: forwarding-secret
          secret:
            secretName: velocity-forwarding-secret

The following fields are always managed by the controller and cannot be overridden:

selector
Environment variables: NAMESPACE, GATEWAY_NAME, LISTENER_NAME, GATEWAY_NETWORK_XDS_HOST, GATEWAY_NETWORK_XDS_PORT

`edgeTemplate`

Configures the Envoy edge proxy DaemonSet. Only effective when set on a NetworkInfrastructure referenced by a GatewayClass — per-gateway infrastructure ignores this field.

Field	Type	Description
`daemonSet`	`EdgeDaemonSetTemplate`	Customizes the edge DaemonSet. The selector and bootstrap volume/mount are always enforced.
`proxyProtocol`	`bool`	Enables PROXY protocol v2 on upstream clusters so game servers receive the real client IP. Default: `false`.
`rejectUnknown`	`bool`	Drops connections whose hostname does not match any route. Default: `false` (unmatched connections pass through to a default cluster).

daemonSet fields:

Field	Type	Description
`template`	`PodTemplateSpec`	Pod template merged into the controller-managed DaemonSet default.
`updateStrategy`	`DaemonSetUpdateStrategy`	DaemonSet rollout strategy.
`minReadySeconds`	`int32`	Minimum seconds a pod must be ready before it is considered available.

# In a GatewayClass-level NetworkInfrastructure
edgeTemplate:
  proxyProtocol: true
  rejectUnknown: true
  daemonSet:
    minReadySeconds: 10
    template:
      spec:
        tolerations:
          - key: node-role.kubernetes.io/control-plane
            effect: NoSchedule

Status fields

Field	Description
`backendRefs`	List of discovered backend Services, populated by the controller after reconciliation.
`conditions`	Standard Kubernetes condition list.

Class-level vs. gateway-level

A NetworkInfrastructure can be referenced from a GatewayClass (cluster-wide defaults) or from a Gateway (per-gateway overrides). When both are present, they are merged:

Field	Merge behavior
`edgeTemplate`	GatewayClass only — per-gateway values are ignored
`networkTemplate`	Gateway-level overrides GatewayClass-level
`discovery`	Gateway-level wins if present

This lets you configure the edge DaemonSet once at the class level while each gateway customizes its own network proxy. See Network Integration if you want to replace the built-in Velocity proxy with your own implementation.

​Example

​Spec fields

​discovery

​networkTemplate

​edgeTemplate

​Status fields

​Class-level vs. gateway-level