const (
// PolicyConditionAccepted indicates whether the policy has been accepted or
// rejected by a targeted resource, and why.
//
// Possible reasons for this condition to be True are:
//
// * "Accepted"
//
// Possible reasons for this condition to be False are:
//
// * "Conflicted"
// * "Invalid"
// * "TargetNotFound"
//
PolicyConditionAccepted PolicyConditionType = "Accepted"
// PolicyReasonAccepted is used with the "Accepted" condition when the policy
// has been accepted by the targeted resource.
PolicyReasonAccepted PolicyConditionReason = "Accepted"
// PolicyReasonConflicted is used with the "Accepted" condition when the
// policy has not been accepted by a targeted resource because there is
// another policy that targets the same resource and a merge is not possible.
PolicyReasonConflicted PolicyConditionReason = "Conflicted"
// PolicyReasonInvalid is used with the "Accepted" condition when the policy
// is syntactically or semantically invalid.
PolicyReasonInvalid PolicyConditionReason = "Invalid"
// PolicyReasonTargetNotFound is used with the "Accepted" condition when the
// policy is attached to an invalid target resource.
PolicyReasonTargetNotFound PolicyConditionReason = "TargetNotFound"
)
const (
// This condition indicates whether the route has been accepted or rejected
// by a Gateway, and why.
//
// Possible reasons for this condition to be true are:
//
// * "Accepted"
//
// Possible reasons for this condition to be False are:
//
// * "NotAllowedByListeners"
// * "NoMatchingListenerHostname"
// * "UnsupportedValue"
//
// Possible reasons for this condition to be Unknown are:
//
// * "Pending"
//
// Controllers may raise this condition with other reasons,
// but should prefer to use the reasons listed above to improve
// interoperability.
RouteConditionAccepted RouteConditionType = "Accepted"
// This reason is used with the "Accepted" condition when the Route has been
// accepted by the Gateway.
RouteReasonAccepted RouteConditionReason = "Accepted"
// This reason is used with the "Accepted" condition when the route has not
// been accepted by a Gateway because the Gateway has no Listener whose
// allowedRoutes criteria permit the route
RouteReasonNotAllowedByListeners RouteConditionReason = "NotAllowedByListeners"
// This reason is used with the "Accepted" condition when the Gateway has no
// compatible Listeners whose Hostname matches the route
RouteReasonNoMatchingListenerHostname RouteConditionReason = "NoMatchingListenerHostname"
// This reason is used with the "Accepted" condition when a value for an Enum
// is not recognized.
RouteReasonUnsupportedValue RouteConditionReason = "UnsupportedValue"
// This reason is used with the "Accepted" when a controller has not yet
// reconciled the route.
RouteReasonPending RouteConditionReason = "Pending"
// This condition indicates whether the controller was able to resolve all
// the object references for the Route.
//
// Possible reasons for this condition to be true are:
//
// * "ResolvedRefs"
//
// Possible reasons for this condition to be false are:
//
// * "RefNotPermitted"
// * "InvalidKind"
// * "BackendNotFound"
//
// Controllers may raise this condition with other reasons,
// but should prefer to use the reasons listed above to improve
// interoperability.
RouteConditionResolvedRefs RouteConditionType = "ResolvedRefs"
// This reason is used with the "ResolvedRefs" condition when the condition
// is true.
RouteReasonResolvedRefs RouteConditionReason = "ResolvedRefs"
// This reason is used with the "ResolvedRefs" condition when
// one of the Listener's Routes has a BackendRef to an object in
// another namespace, where the object in the other namespace does
// not have a ReferenceGrant explicitly allowing the reference.
RouteReasonRefNotPermitted RouteConditionReason = "RefNotPermitted"
// This reason is used with the "ResolvedRefs" condition when
// one of the Route's rules has a reference to an unknown or unsupported
// Group and/or Kind.
RouteReasonInvalidKind RouteConditionReason = "InvalidKind"
// This reason is used with the "ResolvedRefs" condition when one of the
// Route's rules has a reference to a resource that does not exist.
RouteReasonBackendNotFound RouteConditionReason = "BackendNotFound"
)
GroupName specifies the group name used to register the objects.
const GroupName = "gateway.networking.k8s.io"
const (
// PolicyLabelKey is the label whose presence identifies a CRD that the
// Gateway API Policy attachment model. The value of the label SHOULD be one
// of the following:
// - A label value of "Inherited" indicates that this Policy is inheritable.
// An example of inheritable policy is one which if applied at the Gateway
// level would affect all attached HTTPRoutes and their respective
// Backends.
// - A label value of "Direct" indicates that the policy only affects the
// resource to which it is attached and does not affect it's sub resources.
PolicyLabelKey = "gateway.networking.k8s.io/policy"
)
var (
// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
SchemeBuilder runtime.SchemeBuilder
// Depreciated: use Install instead
AddToScheme = localSchemeBuilder.AddToScheme
Install = localSchemeBuilder.AddToScheme
)
GroupVersion specifies the group and the version used to register the objects.
var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha2"}
SchemeGroupVersion is group version used to register these objects Deprecated: use GroupVersion instead.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
AddressType defines how a network address is represented as a text string. This may take two possible forms:
* A predefined CamelCase string identifier (currently limited to `IPAddress` or `Hostname`) * A domain-prefixed string identifier (like `acme.io/CustomAddressType`)
Values `IPAddress` and `Hostname` have Extended support.
The `NamedAddress` value has been deprecated in favor of implementation specific domain-prefixed strings.
All other values, including domain-prefixed values have Implementation-specific support, which are used in implementation-specific behaviors. Support for additional predefined CamelCase identifiers may be added in future releases.
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253 +kubebuilder:validation:Pattern=`^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$`
type AddressType = v1.AddressType
const (
// A textual representation of a numeric IP address. IPv4
// addresses must be in dotted-decimal form. IPv6 addresses
// must be in a standard IPv6 text representation
// (see [RFC 5952](https://tools.ietf.org/html/rfc5952)).
//
// This type is intended for specific addresses. Address ranges are not
// supported (e.g. you can not use a CIDR range like 127.0.0.0/24 as an
// IPAddress).
//
// Support: Extended
IPAddressType AddressType = "IPAddress"
// A Hostname represents a DNS based ingress point. This is similar to the
// corresponding hostname field in Kubernetes load balancer status. For
// example, this concept may be used for cloud load balancers where a DNS
// name is used to expose a load balancer.
//
// Support: Extended
HostnameAddressType AddressType = "Hostname"
// A NamedAddress provides a way to reference a specific IP address by name.
// For example, this may be a name or other unique identifier that refers
// to a resource on a cloud provider such as a static IP.
//
// The `NamedAddress` type has been deprecated in favor of implementation
// specific domain-prefixed strings.
//
// Support: Implementation-specific
NamedAddressType AddressType = "NamedAddress"
)
AllowedRoutes defines which Routes may be attached to this Listener. +k8s:deepcopy-gen=false
type AllowedRoutes = v1.AllowedRoutes
AnnotationKey is the key of an annotation in Gateway API. This is used for validation of maps such as TLS options. This matches the Kubernetes "qualified name" validation that is used for annotations and other common values.
Valid values include:
* example * example.com * example.com/path * example.com/path.html
Invalid values include:
* example~ - "~" is an invalid character * example.com. - can not start or end with "."
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253 +kubebuilder:validation:Pattern=`^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]/?)*$`
type AnnotationKey = v1.AnnotationKey
AnnotationValue is the value of an annotation in Gateway API. This is used for validation of maps such as TLS options. This roughly matches Kubernetes annotation validation, although the length validation in that case is based on the entire size of the annotations struct.
+kubebuilder:validation:MinLength=0 +kubebuilder:validation:MaxLength=4096
type AnnotationValue = v1.AnnotationValue
BackendObjectReference defines how an ObjectReference that is specific to BackendRef. It includes a few additional fields and features than a regular ObjectReference.
Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid.
References to objects with invalid Group and Kind are not valid, and must be rejected by the implementation, with appropriate Conditions set on the containing object. +k8s:deepcopy-gen=false
type BackendObjectReference = v1.BackendObjectReference
BackendRef defines how a Route should forward a request to a Kubernetes resource.
Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +k8s:deepcopy-gen=false
type BackendRef = v1.BackendRef
BackendTLSPolicy provides a way to configure how a Gateway connects to a Backend via TLS.
type BackendTLSPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec defines the desired state of BackendTLSPolicy.
Spec BackendTLSPolicySpec `json:"spec"`
// Status defines the current state of BackendTLSPolicy.
Status PolicyStatus `json:"status,omitempty"`
}
func (in *BackendTLSPolicy) DeepCopy() *BackendTLSPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTLSPolicy.
func (in *BackendTLSPolicy) DeepCopyInto(out *BackendTLSPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *BackendTLSPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
BackendTLSPolicyConfig contains backend TLS policy configuration. +kubebuilder:validation:XValidation:message="must not contain both CACertRefs and WellKnownCACerts",rule="!(has(self.caCertRefs) && size(self.caCertRefs) > 0 && has(self.wellKnownCACerts) && self.wellKnownCACerts != \"\")" +kubebuilder:validation:XValidation:message="must specify either CACertRefs or WellKnownCACerts",rule="(has(self.caCertRefs) && size(self.caCertRefs) > 0 || has(self.wellKnownCACerts) && self.wellKnownCACerts != \"\")"
type BackendTLSPolicyConfig struct {
// CACertRefs contains one or more references to Kubernetes objects that
// contain a PEM-encoded TLS CA certificate bundle, which is used to
// validate a TLS handshake between the Gateway and backend Pod.
//
// If CACertRefs is empty or unspecified, then WellKnownCACerts must be
// specified. Only one of CACertRefs or WellKnownCACerts may be specified,
// not both. If CACertRefs is empty or unspecified, the configuration for
// WellKnownCACerts MUST be honored instead.
//
// References to a resource in a different namespace are invalid for the
// moment, although we will revisit this in the future.
//
// A single CACertRef to a Kubernetes ConfigMap kind has "Core" support.
// Implementations MAY choose to support attaching multiple certificates to
// a backend, but this behavior is implementation-specific.
//
// Support: Core - An optional single reference to a Kubernetes ConfigMap,
// with the CA certificate in a key named `ca.crt`.
//
// Support: Implementation-specific (More than one reference, or other kinds
// of resources).
//
// +kubebuilder:validation:MaxItems=8
// +optional
CACertRefs []v1beta1.LocalObjectReference `json:"caCertRefs,omitempty"`
// WellKnownCACerts specifies whether system CA certificates may be used in
// the TLS handshake between the gateway and backend pod.
//
// If WellKnownCACerts is unspecified or empty (""), then CACertRefs must be
// specified with at least one entry for a valid configuration. Only one of
// CACertRefs or WellKnownCACerts may be specified, not both.
//
// Support: Core for "System"
//
// +optional
WellKnownCACerts *WellKnownCACertType `json:"wellKnownCACerts,omitempty"`
// Hostname is used for two purposes in the connection between Gateways and
// backends:
//
// 1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066).
// 2. Hostname MUST be used for authentication and MUST match the certificate
// served by the matching backend.
//
// Support: Core
Hostname v1beta1.PreciseHostname `json:"hostname"`
}
func (in *BackendTLSPolicyConfig) DeepCopy() *BackendTLSPolicyConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTLSPolicyConfig.
func (in *BackendTLSPolicyConfig) DeepCopyInto(out *BackendTLSPolicyConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+kubebuilder:object:root=true BackendTLSPolicyList contains a list of BackendTLSPolicies
type BackendTLSPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []BackendTLSPolicy `json:"items"`
}
func (in *BackendTLSPolicyList) DeepCopy() *BackendTLSPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTLSPolicyList.
func (in *BackendTLSPolicyList) DeepCopyInto(out *BackendTLSPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *BackendTLSPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
BackendTLSPolicySpec defines the desired state of BackendTLSPolicy.
Support: Extended
type BackendTLSPolicySpec struct {
// TargetRef identifies an API object to apply the policy to.
// Only Services have Extended support. Implementations MAY support
// additional objects, with Implementation Specific support.
// Note that this config applies to the entire referenced resource
// by default, but this default may change in the future to provide
// a more granular application of the policy.
//
// Support: Extended for Kubernetes Service
//
// Support: Implementation-specific for any other resource
//
TargetRef PolicyTargetReferenceWithSectionName `json:"targetRef"`
// TLS contains backend TLS policy configuration.
TLS BackendTLSPolicyConfig `json:"tls"`
}
func (in *BackendTLSPolicySpec) DeepCopy() *BackendTLSPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTLSPolicySpec.
func (in *BackendTLSPolicySpec) DeepCopyInto(out *BackendTLSPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
CommonRouteSpec defines the common attributes that all Routes MUST include within their spec. +k8s:deepcopy-gen=false
type CommonRouteSpec = v1.CommonRouteSpec
Duration is a string value representing a duration in time. The format is as specified in GEP-2257, a strict subset of the syntax parsed by Golang time.ParseDuration.
type Duration = v1.Duration
FromNamespaces specifies namespace from which Routes may be attached to a Gateway.
Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
Unknown values here must result in the implementation setting the Ready Condition for the Listener to `status: False`, with a Reason of `Invalid`.
+kubebuilder:validation:Enum=All;Selector;Same +k8s:deepcopy-gen=false
type FromNamespaces = v1.FromNamespaces
GRPCBackendRef defines how a GRPCRoute forwards a gRPC request.
Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
<gateway:experimental:description>
When the BackendRef points to a Kubernetes Service, implementations SHOULD honor the appProtocol field if it is set for the target Service Port.
Implementations supporting appProtocol SHOULD recognize the Kubernetes Standard Application Protocols defined in KEP-3726.
If a Service appProtocol isn't specified, an implementation MAY infer the backend protocol through its own means. Implementations MAY infer the protocol from the Route type referring to the backend Service.
If a Route is not able to send traffic to the backend using the specified protocol then the backend is considered invalid. Implementations MUST set the "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
</gateway:experimental:description>
type GRPCBackendRef struct {
// BackendRef is a reference to a backend to forward matched requests to.
//
// A BackendRef can be invalid for the following reasons. In all cases, the
// implementation MUST ensure the `ResolvedRefs` Condition on the Route
// is set to `status: False`, with a Reason and Message that indicate
// what is the cause of the error.
//
// A BackendRef is invalid if:
//
// * It refers to an unknown or unsupported kind of resource. In this
// case, the Reason MUST be set to `InvalidKind` and Message of the
// Condition MUST explain which kind of resource is unknown or unsupported.
//
// * It refers to a resource that does not exist. In this case, the Reason MUST
// be set to `BackendNotFound` and the Message of the Condition MUST explain
// which resource does not exist.
//
// * It refers a resource in another namespace when the reference has not been
// explicitly allowed by a ReferenceGrant (or equivalent concept). In this
// case, the Reason MUST be set to `RefNotPermitted` and the Message of the
// Condition MUST explain which cross-namespace reference is not allowed.
//
// Support: Core for Kubernetes Service
//
// Support: Extended for Kubernetes ServiceImport
//
// Support: Implementation-specific for any other resource
//
// Support for weight: Core
//
// +optional
BackendRef `json:",inline"`
// Filters defined at this level MUST be executed if and only if the
// request is being forwarded to the backend defined here.
//
// Support: Implementation-specific (For broader support of filters, use the
// Filters field in GRPCRouteRule.)
//
// +optional
// +kubebuilder:validation:MaxItems=16
// +kubebuilder:validation:XValidation:message="RequestHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1"
// +kubebuilder:validation:XValidation:message="ResponseHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1"
Filters []GRPCRouteFilter `json:"filters,omitempty"`
}
func (in *GRPCBackendRef) DeepCopy() *GRPCBackendRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCBackendRef.
func (in *GRPCBackendRef) DeepCopyInto(out *GRPCBackendRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request headers.
type GRPCHeaderMatch struct {
// Type specifies how to match against the value of the header.
//
// +optional
// +kubebuilder:default=Exact
Type *HeaderMatchType `json:"type,omitempty"`
// Name is the name of the gRPC Header to be matched.
//
// If multiple entries specify equivalent header names, only the first
// entry with an equivalent name MUST be considered for a match. Subsequent
// entries with an equivalent header name MUST be ignored. Due to the
// case-insensitivity of header names, "foo" and "Foo" are considered
// equivalent.
Name GRPCHeaderName `json:"name"`
// Value is the value of the gRPC Header to be matched.
//
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=4096
Value string `json:"value"`
}
func (in *GRPCHeaderMatch) DeepCopy() *GRPCHeaderMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCHeaderMatch.
func (in *GRPCHeaderMatch) DeepCopyInto(out *GRPCHeaderMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
GRPCHeaderMatchType specifies the semantics of how GRPC header values should be compared. Valid GRPCHeaderMatchType values, along with their conformance levels, are:
* "Exact" - Core * "RegularExpression" - Implementation Specific
Note that new values may be added to this enum in future releases of the API, implementations MUST ensure that unknown values will not cause a crash.
Unknown values here MUST result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`.
+kubebuilder:validation:Enum=Exact;RegularExpression
type GRPCHeaderMatchType string
GRPCHeaderMatchType constants.
const (
GRPCHeaderMatchExact GRPCHeaderMatchType = "Exact"
GRPCHeaderMatchRegularExpression GRPCHeaderMatchType = "RegularExpression"
)
type GRPCHeaderName v1.HeaderName
GRPCMethodMatch describes how to select a gRPC route by matching the gRPC request service and/or method.
At least one of Service and Method MUST be a non-empty string.
+kubebuilder:validation:XValidation:message="One or both of 'service' or 'method' must be specified",rule="has(self.type) ? has(self.service) || has(self.method) : true" +kubebuilder:validation:XValidation:message="service must only contain valid characters (matching ^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$)",rule="(!has(self.type) || self.type == 'Exact') && has(self.service) ? self.service.matches(r\"\"\"^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$\"\"\"): true" +kubebuilder:validation:XValidation:message="method must only contain valid characters (matching ^[A-Za-z_][A-Za-z_0-9]*$)",rule="(!has(self.type) || self.type == 'Exact') && has(self.method) ? self.method.matches(r\"\"\"^[A-Za-z_][A-Za-z_0-9]*$\"\"\"): true"
type GRPCMethodMatch struct {
// Type specifies how to match against the service and/or method.
// Support: Core (Exact with service and method specified)
//
// Support: Implementation-specific (Exact with method specified but no service specified)
//
// Support: Implementation-specific (RegularExpression)
//
// +optional
// +kubebuilder:default=Exact
Type *GRPCMethodMatchType `json:"type,omitempty"`
// Value of the service to match against. If left empty or omitted, will
// match any service.
//
// At least one of Service and Method MUST be a non-empty string.
//
// +optional
// +kubebuilder:validation:MaxLength=1024
Service *string `json:"service,omitempty"`
// Value of the method to match against. If left empty or omitted, will
// match all services.
//
// At least one of Service and Method MUST be a non-empty string.
//
// +optional
// +kubebuilder:validation:MaxLength=1024
Method *string `json:"method,omitempty"`
}
func (in *GRPCMethodMatch) DeepCopy() *GRPCMethodMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCMethodMatch.
func (in *GRPCMethodMatch) DeepCopyInto(out *GRPCMethodMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
MethodMatchType specifies the semantics of how gRPC methods and services are compared. Valid MethodMatchType values, along with their conformance levels, are:
* "Exact" - Core * "RegularExpression" - Implementation Specific
Exact methods MUST be syntactically valid:
- Must not contain `/` character
+kubebuilder:validation:Enum=Exact;RegularExpression
type GRPCMethodMatchType string
const (
// Matches the method or service exactly and with case sensitivity.
GRPCMethodMatchExact GRPCMethodMatchType = "Exact"
// Matches if the method or service matches the given regular expression with
// case sensitivity.
//
// Since `"RegularExpression"` has implementation-specific conformance,
// implementations can support POSIX, PCRE, RE2 or any other regular expression
// dialect.
// Please read the implementation's documentation to determine the supported
// dialect.
GRPCMethodMatchRegularExpression GRPCMethodMatchType = "RegularExpression"
)
GRPCRoute provides a way to route gRPC requests. This includes the capability to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. Filters can be used to specify additional processing steps. Backends specify where matching requests will be routed.
GRPCRoute falls under extended support within the Gateway API. Within the following specification, the word "MUST" indicates that an implementation supporting GRPCRoute must conform to the indicated requirement, but an implementation not supporting this route type need not follow the requirement unless explicitly indicated.
Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via ALPN. If the implementation does not support this, then it MUST set the "Accepted" condition to "False" for the affected listener with a reason of "UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1.
Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation does not support this, then it MUST set the "Accepted" condition to "False" for the affected listener with a reason of "UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1, i.e. without prior knowledge.
type GRPCRoute struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec defines the desired state of GRPCRoute.
Spec GRPCRouteSpec `json:"spec,omitempty"`
// Status defines the current state of GRPCRoute.
Status GRPCRouteStatus `json:"status,omitempty"`
}
func (in *GRPCRoute) DeepCopy() *GRPCRoute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRoute.
func (in *GRPCRoute) DeepCopyInto(out *GRPCRoute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GRPCRoute) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
GRPCRouteFilter defines processing steps that must be completed during the request or response lifecycle. GRPCRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
+kubebuilder:validation:XValidation:message="filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier",rule="!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" +kubebuilder:validation:XValidation:message="filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type",rule="!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" +kubebuilder:validation:XValidation:message="filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier",rule="!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" +kubebuilder:validation:XValidation:message="filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type",rule="!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" +kubebuilder:validation:XValidation:message="filter.requestMirror must be nil if the filter.type is not RequestMirror",rule="!(has(self.requestMirror) && self.type != 'RequestMirror')" +kubebuilder:validation:XValidation:message="filter.requestMirror must be specified for RequestMirror filter.type",rule="!(!has(self.requestMirror) && self.type == 'RequestMirror')" +kubebuilder:validation:XValidation:message="filter.extensionRef must be nil if the filter.type is not ExtensionRef",rule="!(has(self.extensionRef) && self.type != 'ExtensionRef')" +kubebuilder:validation:XValidation:message="filter.extensionRef must be specified for ExtensionRef filter.type",rule="!(!has(self.extensionRef) && self.type == 'ExtensionRef')"
type GRPCRouteFilter struct {
// Type identifies the type of filter to apply. As with other API fields,
// types are classified into three conformance levels:
//
// - Core: Filter types and their corresponding configuration defined by
// "Support: Core" in this package, e.g. "RequestHeaderModifier". All
// implementations supporting GRPCRoute MUST support core filters.
//
// - Extended: Filter types and their corresponding configuration defined by
// "Support: Extended" in this package, e.g. "RequestMirror". Implementers
// are encouraged to support extended filters.
//
// - Implementation-specific: Filters that are defined and supported by specific vendors.
// In the future, filters showing convergence in behavior across multiple
// implementations will be considered for inclusion in extended or core
// conformance levels. Filter-specific configuration for such filters
// is specified using the ExtensionRef field. `Type` MUST be set to
// "ExtensionRef" for custom filters.
//
// Implementers are encouraged to define custom implementation types to
// extend the core API with implementation-specific behavior.
//
// If a reference to a custom filter type cannot be resolved, the filter
// MUST NOT be skipped. Instead, requests that would have been processed by
// that filter MUST receive a HTTP error response.
//
// +unionDiscriminator
// +kubebuilder:validation:Enum=ResponseHeaderModifier;RequestHeaderModifier;RequestMirror;ExtensionRef
// <gateway:experimental:validation:Enum=ResponseHeaderModifier;RequestHeaderModifier;RequestMirror;ExtensionRef>
Type GRPCRouteFilterType `json:"type"`
// RequestHeaderModifier defines a schema for a filter that modifies request
// headers.
//
// Support: Core
//
// +optional
RequestHeaderModifier *HTTPHeaderFilter `json:"requestHeaderModifier,omitempty"`
// ResponseHeaderModifier defines a schema for a filter that modifies response
// headers.
//
// Support: Extended
//
// +optional
ResponseHeaderModifier *HTTPHeaderFilter `json:"responseHeaderModifier,omitempty"`
// RequestMirror defines a schema for a filter that mirrors requests.
// Requests are sent to the specified destination, but responses from
// that destination are ignored.
//
// This filter can be used multiple times within the same rule. Note that
// not all implementations will be able to support mirroring to multiple
// backends.
//
// Support: Extended
//
// +optional
RequestMirror *HTTPRequestMirrorFilter `json:"requestMirror,omitempty"`
// ExtensionRef is an optional, implementation-specific extension to the
// "filter" behavior. For example, resource "myroutefilter" in group
// "networking.example.net"). ExtensionRef MUST NOT be used for core and
// extended filters.
//
// Support: Implementation-specific
//
// This filter can be used multiple times within the same rule.
// +optional
ExtensionRef *LocalObjectReference `json:"extensionRef,omitempty"`
}
func (in *GRPCRouteFilter) DeepCopy() *GRPCRouteFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteFilter.
func (in *GRPCRouteFilter) DeepCopyInto(out *GRPCRouteFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
GRPCRouteFilterType identifies a type of GRPCRoute filter.
type GRPCRouteFilterType string
const (
// GRPCRouteFilterRequestHeaderModifier can be used to add or remove a gRPC
// header from a gRPC request before it is sent to the upstream target.
//
// Support in GRPCRouteRule: Core
//
// Support in GRPCBackendRef: Extended
GRPCRouteFilterRequestHeaderModifier GRPCRouteFilterType = "RequestHeaderModifier"
// GRPCRouteFilterRequestHeaderModifier can be used to add or remove a gRPC
// header from a gRPC response before it is sent to the client.
//
// Support in GRPCRouteRule: Core
//
// Support in GRPCBackendRef: Extended
GRPCRouteFilterResponseHeaderModifier GRPCRouteFilterType = "ResponseHeaderModifier"
// GRPCRouteFilterRequestMirror can be used to mirror gRPC requests to a
// different backend. The responses from this backend MUST be ignored by
// the Gateway.
//
// Support in GRPCRouteRule: Extended
//
// Support in GRPCBackendRef: Extended
GRPCRouteFilterRequestMirror GRPCRouteFilterType = "RequestMirror"
// GRPCRouteFilterExtensionRef should be used for configuring custom
// gRPC filters.
//
// Support in GRPCRouteRule: Implementation-specific
//
// Support in GRPCBackendRef: Implementation-specific
GRPCRouteFilterExtensionRef GRPCRouteFilterType = "ExtensionRef"
)
GRPCRouteList contains a list of GRPCRoute.
type GRPCRouteList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []GRPCRoute `json:"items"`
}
func (in *GRPCRouteList) DeepCopy() *GRPCRouteList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteList.
func (in *GRPCRouteList) DeepCopyInto(out *GRPCRouteList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GRPCRouteList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
GRPCRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied.
For example, the match below will match a gRPC request only if its service is `foo` AND it contains the `version: v1` header:
``` matches:
```
type GRPCRouteMatch struct {
// Method specifies a gRPC request service/method matcher. If this field is
// not specified, all services and methods will match.
//
// +optional
Method *GRPCMethodMatch `json:"method,omitempty"`
// Headers specifies gRPC request header matchers. Multiple match values are
// ANDed together, meaning, a request MUST match all the specified headers
// to select the route.
//
// +listType=map
// +listMapKey=name
// +optional
// +kubebuilder:validation:MaxItems=16
Headers []GRPCHeaderMatch `json:"headers,omitempty"`
}
func (in *GRPCRouteMatch) DeepCopy() *GRPCRouteMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteMatch.
func (in *GRPCRouteMatch) DeepCopyInto(out *GRPCRouteMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
GRPCRouteRule defines the semantics for matching a gRPC request based on conditions (matches), processing it (filters), and forwarding the request to an API object (backendRefs).
type GRPCRouteRule struct {
// Matches define conditions used for matching the rule against incoming
// gRPC requests. Each match is independent, i.e. this rule will be matched
// if **any** one of the matches is satisfied.
//
// For example, take the following matches configuration:
//
// ```
// matches:
// - method:
// service: foo.bar
// headers:
// values:
// version: 2
// - method:
// service: foo.bar.v2
// ```
//
// For a request to match against this rule, it MUST satisfy
// EITHER of the two conditions:
//
// - service of foo.bar AND contains the header `version: 2`
// - service of foo.bar.v2
//
// See the documentation for GRPCRouteMatch on how to specify multiple
// match conditions to be ANDed together.
//
// If no matches are specified, the implementation MUST match every gRPC request.
//
// Proxy or Load Balancer routing configuration generated from GRPCRoutes
// MUST prioritize rules based on the following criteria, continuing on
// ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.
// Precedence MUST be given to the rule with the largest number of:
//
// * Characters in a matching non-wildcard hostname.
// * Characters in a matching hostname.
// * Characters in a matching service.
// * Characters in a matching method.
// * Header matches.
//
// If ties still exist across multiple Routes, matching precedence MUST be
// determined in order of the following criteria, continuing on ties:
//
// * The oldest Route based on creation timestamp.
// * The Route appearing first in alphabetical order by
// "{namespace}/{name}".
//
// If ties still exist within the Route that has been given precedence,
// matching precedence MUST be granted to the first matching rule meeting
// the above criteria.
//
// +optional
// +kubebuilder:validation:MaxItems=8
Matches []GRPCRouteMatch `json:"matches,omitempty"`
// Filters define the filters that are applied to requests that match
// this rule.
//
// The effects of ordering of multiple behaviors are currently unspecified.
// This can change in the future based on feedback during the alpha stage.
//
// Conformance-levels at this level are defined based on the type of filter:
//
// - ALL core filters MUST be supported by all implementations that support
// GRPCRoute.
// - Implementers are encouraged to support extended filters.
// - Implementation-specific custom filters have no API guarantees across
// implementations.
//
// Specifying the same filter multiple times is not supported unless explicitly
// indicated in the filter.
//
// If an implementation can not support a combination of filters, it must clearly
// document that limitation. In cases where incompatible or unsupported
// filters are specified and cause the `Accepted` condition to be set to status
// `False`, implementations may use the `IncompatibleFilters` reason to specify
// this configuration error.
//
// Support: Core
//
// +optional
// +kubebuilder:validation:MaxItems=16
// +kubebuilder:validation:XValidation:message="RequestHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1"
// +kubebuilder:validation:XValidation:message="ResponseHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1"
Filters []GRPCRouteFilter `json:"filters,omitempty"`
// BackendRefs defines the backend(s) where matching requests should be
// sent.
//
// Failure behavior here depends on how many BackendRefs are specified and
// how many are invalid.
//
// If *all* entries in BackendRefs are invalid, and there are also no filters
// specified in this route rule, *all* traffic which matches this rule MUST
// receive an `UNAVAILABLE` status.
//
// See the GRPCBackendRef definition for the rules about what makes a single
// GRPCBackendRef invalid.
//
// When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for
// requests that would have otherwise been routed to an invalid backend. If
// multiple backends are specified, and some are invalid, the proportion of
// requests that would otherwise have been routed to an invalid backend
// MUST receive an `UNAVAILABLE` status.
//
// For example, if two backends are specified with equal weights, and one is
// invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.
// Implementations may choose how that 50 percent is determined.
//
// Support: Core for Kubernetes Service
//
// Support: Implementation-specific for any other resource
//
// Support for weight: Core
//
// +optional
// +kubebuilder:validation:MaxItems=16
BackendRefs []GRPCBackendRef `json:"backendRefs,omitempty"`
}
func (in *GRPCRouteRule) DeepCopy() *GRPCRouteRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteRule.
func (in *GRPCRouteRule) DeepCopyInto(out *GRPCRouteRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
GRPCRouteSpec defines the desired state of GRPCRoute
type GRPCRouteSpec struct {
CommonRouteSpec `json:",inline"`
// Hostnames defines a set of hostnames to match against the GRPC
// Host header to select a GRPCRoute to process the request. This matches
// the RFC 1123 definition of a hostname with 2 notable exceptions:
//
// 1. IPs are not allowed.
// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
// label MUST appear by itself as the first label.
//
// If a hostname is specified by both the Listener and GRPCRoute, there
// MUST be at least one intersecting hostname for the GRPCRoute to be
// attached to the Listener. For example:
//
// * A Listener with `test.example.com` as the hostname matches GRPCRoutes
// that have either not specified any hostnames, or have specified at
// least one of `test.example.com` or `*.example.com`.
// * A Listener with `*.example.com` as the hostname matches GRPCRoutes
// that have either not specified any hostnames or have specified at least
// one hostname that matches the Listener hostname. For example,
// `test.example.com` and `*.example.com` would both match. On the other
// hand, `example.com` and `test.example.net` would not match.
//
// Hostnames that are prefixed with a wildcard label (`*.`) are interpreted
// as a suffix match. That means that a match for `*.example.com` would match
// both `test.example.com`, and `foo.test.example.com`, but not `example.com`.
//
// If both the Listener and GRPCRoute have specified hostnames, any
// GRPCRoute hostnames that do not match the Listener hostname MUST be
// ignored. For example, if a Listener specified `*.example.com`, and the
// GRPCRoute specified `test.example.com` and `test.example.net`,
// `test.example.net` MUST NOT be considered for a match.
//
// If both the Listener and GRPCRoute have specified hostnames, and none
// match with the criteria above, then the GRPCRoute MUST NOT be accepted by
// the implementation. The implementation MUST raise an 'Accepted' Condition
// with a status of `False` in the corresponding RouteParentStatus.
//
// If a Route (A) of type HTTPRoute or GRPCRoute is attached to a
// Listener and that listener already has another Route (B) of the other
// type attached and the intersection of the hostnames of A and B is
// non-empty, then the implementation MUST accept exactly one of these two
// routes, determined by the following criteria, in order:
//
// * The oldest Route based on creation timestamp.
// * The Route appearing first in alphabetical order by
// "{namespace}/{name}".
//
// The rejected Route MUST raise an 'Accepted' condition with a status of
// 'False' in the corresponding RouteParentStatus.
//
// Support: Core
//
// +optional
// +kubebuilder:validation:MaxItems=16
Hostnames []Hostname `json:"hostnames,omitempty"`
// Rules are a list of GRPC matchers, filters and actions.
//
// +optional
// +kubebuilder:validation:MaxItems=16
Rules []GRPCRouteRule `json:"rules,omitempty"`
}
func (in *GRPCRouteSpec) DeepCopy() *GRPCRouteSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteSpec.
func (in *GRPCRouteSpec) DeepCopyInto(out *GRPCRouteSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
GRPCRouteStatus defines the observed state of GRPCRoute.
type GRPCRouteStatus struct {
RouteStatus `json:",inline"`
}
func (in *GRPCRouteStatus) DeepCopy() *GRPCRouteStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCRouteStatus.
func (in *GRPCRouteStatus) DeepCopyInto(out *GRPCRouteStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Gateway represents an instance of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses.
type Gateway v1.Gateway
func (in *Gateway) DeepCopy() *Gateway
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway.
func (in *Gateway) DeepCopyInto(out *Gateway)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Gateway) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
GatewayAddress describes an address that can be bound to a Gateway. +k8s:deepcopy-gen=false
type GatewayAddress = v1.GatewayAddress
GatewayClass describes a class of Gateways available to the user for creating Gateway resources.
It is recommended that this resource be used as a template for Gateways. This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation.
Whenever one or more Gateways are using a GatewayClass, implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the associated GatewayClass. This ensures that a GatewayClass associated with a Gateway is not deleted while in use.
GatewayClass is a Cluster level resource.
type GatewayClass v1.GatewayClass
func (in *GatewayClass) DeepCopy() *GatewayClass
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClass.
func (in *GatewayClass) DeepCopyInto(out *GatewayClass)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GatewayClass) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
GatewayClassConditionReason defines the set of reasons that explain why a particular GatewayClass condition type has been raised. +k8s:deepcopy-gen=false
type GatewayClassConditionReason = v1.GatewayClassConditionReason
GatewayClassConditionType is the type for status conditions on Gateway resources. This type should be used with the GatewayClassStatus.Conditions field. +k8s:deepcopy-gen=false
type GatewayClassConditionType = v1.GatewayClassConditionType
GatewayClassList contains a list of GatewayClass
type GatewayClassList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []GatewayClass `json:"items"`
}
func (in *GatewayClassList) DeepCopy() *GatewayClassList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClassList.
func (in *GatewayClassList) DeepCopyInto(out *GatewayClassList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GatewayClassList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
GatewayClassSpec reflects the configuration of a class of Gateways. +k8s:deepcopy-gen=false
type GatewayClassSpec = v1.GatewayClassSpec
GatewayClassStatus is the current status for the GatewayClass. +k8s:deepcopy-gen=false
type GatewayClassStatus = v1.GatewayClassStatus
GatewayConditionReason defines the set of reasons that explain why a particular Gateway condition type has been raised. +k8s:deepcopy-gen=false
type GatewayConditionReason = v1.GatewayConditionReason
GatewayConditionType is a type of condition associated with a Gateway. This type should be used with the GatewayStatus.Conditions field. +k8s:deepcopy-gen=false
type GatewayConditionType = v1.GatewayConditionType
GatewayController is the name of a Gateway API controller. It must be a domain prefixed path.
Valid values include:
* "example.com/bar"
Invalid values include:
* "example.com" - must include path * "foo.example.com" - must include path
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253 +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$`
type GatewayController = v1.GatewayController
GatewayList contains a list of Gateways.
type GatewayList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Gateway `json:"items"`
}
func (in *GatewayList) DeepCopy() *GatewayList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayList.
func (in *GatewayList) DeepCopyInto(out *GatewayList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GatewayList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
GatewaySpec defines the desired state of Gateway.
Not all possible combinations of options specified in the Spec are valid. Some invalid configurations can be caught synchronously via a webhook, but there are many cases that will require asynchronous signaling via the GatewayStatus block. +k8s:deepcopy-gen=false
type GatewaySpec = v1.GatewaySpec
GatewayStatus defines the observed state of Gateway. +k8s:deepcopy-gen=false
type GatewayStatus = v1.GatewayStatus
GatewayTLSConfig describes a TLS configuration. +k8s:deepcopy-gen=false
type GatewayTLSConfig = v1.GatewayTLSConfig
Group refers to a Kubernetes Group. It must either be an empty string or a RFC 1123 subdomain.
This validation is based off of the corresponding Kubernetes validation: https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
Valid values include:
* "" - empty string implies core Kubernetes API group * "networking.k8s.io" * "foo.example.com"
Invalid values include:
* "example.com/bar" - "/" is an invalid character
+kubebuilder:validation:MaxLength=253 +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
type Group = v1.Group
HTTPBackendRef defines how a HTTPRoute should forward an HTTP request. +k8s:deepcopy-gen=false
type HTTPBackendRef = v1.HTTPBackendRef
HTTPHeader represents an HTTP Header name and value as defined by RFC 7230. +k8s:deepcopy-gen=false
type HTTPHeader = v1.HTTPHeader
HTTPHeaderFilter defines a filter that modifies the headers of an HTTP request or response. +k8s:deepcopy-gen=false
type HTTPHeaderFilter = v1.HTTPHeaderFilter
HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers. +k8s:deepcopy-gen=false
type HTTPHeaderMatch = v1.HTTPHeaderMatch
HTTPHeaderName is the name of an HTTP header.
Valid values include: * "Authorization" * "Set-Cookie"
Invalid values include:
* "/invalid" - "/" is an invalid character +k8s:deepcopy-gen=false
type HTTPHeaderName = v1.HeaderName
HTTPMethod describes how to select a HTTP route by matching the HTTP method as defined by [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-4) and [RFC 5789](https://datatracker.ietf.org/doc/html/rfc5789#section-2). The value is expected in upper case.
Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`.
+kubebuilder:validation:Enum=GET;HEAD;POST;PUT;DELETE;CONNECT;OPTIONS;TRACE;PATCH +k8s:deepcopy-gen=false
type HTTPMethod = v1.HTTPMethod
HTTPPathMatch describes how to select a HTTP route by matching the HTTP request path. +k8s:deepcopy-gen=false
type HTTPPathMatch = v1.HTTPPathMatch
HTTPPathModifier defines configuration for path modifiers. <gateway:experimental> +k8s:deepcopy-gen=false
type HTTPPathModifier = v1.HTTPPathModifier
HTTPPathModifierType defines the type of path redirect or rewrite. +k8s:deepcopy-gen=false
type HTTPPathModifierType = v1.HTTPPathModifierType
HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP query parameters. +k8s:deepcopy-gen=false
type HTTPQueryParamMatch = v1.HTTPQueryParamMatch
HTTPRequestMirrorFilter defines configuration for the RequestMirror filter. +k8s:deepcopy-gen=false
type HTTPRequestMirrorFilter = v1.HTTPRequestMirrorFilter
HTTPRequestRedirect defines a filter that redirects a request. This filter MUST NOT be used on the same Route rule as a HTTPURLRewrite filter. +k8s:deepcopy-gen=false
type HTTPRequestRedirectFilter = v1.HTTPRequestRedirectFilter
HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed.
type HTTPRoute v1.HTTPRoute
func (in *HTTPRoute) DeepCopy() *HTTPRoute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute.
func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HTTPRoute) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter. +k8s:deepcopy-gen=false
type HTTPRouteFilter = v1.HTTPRouteFilter
HTTPRouteFilterType identifies a type of HTTPRoute filter. +k8s:deepcopy-gen=false
type HTTPRouteFilterType = v1.HTTPRouteFilterType
HTTPRouteList contains a list of HTTPRoute.
type HTTPRouteList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []HTTPRoute `json:"items"`
}
func (in *HTTPRouteList) DeepCopy() *HTTPRouteList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteList.
func (in *HTTPRouteList) DeepCopyInto(out *HTTPRouteList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HTTPRouteList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
HTTPRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied.
For example, the match below will match a HTTP request only if its path starts with `/foo` AND it contains the `version: v1` header:
``` match:
path: value: "/foo" headers: - name: "version" value "v1"
``` +k8s:deepcopy-gen=false
type HTTPRouteMatch = v1.HTTPRouteMatch
HTTPRouteRule defines semantics for matching an HTTP request based on conditions (matches), processing it (filters), and forwarding the request to an API object (backendRefs). +k8s:deepcopy-gen=false
type HTTPRouteRule = v1.HTTPRouteRule
HTTPRouteSpec defines the desired state of HTTPRoute +k8s:deepcopy-gen=false
type HTTPRouteSpec = v1.HTTPRouteSpec
HTTPRouteStatus defines the observed state of HTTPRoute. +k8s:deepcopy-gen=false
type HTTPRouteStatus = v1.HTTPRouteStatus
HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute. +k8s:deepcopy-gen=false
type HTTPRouteTimeouts = v1.HTTPRouteTimeouts
HTTPURLRewriteFilter defines a filter that modifies a request during forwarding. At most one of these filters may be used on a Route rule. This MUST NOT be used on the same Route rule as a HTTPRequestRedirect filter.
Support: Extended
<gateway:experimental> +k8s:deepcopy-gen=false
type HTTPURLRewriteFilter = v1.HTTPURLRewriteFilter
HeaderMatchType specifies the semantics of how HTTP header values should be compared. Valid HeaderMatchType values, along with their conformance levels, are:
* "Exact" - Core * "RegularExpression" - Implementation Specific
Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`.
+kubebuilder:validation:Enum=Exact;RegularExpression +k8s:deepcopy-gen=false
type HeaderMatchType = v1.HeaderMatchType
Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions:
Hostname can be "precise" which is a domain name without the terminating dot of a network host (e.g. "foo.example.com") or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`).
Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed.
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253 +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
type Hostname = v1.Hostname
Kind refers to a Kubernetes Kind.
Valid values include:
* "Service" * "HTTPRoute"
Invalid values include:
* "invalid/kind" - "/" is an invalid character
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=63 +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$`
type Kind = v1.Kind
Listener embodies the concept of a logical endpoint where a Gateway accepts network connections. +k8s:deepcopy-gen=false
type Listener = v1.Listener
ListenerConditionReason defines the set of reasons that explain why a particular Listener condition type has been raised. +k8s:deepcopy-gen=false
type ListenerConditionReason = v1.ListenerConditionReason
ListenerConditionType is a type of condition associated with the listener. This type should be used with the ListenerStatus.Conditions field. +k8s:deepcopy-gen=false
type ListenerConditionType = v1.ListenerConditionType
ListenerStatus is the status associated with a Listener. +k8s:deepcopy-gen=false
type ListenerStatus = v1.ListenerStatus
LocalObjectReference identifies an API object within the namespace of the referrer. The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid.
References to objects with invalid Group and Kind are not valid, and must be rejected by the implementation, with appropriate Conditions set on the containing object. +k8s:deepcopy-gen=false
type LocalObjectReference = v1.LocalObjectReference
Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label.
This validation is based off of the corresponding Kubernetes validation: https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187
This is used for Namespace name validation here: https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63
Valid values include:
* "example"
Invalid values include:
* "example.com" - "." is an invalid character
+kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` +kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=63
type Namespace = v1.Namespace
ObjectName refers to the name of a Kubernetes object. Object names can have a variety of forms, including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels.
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253
type ObjectName = v1.ObjectName
ParametersReference identifies an API object containing controller-specific configuration resource within the cluster. +k8s:deepcopy-gen=false
type ParametersReference = v1.ParametersReference
ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with "Core" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute.
Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference.
The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. +k8s:deepcopy-gen=false
type ParentReference = v1.ParentReference
PathMatchType specifies the semantics of how HTTP paths should be compared. Valid PathMatchType values, along with their conformance level, are:
* "Exact" - Core * "PathPrefix" - Core * "RegularExpression" - Implementation Specific
PathPrefix and Exact paths must be syntactically valid:
- Must begin with the `/` character - Must not contain consecutive `/` characters (e.g. `/foo///`, `//`).
Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`.
+kubebuilder:validation:Enum=Exact;PathPrefix;RegularExpression +k8s:deepcopy-gen=false
type PathMatchType = v1.PathMatchType
PolicyAncestorStatus describes the status of a route with respect to an associated Ancestor.
Ancestors refer to objects that are either the Target of a policy or above it in terms of object hierarchy. For example, if a policy targets a Service, the Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most useful object to place Policy status on, so we recommend that implementations SHOULD use Gateway as the PolicyAncestorStatus object unless the designers have a _very_ good reason otherwise.
In the context of policy attachment, the Ancestor is used to distinguish which resource results in a distinct application of this policy. For example, if a policy targets a Service, it may have a distinct result per attached Gateway.
Policies targeting the same resource may have different effects depending on the ancestors of those resources. For example, different Gateways targeting the same Service may have different capabilities, especially if they have different underlying implementations.
For example, in BackendTLSPolicy, the Policy attaches to a Service that is used as a backend in a HTTPRoute that is itself attached to a Gateway. In this case, the relevant object for status is the Gateway, and that is the ancestor object referred to in this status.
Note that a parent is also an ancestor, so for objects where the parent is the relevant object for status, this struct SHOULD still be used.
This struct is intended to be used in a slice that's effectively a map, with a composite key made up of the AncestorRef and the ControllerName.
type PolicyAncestorStatus struct {
// AncestorRef corresponds with a ParentRef in the spec that this
// PolicyAncestorStatus struct describes the status of.
AncestorRef ParentReference `json:"ancestorRef"`
// ControllerName is a domain/path string that indicates the name of the
// controller that wrote this status. This corresponds with the
// controllerName field on GatewayClass.
//
// Example: "example.net/gateway-controller".
//
// The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
// valid Kubernetes names
// (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
//
// Controllers MUST populate this field when writing status. Controllers should ensure that
// entries to status populated with their ControllerName are cleaned up when they are no
// longer necessary.
ControllerName GatewayController `json:"controllerName"`
// Conditions describes the status of the Policy with respect to the given Ancestor.
//
// +listType=map
// +listMapKey=type
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=8
Conditions []metav1.Condition `json:"conditions,omitempty"`
}
func (in *PolicyAncestorStatus) DeepCopy() *PolicyAncestorStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyAncestorStatus.
func (in *PolicyAncestorStatus) DeepCopyInto(out *PolicyAncestorStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
PolicyConditionReason is a reason for a policy condition.
type PolicyConditionReason string
PolicyConditionType is a type of condition for a policy. This type should be used with a Policy resource Status.Conditions field.
type PolicyConditionType string
PolicyStatus defines the common attributes that all Policies should include within their status.
type PolicyStatus struct {
// Ancestors is a list of ancestor resources (usually Gateways) that are
// associated with the policy, and the status of the policy with respect to
// each ancestor. When this policy attaches to a parent, the controller that
// manages the parent and the ancestors MUST add an entry to this list when
// the controller first sees the policy and SHOULD update the entry as
// appropriate when the relevant ancestor is modified.
//
// Note that choosing the relevant ancestor is left to the Policy designers;
// an important part of Policy design is designing the right object level at
// which to namespace this status.
//
// Note also that implementations MUST ONLY populate ancestor status for
// the Ancestor resources they are responsible for. Implementations MUST
// use the ControllerName field to uniquely identify the entries in this list
// that they are responsible for.
//
// Note that to achieve this, the list of PolicyAncestorStatus structs
// MUST be treated as a map with a composite key, made up of the AncestorRef
// and ControllerName fields combined.
//
// A maximum of 16 ancestors will be represented in this list. An empty list
// means the Policy is not relevant for any ancestors.
//
// If this slice is full, implementations MUST NOT add further entries.
// Instead they MUST consider the policy unimplementable and signal that
// on any related resources such as the ancestor that would be referenced
// here. For example, if this list was full on BackendTLSPolicy, no
// additional Gateways would be able to reference the Service targeted by
// the BackendTLSPolicy.
//
// +kubebuilder:validation:MaxItems=16
Ancestors []PolicyAncestorStatus `json:"ancestors"`
}
func (in *PolicyStatus) DeepCopy() *PolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyStatus.
func (in *PolicyStatus) DeepCopyInto(out *PolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
PolicyTargetReference identifies an API object to apply a direct or inherited policy to. This should be used as part of Policy resources that can target Gateway API resources. For more information on how this policy attachment model works, and a sample Policy resource, refer to the policy attachment documentation for Gateway API.
type PolicyTargetReference struct {
// Group is the group of the target resource.
Group Group `json:"group"`
// Kind is kind of the target resource.
Kind Kind `json:"kind"`
// Name is the name of the target resource.
Name ObjectName `json:"name"`
// Namespace is the namespace of the referent. When unspecified, the local
// namespace is inferred. Even when policy targets a resource in a different
// namespace, it MUST only apply to traffic originating from the same
// namespace as the policy.
//
// +optional
Namespace *Namespace `json:"namespace,omitempty"`
}
func (in *PolicyTargetReference) DeepCopy() *PolicyTargetReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference.
func (in *PolicyTargetReference) DeepCopyInto(out *PolicyTargetReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
PolicyTargetReferenceWithSectionName identifies an API object to apply a direct policy to. This should be used as part of Policy resources that can target single resources. For more information on how this policy attachment mode works, and a sample Policy resource, refer to the policy attachment documentation for Gateway API.
Note: This should only be used for direct policy attachment when references to SectionName are actually needed. In all other cases, PolicyTargetReference should be used.
type PolicyTargetReferenceWithSectionName struct {
PolicyTargetReference `json:",inline"`
// SectionName is the name of a section within the target resource. When
// unspecified, this targetRef targets the entire resource. In the following
// resources, SectionName is interpreted as the following:
//
// * Gateway: Listener Name
// * Service: Port Name
//
// If a SectionName is specified, but does not exist on the targeted object,
// the Policy must fail to attach, and the policy implementation should record
// a `ResolvedRefs` or similar Condition in the Policy's status.
//
// +optional
SectionName *SectionName `json:"sectionName,omitempty"`
}
func (in *PolicyTargetReferenceWithSectionName) DeepCopy() *PolicyTargetReferenceWithSectionName
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReferenceWithSectionName.
func (in *PolicyTargetReferenceWithSectionName) DeepCopyInto(out *PolicyTargetReferenceWithSectionName)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
PortNumber defines a network port.
+kubebuilder:validation:Minimum=1 +kubebuilder:validation:Maximum=65535
type PortNumber = v1.PortNumber
PreciseHostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed.
Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed.
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253 +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
type PreciseHostname = v1.PreciseHostname
ProtocolType defines the application protocol accepted by a Listener. Implementations are not required to accept all the defined protocols. If an implementation does not support a specified protocol, it MUST set the "Accepted" condition to False for the affected Listener with a reason of "UnsupportedProtocol".
Core ProtocolType values are listed in the table below.
Implementations can define their own protocols if a core ProtocolType does not exist. Such definitions must use prefixed name, such as `mycompany.com/my-custom-protocol`. Un-prefixed names are reserved for core protocols. Any protocol defined by implementations will fall under implementation-specific conformance.
Valid values include:
* "HTTP" - Core support * "example.com/bar" - Implementation-specific support
Invalid values include:
* "example.com" - must include path if domain is used * "foo.example.com" - must include path if domain is used
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=255 +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$` +k8s:deepcopy-gen=false
type ProtocolType = v1.ProtocolType
QueryParamMatchType specifies the semantics of how HTTP query parameter values should be compared. Valid QueryParamMatchType values, along with their conformance levels, are:
* "Exact" - Core * "RegularExpression" - Implementation Specific
Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`.
+kubebuilder:validation:Enum=Exact;RegularExpression +k8s:deepcopy-gen=false
type QueryParamMatchType = v1.QueryParamMatchType
ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy.
Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within.
A ReferenceGrant is required for all cross-namespace references in Gateway API (with the exception of cross-namespace Route-Gateway attachment, which is governed by the AllowedRoutes configuration on the Gateway, and cross-namespace Service ParentRefs on a "consumer" mesh Route, which defines routing rules applicable only to workloads in the Route namespace). ReferenceGrants allowing a reference from a Route to a Service are only applicable to BackendRefs.
ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed.
type ReferenceGrant v1beta1.ReferenceGrant
func (in *ReferenceGrant) DeepCopy() *ReferenceGrant
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrant.
func (in *ReferenceGrant) DeepCopyInto(out *ReferenceGrant)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ReferenceGrant) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
ReferenceGrantFrom describes trusted namespaces and kinds. +k8s:deepcopy-gen=false
type ReferenceGrantFrom = v1beta1.ReferenceGrantFrom
+kubebuilder:object:root=true ReferenceGrantList contains a list of ReferenceGrant.
type ReferenceGrantList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ReferenceGrant `json:"items"`
}
func (in *ReferenceGrantList) DeepCopy() *ReferenceGrantList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReferenceGrantList.
func (in *ReferenceGrantList) DeepCopyInto(out *ReferenceGrantList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ReferenceGrantList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
ReferenceGrantSpec identifies a cross namespace relationship that is trusted for Gateway API. +k8s:deepcopy-gen=false
type ReferenceGrantSpec = v1beta1.ReferenceGrantSpec
ReferenceGrantTo describes what Kinds are allowed as targets of the references. +k8s:deepcopy-gen=false
type ReferenceGrantTo = v1beta1.ReferenceGrantTo
RouteConditionReason is a reason for a route condition.
type RouteConditionReason = v1.RouteConditionReason
RouteConditionType is a type of condition for a route.
type RouteConditionType = v1.RouteConditionType
RouteGroupKind indicates the group and kind of a Route resource. +k8s:deepcopy-gen=false
type RouteGroupKind = v1.RouteGroupKind
RouteNamespaces indicate which namespaces Routes should be selected from. +k8s:deepcopy-gen=false
type RouteNamespaces = v1.RouteNamespaces
RouteParentStatus describes the status of a route with respect to an associated Parent. +k8s:deepcopy-gen=false
type RouteParentStatus = v1.RouteParentStatus
RouteStatus defines the common attributes that all Routes MUST include within their status. +k8s:deepcopy-gen=false
type RouteStatus = v1.RouteStatus
SecretObjectReference identifies an API object including its namespace, defaulting to Secret.
The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid.
References to objects with invalid Group and Kind are not valid, and must be rejected by the implementation, with appropriate Conditions set on the containing object. +k8s:deepcopy-gen=false
type SecretObjectReference = v1.SecretObjectReference
SectionName is the name of a section in a Kubernetes resource.
This validation is based off of the corresponding Kubernetes validation: https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
Valid values include:
* "example.com" * "foo.example.com"
Invalid values include:
* "example.com/bar" - "/" is an invalid character
+kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` +kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253
type SectionName = v1.SectionName
TCPRoute provides a way to route TCP requests. When combined with a Gateway listener, it can be used to forward connections on the port specified by the listener to a set of backends specified by the TCPRoute.
type TCPRoute struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec defines the desired state of TCPRoute.
Spec TCPRouteSpec `json:"spec"`
// Status defines the current state of TCPRoute.
Status TCPRouteStatus `json:"status,omitempty"`
}
func (in *TCPRoute) DeepCopy() *TCPRoute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute.
func (in *TCPRoute) DeepCopyInto(out *TCPRoute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TCPRoute) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
TCPRouteList contains a list of TCPRoute
type TCPRouteList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []TCPRoute `json:"items"`
}
func (in *TCPRouteList) DeepCopy() *TCPRouteList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRouteList.
func (in *TCPRouteList) DeepCopyInto(out *TCPRouteList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TCPRouteList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
TCPRouteRule is the configuration for a given rule.
type TCPRouteRule struct {
// BackendRefs defines the backend(s) where matching requests should be
// sent. If unspecified or invalid (refers to a non-existent resource or a
// Service with no endpoints), the underlying implementation MUST actively
// reject connection attempts to this backend. Connection rejections must
// respect weight; if an invalid backend is requested to have 80% of
// connections, then 80% of connections must be rejected instead.
//
// Support: Core for Kubernetes Service
//
// Support: Extended for Kubernetes ServiceImport
//
// Support: Implementation-specific for any other resource
//
// Support for weight: Extended
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
BackendRefs []BackendRef `json:"backendRefs,omitempty"`
}
func (in *TCPRouteRule) DeepCopy() *TCPRouteRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRouteRule.
func (in *TCPRouteRule) DeepCopyInto(out *TCPRouteRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
TCPRouteSpec defines the desired state of TCPRoute
type TCPRouteSpec struct {
CommonRouteSpec `json:",inline"`
// Rules are a list of TCP matchers and actions.
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
Rules []TCPRouteRule `json:"rules"`
}
func (in *TCPRouteSpec) DeepCopy() *TCPRouteSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRouteSpec.
func (in *TCPRouteSpec) DeepCopyInto(out *TCPRouteSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
TCPRouteStatus defines the observed state of TCPRoute
type TCPRouteStatus struct {
RouteStatus `json:",inline"`
}
func (in *TCPRouteStatus) DeepCopy() *TCPRouteStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRouteStatus.
func (in *TCPRouteStatus) DeepCopyInto(out *TCPRouteStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
TLSModeType type defines how a Gateway handles TLS sessions.
Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash.
Unknown values here must result in the implementation setting the Ready Condition for the Listener to `status: False`, with a Reason of `Invalid`.
+kubebuilder:validation:Enum=Terminate;Passthrough +k8s:deepcopy-gen=false
type TLSModeType = v1.TLSModeType
The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener.
If you need to forward traffic to a single target for a TLS listener, you could choose to use a TCPRoute with a TLS listener.
type TLSRoute struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec defines the desired state of TLSRoute.
Spec TLSRouteSpec `json:"spec"`
// Status defines the current state of TLSRoute.
Status TLSRouteStatus `json:"status,omitempty"`
}
func (in *TLSRoute) DeepCopy() *TLSRoute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute.
func (in *TLSRoute) DeepCopyInto(out *TLSRoute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TLSRoute) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
TLSRouteList contains a list of TLSRoute
type TLSRouteList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []TLSRoute `json:"items"`
}
func (in *TLSRouteList) DeepCopy() *TLSRouteList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRouteList.
func (in *TLSRouteList) DeepCopyInto(out *TLSRouteList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TLSRouteList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
TLSRouteRule is the configuration for a given rule.
type TLSRouteRule struct {
// BackendRefs defines the backend(s) where matching requests should be
// sent. If unspecified or invalid (refers to a non-existent resource or
// a Service with no endpoints), the rule performs no forwarding; if no
// filters are specified that would result in a response being sent, the
// underlying implementation must actively reject request attempts to this
// backend, by rejecting the connection or returning a 500 status code.
// Request rejections must respect weight; if an invalid backend is
// requested to have 80% of requests, then 80% of requests must be rejected
// instead.
//
// Support: Core for Kubernetes Service
//
// Support: Extended for Kubernetes ServiceImport
//
// Support: Implementation-specific for any other resource
//
// Support for weight: Extended
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
BackendRefs []BackendRef `json:"backendRefs,omitempty"`
}
func (in *TLSRouteRule) DeepCopy() *TLSRouteRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRouteRule.
func (in *TLSRouteRule) DeepCopyInto(out *TLSRouteRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
TLSRouteSpec defines the desired state of a TLSRoute resource.
type TLSRouteSpec struct {
CommonRouteSpec `json:",inline"`
// Hostnames defines a set of SNI names that should match against the
// SNI attribute of TLS ClientHello message in TLS handshake. This matches
// the RFC 1123 definition of a hostname with 2 notable exceptions:
//
// 1. IPs are not allowed in SNI names per RFC 6066.
// 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
// label must appear by itself as the first label.
//
// If a hostname is specified by both the Listener and TLSRoute, there
// must be at least one intersecting hostname for the TLSRoute to be
// attached to the Listener. For example:
//
// * A Listener with `test.example.com` as the hostname matches TLSRoutes
// that have either not specified any hostnames, or have specified at
// least one of `test.example.com` or `*.example.com`.
// * A Listener with `*.example.com` as the hostname matches TLSRoutes
// that have either not specified any hostnames or have specified at least
// one hostname that matches the Listener hostname. For example,
// `test.example.com` and `*.example.com` would both match. On the other
// hand, `example.com` and `test.example.net` would not match.
//
// If both the Listener and TLSRoute have specified hostnames, any
// TLSRoute hostnames that do not match the Listener hostname MUST be
// ignored. For example, if a Listener specified `*.example.com`, and the
// TLSRoute specified `test.example.com` and `test.example.net`,
// `test.example.net` must not be considered for a match.
//
// If both the Listener and TLSRoute have specified hostnames, and none
// match with the criteria above, then the TLSRoute is not accepted. The
// implementation must raise an 'Accepted' Condition with a status of
// `False` in the corresponding RouteParentStatus.
//
// Support: Core
//
// +optional
// +kubebuilder:validation:MaxItems=16
Hostnames []Hostname `json:"hostnames,omitempty"`
// Rules are a list of TLS matchers and actions.
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
Rules []TLSRouteRule `json:"rules"`
}
func (in *TLSRouteSpec) DeepCopy() *TLSRouteSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRouteSpec.
func (in *TLSRouteSpec) DeepCopyInto(out *TLSRouteSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
TLSRouteStatus defines the observed state of TLSRoute
type TLSRouteStatus struct {
RouteStatus `json:",inline"`
}
func (in *TLSRouteStatus) DeepCopy() *TLSRouteStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRouteStatus.
func (in *TLSRouteStatus) DeepCopyInto(out *TLSRouteStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
UDPRoute provides a way to route UDP traffic. When combined with a Gateway listener, it can be used to forward traffic on the port specified by the listener to a set of backends specified by the UDPRoute.
type UDPRoute struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec defines the desired state of UDPRoute.
Spec UDPRouteSpec `json:"spec"`
// Status defines the current state of UDPRoute.
Status UDPRouteStatus `json:"status,omitempty"`
}
func (in *UDPRoute) DeepCopy() *UDPRoute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPRoute.
func (in *UDPRoute) DeepCopyInto(out *UDPRoute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *UDPRoute) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
UDPRouteList contains a list of UDPRoute
type UDPRouteList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []UDPRoute `json:"items"`
}
func (in *UDPRouteList) DeepCopy() *UDPRouteList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPRouteList.
func (in *UDPRouteList) DeepCopyInto(out *UDPRouteList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *UDPRouteList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
UDPRouteRule is the configuration for a given rule.
type UDPRouteRule struct {
// BackendRefs defines the backend(s) where matching requests should be
// sent. If unspecified or invalid (refers to a non-existent resource or a
// Service with no endpoints), the underlying implementation MUST actively
// reject connection attempts to this backend. Packet drops must
// respect weight; if an invalid backend is requested to have 80% of
// the packets, then 80% of packets must be dropped instead.
//
// Support: Core for Kubernetes Service
//
// Support: Extended for Kubernetes ServiceImport
//
// Support: Implementation-specific for any other resource
//
// Support for weight: Extended
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
BackendRefs []BackendRef `json:"backendRefs,omitempty"`
}
func (in *UDPRouteRule) DeepCopy() *UDPRouteRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPRouteRule.
func (in *UDPRouteRule) DeepCopyInto(out *UDPRouteRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
UDPRouteSpec defines the desired state of UDPRoute.
type UDPRouteSpec struct {
CommonRouteSpec `json:",inline"`
// Rules are a list of UDP matchers and actions.
//
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=16
Rules []UDPRouteRule `json:"rules"`
}
func (in *UDPRouteSpec) DeepCopy() *UDPRouteSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPRouteSpec.
func (in *UDPRouteSpec) DeepCopyInto(out *UDPRouteSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
UDPRouteStatus defines the observed state of UDPRoute.
type UDPRouteStatus struct {
RouteStatus `json:",inline"`
}
func (in *UDPRouteStatus) DeepCopy() *UDPRouteStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPRouteStatus.
func (in *UDPRouteStatus) DeepCopyInto(out *UDPRouteStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
WellKnownCACertType is the type of CA certificate that will be used when the TLS.caCertRefs is unspecified. +kubebuilder:validation:Enum=System
type WellKnownCACertType string
const (
// Indicates that well known system CA certificates should be used.
WellKnownCACertSystem WellKnownCACertType = "System"
)
| Name | Synopsis |
|---|---|
| .. | |
| util | |
| validation | |
| validation | Package validation has functions for validating the correctness of api objects and explaining what's wrong with them when they're not valid. |