1# Source: partials/templates/gateway.networking.k8s.io_grpcroutes.yaml
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 name: grpcroutes.gateway.networking.k8s.io
6 labels:
7 helm.sh/chart: partials-0.1.0
8 linkerd.io/control-plane-ns: linkerd
9 annotations:
10 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
11 gateway.networking.k8s.io/bundle-version: v0.7.1
12 gateway.networking.k8s.io/channel: experimental
13 linkerd.io/created-by: linkerd/helm %!s(<nil>)
14spec:
15 group: gateway.networking.k8s.io
16 names:
17 kind: GRPCRoute
18 categories:
19 - gateway-api
20 listKind: GRPCRouteList
21 plural: grpcroutes
22 singular: grpcroute
23 scope: Namespaced
24 versions:
25 - name: v1alpha2
26 additionalPrinterColumns:
27 - name: Hostnames
28 type: string
29 jsonPath: .spec.hostnames
30 - name: Age
31 type: date
32 jsonPath: .metadata.creationTimestamp
33 schema:
34 openAPIV3Schema:
35 type: object
36 description: "GRPCRoute provides a way to route gRPC requests. This includes the capability to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. Filters can be used to specify additional processing steps. Backends specify where matching requests will be routed. \n GRPCRoute falls under extended support within the Gateway API. Within the following specification, the word \"MUST\" indicates that an implementation supporting GRPCRoute must conform to the indicated requirement, but an implementation not supporting this route type need not follow the requirement unless explicitly indicated. \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via ALPN. If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1, i.e. without prior knowledge. \n Support: Extended"
37 properties:
38 apiVersion:
39 type: string
40 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
41 kind:
42 type: string
43 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
44 metadata:
45 type: object
46 spec:
47 type: object
48 description: Spec defines the desired state of GRPCRoute.
49 properties:
50 hostnames:
51 type: array
52 description: "Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \n Support: Core"
53 items:
54 type: string
55 description: "Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed."
56 maxLength: 253
57 minLength: 1
58 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
59 maxItems: 16
60 parentRefs:
61 type: array
62 description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."
63 items:
64 type: object
65 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
66 properties:
67 name:
68 type: string
69 description: "Name is the name of the referent. \n Support: Core"
70 maxLength: 253
71 minLength: 1
72 namespace:
73 type: string
74 description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core"
75 maxLength: 63
76 minLength: 1
77 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
78 kind:
79 type: string
80 default: Gateway
81 description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)"
82 maxLength: 63
83 minLength: 1
84 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
85 port:
86 type: integer
87 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
88 format: int32
89 maximum: 65535
90 minimum: 1
91 group:
92 type: string
93 default: gateway.networking.k8s.io
94 description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core"
95 maxLength: 253
96 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
97 sectionName:
98 type: string
99 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
100 maxLength: 253
101 minLength: 1
102 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
103 required:
104 - name
105 maxItems: 32
106 rules:
107 type: array
108 default:
109 - matches:
110 - method:
111 type: Exact
112 description: Rules are a list of GRPC matchers, filters and actions.
113 items:
114 type: object
115 description: GRPCRouteRule defines the semantics for matching a gRPC request based on conditions (matches), processing it (filters), and forwarding the request to an API object (backendRefs).
116 properties:
117 backendRefs:
118 type: array
119 description: "BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core"
120 items:
121 type: object
122 description: GRPCBackendRef defines how a GRPCRoute forwards a gRPC request.
123 properties:
124 name:
125 type: string
126 description: Name is the name of the referent.
127 maxLength: 253
128 minLength: 1
129 namespace:
130 type: string
131 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
132 maxLength: 63
133 minLength: 1
134 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
135 kind:
136 type: string
137 default: Service
138 description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)"
139 maxLength: 63
140 minLength: 1
141 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
142 port:
143 type: integer
144 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
145 format: int32
146 maximum: 65535
147 minimum: 1
148 filters:
149 type: array
150 description: "Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)"
151 items:
152 type: object
153 description: GRPCRouteFilter defines processing steps that must be completed during the request or response lifecycle. GRPCRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
154 properties:
155 type:
156 type: string
157 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n "
158 enum:
159 - ResponseHeaderModifier
160 - RequestHeaderModifier
161 - RequestMirror
162 - ExtensionRef
163 extensionRef:
164 type: object
165 description: "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific"
166 properties:
167 name:
168 type: string
169 description: Name is the name of the referent.
170 maxLength: 253
171 minLength: 1
172 kind:
173 type: string
174 description: Kind is kind of the referent. For example "HTTPRoute" or "Service".
175 maxLength: 63
176 minLength: 1
177 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
178 group:
179 type: string
180 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
181 maxLength: 253
182 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
183 required:
184 - group
185 - kind
186 - name
187 requestHeaderModifier:
188 type: object
189 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
190 properties:
191 add:
192 type: array
193 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
194 items:
195 type: object
196 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
197 properties:
198 name:
199 type: string
200 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
201 maxLength: 256
202 minLength: 1
203 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
204 value:
205 type: string
206 description: Value is the value of HTTP Header to be matched.
207 maxLength: 4096
208 minLength: 1
209 required:
210 - name
211 - value
212 maxItems: 16
213 x-kubernetes-list-map-keys:
214 - name
215 x-kubernetes-list-type: map
216 remove:
217 type: array
218 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
219 items:
220 type: string
221 maxItems: 16
222 set:
223 type: array
224 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
225 items:
226 type: object
227 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
228 properties:
229 name:
230 type: string
231 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
232 maxLength: 256
233 minLength: 1
234 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
235 value:
236 type: string
237 description: Value is the value of HTTP Header to be matched.
238 maxLength: 4096
239 minLength: 1
240 required:
241 - name
242 - value
243 maxItems: 16
244 x-kubernetes-list-map-keys:
245 - name
246 x-kubernetes-list-type: map
247 requestMirror:
248 type: object
249 description: "RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended"
250 properties:
251 backendRef:
252 type: object
253 description: "BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource"
254 properties:
255 name:
256 type: string
257 description: Name is the name of the referent.
258 maxLength: 253
259 minLength: 1
260 namespace:
261 type: string
262 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
263 maxLength: 63
264 minLength: 1
265 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
266 kind:
267 type: string
268 default: Service
269 description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)"
270 maxLength: 63
271 minLength: 1
272 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
273 port:
274 type: integer
275 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
276 format: int32
277 maximum: 65535
278 minimum: 1
279 group:
280 type: string
281 default: ""
282 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
283 maxLength: 253
284 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
285 required:
286 - name
287 required:
288 - backendRef
289 responseHeaderModifier:
290 type: object
291 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
292 properties:
293 add:
294 type: array
295 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
296 items:
297 type: object
298 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
299 properties:
300 name:
301 type: string
302 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
303 maxLength: 256
304 minLength: 1
305 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
306 value:
307 type: string
308 description: Value is the value of HTTP Header to be matched.
309 maxLength: 4096
310 minLength: 1
311 required:
312 - name
313 - value
314 maxItems: 16
315 x-kubernetes-list-map-keys:
316 - name
317 x-kubernetes-list-type: map
318 remove:
319 type: array
320 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
321 items:
322 type: string
323 maxItems: 16
324 set:
325 type: array
326 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
327 items:
328 type: object
329 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
330 properties:
331 name:
332 type: string
333 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
334 maxLength: 256
335 minLength: 1
336 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
337 value:
338 type: string
339 description: Value is the value of HTTP Header to be matched.
340 maxLength: 4096
341 minLength: 1
342 required:
343 - name
344 - value
345 maxItems: 16
346 x-kubernetes-list-map-keys:
347 - name
348 x-kubernetes-list-type: map
349 required:
350 - type
351 maxItems: 16
352 group:
353 type: string
354 default: ""
355 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
356 maxLength: 253
357 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
358 weight:
359 type: integer
360 default: 1
361 description: "Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used."
362 format: int32
363 maximum: 1000000
364 minimum: 0
365 required:
366 - name
367 maxItems: 16
368 filters:
369 type: array
370 description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. Support: Core"
371 items:
372 type: object
373 description: GRPCRouteFilter defines processing steps that must be completed during the request or response lifecycle. GRPCRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
374 properties:
375 type:
376 type: string
377 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n "
378 enum:
379 - ResponseHeaderModifier
380 - RequestHeaderModifier
381 - RequestMirror
382 - ExtensionRef
383 extensionRef:
384 type: object
385 description: "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific"
386 properties:
387 name:
388 type: string
389 description: Name is the name of the referent.
390 maxLength: 253
391 minLength: 1
392 kind:
393 type: string
394 description: Kind is kind of the referent. For example "HTTPRoute" or "Service".
395 maxLength: 63
396 minLength: 1
397 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
398 group:
399 type: string
400 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
401 maxLength: 253
402 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
403 required:
404 - group
405 - kind
406 - name
407 requestHeaderModifier:
408 type: object
409 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
410 properties:
411 add:
412 type: array
413 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
414 items:
415 type: object
416 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
417 properties:
418 name:
419 type: string
420 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
421 maxLength: 256
422 minLength: 1
423 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
424 value:
425 type: string
426 description: Value is the value of HTTP Header to be matched.
427 maxLength: 4096
428 minLength: 1
429 required:
430 - name
431 - value
432 maxItems: 16
433 x-kubernetes-list-map-keys:
434 - name
435 x-kubernetes-list-type: map
436 remove:
437 type: array
438 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
439 items:
440 type: string
441 maxItems: 16
442 set:
443 type: array
444 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
445 items:
446 type: object
447 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
448 properties:
449 name:
450 type: string
451 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
452 maxLength: 256
453 minLength: 1
454 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
455 value:
456 type: string
457 description: Value is the value of HTTP Header to be matched.
458 maxLength: 4096
459 minLength: 1
460 required:
461 - name
462 - value
463 maxItems: 16
464 x-kubernetes-list-map-keys:
465 - name
466 x-kubernetes-list-type: map
467 requestMirror:
468 type: object
469 description: "RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended"
470 properties:
471 backendRef:
472 type: object
473 description: "BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource"
474 properties:
475 name:
476 type: string
477 description: Name is the name of the referent.
478 maxLength: 253
479 minLength: 1
480 namespace:
481 type: string
482 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
483 maxLength: 63
484 minLength: 1
485 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
486 kind:
487 type: string
488 default: Service
489 description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)"
490 maxLength: 63
491 minLength: 1
492 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
493 port:
494 type: integer
495 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
496 format: int32
497 maximum: 65535
498 minimum: 1
499 group:
500 type: string
501 default: ""
502 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
503 maxLength: 253
504 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
505 required:
506 - name
507 required:
508 - backendRef
509 responseHeaderModifier:
510 type: object
511 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
512 properties:
513 add:
514 type: array
515 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
516 items:
517 type: object
518 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
519 properties:
520 name:
521 type: string
522 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
523 maxLength: 256
524 minLength: 1
525 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
526 value:
527 type: string
528 description: Value is the value of HTTP Header to be matched.
529 maxLength: 4096
530 minLength: 1
531 required:
532 - name
533 - value
534 maxItems: 16
535 x-kubernetes-list-map-keys:
536 - name
537 x-kubernetes-list-type: map
538 remove:
539 type: array
540 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
541 items:
542 type: string
543 maxItems: 16
544 set:
545 type: array
546 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
547 items:
548 type: object
549 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
550 properties:
551 name:
552 type: string
553 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
554 maxLength: 256
555 minLength: 1
556 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
557 value:
558 type: string
559 description: Value is the value of HTTP Header to be matched.
560 maxLength: 4096
561 minLength: 1
562 required:
563 - name
564 - value
565 maxItems: 16
566 x-kubernetes-list-map-keys:
567 - name
568 x-kubernetes-list-type: map
569 required:
570 - type
571 maxItems: 16
572 matches:
573 type: array
574 description: "Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria."
575 items:
576 type: object
577 description: "GRPCRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a gRPC request only if its service is `foo` AND it contains the `version: v1` header: \n ``` matches: - method: type: Exact service: \"foo\" headers: - name: \"version\" value \"v1\" \n ```"
578 properties:
579 headers:
580 type: array
581 description: Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route.
582 items:
583 type: object
584 description: GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request headers.
585 properties:
586 name:
587 type: string
588 description: "Name is the name of the gRPC Header to be matched. \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
589 maxLength: 256
590 minLength: 1
591 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
592 type:
593 type: string
594 default: Exact
595 description: Type specifies how to match against the value of the header.
596 enum:
597 - Exact
598 - RegularExpression
599 value:
600 type: string
601 description: Value is the value of the gRPC Header to be matched.
602 maxLength: 4096
603 minLength: 1
604 required:
605 - name
606 - value
607 maxItems: 16
608 x-kubernetes-list-map-keys:
609 - name
610 x-kubernetes-list-type: map
611 method:
612 type: object
613 description: Method specifies a gRPC request service/method matcher. If this field is not specified, all services and methods will match.
614 properties:
615 type:
616 type: string
617 default: Exact
618 description: "Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) \n Support: Implementation-specific (Exact with method specified but no service specified) \n Support: Implementation-specific (RegularExpression)"
619 enum:
620 - Exact
621 - RegularExpression
622 service:
623 type: string
624 description: "Value of the service to match against. If left empty or omitted, will match any service. \n At least one of Service and Method MUST be a non-empty string."
625 maxLength: 1024
626 method:
627 type: string
628 description: "Value of the method to match against. If left empty or omitted, will match all services. \n At least one of Service and Method MUST be a non-empty string."
629 maxLength: 1024
630 maxItems: 8
631 maxItems: 16
632 status:
633 type: object
634 description: Status defines the current state of GRPCRoute.
635 properties:
636 parents:
637 type: array
638 description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway."
639 items:
640 type: object
641 description: RouteParentStatus describes the status of a route with respect to an associated Parent.
642 properties:
643 conditions:
644 type: array
645 description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the controller does not have access to."
646 items:
647 type: object
648 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
649 properties:
650 type:
651 type: string
652 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
653 maxLength: 316
654 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
655 status:
656 type: string
657 description: status of the condition, one of True, False, Unknown.
658 enum:
659 - "True"
660 - "False"
661 - Unknown
662 lastTransitionTime:
663 type: string
664 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
665 format: date-time
666 message:
667 type: string
668 description: message is a human readable message indicating details about the transition. This may be an empty string.
669 maxLength: 32768
670 observedGeneration:
671 type: integer
672 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
673 format: int64
674 minimum: 0
675 reason:
676 type: string
677 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
678 maxLength: 1024
679 minLength: 1
680 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
681 required:
682 - lastTransitionTime
683 - message
684 - reason
685 - status
686 - type
687 maxItems: 8
688 minItems: 1
689 x-kubernetes-list-map-keys:
690 - type
691 x-kubernetes-list-type: map
692 controllerName:
693 type: string
694 description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary."
695 maxLength: 253
696 minLength: 1
697 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
698 parentRef:
699 type: object
700 description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of.
701 properties:
702 name:
703 type: string
704 description: "Name is the name of the referent. \n Support: Core"
705 maxLength: 253
706 minLength: 1
707 namespace:
708 type: string
709 description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core"
710 maxLength: 63
711 minLength: 1
712 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
713 kind:
714 type: string
715 default: Gateway
716 description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)"
717 maxLength: 63
718 minLength: 1
719 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
720 port:
721 type: integer
722 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
723 format: int32
724 maximum: 65535
725 minimum: 1
726 group:
727 type: string
728 default: gateway.networking.k8s.io
729 description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core"
730 maxLength: 253
731 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
732 sectionName:
733 type: string
734 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
735 maxLength: 253
736 minLength: 1
737 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
738 required:
739 - name
740 required:
741 - controllerName
742 - parentRef
743 maxItems: 32
744 required:
745 - parents
746 served: true
747 storage: true
748 subresources:
749 status: {}
750---
751# Source: partials/templates/gateway.networking.k8s.io_httproutes.yaml
752apiVersion: apiextensions.k8s.io/v1
753kind: CustomResourceDefinition
754metadata:
755 name: httproutes.gateway.networking.k8s.io
756 labels:
757 helm.sh/chart: partials-0.1.0
758 linkerd.io/control-plane-ns: linkerd
759 annotations:
760 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
761 gateway.networking.k8s.io/bundle-version: v0.7.1
762 gateway.networking.k8s.io/channel: experimental
763 linkerd.io/created-by: linkerd/helm %!s(<nil>)
764spec:
765 group: gateway.networking.k8s.io
766 names:
767 kind: HTTPRoute
768 categories:
769 - gateway-api
770 listKind: HTTPRouteList
771 plural: httproutes
772 singular: httproute
773 scope: Namespaced
774 versions:
775 - name: v1alpha2
776 additionalPrinterColumns:
777 - name: Hostnames
778 type: string
779 jsonPath: .spec.hostnames
780 - name: Age
781 type: date
782 jsonPath: .metadata.creationTimestamp
783 deprecated: true
784 deprecationWarning: The v1alpha2 version of HTTPRoute has been deprecated and will be removed in a future release of the API. Please upgrade to v1beta1.
785 schema:
786 openAPIV3Schema:
787 type: object
788 description: HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed.
789 properties:
790 apiVersion:
791 type: string
792 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
793 kind:
794 type: string
795 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
796 metadata:
797 type: object
798 spec:
799 type: object
800 description: Spec defines the desired state of HTTPRoute.
801 properties:
802 hostnames:
803 type: array
804 description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core"
805 items:
806 type: string
807 description: "Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed."
808 maxLength: 253
809 minLength: 1
810 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
811 maxItems: 16
812 parentRefs:
813 type: array
814 description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."
815 items:
816 type: object
817 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
818 properties:
819 name:
820 type: string
821 description: "Name is the name of the referent. \n Support: Core"
822 maxLength: 253
823 minLength: 1
824 namespace:
825 type: string
826 description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core"
827 maxLength: 63
828 minLength: 1
829 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
830 kind:
831 type: string
832 default: Gateway
833 description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)"
834 maxLength: 63
835 minLength: 1
836 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
837 port:
838 type: integer
839 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
840 format: int32
841 maximum: 65535
842 minimum: 1
843 group:
844 type: string
845 default: gateway.networking.k8s.io
846 description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core"
847 maxLength: 253
848 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
849 sectionName:
850 type: string
851 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
852 maxLength: 253
853 minLength: 1
854 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
855 required:
856 - name
857 maxItems: 32
858 rules:
859 type: array
860 default:
861 - matches:
862 - path:
863 type: PathPrefix
864 value: /
865 description: Rules are a list of HTTP matchers, filters and actions.
866 items:
867 type: object
868 description: HTTPRouteRule defines semantics for matching an HTTP request based on conditions (matches), processing it (filters), and forwarding the request to an API object (backendRefs).
869 properties:
870 backendRefs:
871 type: array
872 description: "BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core"
873 items:
874 type: object
875 description: HTTPBackendRef defines how a HTTPRoute should forward an HTTP request.
876 properties:
877 name:
878 type: string
879 description: Name is the name of the referent.
880 maxLength: 253
881 minLength: 1
882 namespace:
883 type: string
884 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
885 maxLength: 63
886 minLength: 1
887 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
888 kind:
889 type: string
890 default: Service
891 description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)"
892 maxLength: 63
893 minLength: 1
894 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
895 port:
896 type: integer
897 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
898 format: int32
899 maximum: 65535
900 minimum: 1
901 filters:
902 type: array
903 description: "Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"
904 items:
905 type: object
906 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
907 properties:
908 type:
909 type: string
910 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
911 enum:
912 - RequestHeaderModifier
913 - ResponseHeaderModifier
914 - RequestMirror
915 - RequestRedirect
916 - URLRewrite
917 - ExtensionRef
918 extensionRef:
919 type: object
920 description: "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific"
921 properties:
922 name:
923 type: string
924 description: Name is the name of the referent.
925 maxLength: 253
926 minLength: 1
927 kind:
928 type: string
929 description: Kind is kind of the referent. For example "HTTPRoute" or "Service".
930 maxLength: 63
931 minLength: 1
932 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
933 group:
934 type: string
935 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
936 maxLength: 253
937 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
938 required:
939 - group
940 - kind
941 - name
942 requestHeaderModifier:
943 type: object
944 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
945 properties:
946 add:
947 type: array
948 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
949 items:
950 type: object
951 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
952 properties:
953 name:
954 type: string
955 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
956 maxLength: 256
957 minLength: 1
958 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
959 value:
960 type: string
961 description: Value is the value of HTTP Header to be matched.
962 maxLength: 4096
963 minLength: 1
964 required:
965 - name
966 - value
967 maxItems: 16
968 x-kubernetes-list-map-keys:
969 - name
970 x-kubernetes-list-type: map
971 remove:
972 type: array
973 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
974 items:
975 type: string
976 maxItems: 16
977 set:
978 type: array
979 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
980 items:
981 type: object
982 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
983 properties:
984 name:
985 type: string
986 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
987 maxLength: 256
988 minLength: 1
989 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
990 value:
991 type: string
992 description: Value is the value of HTTP Header to be matched.
993 maxLength: 4096
994 minLength: 1
995 required:
996 - name
997 - value
998 maxItems: 16
999 x-kubernetes-list-map-keys:
1000 - name
1001 x-kubernetes-list-type: map
1002 requestMirror:
1003 type: object
1004 description: "RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended"
1005 properties:
1006 backendRef:
1007 type: object
1008 description: "BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource"
1009 properties:
1010 name:
1011 type: string
1012 description: Name is the name of the referent.
1013 maxLength: 253
1014 minLength: 1
1015 namespace:
1016 type: string
1017 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
1018 maxLength: 63
1019 minLength: 1
1020 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1021 kind:
1022 type: string
1023 default: Service
1024 description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)"
1025 maxLength: 63
1026 minLength: 1
1027 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1028 port:
1029 type: integer
1030 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
1031 format: int32
1032 maximum: 65535
1033 minimum: 1
1034 group:
1035 type: string
1036 default: ""
1037 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
1038 maxLength: 253
1039 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1040 required:
1041 - name
1042 required:
1043 - backendRef
1044 requestRedirect:
1045 type: object
1046 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
1047 properties:
1048 hostname:
1049 type: string
1050 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core"
1051 maxLength: 253
1052 minLength: 1
1053 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1054 port:
1055 type: integer
1056 description: "Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended"
1057 format: int32
1058 maximum: 65535
1059 minimum: 1
1060 path:
1061 type: object
1062 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
1063 properties:
1064 type:
1065 type: string
1066 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
1067 enum:
1068 - ReplaceFullPath
1069 - ReplacePrefixMatch
1070 replaceFullPath:
1071 type: string
1072 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
1073 maxLength: 1024
1074 replacePrefixMatch:
1075 type: string
1076 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."
1077 maxLength: 1024
1078 required:
1079 - type
1080 scheme:
1081 type: string
1082 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended"
1083 enum:
1084 - http
1085 - https
1086 statusCode:
1087 type: integer
1088 default: 302
1089 description: "StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core"
1090 enum:
1091 - 301
1092 - 302
1093 responseHeaderModifier:
1094 type: object
1095 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
1096 properties:
1097 add:
1098 type: array
1099 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
1100 items:
1101 type: object
1102 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
1103 properties:
1104 name:
1105 type: string
1106 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
1107 maxLength: 256
1108 minLength: 1
1109 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1110 value:
1111 type: string
1112 description: Value is the value of HTTP Header to be matched.
1113 maxLength: 4096
1114 minLength: 1
1115 required:
1116 - name
1117 - value
1118 maxItems: 16
1119 x-kubernetes-list-map-keys:
1120 - name
1121 x-kubernetes-list-type: map
1122 remove:
1123 type: array
1124 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
1125 items:
1126 type: string
1127 maxItems: 16
1128 set:
1129 type: array
1130 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
1131 items:
1132 type: object
1133 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
1134 properties:
1135 name:
1136 type: string
1137 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
1138 maxLength: 256
1139 minLength: 1
1140 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1141 value:
1142 type: string
1143 description: Value is the value of HTTP Header to be matched.
1144 maxLength: 4096
1145 minLength: 1
1146 required:
1147 - name
1148 - value
1149 maxItems: 16
1150 x-kubernetes-list-map-keys:
1151 - name
1152 x-kubernetes-list-type: map
1153 urlRewrite:
1154 type: object
1155 description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended"
1156 properties:
1157 hostname:
1158 type: string
1159 description: "Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended"
1160 maxLength: 253
1161 minLength: 1
1162 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1163 path:
1164 type: object
1165 description: "Path defines a path rewrite. \n Support: Extended"
1166 properties:
1167 type:
1168 type: string
1169 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
1170 enum:
1171 - ReplaceFullPath
1172 - ReplacePrefixMatch
1173 replaceFullPath:
1174 type: string
1175 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
1176 maxLength: 1024
1177 replacePrefixMatch:
1178 type: string
1179 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."
1180 maxLength: 1024
1181 required:
1182 - type
1183 required:
1184 - type
1185 maxItems: 16
1186 group:
1187 type: string
1188 default: ""
1189 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
1190 maxLength: 253
1191 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1192 weight:
1193 type: integer
1194 default: 1
1195 description: "Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used."
1196 format: int32
1197 maximum: 1000000
1198 minimum: 0
1199 required:
1200 - name
1201 maxItems: 16
1202 filters:
1203 type: array
1204 description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core"
1205 items:
1206 type: object
1207 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
1208 properties:
1209 type:
1210 type: string
1211 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
1212 enum:
1213 - RequestHeaderModifier
1214 - ResponseHeaderModifier
1215 - RequestMirror
1216 - RequestRedirect
1217 - URLRewrite
1218 - ExtensionRef
1219 extensionRef:
1220 type: object
1221 description: "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific"
1222 properties:
1223 name:
1224 type: string
1225 description: Name is the name of the referent.
1226 maxLength: 253
1227 minLength: 1
1228 kind:
1229 type: string
1230 description: Kind is kind of the referent. For example "HTTPRoute" or "Service".
1231 maxLength: 63
1232 minLength: 1
1233 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1234 group:
1235 type: string
1236 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
1237 maxLength: 253
1238 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1239 required:
1240 - group
1241 - kind
1242 - name
1243 requestHeaderModifier:
1244 type: object
1245 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
1246 properties:
1247 add:
1248 type: array
1249 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
1250 items:
1251 type: object
1252 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
1253 properties:
1254 name:
1255 type: string
1256 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
1257 maxLength: 256
1258 minLength: 1
1259 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1260 value:
1261 type: string
1262 description: Value is the value of HTTP Header to be matched.
1263 maxLength: 4096
1264 minLength: 1
1265 required:
1266 - name
1267 - value
1268 maxItems: 16
1269 x-kubernetes-list-map-keys:
1270 - name
1271 x-kubernetes-list-type: map
1272 remove:
1273 type: array
1274 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
1275 items:
1276 type: string
1277 maxItems: 16
1278 set:
1279 type: array
1280 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
1281 items:
1282 type: object
1283 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
1284 properties:
1285 name:
1286 type: string
1287 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
1288 maxLength: 256
1289 minLength: 1
1290 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1291 value:
1292 type: string
1293 description: Value is the value of HTTP Header to be matched.
1294 maxLength: 4096
1295 minLength: 1
1296 required:
1297 - name
1298 - value
1299 maxItems: 16
1300 x-kubernetes-list-map-keys:
1301 - name
1302 x-kubernetes-list-type: map
1303 requestMirror:
1304 type: object
1305 description: "RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended"
1306 properties:
1307 backendRef:
1308 type: object
1309 description: "BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource"
1310 properties:
1311 name:
1312 type: string
1313 description: Name is the name of the referent.
1314 maxLength: 253
1315 minLength: 1
1316 namespace:
1317 type: string
1318 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
1319 maxLength: 63
1320 minLength: 1
1321 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1322 kind:
1323 type: string
1324 default: Service
1325 description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)"
1326 maxLength: 63
1327 minLength: 1
1328 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1329 port:
1330 type: integer
1331 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
1332 format: int32
1333 maximum: 65535
1334 minimum: 1
1335 group:
1336 type: string
1337 default: ""
1338 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
1339 maxLength: 253
1340 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1341 required:
1342 - name
1343 required:
1344 - backendRef
1345 requestRedirect:
1346 type: object
1347 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
1348 properties:
1349 hostname:
1350 type: string
1351 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core"
1352 maxLength: 253
1353 minLength: 1
1354 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1355 port:
1356 type: integer
1357 description: "Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended"
1358 format: int32
1359 maximum: 65535
1360 minimum: 1
1361 path:
1362 type: object
1363 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
1364 properties:
1365 type:
1366 type: string
1367 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
1368 enum:
1369 - ReplaceFullPath
1370 - ReplacePrefixMatch
1371 replaceFullPath:
1372 type: string
1373 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
1374 maxLength: 1024
1375 replacePrefixMatch:
1376 type: string
1377 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."
1378 maxLength: 1024
1379 required:
1380 - type
1381 scheme:
1382 type: string
1383 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended"
1384 enum:
1385 - http
1386 - https
1387 statusCode:
1388 type: integer
1389 default: 302
1390 description: "StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core"
1391 enum:
1392 - 301
1393 - 302
1394 responseHeaderModifier:
1395 type: object
1396 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
1397 properties:
1398 add:
1399 type: array
1400 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
1401 items:
1402 type: object
1403 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
1404 properties:
1405 name:
1406 type: string
1407 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
1408 maxLength: 256
1409 minLength: 1
1410 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1411 value:
1412 type: string
1413 description: Value is the value of HTTP Header to be matched.
1414 maxLength: 4096
1415 minLength: 1
1416 required:
1417 - name
1418 - value
1419 maxItems: 16
1420 x-kubernetes-list-map-keys:
1421 - name
1422 x-kubernetes-list-type: map
1423 remove:
1424 type: array
1425 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
1426 items:
1427 type: string
1428 maxItems: 16
1429 set:
1430 type: array
1431 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
1432 items:
1433 type: object
1434 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
1435 properties:
1436 name:
1437 type: string
1438 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
1439 maxLength: 256
1440 minLength: 1
1441 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1442 value:
1443 type: string
1444 description: Value is the value of HTTP Header to be matched.
1445 maxLength: 4096
1446 minLength: 1
1447 required:
1448 - name
1449 - value
1450 maxItems: 16
1451 x-kubernetes-list-map-keys:
1452 - name
1453 x-kubernetes-list-type: map
1454 urlRewrite:
1455 type: object
1456 description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended"
1457 properties:
1458 hostname:
1459 type: string
1460 description: "Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended"
1461 maxLength: 253
1462 minLength: 1
1463 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1464 path:
1465 type: object
1466 description: "Path defines a path rewrite. \n Support: Extended"
1467 properties:
1468 type:
1469 type: string
1470 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
1471 enum:
1472 - ReplaceFullPath
1473 - ReplacePrefixMatch
1474 replaceFullPath:
1475 type: string
1476 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
1477 maxLength: 1024
1478 replacePrefixMatch:
1479 type: string
1480 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."
1481 maxLength: 1024
1482 required:
1483 - type
1484 required:
1485 - type
1486 maxItems: 16
1487 matches:
1488 type: array
1489 default:
1490 - path:
1491 type: PathPrefix
1492 value: /
1493 description: "Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."
1494 items:
1495 type: object
1496 description: "HTTPRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a HTTP request only if its path starts with `/foo` AND it contains the `version: v1` header: \n ``` match: \n path: value: \"/foo\" headers: - name: \"version\" value \"v1\" \n ```"
1497 properties:
1498 headers:
1499 type: array
1500 description: Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route.
1501 items:
1502 type: object
1503 description: HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers.
1504 properties:
1505 name:
1506 type: string
1507 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"."
1508 maxLength: 256
1509 minLength: 1
1510 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1511 type:
1512 type: string
1513 default: Exact
1514 description: "Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
1515 enum:
1516 - Exact
1517 - RegularExpression
1518 value:
1519 type: string
1520 description: Value is the value of HTTP Header to be matched.
1521 maxLength: 4096
1522 minLength: 1
1523 required:
1524 - name
1525 - value
1526 maxItems: 16
1527 x-kubernetes-list-map-keys:
1528 - name
1529 x-kubernetes-list-type: map
1530 method:
1531 type: string
1532 description: "Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended"
1533 enum:
1534 - GET
1535 - HEAD
1536 - POST
1537 - PUT
1538 - DELETE
1539 - CONNECT
1540 - OPTIONS
1541 - TRACE
1542 - PATCH
1543 path:
1544 type: object
1545 default:
1546 type: PathPrefix
1547 value: /
1548 description: Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.
1549 properties:
1550 type:
1551 type: string
1552 default: PathPrefix
1553 description: "Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Implementation-specific (RegularExpression)"
1554 enum:
1555 - Exact
1556 - PathPrefix
1557 - RegularExpression
1558 value:
1559 type: string
1560 default: /
1561 description: Value of the HTTP path to match against.
1562 maxLength: 1024
1563 queryParams:
1564 type: array
1565 description: "QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended"
1566 items:
1567 type: object
1568 description: HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP query parameters.
1569 properties:
1570 name:
1571 type: string
1572 description: "Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations."
1573 maxLength: 256
1574 minLength: 1
1575 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1576 type:
1577 type: string
1578 default: Exact
1579 description: "Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
1580 enum:
1581 - Exact
1582 - RegularExpression
1583 value:
1584 type: string
1585 description: Value is the value of HTTP query param to be matched.
1586 maxLength: 1024
1587 minLength: 1
1588 required:
1589 - name
1590 - value
1591 maxItems: 16
1592 x-kubernetes-list-map-keys:
1593 - name
1594 x-kubernetes-list-type: map
1595 maxItems: 8
1596 maxItems: 16
1597 status:
1598 type: object
1599 description: Status defines the current state of HTTPRoute.
1600 properties:
1601 parents:
1602 type: array
1603 description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway."
1604 items:
1605 type: object
1606 description: RouteParentStatus describes the status of a route with respect to an associated Parent.
1607 properties:
1608 conditions:
1609 type: array
1610 description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the controller does not have access to."
1611 items:
1612 type: object
1613 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
1614 properties:
1615 type:
1616 type: string
1617 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1618 maxLength: 316
1619 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1620 status:
1621 type: string
1622 description: status of the condition, one of True, False, Unknown.
1623 enum:
1624 - "True"
1625 - "False"
1626 - Unknown
1627 lastTransitionTime:
1628 type: string
1629 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1630 format: date-time
1631 message:
1632 type: string
1633 description: message is a human readable message indicating details about the transition. This may be an empty string.
1634 maxLength: 32768
1635 observedGeneration:
1636 type: integer
1637 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
1638 format: int64
1639 minimum: 0
1640 reason:
1641 type: string
1642 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
1643 maxLength: 1024
1644 minLength: 1
1645 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1646 required:
1647 - lastTransitionTime
1648 - message
1649 - reason
1650 - status
1651 - type
1652 maxItems: 8
1653 minItems: 1
1654 x-kubernetes-list-map-keys:
1655 - type
1656 x-kubernetes-list-type: map
1657 controllerName:
1658 type: string
1659 description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary."
1660 maxLength: 253
1661 minLength: 1
1662 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
1663 parentRef:
1664 type: object
1665 description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of.
1666 properties:
1667 name:
1668 type: string
1669 description: "Name is the name of the referent. \n Support: Core"
1670 maxLength: 253
1671 minLength: 1
1672 namespace:
1673 type: string
1674 description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core"
1675 maxLength: 63
1676 minLength: 1
1677 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1678 kind:
1679 type: string
1680 default: Gateway
1681 description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)"
1682 maxLength: 63
1683 minLength: 1
1684 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1685 port:
1686 type: integer
1687 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
1688 format: int32
1689 maximum: 65535
1690 minimum: 1
1691 group:
1692 type: string
1693 default: gateway.networking.k8s.io
1694 description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core"
1695 maxLength: 253
1696 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1697 sectionName:
1698 type: string
1699 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
1700 maxLength: 253
1701 minLength: 1
1702 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1703 required:
1704 - name
1705 required:
1706 - controllerName
1707 - parentRef
1708 maxItems: 32
1709 required:
1710 - parents
1711 required:
1712 - spec
1713 served: true
1714 storage: false
1715 subresources:
1716 status: {}
1717 - name: v1beta1
1718 additionalPrinterColumns:
1719 - name: Hostnames
1720 type: string
1721 jsonPath: .spec.hostnames
1722 - name: Age
1723 type: date
1724 jsonPath: .metadata.creationTimestamp
1725 schema:
1726 openAPIV3Schema:
1727 type: object
1728 description: HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed.
1729 properties:
1730 apiVersion:
1731 type: string
1732 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1733 kind:
1734 type: string
1735 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1736 metadata:
1737 type: object
1738 spec:
1739 type: object
1740 description: Spec defines the desired state of HTTPRoute.
1741 properties:
1742 hostnames:
1743 type: array
1744 description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute used to process the request. Implementations MUST ignore any port value specified in the HTTP Host header while performing a match. \n Valid values for Hostnames are determined by RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n In the event that multiple HTTPRoutes specify intersecting hostnames (e.g. overlapping wildcard matching and exact matching hostnames), precedence must be given to rules from the HTTPRoute with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. \n If ties exist across multiple Routes, the matching precedence rules for HTTPRouteMatches takes over. \n Support: Core"
1745 items:
1746 type: string
1747 description: "Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed."
1748 maxLength: 253
1749 minLength: 1
1750 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1751 maxItems: 16
1752 parentRefs:
1753 type: array
1754 description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference."
1755 items:
1756 type: object
1757 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
1758 properties:
1759 name:
1760 type: string
1761 description: "Name is the name of the referent. \n Support: Core"
1762 maxLength: 253
1763 minLength: 1
1764 namespace:
1765 type: string
1766 description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core"
1767 maxLength: 63
1768 minLength: 1
1769 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1770 kind:
1771 type: string
1772 default: Gateway
1773 description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)"
1774 maxLength: 63
1775 minLength: 1
1776 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1777 port:
1778 type: integer
1779 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
1780 format: int32
1781 maximum: 65535
1782 minimum: 1
1783 group:
1784 type: string
1785 default: gateway.networking.k8s.io
1786 description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core"
1787 maxLength: 253
1788 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1789 sectionName:
1790 type: string
1791 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
1792 maxLength: 253
1793 minLength: 1
1794 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1795 required:
1796 - name
1797 maxItems: 32
1798 rules:
1799 type: array
1800 default:
1801 - matches:
1802 - path:
1803 type: PathPrefix
1804 value: /
1805 description: Rules are a list of HTTP matchers, filters and actions.
1806 items:
1807 type: object
1808 description: HTTPRouteRule defines semantics for matching an HTTP request based on conditions (matches), processing it (filters), and forwarding the request to an API object (backendRefs).
1809 properties:
1810 backendRefs:
1811 type: array
1812 description: "BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Core"
1813 items:
1814 type: object
1815 description: HTTPBackendRef defines how a HTTPRoute should forward an HTTP request.
1816 properties:
1817 name:
1818 type: string
1819 description: Name is the name of the referent.
1820 maxLength: 253
1821 minLength: 1
1822 namespace:
1823 type: string
1824 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
1825 maxLength: 63
1826 minLength: 1
1827 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1828 kind:
1829 type: string
1830 default: Service
1831 description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)"
1832 maxLength: 63
1833 minLength: 1
1834 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1835 port:
1836 type: integer
1837 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
1838 format: int32
1839 maximum: 65535
1840 minimum: 1
1841 filters:
1842 type: array
1843 description: "Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"
1844 items:
1845 type: object
1846 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
1847 properties:
1848 type:
1849 type: string
1850 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
1851 enum:
1852 - RequestHeaderModifier
1853 - ResponseHeaderModifier
1854 - RequestMirror
1855 - RequestRedirect
1856 - URLRewrite
1857 - ExtensionRef
1858 extensionRef:
1859 type: object
1860 description: "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific"
1861 properties:
1862 name:
1863 type: string
1864 description: Name is the name of the referent.
1865 maxLength: 253
1866 minLength: 1
1867 kind:
1868 type: string
1869 description: Kind is kind of the referent. For example "HTTPRoute" or "Service".
1870 maxLength: 63
1871 minLength: 1
1872 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1873 group:
1874 type: string
1875 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
1876 maxLength: 253
1877 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1878 required:
1879 - group
1880 - kind
1881 - name
1882 requestHeaderModifier:
1883 type: object
1884 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
1885 properties:
1886 add:
1887 type: array
1888 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
1889 items:
1890 type: object
1891 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
1892 properties:
1893 name:
1894 type: string
1895 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
1896 maxLength: 256
1897 minLength: 1
1898 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1899 value:
1900 type: string
1901 description: Value is the value of HTTP Header to be matched.
1902 maxLength: 4096
1903 minLength: 1
1904 required:
1905 - name
1906 - value
1907 maxItems: 16
1908 x-kubernetes-list-map-keys:
1909 - name
1910 x-kubernetes-list-type: map
1911 remove:
1912 type: array
1913 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
1914 items:
1915 type: string
1916 maxItems: 16
1917 set:
1918 type: array
1919 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
1920 items:
1921 type: object
1922 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
1923 properties:
1924 name:
1925 type: string
1926 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
1927 maxLength: 256
1928 minLength: 1
1929 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1930 value:
1931 type: string
1932 description: Value is the value of HTTP Header to be matched.
1933 maxLength: 4096
1934 minLength: 1
1935 required:
1936 - name
1937 - value
1938 maxItems: 16
1939 x-kubernetes-list-map-keys:
1940 - name
1941 x-kubernetes-list-type: map
1942 requestMirror:
1943 type: object
1944 description: "RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended"
1945 properties:
1946 backendRef:
1947 type: object
1948 description: "BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource"
1949 properties:
1950 name:
1951 type: string
1952 description: Name is the name of the referent.
1953 maxLength: 253
1954 minLength: 1
1955 namespace:
1956 type: string
1957 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
1958 maxLength: 63
1959 minLength: 1
1960 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1961 kind:
1962 type: string
1963 default: Service
1964 description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)"
1965 maxLength: 63
1966 minLength: 1
1967 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1968 port:
1969 type: integer
1970 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
1971 format: int32
1972 maximum: 65535
1973 minimum: 1
1974 group:
1975 type: string
1976 default: ""
1977 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
1978 maxLength: 253
1979 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1980 required:
1981 - name
1982 required:
1983 - backendRef
1984 requestRedirect:
1985 type: object
1986 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
1987 properties:
1988 hostname:
1989 type: string
1990 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core"
1991 maxLength: 253
1992 minLength: 1
1993 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1994 port:
1995 type: integer
1996 description: "Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended"
1997 format: int32
1998 maximum: 65535
1999 minimum: 1
2000 path:
2001 type: object
2002 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
2003 properties:
2004 type:
2005 type: string
2006 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
2007 enum:
2008 - ReplaceFullPath
2009 - ReplacePrefixMatch
2010 replaceFullPath:
2011 type: string
2012 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
2013 maxLength: 1024
2014 replacePrefixMatch:
2015 type: string
2016 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."
2017 maxLength: 1024
2018 required:
2019 - type
2020 scheme:
2021 type: string
2022 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended"
2023 enum:
2024 - http
2025 - https
2026 statusCode:
2027 type: integer
2028 default: 302
2029 description: "StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core"
2030 enum:
2031 - 301
2032 - 302
2033 responseHeaderModifier:
2034 type: object
2035 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
2036 properties:
2037 add:
2038 type: array
2039 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
2040 items:
2041 type: object
2042 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
2043 properties:
2044 name:
2045 type: string
2046 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
2047 maxLength: 256
2048 minLength: 1
2049 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2050 value:
2051 type: string
2052 description: Value is the value of HTTP Header to be matched.
2053 maxLength: 4096
2054 minLength: 1
2055 required:
2056 - name
2057 - value
2058 maxItems: 16
2059 x-kubernetes-list-map-keys:
2060 - name
2061 x-kubernetes-list-type: map
2062 remove:
2063 type: array
2064 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
2065 items:
2066 type: string
2067 maxItems: 16
2068 set:
2069 type: array
2070 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
2071 items:
2072 type: object
2073 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
2074 properties:
2075 name:
2076 type: string
2077 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
2078 maxLength: 256
2079 minLength: 1
2080 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2081 value:
2082 type: string
2083 description: Value is the value of HTTP Header to be matched.
2084 maxLength: 4096
2085 minLength: 1
2086 required:
2087 - name
2088 - value
2089 maxItems: 16
2090 x-kubernetes-list-map-keys:
2091 - name
2092 x-kubernetes-list-type: map
2093 urlRewrite:
2094 type: object
2095 description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended"
2096 properties:
2097 hostname:
2098 type: string
2099 description: "Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended"
2100 maxLength: 253
2101 minLength: 1
2102 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2103 path:
2104 type: object
2105 description: "Path defines a path rewrite. \n Support: Extended"
2106 properties:
2107 type:
2108 type: string
2109 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
2110 enum:
2111 - ReplaceFullPath
2112 - ReplacePrefixMatch
2113 replaceFullPath:
2114 type: string
2115 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
2116 maxLength: 1024
2117 replacePrefixMatch:
2118 type: string
2119 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."
2120 maxLength: 1024
2121 required:
2122 - type
2123 required:
2124 - type
2125 maxItems: 16
2126 group:
2127 type: string
2128 default: ""
2129 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
2130 maxLength: 253
2131 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2132 weight:
2133 type: integer
2134 default: 1
2135 description: "Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used."
2136 format: int32
2137 maximum: 1000000
2138 minimum: 0
2139 required:
2140 - name
2141 maxItems: 16
2142 filters:
2143 type: array
2144 description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or implementation-specific conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core"
2145 items:
2146 type: object
2147 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
2148 properties:
2149 type:
2150 type: string
2151 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
2152 enum:
2153 - RequestHeaderModifier
2154 - ResponseHeaderModifier
2155 - RequestMirror
2156 - RequestRedirect
2157 - URLRewrite
2158 - ExtensionRef
2159 extensionRef:
2160 type: object
2161 description: "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific"
2162 properties:
2163 name:
2164 type: string
2165 description: Name is the name of the referent.
2166 maxLength: 253
2167 minLength: 1
2168 kind:
2169 type: string
2170 description: Kind is kind of the referent. For example "HTTPRoute" or "Service".
2171 maxLength: 63
2172 minLength: 1
2173 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2174 group:
2175 type: string
2176 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
2177 maxLength: 253
2178 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2179 required:
2180 - group
2181 - kind
2182 - name
2183 requestHeaderModifier:
2184 type: object
2185 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
2186 properties:
2187 add:
2188 type: array
2189 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
2190 items:
2191 type: object
2192 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
2193 properties:
2194 name:
2195 type: string
2196 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
2197 maxLength: 256
2198 minLength: 1
2199 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2200 value:
2201 type: string
2202 description: Value is the value of HTTP Header to be matched.
2203 maxLength: 4096
2204 minLength: 1
2205 required:
2206 - name
2207 - value
2208 maxItems: 16
2209 x-kubernetes-list-map-keys:
2210 - name
2211 x-kubernetes-list-type: map
2212 remove:
2213 type: array
2214 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
2215 items:
2216 type: string
2217 maxItems: 16
2218 set:
2219 type: array
2220 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
2221 items:
2222 type: object
2223 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
2224 properties:
2225 name:
2226 type: string
2227 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
2228 maxLength: 256
2229 minLength: 1
2230 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2231 value:
2232 type: string
2233 description: Value is the value of HTTP Header to be matched.
2234 maxLength: 4096
2235 minLength: 1
2236 required:
2237 - name
2238 - value
2239 maxItems: 16
2240 x-kubernetes-list-map-keys:
2241 - name
2242 x-kubernetes-list-type: map
2243 requestMirror:
2244 type: object
2245 description: "RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n Support: Extended"
2246 properties:
2247 backendRef:
2248 type: object
2249 description: "BackendRef references a resource where mirrored requests are sent. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource"
2250 properties:
2251 name:
2252 type: string
2253 description: Name is the name of the referent.
2254 maxLength: 253
2255 minLength: 1
2256 namespace:
2257 type: string
2258 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
2259 maxLength: 63
2260 minLength: 1
2261 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2262 kind:
2263 type: string
2264 default: Service
2265 description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)"
2266 maxLength: 63
2267 minLength: 1
2268 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2269 port:
2270 type: integer
2271 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
2272 format: int32
2273 maximum: 65535
2274 minimum: 1
2275 group:
2276 type: string
2277 default: ""
2278 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
2279 maxLength: 253
2280 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2281 required:
2282 - name
2283 required:
2284 - backendRef
2285 requestRedirect:
2286 type: object
2287 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
2288 properties:
2289 hostname:
2290 type: string
2291 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core"
2292 maxLength: 253
2293 minLength: 1
2294 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2295 port:
2296 type: integer
2297 description: "Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended"
2298 format: int32
2299 maximum: 65535
2300 minimum: 1
2301 path:
2302 type: object
2303 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
2304 properties:
2305 type:
2306 type: string
2307 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
2308 enum:
2309 - ReplaceFullPath
2310 - ReplacePrefixMatch
2311 replaceFullPath:
2312 type: string
2313 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
2314 maxLength: 1024
2315 replacePrefixMatch:
2316 type: string
2317 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."
2318 maxLength: 1024
2319 required:
2320 - type
2321 scheme:
2322 type: string
2323 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended"
2324 enum:
2325 - http
2326 - https
2327 statusCode:
2328 type: integer
2329 default: 302
2330 description: "StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core"
2331 enum:
2332 - 301
2333 - 302
2334 responseHeaderModifier:
2335 type: object
2336 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
2337 properties:
2338 add:
2339 type: array
2340 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
2341 items:
2342 type: object
2343 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
2344 properties:
2345 name:
2346 type: string
2347 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
2348 maxLength: 256
2349 minLength: 1
2350 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2351 value:
2352 type: string
2353 description: Value is the value of HTTP Header to be matched.
2354 maxLength: 4096
2355 minLength: 1
2356 required:
2357 - name
2358 - value
2359 maxItems: 16
2360 x-kubernetes-list-map-keys:
2361 - name
2362 x-kubernetes-list-type: map
2363 remove:
2364 type: array
2365 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
2366 items:
2367 type: string
2368 maxItems: 16
2369 set:
2370 type: array
2371 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
2372 items:
2373 type: object
2374 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
2375 properties:
2376 name:
2377 type: string
2378 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
2379 maxLength: 256
2380 minLength: 1
2381 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2382 value:
2383 type: string
2384 description: Value is the value of HTTP Header to be matched.
2385 maxLength: 4096
2386 minLength: 1
2387 required:
2388 - name
2389 - value
2390 maxItems: 16
2391 x-kubernetes-list-map-keys:
2392 - name
2393 x-kubernetes-list-type: map
2394 urlRewrite:
2395 type: object
2396 description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. \n Support: Extended"
2397 properties:
2398 hostname:
2399 type: string
2400 description: "Hostname is the value to be used to replace the Host header value during forwarding. \n Support: Extended"
2401 maxLength: 253
2402 minLength: 1
2403 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2404 path:
2405 type: object
2406 description: "Path defines a path rewrite. \n Support: Extended"
2407 properties:
2408 type:
2409 type: string
2410 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
2411 enum:
2412 - ReplaceFullPath
2413 - ReplacePrefixMatch
2414 replaceFullPath:
2415 type: string
2416 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
2417 maxLength: 1024
2418 replacePrefixMatch:
2419 type: string
2420 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" would be modified to \"/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not."
2421 maxLength: 1024
2422 required:
2423 - type
2424 required:
2425 - type
2426 maxItems: 16
2427 matches:
2428 type: array
2429 default:
2430 - path:
2431 type: PathPrefix
2432 value: /
2433 description: "Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize matches based on the following criteria, continuing on ties. Across all rules specified on applicable Routes, precedence must be given to the match having: \n * \"Exact\" path match. * \"Prefix\" path match with largest number of characters. * Method match. * Largest number of header matches. * Largest number of query param matches. \n Note: The precedence of RegularExpression path matches are implementation-specific. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within an HTTPRoute, matching precedence MUST be granted to the FIRST matching rule (in list order) with a match meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."
2434 items:
2435 type: object
2436 description: "HTTPRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a HTTP request only if its path starts with `/foo` AND it contains the `version: v1` header: \n ``` match: \n path: value: \"/foo\" headers: - name: \"version\" value \"v1\" \n ```"
2437 properties:
2438 headers:
2439 type: array
2440 description: Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route.
2441 items:
2442 type: object
2443 description: HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers.
2444 properties:
2445 name:
2446 type: string
2447 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"."
2448 maxLength: 256
2449 minLength: 1
2450 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2451 type:
2452 type: string
2453 default: Exact
2454 description: "Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression HeaderMatchType has implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
2455 enum:
2456 - Exact
2457 - RegularExpression
2458 value:
2459 type: string
2460 description: Value is the value of HTTP Header to be matched.
2461 maxLength: 4096
2462 minLength: 1
2463 required:
2464 - name
2465 - value
2466 maxItems: 16
2467 x-kubernetes-list-map-keys:
2468 - name
2469 x-kubernetes-list-type: map
2470 method:
2471 type: string
2472 description: "Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended"
2473 enum:
2474 - GET
2475 - HEAD
2476 - POST
2477 - PUT
2478 - DELETE
2479 - CONNECT
2480 - OPTIONS
2481 - TRACE
2482 - PATCH
2483 path:
2484 type: object
2485 default:
2486 type: PathPrefix
2487 value: /
2488 description: Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.
2489 properties:
2490 type:
2491 type: string
2492 default: PathPrefix
2493 description: "Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Implementation-specific (RegularExpression)"
2494 enum:
2495 - Exact
2496 - PathPrefix
2497 - RegularExpression
2498 value:
2499 type: string
2500 default: /
2501 description: Value of the HTTP path to match against.
2502 maxLength: 1024
2503 queryParams:
2504 type: array
2505 description: "QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route. \n Support: Extended"
2506 items:
2507 type: object
2508 description: HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP query parameters.
2509 properties:
2510 name:
2511 type: string
2512 description: "Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). \n If multiple entries specify equivalent query param names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent query param name MUST be ignored. \n If a query param is repeated in an HTTP request, the behavior is purposely left undefined, since different data planes have different capabilities. However, it is *recommended* that implementations should match against the first value of the param if the data plane supports it, as this behavior is expected in other load balancing contexts outside of the Gateway API. \n Users SHOULD NOT route traffic based on repeated query params to guard themselves against potential differences in the implementations."
2513 maxLength: 256
2514 minLength: 1
2515 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2516 type:
2517 type: string
2518 default: Exact
2519 description: "Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Implementation-specific (RegularExpression) \n Since RegularExpression QueryParamMatchType has Implementation-specific conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
2520 enum:
2521 - Exact
2522 - RegularExpression
2523 value:
2524 type: string
2525 description: Value is the value of HTTP query param to be matched.
2526 maxLength: 1024
2527 minLength: 1
2528 required:
2529 - name
2530 - value
2531 maxItems: 16
2532 x-kubernetes-list-map-keys:
2533 - name
2534 x-kubernetes-list-type: map
2535 maxItems: 8
2536 maxItems: 16
2537 status:
2538 type: object
2539 description: Status defines the current state of HTTPRoute.
2540 properties:
2541 parents:
2542 type: array
2543 description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway."
2544 items:
2545 type: object
2546 description: RouteParentStatus describes the status of a route with respect to an associated Parent.
2547 properties:
2548 conditions:
2549 type: array
2550 description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the controller does not have access to."
2551 items:
2552 type: object
2553 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
2554 properties:
2555 type:
2556 type: string
2557 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2558 maxLength: 316
2559 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2560 status:
2561 type: string
2562 description: status of the condition, one of True, False, Unknown.
2563 enum:
2564 - "True"
2565 - "False"
2566 - Unknown
2567 lastTransitionTime:
2568 type: string
2569 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
2570 format: date-time
2571 message:
2572 type: string
2573 description: message is a human readable message indicating details about the transition. This may be an empty string.
2574 maxLength: 32768
2575 observedGeneration:
2576 type: integer
2577 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
2578 format: int64
2579 minimum: 0
2580 reason:
2581 type: string
2582 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
2583 maxLength: 1024
2584 minLength: 1
2585 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2586 required:
2587 - lastTransitionTime
2588 - message
2589 - reason
2590 - status
2591 - type
2592 maxItems: 8
2593 minItems: 1
2594 x-kubernetes-list-map-keys:
2595 - type
2596 x-kubernetes-list-type: map
2597 controllerName:
2598 type: string
2599 description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary."
2600 maxLength: 253
2601 minLength: 1
2602 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
2603 parentRef:
2604 type: object
2605 description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of.
2606 properties:
2607 name:
2608 type: string
2609 description: "Name is the name of the referent. \n Support: Core"
2610 maxLength: 253
2611 minLength: 1
2612 namespace:
2613 type: string
2614 description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core"
2615 maxLength: 63
2616 minLength: 1
2617 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2618 kind:
2619 type: string
2620 default: Gateway
2621 description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)"
2622 maxLength: 63
2623 minLength: 1
2624 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2625 port:
2626 type: integer
2627 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
2628 format: int32
2629 maximum: 65535
2630 minimum: 1
2631 group:
2632 type: string
2633 default: gateway.networking.k8s.io
2634 description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core"
2635 maxLength: 253
2636 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2637 sectionName:
2638 type: string
2639 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
2640 maxLength: 253
2641 minLength: 1
2642 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2643 required:
2644 - name
2645 required:
2646 - controllerName
2647 - parentRef
2648 maxItems: 32
2649 required:
2650 - parents
2651 required:
2652 - spec
2653 served: true
2654 storage: true
2655 subresources:
2656 status: {}
2657---
2658# Source: partials/templates/policy/authorization-policy.yaml
2659apiVersion: apiextensions.k8s.io/v1
2660kind: CustomResourceDefinition
2661metadata:
2662 name: authorizationpolicies.policy.linkerd.io
2663 labels:
2664 helm.sh/chart: partials-0.1.0
2665 linkerd.io/control-plane-ns: linkerd
2666 annotations:
2667 linkerd.io/created-by: linkerd/helm %!s(<nil>)
2668spec:
2669 group: policy.linkerd.io
2670 names:
2671 kind: AuthorizationPolicy
2672 plural: authorizationpolicies
2673 shortNames: [authzpolicy]
2674 singular: authorizationpolicy
2675 scope: Namespaced
2676 versions:
2677 - name: v1alpha1
2678 schema:
2679 openAPIV3Schema:
2680 type: object
2681 properties:
2682 spec:
2683 type: object
2684 description: >-
2685 Authorizes clients to communicate with Linkerd-proxied server resources.
2686 properties:
2687 requiredAuthenticationRefs:
2688 type: array
2689 description: >-
2690 RequiredAuthenticationRefs enumerates a set of required authentications. ALL authentications must be satisfied for the authorization to apply. If any of the referred objects cannot be found, the authorization will be ignored.
2691 items:
2692 type: object
2693 properties:
2694 name:
2695 type: string
2696 description: >-
2697 Name is the name of the referent.
2698 maxLength: 253
2699 minLength: 1
2700 namespace:
2701 type: string
2702 description: >-
2703 Name is the name of the referent. When unspecified, this authentication refers to the local namespace.
2704 maxLength: 253
2705 kind:
2706 type: string
2707 description: >-
2708 Kind is the kind of the referent.
2709 maxLength: 63
2710 minLength: 1
2711 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2712 group:
2713 type: string
2714 description: >-
2715 Group is the group of the referent. When empty, the Kubernetes core API group is inferred."
2716 maxLength: 253
2717 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2718 required: [kind, name]
2719 targetRef:
2720 type: object
2721 description: >-
2722 TargetRef references a resource to which the authorization policy applies.
2723 # Modified from the gateway API.
2724 # Copyright 2020 The Kubernetes Authors
2725 properties:
2726 name:
2727 type: string
2728 description: Name is the name of the referent.
2729 maxLength: 253
2730 minLength: 1
2731 kind:
2732 type: string
2733 description: >-
2734 Kind is the kind of the referent.
2735 maxLength: 63
2736 minLength: 1
2737 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2738 group:
2739 type: string
2740 description: >-
2741 Group is the group of the referent. When empty, the Kubernetes core API group is inferred.
2742 maxLength: 253
2743 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2744 required: [kind, name]
2745 required: [targetRef, requiredAuthenticationRefs]
2746 required: [spec]
2747 served: true
2748 storage: true
2749---
2750# Source: partials/templates/policy/httproute.yaml
2751apiVersion: apiextensions.k8s.io/v1
2752kind: CustomResourceDefinition
2753metadata:
2754 name: httproutes.policy.linkerd.io
2755 labels:
2756 helm.sh/chart: partials-0.1.0
2757 linkerd.io/control-plane-ns: linkerd
2758 annotations:
2759 linkerd.io/created-by: linkerd/helm %!s(<nil>)
2760spec:
2761 group: policy.linkerd.io
2762 names:
2763 kind: HTTPRoute
2764 listKind: HTTPRouteList
2765 plural: httproutes
2766 singular: httproute
2767 scope: Namespaced
2768 versions:
2769 - name: v1alpha1
2770 additionalPrinterColumns:
2771 - name: Hostnames
2772 type: string
2773 jsonPath: .spec.hostnames
2774 - name: Age
2775 type: date
2776 jsonPath: .metadata.creationTimestamp
2777 schema:
2778 openAPIV3Schema:
2779 type: object
2780 description: HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed.
2781 properties:
2782 apiVersion:
2783 type: string
2784 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2785 kind:
2786 type: string
2787 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2788 metadata:
2789 type: object
2790 spec:
2791 type: object
2792 description: Spec defines the desired state of HTTPRoute.
2793 properties:
2794 hostnames:
2795 type: array
2796 description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core"
2797 items:
2798 type: string
2799 description: "Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed."
2800 maxLength: 253
2801 minLength: 1
2802 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2803 maxItems: 16
2804 parentRefs:
2805 type: array
2806 description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged."
2807 items:
2808 type: object
2809 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
2810 properties:
2811 name:
2812 type: string
2813 description: "Name is the name of the referent. \n Support: Core"
2814 maxLength: 253
2815 minLength: 1
2816 namespace:
2817 type: string
2818 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
2819 maxLength: 63
2820 minLength: 1
2821 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2822 kind:
2823 type: string
2824 default: Gateway
2825 description: "Kind is kind of the referent. \n Support: Core (Gateway) Support: Custom (Other Resources)"
2826 maxLength: 63
2827 minLength: 1
2828 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2829 port:
2830 type: integer
2831 description: "port"
2832 group:
2833 type: string
2834 default: policy.linkerd.io
2835 description: "Group is the group of the referent. \n Support: Core"
2836 maxLength: 253
2837 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2838 sectionName:
2839 type: string
2840 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
2841 maxLength: 253
2842 minLength: 1
2843 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2844 required:
2845 - name
2846 maxItems: 32
2847 rules:
2848 type: array
2849 default:
2850 - matches:
2851 - path:
2852 type: PathPrefix
2853 value: /
2854 description: Rules are a list of HTTP matchers, filters and actions.
2855 items:
2856 type: object
2857 description: HTTPRouteRule defines semantics for matching an HTTP request based on conditions (matches) and processing it (filters).
2858 properties:
2859 backendRefs:
2860 type: array
2861 items:
2862 type: object
2863 properties:
2864 name:
2865 type: string
2866 namespace:
2867 type: string
2868 default: "default"
2869 port:
2870 type: integer
2871 filters:
2872 type: array
2873 description: "Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"
2874 items:
2875 type: object
2876 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
2877 properties:
2878 type:
2879 type: string
2880 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
2881 enum:
2882 - RequestHeaderModifier
2883 - ResponseHeaderModifier
2884 - RequestRedirect
2885 requestHeaderModifier:
2886 type: object
2887 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
2888 properties:
2889 add:
2890 type: array
2891 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
2892 items:
2893 type: object
2894 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
2895 properties:
2896 name:
2897 type: string
2898 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
2899 maxLength: 256
2900 minLength: 1
2901 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2902 value:
2903 type: string
2904 description: Value is the value of HTTP Header to be matched.
2905 maxLength: 4096
2906 minLength: 1
2907 required:
2908 - name
2909 - value
2910 maxItems: 16
2911 x-kubernetes-list-map-keys:
2912 - name
2913 x-kubernetes-list-type: map
2914 remove:
2915 type: array
2916 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
2917 items:
2918 type: string
2919 maxItems: 16
2920 set:
2921 type: array
2922 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
2923 items:
2924 type: object
2925 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
2926 properties:
2927 name:
2928 type: string
2929 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
2930 maxLength: 256
2931 minLength: 1
2932 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2933 value:
2934 type: string
2935 description: Value is the value of HTTP Header to be matched.
2936 maxLength: 4096
2937 minLength: 1
2938 required:
2939 - name
2940 - value
2941 maxItems: 16
2942 x-kubernetes-list-map-keys:
2943 - name
2944 x-kubernetes-list-type: map
2945 requestRedirect:
2946 type: object
2947 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
2948 properties:
2949 hostname:
2950 type: string
2951 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core"
2952 maxLength: 253
2953 minLength: 1
2954 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2955 port:
2956 type: integer
2957 description: "Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended"
2958 format: int32
2959 maximum: 65535
2960 minimum: 1
2961 path:
2962 type: object
2963 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
2964 properties:
2965 type:
2966 type: string
2967 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
2968 enum:
2969 - ReplaceFullPath
2970 - ReplacePrefixMatch
2971 replaceFullPath:
2972 type: string
2973 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
2974 maxLength: 1024
2975 replacePrefixMatch:
2976 type: string
2977 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | <empty string> | /bar /foo/ | /foo | <empty string> | / /foo | /foo | <empty string> | / /foo/ | /foo | / | / /foo | /foo | / | /"
2978 maxLength: 1024
2979 required:
2980 - type
2981 scheme:
2982 type: string
2983 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended"
2984 enum:
2985 - http
2986 - https
2987 statusCode:
2988 type: integer
2989 default: 302
2990 description: "StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core"
2991 enum:
2992 - 301
2993 - 302
2994 responseHeaderModifier:
2995 type: object
2996 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
2997 properties:
2998 add:
2999 type: array
3000 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
3001 items:
3002 type: object
3003 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3004 properties:
3005 name:
3006 type: string
3007 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3008 maxLength: 256
3009 minLength: 1
3010 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3011 value:
3012 type: string
3013 description: Value is the value of HTTP Header to be matched.
3014 maxLength: 4096
3015 minLength: 1
3016 required:
3017 - name
3018 - value
3019 maxItems: 16
3020 x-kubernetes-list-map-keys:
3021 - name
3022 x-kubernetes-list-type: map
3023 remove:
3024 type: array
3025 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
3026 items:
3027 type: string
3028 maxItems: 16
3029 set:
3030 type: array
3031 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
3032 items:
3033 type: object
3034 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3035 properties:
3036 name:
3037 type: string
3038 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3039 maxLength: 256
3040 minLength: 1
3041 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3042 value:
3043 type: string
3044 description: Value is the value of HTTP Header to be matched.
3045 maxLength: 4096
3046 minLength: 1
3047 required:
3048 - name
3049 - value
3050 maxItems: 16
3051 x-kubernetes-list-map-keys:
3052 - name
3053 x-kubernetes-list-type: map
3054 required:
3055 - type
3056 maxItems: 16
3057 filters:
3058 type: array
3059 description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or custom conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core"
3060 items:
3061 type: object
3062 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
3063 properties:
3064 type:
3065 type: string
3066 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n\n "
3067 enum:
3068 - RequestHeaderModifier
3069 - RequestRedirect
3070 requestHeaderModifier:
3071 type: object
3072 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
3073 properties:
3074 add:
3075 type: array
3076 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: foo my-header: bar"
3077 items:
3078 type: object
3079 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3080 properties:
3081 name:
3082 type: string
3083 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3084 maxLength: 256
3085 minLength: 1
3086 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3087 value:
3088 type: string
3089 description: Value is the value of HTTP Header to be matched.
3090 maxLength: 4096
3091 minLength: 1
3092 required:
3093 - name
3094 - value
3095 maxItems: 16
3096 x-kubernetes-list-map-keys:
3097 - name
3098 x-kubernetes-list-type: map
3099 remove:
3100 type: array
3101 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
3102 items:
3103 type: string
3104 maxItems: 16
3105 set:
3106 type: array
3107 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
3108 items:
3109 type: object
3110 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3111 properties:
3112 name:
3113 type: string
3114 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3115 maxLength: 256
3116 minLength: 1
3117 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3118 value:
3119 type: string
3120 description: Value is the value of HTTP Header to be matched.
3121 maxLength: 4096
3122 minLength: 1
3123 required:
3124 - name
3125 - value
3126 maxItems: 16
3127 x-kubernetes-list-map-keys:
3128 - name
3129 x-kubernetes-list-type: map
3130 requestRedirect:
3131 type: object
3132 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
3133 properties:
3134 hostname:
3135 type: string
3136 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname of the request is used. \n Support: Core"
3137 maxLength: 253
3138 minLength: 1
3139 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3140 port:
3141 type: integer
3142 description: "Port is the port to be used in the value of the `Location` header in the response. When empty, port (if specified) of the request is used. \n Support: Extended"
3143 format: int32
3144 maximum: 65535
3145 minimum: 1
3146 path:
3147 type: object
3148 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
3149 properties:
3150 type:
3151 type: string
3152 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
3153 enum:
3154 - ReplaceFullPath
3155 - ReplacePrefixMatch
3156 replaceFullPath:
3157 type: string
3158 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
3159 maxLength: 1024
3160 replacePrefixMatch:
3161 type: string
3162 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | <empty string> | /bar /foo/ | /foo | <empty string> | / /foo | /foo | <empty string> | / /foo/ | /foo | / | / /foo | /foo | / | /"
3163 maxLength: 1024
3164 required:
3165 - type
3166 scheme:
3167 type: string
3168 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Support: Extended"
3169 enum:
3170 - http
3171 - https
3172 statusCode:
3173 type: integer
3174 default: 302
3175 description: "StatusCode is the HTTP status code to be used in response. \n Support: Core"
3176 enum:
3177 - 301
3178 - 302
3179 required:
3180 - type
3181 maxItems: 16
3182 matches:
3183 type: array
3184 default:
3185 - path:
3186 type: PathPrefix
3187 value: /
3188 description: "Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be given to the the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."
3189 items:
3190 type: object
3191 description: "HTTPRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a HTTP request only if its path starts with `/foo` AND it contains the `version: v1` header: \n ``` match: path: value: \"/foo\" headers: - name: \"version\" value \"v1\" ```"
3192 properties:
3193 headers:
3194 type: array
3195 description: Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route.
3196 items:
3197 type: object
3198 description: HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers.
3199 properties:
3200 name:
3201 type: string
3202 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"."
3203 maxLength: 256
3204 minLength: 1
3205 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3206 type:
3207 type: string
3208 default: Exact
3209 description: "Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Custom (RegularExpression) \n Since RegularExpression HeaderMatchType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
3210 enum:
3211 - Exact
3212 - RegularExpression
3213 value:
3214 type: string
3215 description: Value is the value of HTTP Header to be matched.
3216 maxLength: 4096
3217 minLength: 1
3218 required:
3219 - name
3220 - value
3221 maxItems: 16
3222 x-kubernetes-list-map-keys:
3223 - name
3224 x-kubernetes-list-type: map
3225 method:
3226 type: string
3227 description: "Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended"
3228 enum:
3229 - GET
3230 - HEAD
3231 - POST
3232 - PUT
3233 - DELETE
3234 - CONNECT
3235 - OPTIONS
3236 - TRACE
3237 - PATCH
3238 path:
3239 type: object
3240 default:
3241 type: PathPrefix
3242 value: /
3243 description: Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.
3244 properties:
3245 type:
3246 type: string
3247 default: PathPrefix
3248 description: "Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Custom (RegularExpression)"
3249 enum:
3250 - Exact
3251 - PathPrefix
3252 - RegularExpression
3253 value:
3254 type: string
3255 default: /
3256 description: Value of the HTTP path to match against.
3257 maxLength: 1024
3258 queryParams:
3259 type: array
3260 description: QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route.
3261 items:
3262 type: object
3263 description: HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP query parameters.
3264 properties:
3265 name:
3266 type: string
3267 description: Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
3268 maxLength: 256
3269 minLength: 1
3270 type:
3271 type: string
3272 default: Exact
3273 description: "Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Custom (RegularExpression) \n Since RegularExpression QueryParamMatchType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
3274 enum:
3275 - Exact
3276 - RegularExpression
3277 value:
3278 type: string
3279 description: Value is the value of HTTP query param to be matched.
3280 maxLength: 1024
3281 minLength: 1
3282 required:
3283 - name
3284 - value
3285 maxItems: 16
3286 x-kubernetes-list-map-keys:
3287 - name
3288 x-kubernetes-list-type: map
3289 maxItems: 8
3290 maxItems: 16
3291 status:
3292 type: object
3293 description: Status defines the current state of HTTPRoute.
3294 properties:
3295 parents:
3296 type: array
3297 description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway."
3298 items:
3299 type: object
3300 description: RouteParentStatus describes the status of a route with respect to an associated Parent.
3301 properties:
3302 conditions:
3303 type: array
3304 description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the the controller does not have access to."
3305 items:
3306 type: object
3307 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
3308 properties:
3309 type:
3310 type: string
3311 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
3312 maxLength: 316
3313 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3314 status:
3315 type: string
3316 description: status of the condition, one of True, False, Unknown.
3317 enum:
3318 - "True"
3319 - "False"
3320 - Unknown
3321 lastTransitionTime:
3322 type: string
3323 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3324 format: date-time
3325 message:
3326 type: string
3327 description: message is a human readable message indicating details about the transition. This may be an empty string.
3328 maxLength: 32768
3329 observedGeneration:
3330 type: integer
3331 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
3332 format: int64
3333 minimum: 0
3334 reason:
3335 type: string
3336 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
3337 maxLength: 1024
3338 minLength: 1
3339 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3340 required:
3341 - lastTransitionTime
3342 - message
3343 - reason
3344 - status
3345 - type
3346 maxItems: 8
3347 minItems: 1
3348 x-kubernetes-list-map-keys:
3349 - type
3350 x-kubernetes-list-type: map
3351 controllerName:
3352 type: string
3353 description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary."
3354 maxLength: 253
3355 minLength: 1
3356 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
3357 parentRef:
3358 type: object
3359 description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of.
3360 properties:
3361 name:
3362 type: string
3363 description: "Name is the name of the referent. \n Support: Core"
3364 maxLength: 253
3365 minLength: 1
3366 namespace:
3367 type: string
3368 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
3369 maxLength: 63
3370 minLength: 1
3371 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3372 kind:
3373 type: string
3374 default: Gateway
3375 description: "Kind is kind of the referent. \n Support: Core (Gateway) Support: Custom (Other Resources)"
3376 maxLength: 63
3377 minLength: 1
3378 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3379 port:
3380 type: integer
3381 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
3382 format: int32
3383 maximum: 65535
3384 minimum: 1
3385 group:
3386 type: string
3387 default: policy.linkerd.io
3388 description: "Group is the group of the referent. \n Support: Core"
3389 maxLength: 253
3390 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3391 sectionName:
3392 type: string
3393 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
3394 maxLength: 253
3395 minLength: 1
3396 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3397 required:
3398 - name
3399 required:
3400 - controllerName
3401 - parentRef
3402 maxItems: 32
3403 required:
3404 - parents
3405 required:
3406 - spec
3407 served: true
3408 storage: false
3409 subresources:
3410 status: {}
3411 - name: v1beta1
3412 additionalPrinterColumns:
3413 - name: Hostnames
3414 type: string
3415 jsonPath: .spec.hostnames
3416 - name: Age
3417 type: date
3418 jsonPath: .metadata.creationTimestamp
3419 schema:
3420 openAPIV3Schema:
3421 type: object
3422 description: HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed.
3423 properties:
3424 apiVersion:
3425 type: string
3426 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
3427 kind:
3428 type: string
3429 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
3430 metadata:
3431 type: object
3432 spec:
3433 type: object
3434 description: Spec defines the desired state of HTTPRoute.
3435 properties:
3436 hostnames:
3437 type: array
3438 description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core"
3439 items:
3440 type: string
3441 description: "Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed."
3442 maxLength: 253
3443 minLength: 1
3444 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3445 maxItems: 16
3446 parentRefs:
3447 type: array
3448 description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged."
3449 items:
3450 type: object
3451 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
3452 properties:
3453 name:
3454 type: string
3455 description: "Name is the name of the referent. \n Support: Core"
3456 maxLength: 253
3457 minLength: 1
3458 namespace:
3459 type: string
3460 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
3461 maxLength: 63
3462 minLength: 1
3463 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3464 kind:
3465 type: string
3466 default: Gateway
3467 description: "Kind is kind of the referent. \n Support: Core (Gateway) Support: Custom (Other Resources)"
3468 maxLength: 63
3469 minLength: 1
3470 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3471 port:
3472 type: integer
3473 description: "port"
3474 group:
3475 type: string
3476 default: policy.linkerd.io
3477 description: "Group is the group of the referent. \n Support: Core"
3478 maxLength: 253
3479 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3480 sectionName:
3481 type: string
3482 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
3483 maxLength: 253
3484 minLength: 1
3485 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3486 required:
3487 - name
3488 maxItems: 32
3489 rules:
3490 type: array
3491 default:
3492 - matches:
3493 - path:
3494 type: PathPrefix
3495 value: /
3496 description: Rules are a list of HTTP matchers, filters and actions.
3497 items:
3498 type: object
3499 description: HTTPRouteRule defines semantics for matching an HTTP request based on conditions (matches) and processing it (filters).
3500 properties:
3501 backendRefs:
3502 type: array
3503 items:
3504 type: object
3505 properties:
3506 name:
3507 type: string
3508 namespace:
3509 type: string
3510 default: "default"
3511 port:
3512 type: integer
3513 filters:
3514 type: array
3515 description: "Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"
3516 items:
3517 type: object
3518 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
3519 properties:
3520 type:
3521 type: string
3522 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
3523 enum:
3524 - RequestHeaderModifier
3525 - ResponseHeaderModifier
3526 - RequestRedirect
3527 requestHeaderModifier:
3528 type: object
3529 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
3530 properties:
3531 add:
3532 type: array
3533 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
3534 items:
3535 type: object
3536 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3537 properties:
3538 name:
3539 type: string
3540 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3541 maxLength: 256
3542 minLength: 1
3543 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3544 value:
3545 type: string
3546 description: Value is the value of HTTP Header to be matched.
3547 maxLength: 4096
3548 minLength: 1
3549 required:
3550 - name
3551 - value
3552 maxItems: 16
3553 x-kubernetes-list-map-keys:
3554 - name
3555 x-kubernetes-list-type: map
3556 remove:
3557 type: array
3558 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
3559 items:
3560 type: string
3561 maxItems: 16
3562 set:
3563 type: array
3564 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
3565 items:
3566 type: object
3567 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3568 properties:
3569 name:
3570 type: string
3571 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3572 maxLength: 256
3573 minLength: 1
3574 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3575 value:
3576 type: string
3577 description: Value is the value of HTTP Header to be matched.
3578 maxLength: 4096
3579 minLength: 1
3580 required:
3581 - name
3582 - value
3583 maxItems: 16
3584 x-kubernetes-list-map-keys:
3585 - name
3586 x-kubernetes-list-type: map
3587 requestRedirect:
3588 type: object
3589 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
3590 properties:
3591 hostname:
3592 type: string
3593 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core"
3594 maxLength: 253
3595 minLength: 1
3596 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3597 port:
3598 type: integer
3599 description: "Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended"
3600 format: int32
3601 maximum: 65535
3602 minimum: 1
3603 path:
3604 type: object
3605 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
3606 properties:
3607 type:
3608 type: string
3609 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
3610 enum:
3611 - ReplaceFullPath
3612 - ReplacePrefixMatch
3613 replaceFullPath:
3614 type: string
3615 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
3616 maxLength: 1024
3617 replacePrefixMatch:
3618 type: string
3619 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | <empty string> | /bar /foo/ | /foo | <empty string> | / /foo | /foo | <empty string> | / /foo/ | /foo | / | / /foo | /foo | / | /"
3620 maxLength: 1024
3621 required:
3622 - type
3623 scheme:
3624 type: string
3625 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended"
3626 enum:
3627 - http
3628 - https
3629 statusCode:
3630 type: integer
3631 default: 302
3632 description: "StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core"
3633 enum:
3634 - 301
3635 - 302
3636 responseHeaderModifier:
3637 type: object
3638 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
3639 properties:
3640 add:
3641 type: array
3642 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
3643 items:
3644 type: object
3645 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3646 properties:
3647 name:
3648 type: string
3649 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3650 maxLength: 256
3651 minLength: 1
3652 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3653 value:
3654 type: string
3655 description: Value is the value of HTTP Header to be matched.
3656 maxLength: 4096
3657 minLength: 1
3658 required:
3659 - name
3660 - value
3661 maxItems: 16
3662 x-kubernetes-list-map-keys:
3663 - name
3664 x-kubernetes-list-type: map
3665 remove:
3666 type: array
3667 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
3668 items:
3669 type: string
3670 maxItems: 16
3671 set:
3672 type: array
3673 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
3674 items:
3675 type: object
3676 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3677 properties:
3678 name:
3679 type: string
3680 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3681 maxLength: 256
3682 minLength: 1
3683 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3684 value:
3685 type: string
3686 description: Value is the value of HTTP Header to be matched.
3687 maxLength: 4096
3688 minLength: 1
3689 required:
3690 - name
3691 - value
3692 maxItems: 16
3693 x-kubernetes-list-map-keys:
3694 - name
3695 x-kubernetes-list-type: map
3696 required:
3697 - type
3698 maxItems: 16
3699 filters:
3700 type: array
3701 description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or custom conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core"
3702 items:
3703 type: object
3704 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
3705 properties:
3706 type:
3707 type: string
3708 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\"."
3709 enum:
3710 - RequestHeaderModifier
3711 - RequestRedirect
3712 requestHeaderModifier:
3713 type: object
3714 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
3715 properties:
3716 add:
3717 type: array
3718 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: foo my-header: bar"
3719 items:
3720 type: object
3721 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3722 properties:
3723 name:
3724 type: string
3725 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3726 maxLength: 256
3727 minLength: 1
3728 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3729 value:
3730 type: string
3731 description: Value is the value of HTTP Header to be matched.
3732 maxLength: 4096
3733 minLength: 1
3734 required:
3735 - name
3736 - value
3737 maxItems: 16
3738 x-kubernetes-list-map-keys:
3739 - name
3740 x-kubernetes-list-type: map
3741 remove:
3742 type: array
3743 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
3744 items:
3745 type: string
3746 maxItems: 16
3747 set:
3748 type: array
3749 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
3750 items:
3751 type: object
3752 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
3753 properties:
3754 name:
3755 type: string
3756 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
3757 maxLength: 256
3758 minLength: 1
3759 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3760 value:
3761 type: string
3762 description: Value is the value of HTTP Header to be matched.
3763 maxLength: 4096
3764 minLength: 1
3765 required:
3766 - name
3767 - value
3768 maxItems: 16
3769 x-kubernetes-list-map-keys:
3770 - name
3771 x-kubernetes-list-type: map
3772 requestRedirect:
3773 type: object
3774 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
3775 properties:
3776 hostname:
3777 type: string
3778 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname of the request is used. \n Support: Core"
3779 maxLength: 253
3780 minLength: 1
3781 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3782 port:
3783 type: integer
3784 description: "Port is the port to be used in the value of the `Location` header in the response. When empty, port (if specified) of the request is used. \n Support: Extended"
3785 format: int32
3786 maximum: 65535
3787 minimum: 1
3788 path:
3789 type: object
3790 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
3791 properties:
3792 type:
3793 type: string
3794 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
3795 enum:
3796 - ReplaceFullPath
3797 - ReplacePrefixMatch
3798 replaceFullPath:
3799 type: string
3800 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
3801 maxLength: 1024
3802 replacePrefixMatch:
3803 type: string
3804 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | <empty string> | /bar /foo/ | /foo | <empty string> | / /foo | /foo | <empty string> | / /foo/ | /foo | / | / /foo | /foo | / | /"
3805 maxLength: 1024
3806 required:
3807 - type
3808 scheme:
3809 type: string
3810 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Support: Extended"
3811 enum:
3812 - http
3813 - https
3814 statusCode:
3815 type: integer
3816 default: 302
3817 description: "StatusCode is the HTTP status code to be used in response. \n Support: Core"
3818 enum:
3819 - 301
3820 - 302
3821 required:
3822 - type
3823 maxItems: 16
3824 matches:
3825 type: array
3826 default:
3827 - path:
3828 type: PathPrefix
3829 value: /
3830 description: "Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be given to the the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."
3831 items:
3832 type: object
3833 description: "HTTPRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a HTTP request only if its path starts with `/foo` AND it contains the `version: v1` header: \n ``` match: path: value: \"/foo\" headers: - name: \"version\" value \"v1\" ```"
3834 properties:
3835 headers:
3836 type: array
3837 description: Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route.
3838 items:
3839 type: object
3840 description: HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers.
3841 properties:
3842 name:
3843 type: string
3844 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"."
3845 maxLength: 256
3846 minLength: 1
3847 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3848 type:
3849 type: string
3850 default: Exact
3851 description: "Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Custom (RegularExpression) \n Since RegularExpression HeaderMatchType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
3852 enum:
3853 - Exact
3854 - RegularExpression
3855 value:
3856 type: string
3857 description: Value is the value of HTTP Header to be matched.
3858 maxLength: 4096
3859 minLength: 1
3860 required:
3861 - name
3862 - value
3863 maxItems: 16
3864 x-kubernetes-list-map-keys:
3865 - name
3866 x-kubernetes-list-type: map
3867 method:
3868 type: string
3869 description: "Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended"
3870 enum:
3871 - GET
3872 - HEAD
3873 - POST
3874 - PUT
3875 - DELETE
3876 - CONNECT
3877 - OPTIONS
3878 - TRACE
3879 - PATCH
3880 path:
3881 type: object
3882 default:
3883 type: PathPrefix
3884 value: /
3885 description: Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.
3886 properties:
3887 type:
3888 type: string
3889 default: PathPrefix
3890 description: "Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Custom (RegularExpression)"
3891 enum:
3892 - Exact
3893 - PathPrefix
3894 - RegularExpression
3895 value:
3896 type: string
3897 default: /
3898 description: Value of the HTTP path to match against.
3899 maxLength: 1024
3900 queryParams:
3901 type: array
3902 description: QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route.
3903 items:
3904 type: object
3905 description: HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP query parameters.
3906 properties:
3907 name:
3908 type: string
3909 description: Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
3910 maxLength: 256
3911 minLength: 1
3912 type:
3913 type: string
3914 default: Exact
3915 description: "Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Custom (RegularExpression) \n Since RegularExpression QueryParamMatchType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
3916 enum:
3917 - Exact
3918 - RegularExpression
3919 value:
3920 type: string
3921 description: Value is the value of HTTP query param to be matched.
3922 maxLength: 1024
3923 minLength: 1
3924 required:
3925 - name
3926 - value
3927 maxItems: 16
3928 x-kubernetes-list-map-keys:
3929 - name
3930 x-kubernetes-list-type: map
3931 maxItems: 8
3932 maxItems: 16
3933 status:
3934 type: object
3935 description: Status defines the current state of HTTPRoute.
3936 properties:
3937 parents:
3938 type: array
3939 description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway."
3940 items:
3941 type: object
3942 description: RouteParentStatus describes the status of a route with respect to an associated Parent.
3943 properties:
3944 conditions:
3945 type: array
3946 description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the the controller does not have access to."
3947 items:
3948 type: object
3949 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
3950 properties:
3951 type:
3952 type: string
3953 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
3954 maxLength: 316
3955 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3956 status:
3957 type: string
3958 description: status of the condition, one of True, False, Unknown.
3959 enum:
3960 - "True"
3961 - "False"
3962 - Unknown
3963 lastTransitionTime:
3964 type: string
3965 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
3966 format: date-time
3967 message:
3968 type: string
3969 description: message is a human readable message indicating details about the transition. This may be an empty string.
3970 maxLength: 32768
3971 observedGeneration:
3972 type: integer
3973 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
3974 format: int64
3975 minimum: 0
3976 reason:
3977 type: string
3978 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
3979 maxLength: 1024
3980 minLength: 1
3981 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3982 required:
3983 - lastTransitionTime
3984 - message
3985 - reason
3986 - status
3987 - type
3988 maxItems: 8
3989 minItems: 1
3990 x-kubernetes-list-map-keys:
3991 - type
3992 x-kubernetes-list-type: map
3993 controllerName:
3994 type: string
3995 description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary."
3996 maxLength: 253
3997 minLength: 1
3998 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
3999 parentRef:
4000 type: object
4001 description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of.
4002 properties:
4003 name:
4004 type: string
4005 description: "Name is the name of the referent. \n Support: Core"
4006 maxLength: 253
4007 minLength: 1
4008 namespace:
4009 type: string
4010 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
4011 maxLength: 63
4012 minLength: 1
4013 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4014 kind:
4015 type: string
4016 default: Gateway
4017 description: "Kind is kind of the referent. \n Support: Core (Gateway) Support: Custom (Other Resources)"
4018 maxLength: 63
4019 minLength: 1
4020 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4021 port:
4022 type: integer
4023 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
4024 format: int32
4025 maximum: 65535
4026 minimum: 1
4027 group:
4028 type: string
4029 default: policy.linkerd.io
4030 description: "Group is the group of the referent. \n Support: Core"
4031 maxLength: 253
4032 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4033 sectionName:
4034 type: string
4035 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
4036 maxLength: 253
4037 minLength: 1
4038 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4039 required:
4040 - name
4041 required:
4042 - controllerName
4043 - parentRef
4044 maxItems: 32
4045 required:
4046 - parents
4047 required:
4048 - spec
4049 served: true
4050 storage: false
4051 subresources:
4052 status: {}
4053 - name: v1beta2
4054 additionalPrinterColumns:
4055 - name: Hostnames
4056 type: string
4057 jsonPath: .spec.hostnames
4058 - name: Age
4059 type: date
4060 jsonPath: .metadata.creationTimestamp
4061 schema:
4062 openAPIV3Schema:
4063 type: object
4064 description: HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed.
4065 properties:
4066 apiVersion:
4067 type: string
4068 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
4069 kind:
4070 type: string
4071 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
4072 metadata:
4073 type: object
4074 spec:
4075 type: object
4076 description: Spec defines the desired state of HTTPRoute.
4077 properties:
4078 hostnames:
4079 type: array
4080 description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core"
4081 items:
4082 type: string
4083 description: "Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed."
4084 maxLength: 253
4085 minLength: 1
4086 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4087 maxItems: 16
4088 parentRefs:
4089 type: array
4090 description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged."
4091 items:
4092 type: object
4093 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
4094 properties:
4095 name:
4096 type: string
4097 description: "Name is the name of the referent. \n Support: Core"
4098 maxLength: 253
4099 minLength: 1
4100 namespace:
4101 type: string
4102 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
4103 maxLength: 63
4104 minLength: 1
4105 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4106 kind:
4107 type: string
4108 default: Gateway
4109 description: "Kind is kind of the referent. \n Support: Core (Gateway) Support: Custom (Other Resources)"
4110 maxLength: 63
4111 minLength: 1
4112 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4113 port:
4114 type: integer
4115 description: "Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. \n Support: Extended"
4116 format: int32
4117 maximum: 65535
4118 minimum: 1
4119 group:
4120 type: string
4121 default: policy.linkerd.io
4122 description: "Group is the group of the referent. \n Support: Core"
4123 maxLength: 253
4124 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4125 sectionName:
4126 type: string
4127 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
4128 maxLength: 253
4129 minLength: 1
4130 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4131 required:
4132 - name
4133 maxItems: 32
4134 rules:
4135 type: array
4136 default:
4137 - matches:
4138 - path:
4139 type: PathPrefix
4140 value: /
4141 description: Rules are a list of HTTP matchers, filters and actions.
4142 items:
4143 type: object
4144 description: HTTPRouteRule defines semantics for matching an HTTP request based on conditions (matches) and processing it (filters).
4145 properties:
4146 backendRefs:
4147 type: array
4148 description: "BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core"
4149 items:
4150 type: object
4151 description: HTTPBackendRef defines how a HTTPRoute should forward an HTTP request.
4152 properties:
4153 name:
4154 type: string
4155 description: Name is the name of the referent.
4156 maxLength: 253
4157 minLength: 1
4158 namespace:
4159 type: string
4160 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
4161 maxLength: 63
4162 minLength: 1
4163 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4164 kind:
4165 type: string
4166 default: Service
4167 description: Kind is kind of the referent. For example "HTTPRoute" or "Service". Defaults to "Service" when not specified.
4168 maxLength: 63
4169 minLength: 1
4170 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4171 port:
4172 type: integer
4173 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
4174 format: int32
4175 maximum: 65535
4176 minimum: 1
4177 filters:
4178 type: array
4179 description: "Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"
4180 items:
4181 type: object
4182 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
4183 properties:
4184 type:
4185 type: string
4186 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
4187 enum:
4188 - RequestHeaderModifier
4189 - ResponseHeaderModifier
4190 - RequestRedirect
4191 requestHeaderModifier:
4192 type: object
4193 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
4194 properties:
4195 add:
4196 type: array
4197 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
4198 items:
4199 type: object
4200 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
4201 properties:
4202 name:
4203 type: string
4204 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
4205 maxLength: 256
4206 minLength: 1
4207 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4208 value:
4209 type: string
4210 description: Value is the value of HTTP Header to be matched.
4211 maxLength: 4096
4212 minLength: 1
4213 required:
4214 - name
4215 - value
4216 maxItems: 16
4217 x-kubernetes-list-map-keys:
4218 - name
4219 x-kubernetes-list-type: map
4220 remove:
4221 type: array
4222 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
4223 items:
4224 type: string
4225 maxItems: 16
4226 set:
4227 type: array
4228 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
4229 items:
4230 type: object
4231 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
4232 properties:
4233 name:
4234 type: string
4235 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
4236 maxLength: 256
4237 minLength: 1
4238 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4239 value:
4240 type: string
4241 description: Value is the value of HTTP Header to be matched.
4242 maxLength: 4096
4243 minLength: 1
4244 required:
4245 - name
4246 - value
4247 maxItems: 16
4248 x-kubernetes-list-map-keys:
4249 - name
4250 x-kubernetes-list-type: map
4251 requestRedirect:
4252 type: object
4253 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
4254 properties:
4255 hostname:
4256 type: string
4257 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core"
4258 maxLength: 253
4259 minLength: 1
4260 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4261 port:
4262 type: integer
4263 description: "Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended"
4264 format: int32
4265 maximum: 65535
4266 minimum: 1
4267 path:
4268 type: object
4269 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
4270 properties:
4271 type:
4272 type: string
4273 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
4274 enum:
4275 - ReplaceFullPath
4276 - ReplacePrefixMatch
4277 replaceFullPath:
4278 type: string
4279 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
4280 maxLength: 1024
4281 replacePrefixMatch:
4282 type: string
4283 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | <empty string> | /bar /foo/ | /foo | <empty string> | / /foo | /foo | <empty string> | / /foo/ | /foo | / | / /foo | /foo | / | /"
4284 maxLength: 1024
4285 required:
4286 - type
4287 scheme:
4288 type: string
4289 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended"
4290 enum:
4291 - http
4292 - https
4293 statusCode:
4294 type: integer
4295 default: 302
4296 description: "StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core"
4297 enum:
4298 - 301
4299 - 302
4300 responseHeaderModifier:
4301 type: object
4302 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
4303 properties:
4304 add:
4305 type: array
4306 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
4307 items:
4308 type: object
4309 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
4310 properties:
4311 name:
4312 type: string
4313 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
4314 maxLength: 256
4315 minLength: 1
4316 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4317 value:
4318 type: string
4319 description: Value is the value of HTTP Header to be matched.
4320 maxLength: 4096
4321 minLength: 1
4322 required:
4323 - name
4324 - value
4325 maxItems: 16
4326 x-kubernetes-list-map-keys:
4327 - name
4328 x-kubernetes-list-type: map
4329 remove:
4330 type: array
4331 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
4332 items:
4333 type: string
4334 maxItems: 16
4335 set:
4336 type: array
4337 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
4338 items:
4339 type: object
4340 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
4341 properties:
4342 name:
4343 type: string
4344 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
4345 maxLength: 256
4346 minLength: 1
4347 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4348 value:
4349 type: string
4350 description: Value is the value of HTTP Header to be matched.
4351 maxLength: 4096
4352 minLength: 1
4353 required:
4354 - name
4355 - value
4356 maxItems: 16
4357 x-kubernetes-list-map-keys:
4358 - name
4359 x-kubernetes-list-type: map
4360 required:
4361 - type
4362 maxItems: 16
4363 group:
4364 type: string
4365 default: ""
4366 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
4367 maxLength: 253
4368 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4369 weight:
4370 type: integer
4371 default: 1
4372 description: "Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used."
4373 format: int32
4374 maximum: 1000000
4375 minimum: 0
4376 required:
4377 - name
4378 maxItems: 16
4379 filters:
4380 type: array
4381 description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or custom conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core"
4382 items:
4383 type: object
4384 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
4385 properties:
4386 type:
4387 type: string
4388 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\"."
4389 enum:
4390 - RequestHeaderModifier
4391 - RequestRedirect
4392 requestHeaderModifier:
4393 type: object
4394 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
4395 properties:
4396 add:
4397 type: array
4398 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: foo my-header: bar"
4399 items:
4400 type: object
4401 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
4402 properties:
4403 name:
4404 type: string
4405 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
4406 maxLength: 256
4407 minLength: 1
4408 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4409 value:
4410 type: string
4411 description: Value is the value of HTTP Header to be matched.
4412 maxLength: 4096
4413 minLength: 1
4414 required:
4415 - name
4416 - value
4417 maxItems: 16
4418 x-kubernetes-list-map-keys:
4419 - name
4420 x-kubernetes-list-type: map
4421 remove:
4422 type: array
4423 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
4424 items:
4425 type: string
4426 maxItems: 16
4427 set:
4428 type: array
4429 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
4430 items:
4431 type: object
4432 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
4433 properties:
4434 name:
4435 type: string
4436 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
4437 maxLength: 256
4438 minLength: 1
4439 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4440 value:
4441 type: string
4442 description: Value is the value of HTTP Header to be matched.
4443 maxLength: 4096
4444 minLength: 1
4445 required:
4446 - name
4447 - value
4448 maxItems: 16
4449 x-kubernetes-list-map-keys:
4450 - name
4451 x-kubernetes-list-type: map
4452 requestRedirect:
4453 type: object
4454 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
4455 properties:
4456 hostname:
4457 type: string
4458 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname of the request is used. \n Support: Core"
4459 maxLength: 253
4460 minLength: 1
4461 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4462 port:
4463 type: integer
4464 description: "Port is the port to be used in the value of the `Location` header in the response. When empty, port (if specified) of the request is used. \n Support: Extended"
4465 format: int32
4466 maximum: 65535
4467 minimum: 1
4468 path:
4469 type: object
4470 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
4471 properties:
4472 type:
4473 type: string
4474 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
4475 enum:
4476 - ReplaceFullPath
4477 - ReplacePrefixMatch
4478 replaceFullPath:
4479 type: string
4480 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
4481 maxLength: 1024
4482 replacePrefixMatch:
4483 type: string
4484 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | <empty string> | /bar /foo/ | /foo | <empty string> | / /foo | /foo | <empty string> | / /foo/ | /foo | / | / /foo | /foo | / | /"
4485 maxLength: 1024
4486 required:
4487 - type
4488 scheme:
4489 type: string
4490 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Support: Extended"
4491 enum:
4492 - http
4493 - https
4494 statusCode:
4495 type: integer
4496 default: 302
4497 description: "StatusCode is the HTTP status code to be used in response. \n Support: Core"
4498 enum:
4499 - 301
4500 - 302
4501 required:
4502 - type
4503 maxItems: 16
4504 matches:
4505 type: array
4506 default:
4507 - path:
4508 type: PathPrefix
4509 value: /
4510 description: "Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be given to the the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."
4511 items:
4512 type: object
4513 description: "HTTPRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a HTTP request only if its path starts with `/foo` AND it contains the `version: v1` header: \n ``` match: path: value: \"/foo\" headers: - name: \"version\" value \"v1\" ```"
4514 properties:
4515 headers:
4516 type: array
4517 description: Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route.
4518 items:
4519 type: object
4520 description: HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers.
4521 properties:
4522 name:
4523 type: string
4524 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"."
4525 maxLength: 256
4526 minLength: 1
4527 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4528 type:
4529 type: string
4530 default: Exact
4531 description: "Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Custom (RegularExpression) \n Since RegularExpression HeaderMatchType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
4532 enum:
4533 - Exact
4534 - RegularExpression
4535 value:
4536 type: string
4537 description: Value is the value of HTTP Header to be matched.
4538 maxLength: 4096
4539 minLength: 1
4540 required:
4541 - name
4542 - value
4543 maxItems: 16
4544 x-kubernetes-list-map-keys:
4545 - name
4546 x-kubernetes-list-type: map
4547 method:
4548 type: string
4549 description: "Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended"
4550 enum:
4551 - GET
4552 - HEAD
4553 - POST
4554 - PUT
4555 - DELETE
4556 - CONNECT
4557 - OPTIONS
4558 - TRACE
4559 - PATCH
4560 path:
4561 type: object
4562 default:
4563 type: PathPrefix
4564 value: /
4565 description: Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.
4566 properties:
4567 type:
4568 type: string
4569 default: PathPrefix
4570 description: "Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Custom (RegularExpression)"
4571 enum:
4572 - Exact
4573 - PathPrefix
4574 - RegularExpression
4575 value:
4576 type: string
4577 default: /
4578 description: Value of the HTTP path to match against.
4579 maxLength: 1024
4580 queryParams:
4581 type: array
4582 description: QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route.
4583 items:
4584 type: object
4585 description: HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP query parameters.
4586 properties:
4587 name:
4588 type: string
4589 description: Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
4590 maxLength: 256
4591 minLength: 1
4592 type:
4593 type: string
4594 default: Exact
4595 description: "Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Custom (RegularExpression) \n Since RegularExpression QueryParamMatchType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
4596 enum:
4597 - Exact
4598 - RegularExpression
4599 value:
4600 type: string
4601 description: Value is the value of HTTP query param to be matched.
4602 maxLength: 1024
4603 minLength: 1
4604 required:
4605 - name
4606 - value
4607 maxItems: 16
4608 x-kubernetes-list-map-keys:
4609 - name
4610 x-kubernetes-list-type: map
4611 maxItems: 8
4612 maxItems: 16
4613 status:
4614 type: object
4615 description: Status defines the current state of HTTPRoute.
4616 properties:
4617 parents:
4618 type: array
4619 description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway."
4620 items:
4621 type: object
4622 description: RouteParentStatus describes the status of a route with respect to an associated Parent.
4623 properties:
4624 conditions:
4625 type: array
4626 description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the the controller does not have access to."
4627 items:
4628 type: object
4629 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
4630 properties:
4631 type:
4632 type: string
4633 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
4634 maxLength: 316
4635 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4636 status:
4637 type: string
4638 description: status of the condition, one of True, False, Unknown.
4639 enum:
4640 - "True"
4641 - "False"
4642 - Unknown
4643 lastTransitionTime:
4644 type: string
4645 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
4646 format: date-time
4647 message:
4648 type: string
4649 description: message is a human readable message indicating details about the transition. This may be an empty string.
4650 maxLength: 32768
4651 observedGeneration:
4652 type: integer
4653 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
4654 format: int64
4655 minimum: 0
4656 reason:
4657 type: string
4658 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
4659 maxLength: 1024
4660 minLength: 1
4661 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4662 required:
4663 - lastTransitionTime
4664 - message
4665 - reason
4666 - status
4667 - type
4668 maxItems: 8
4669 minItems: 1
4670 x-kubernetes-list-map-keys:
4671 - type
4672 x-kubernetes-list-type: map
4673 controllerName:
4674 type: string
4675 description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary."
4676 maxLength: 253
4677 minLength: 1
4678 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
4679 parentRef:
4680 type: object
4681 description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of.
4682 properties:
4683 name:
4684 type: string
4685 description: "Name is the name of the referent. \n Support: Core"
4686 maxLength: 253
4687 minLength: 1
4688 namespace:
4689 type: string
4690 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
4691 maxLength: 63
4692 minLength: 1
4693 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4694 kind:
4695 type: string
4696 default: Gateway
4697 description: "Kind is kind of the referent. \n Support: Core (Gateway) Support: Custom (Other Resources)"
4698 maxLength: 63
4699 minLength: 1
4700 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4701 port:
4702 type: integer
4703 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
4704 format: int32
4705 maximum: 65535
4706 minimum: 1
4707 group:
4708 type: string
4709 default: policy.linkerd.io
4710 description: "Group is the group of the referent. \n Support: Core"
4711 maxLength: 253
4712 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4713 sectionName:
4714 type: string
4715 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
4716 maxLength: 253
4717 minLength: 1
4718 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4719 required:
4720 - name
4721 required:
4722 - controllerName
4723 - parentRef
4724 maxItems: 32
4725 required:
4726 - parents
4727 required:
4728 - spec
4729 served: true
4730 storage: false
4731 subresources:
4732 status: {}
4733 - name: v1beta3
4734 additionalPrinterColumns:
4735 - name: Hostnames
4736 type: string
4737 jsonPath: .spec.hostnames
4738 - name: Age
4739 type: date
4740 jsonPath: .metadata.creationTimestamp
4741 schema:
4742 openAPIV3Schema:
4743 type: object
4744 description: HTTPRoute provides a way to route HTTP requests. This includes the capability to match requests by hostname, path, header, or query param. Filters can be used to specify additional processing steps. Backends specify where matching requests should be routed.
4745 properties:
4746 apiVersion:
4747 type: string
4748 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
4749 kind:
4750 type: string
4751 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
4752 metadata:
4753 type: object
4754 spec:
4755 type: object
4756 description: Spec defines the desired state of HTTPRoute.
4757 properties:
4758 hostnames:
4759 type: array
4760 description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and HTTPRoute, there must be at least one intersecting hostname for the HTTPRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches HTTPRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `*.example.com`, `test.example.com`, and `foo.test.example.com` would all match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the HTTPRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and HTTPRoute have specified hostnames, and none match with the criteria above, then the HTTPRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core"
4761 items:
4762 type: string
4763 description: "Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed."
4764 maxLength: 253
4765 minLength: 1
4766 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4767 maxItems: 16
4768 parentRefs:
4769 type: array
4770 description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. \n The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources such as one of the route kinds. \n It is invalid to reference an identical parent more than once. It is valid to reference multiple distinct sections within the same parent resource, such as 2 Listeners within a Gateway. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged."
4771 items:
4772 type: object
4773 description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid."
4774 properties:
4775 name:
4776 type: string
4777 description: "Name is the name of the referent. \n Support: Core"
4778 maxLength: 253
4779 minLength: 1
4780 namespace:
4781 type: string
4782 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
4783 maxLength: 63
4784 minLength: 1
4785 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4786 kind:
4787 type: string
4788 default: Gateway
4789 description: "Kind is kind of the referent. \n Support: Core (Gateway) Support: Custom (Other Resources)"
4790 maxLength: 63
4791 minLength: 1
4792 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4793 port:
4794 type: integer
4795 description: "Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. \n Support: Extended"
4796 format: int32
4797 maximum: 65535
4798 minimum: 1
4799 group:
4800 type: string
4801 default: policy.linkerd.io
4802 description: "Group is the group of the referent. \n Support: Core"
4803 maxLength: 253
4804 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4805 sectionName:
4806 type: string
4807 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
4808 maxLength: 253
4809 minLength: 1
4810 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4811 required:
4812 - name
4813 maxItems: 32
4814 rules:
4815 type: array
4816 default:
4817 - matches:
4818 - path:
4819 type: PathPrefix
4820 value: /
4821 description: Rules are a list of HTTP matchers, filters and actions.
4822 items:
4823 type: object
4824 description: HTTPRouteRule defines semantics for matching an HTTP request based on conditions (matches) and processing it (filters).
4825 properties:
4826 backendRefs:
4827 type: array
4828 description: "BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive a 500 status code. \n See the HTTPBackendRef definition for the rules about what makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef is invalid, 500 status codes MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive a 500 status code. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic must receive a 500. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core"
4829 items:
4830 type: object
4831 description: HTTPBackendRef defines how a HTTPRoute should forward an HTTP request.
4832 properties:
4833 name:
4834 type: string
4835 description: Name is the name of the referent.
4836 maxLength: 253
4837 minLength: 1
4838 namespace:
4839 type: string
4840 description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core"
4841 maxLength: 63
4842 minLength: 1
4843 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4844 kind:
4845 type: string
4846 default: Service
4847 description: Kind is kind of the referent. For example "HTTPRoute" or "Service". Defaults to "Service" when not specified.
4848 maxLength: 63
4849 minLength: 1
4850 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4851 port:
4852 type: integer
4853 description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.
4854 format: int32
4855 maximum: 65535
4856 minimum: 1
4857 filters:
4858 type: array
4859 description: "Filters defined at this level should be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in HTTPRouteRule.)"
4860 items:
4861 type: object
4862 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
4863 properties:
4864 type:
4865 type: string
4866 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
4867 enum:
4868 - RequestHeaderModifier
4869 - ResponseHeaderModifier
4870 - RequestRedirect
4871 requestHeaderModifier:
4872 type: object
4873 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
4874 properties:
4875 add:
4876 type: array
4877 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
4878 items:
4879 type: object
4880 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
4881 properties:
4882 name:
4883 type: string
4884 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
4885 maxLength: 256
4886 minLength: 1
4887 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4888 value:
4889 type: string
4890 description: Value is the value of HTTP Header to be matched.
4891 maxLength: 4096
4892 minLength: 1
4893 required:
4894 - name
4895 - value
4896 maxItems: 16
4897 x-kubernetes-list-map-keys:
4898 - name
4899 x-kubernetes-list-type: map
4900 remove:
4901 type: array
4902 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
4903 items:
4904 type: string
4905 maxItems: 16
4906 set:
4907 type: array
4908 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
4909 items:
4910 type: object
4911 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
4912 properties:
4913 name:
4914 type: string
4915 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
4916 maxLength: 256
4917 minLength: 1
4918 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4919 value:
4920 type: string
4921 description: Value is the value of HTTP Header to be matched.
4922 maxLength: 4096
4923 minLength: 1
4924 required:
4925 - name
4926 - value
4927 maxItems: 16
4928 x-kubernetes-list-map-keys:
4929 - name
4930 x-kubernetes-list-type: map
4931 requestRedirect:
4932 type: object
4933 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
4934 properties:
4935 hostname:
4936 type: string
4937 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used. \n Support: Core"
4938 maxLength: 253
4939 minLength: 1
4940 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4941 port:
4942 type: integer
4943 description: "Port is the port to be used in the value of the `Location` header in the response. \n If no port is specified, the redirect port MUST be derived using the following rules: \n * If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically \"http\" to port 80 and \"https\" to port 443. If the redirect scheme does not have a well-known port, the listener port of the Gateway SHOULD be used. * If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. \n Implementations SHOULD NOT add the port number in the 'Location' header in the following cases: \n * A Location header that will use HTTP (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 80. * A Location header that will use HTTPS (whether that is determined via the Listener protocol or the Scheme field) _and_ use port 443. \n Support: Extended"
4944 format: int32
4945 maximum: 65535
4946 minimum: 1
4947 path:
4948 type: object
4949 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
4950 properties:
4951 type:
4952 type: string
4953 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
4954 enum:
4955 - ReplaceFullPath
4956 - ReplacePrefixMatch
4957 replaceFullPath:
4958 type: string
4959 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
4960 maxLength: 1024
4961 replacePrefixMatch:
4962 type: string
4963 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | <empty string> | /bar /foo/ | /foo | <empty string> | / /foo | /foo | <empty string> | / /foo/ | /foo | / | / /foo | /foo | / | /"
4964 maxLength: 1024
4965 required:
4966 - type
4967 scheme:
4968 type: string
4969 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Scheme redirects can affect the port of the redirect, for more information, refer to the documentation for the port field of this filter. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Extended"
4970 enum:
4971 - http
4972 - https
4973 statusCode:
4974 type: integer
4975 default: 302
4976 description: "StatusCode is the HTTP status code to be used in response. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`. \n Support: Core"
4977 enum:
4978 - 301
4979 - 302
4980 responseHeaderModifier:
4981 type: object
4982 description: "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended"
4983 properties:
4984 add:
4985 type: array
4986 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
4987 items:
4988 type: object
4989 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
4990 properties:
4991 name:
4992 type: string
4993 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
4994 maxLength: 256
4995 minLength: 1
4996 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4997 value:
4998 type: string
4999 description: Value is the value of HTTP Header to be matched.
5000 maxLength: 4096
5001 minLength: 1
5002 required:
5003 - name
5004 - value
5005 maxItems: 16
5006 x-kubernetes-list-map-keys:
5007 - name
5008 x-kubernetes-list-type: map
5009 remove:
5010 type: array
5011 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
5012 items:
5013 type: string
5014 maxItems: 16
5015 set:
5016 type: array
5017 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
5018 items:
5019 type: object
5020 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
5021 properties:
5022 name:
5023 type: string
5024 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
5025 maxLength: 256
5026 minLength: 1
5027 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5028 value:
5029 type: string
5030 description: Value is the value of HTTP Header to be matched.
5031 maxLength: 4096
5032 minLength: 1
5033 required:
5034 - name
5035 - value
5036 maxItems: 16
5037 x-kubernetes-list-map-keys:
5038 - name
5039 x-kubernetes-list-type: map
5040 required:
5041 - type
5042 maxItems: 16
5043 group:
5044 type: string
5045 default: ""
5046 description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
5047 maxLength: 253
5048 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5049 weight:
5050 type: integer
5051 default: 1
5052 description: "Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used."
5053 format: int32
5054 maximum: 1000000
5055 minimum: 0
5056 required:
5057 - name
5058 maxItems: 16
5059 filters:
5060 type: array
5061 description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or custom conformance. \n All filters are expected to be compatible with each other except for the URLRewrite and RequestRedirect filters, which may not be combined. If an implementation can not support other combinations of filters, they must clearly document that limitation. In all cases where incompatible or unsupported filters are specified, implementations MUST add a warning condition to status. \n Support: Core"
5062 items:
5063 type: object
5064 description: HTTPRouteFilter defines processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.
5065 properties:
5066 type:
5067 type: string
5068 description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\"."
5069 enum:
5070 - RequestHeaderModifier
5071 - RequestRedirect
5072 requestHeaderModifier:
5073 type: object
5074 description: "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core"
5075 properties:
5076 add:
5077 type: array
5078 description: "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: foo my-header: bar"
5079 items:
5080 type: object
5081 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
5082 properties:
5083 name:
5084 type: string
5085 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
5086 maxLength: 256
5087 minLength: 1
5088 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5089 value:
5090 type: string
5091 description: Value is the value of HTTP Header to be matched.
5092 maxLength: 4096
5093 minLength: 1
5094 required:
5095 - name
5096 - value
5097 maxItems: 16
5098 x-kubernetes-list-map-keys:
5099 - name
5100 x-kubernetes-list-type: map
5101 remove:
5102 type: array
5103 description: "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar"
5104 items:
5105 type: string
5106 maxItems: 16
5107 set:
5108 type: array
5109 description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar"
5110 items:
5111 type: object
5112 description: HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
5113 properties:
5114 name:
5115 type: string
5116 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent."
5117 maxLength: 256
5118 minLength: 1
5119 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5120 value:
5121 type: string
5122 description: Value is the value of HTTP Header to be matched.
5123 maxLength: 4096
5124 minLength: 1
5125 required:
5126 - name
5127 - value
5128 maxItems: 16
5129 x-kubernetes-list-map-keys:
5130 - name
5131 x-kubernetes-list-type: map
5132 requestRedirect:
5133 type: object
5134 description: "RequestRedirect defines a schema for a filter that responds to the request with an HTTP redirection. \n Support: Core"
5135 properties:
5136 hostname:
5137 type: string
5138 description: "Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname of the request is used. \n Support: Core"
5139 maxLength: 253
5140 minLength: 1
5141 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5142 port:
5143 type: integer
5144 description: "Port is the port to be used in the value of the `Location` header in the response. When empty, port (if specified) of the request is used. \n Support: Extended"
5145 format: int32
5146 maximum: 65535
5147 minimum: 1
5148 path:
5149 type: object
5150 description: "Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. \n Support: Extended"
5151 properties:
5152 type:
5153 type: string
5154 description: "Type defines the type of path modifier. Additional types may be added in a future release of the API. \n Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. \n Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`."
5155 enum:
5156 - ReplaceFullPath
5157 - ReplacePrefixMatch
5158 replaceFullPath:
5159 type: string
5160 description: ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
5161 maxLength: 1024
5162 replacePrefixMatch:
5163 type: string
5164 description: "ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to \"/foo/bar\" with a prefix match of \"/foo\" and a ReplacePrefixMatch of \"/xyz\" would be modified to \"/xyz/bar\". \n Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. \n Request Path | Prefix Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- /foo/bar | /foo | /xyz | /xyz/bar /foo/bar | /foo | /xyz/ | /xyz/bar /foo/bar | /foo/ | /xyz | /xyz/bar /foo/bar | /foo/ | /xyz/ | /xyz/bar /foo | /foo | /xyz | /xyz /foo/ | /foo | /xyz | /xyz/ /foo/bar | /foo | <empty string> | /bar /foo/ | /foo | <empty string> | / /foo | /foo | <empty string> | / /foo/ | /foo | / | / /foo | /foo | / | /"
5165 maxLength: 1024
5166 required:
5167 - type
5168 scheme:
5169 type: string
5170 description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n Support: Extended"
5171 enum:
5172 - http
5173 - https
5174 statusCode:
5175 type: integer
5176 default: 302
5177 description: "StatusCode is the HTTP status code to be used in response. \n Support: Core"
5178 enum:
5179 - 301
5180 - 302
5181 required:
5182 - type
5183 maxItems: 16
5184 matches:
5185 type: array
5186 default:
5187 - path:
5188 type: PathPrefix
5189 value: /
5190 description: "Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request must satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: v2` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be given to the the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria. \n When no rules matching a request have been successfully attached to the parent a request is coming from, a HTTP 404 status code MUST be returned."
5191 items:
5192 type: object
5193 description: "HTTPRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a HTTP request only if its path starts with `/foo` AND it contains the `version: v1` header: \n ``` match: path: value: \"/foo\" headers: - name: \"version\" value \"v1\" ```"
5194 properties:
5195 headers:
5196 type: array
5197 description: Headers specifies HTTP request header matchers. Multiple match values are ANDed together, meaning, a request must match all the specified headers to select the route.
5198 items:
5199 type: object
5200 description: HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request headers.
5201 properties:
5202 name:
5203 type: string
5204 description: "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent. \n When a header is repeated in an HTTP request, it is implementation-specific behavior as to how this is represented. Generally, proxies should follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding processing a repeated header, with special handling for \"Set-Cookie\"."
5205 maxLength: 256
5206 minLength: 1
5207 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5208 type:
5209 type: string
5210 default: Exact
5211 description: "Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Custom (RegularExpression) \n Since RegularExpression HeaderMatchType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
5212 enum:
5213 - Exact
5214 - RegularExpression
5215 value:
5216 type: string
5217 description: Value is the value of HTTP Header to be matched.
5218 maxLength: 4096
5219 minLength: 1
5220 required:
5221 - name
5222 - value
5223 maxItems: 16
5224 x-kubernetes-list-map-keys:
5225 - name
5226 x-kubernetes-list-type: map
5227 method:
5228 type: string
5229 description: "Method specifies HTTP method matcher. When specified, this route will be matched only if the request has the specified method. \n Support: Extended"
5230 enum:
5231 - GET
5232 - HEAD
5233 - POST
5234 - PUT
5235 - DELETE
5236 - CONNECT
5237 - OPTIONS
5238 - TRACE
5239 - PATCH
5240 path:
5241 type: object
5242 default:
5243 type: PathPrefix
5244 value: /
5245 description: Path specifies a HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.
5246 properties:
5247 type:
5248 type: string
5249 default: PathPrefix
5250 description: "Type specifies how to match against the path Value. \n Support: Core (Exact, PathPrefix) \n Support: Custom (RegularExpression)"
5251 enum:
5252 - Exact
5253 - PathPrefix
5254 - RegularExpression
5255 value:
5256 type: string
5257 default: /
5258 description: Value of the HTTP path to match against.
5259 maxLength: 1024
5260 queryParams:
5261 type: array
5262 description: QueryParams specifies HTTP query parameter matchers. Multiple match values are ANDed together, meaning, a request must match all the specified query parameters to select the route.
5263 items:
5264 type: object
5265 description: HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP query parameters.
5266 properties:
5267 name:
5268 type: string
5269 description: Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
5270 maxLength: 256
5271 minLength: 1
5272 type:
5273 type: string
5274 default: Exact
5275 description: "Type specifies how to match against the value of the query parameter. \n Support: Extended (Exact) \n Support: Custom (RegularExpression) \n Since RegularExpression QueryParamMatchType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
5276 enum:
5277 - Exact
5278 - RegularExpression
5279 value:
5280 type: string
5281 description: Value is the value of HTTP query param to be matched.
5282 maxLength: 1024
5283 minLength: 1
5284 required:
5285 - name
5286 - value
5287 maxItems: 16
5288 x-kubernetes-list-map-keys:
5289 - name
5290 x-kubernetes-list-type: map
5291 maxItems: 8
5292 timeouts:
5293 type: object
5294 description: "Timeouts defines the timeouts that can be configured for an HTTP request. \n Support: Core \n <gateway:experimental>"
5295 properties:
5296 backendRequest:
5297 type: string
5298 description: "BackendRequest specifies a timeout for an individual request from the gateway to a backend service. Typically used in conjunction with automatic retries, if supported by an implementation. Default is the value of Request timeout. \n Support: Extended"
5299 format: duration
5300 request:
5301 type: string
5302 description: "Request specifies a timeout for responding to client HTTP requests, disabled by default. \n For example, the following rule will timeout if a client request is taking longer than 10 seconds to complete: \n ``` rules: - timeouts: request: 10s backendRefs: ... ``` \n Support: Core"
5303 format: duration
5304 maxItems: 16
5305 status:
5306 type: object
5307 description: Status defines the current state of HTTPRoute.
5308 properties:
5309 parents:
5310 type: array
5311 description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway."
5312 items:
5313 type: object
5314 description: RouteParentStatus describes the status of a route with respect to an associated Parent.
5315 properties:
5316 conditions:
5317 type: array
5318 description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the the controller does not have access to."
5319 items:
5320 type: object
5321 description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
5322 properties:
5323 type:
5324 type: string
5325 description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
5326 maxLength: 316
5327 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
5328 status:
5329 type: string
5330 description: status of the condition, one of True, False, Unknown.
5331 enum:
5332 - "True"
5333 - "False"
5334 - Unknown
5335 lastTransitionTime:
5336 type: string
5337 description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
5338 format: date-time
5339 message:
5340 type: string
5341 description: message is a human readable message indicating details about the transition. This may be an empty string.
5342 maxLength: 32768
5343 observedGeneration:
5344 type: integer
5345 description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
5346 format: int64
5347 minimum: 0
5348 reason:
5349 type: string
5350 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
5351 maxLength: 1024
5352 minLength: 1
5353 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
5354 required:
5355 - lastTransitionTime
5356 - message
5357 - reason
5358 - status
5359 - type
5360 maxItems: 8
5361 minItems: 1
5362 x-kubernetes-list-map-keys:
5363 - type
5364 x-kubernetes-list-type: map
5365 controllerName:
5366 type: string
5367 description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary."
5368 maxLength: 253
5369 minLength: 1
5370 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
5371 parentRef:
5372 type: object
5373 description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of.
5374 properties:
5375 name:
5376 type: string
5377 description: "Name is the name of the referent. \n Support: Core"
5378 maxLength: 253
5379 minLength: 1
5380 namespace:
5381 type: string
5382 description: "Namespace is the namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. \n Support: Core"
5383 maxLength: 63
5384 minLength: 1
5385 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
5386 kind:
5387 type: string
5388 default: Gateway
5389 description: "Kind is kind of the referent. \n Support: Core (Gateway) Support: Custom (Other Resources)"
5390 maxLength: 63
5391 minLength: 1
5392 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5393 port:
5394 type: integer
5395 description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n <gateway:experimental>"
5396 format: int32
5397 maximum: 65535
5398 minimum: 1
5399 group:
5400 type: string
5401 default: policy.linkerd.io
5402 description: "Group is the group of the referent. \n Support: Core"
5403 maxLength: 253
5404 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5405 sectionName:
5406 type: string
5407 description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core"
5408 maxLength: 253
5409 minLength: 1
5410 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5411 required:
5412 - name
5413 required:
5414 - controllerName
5415 - parentRef
5416 maxItems: 32
5417 required:
5418 - parents
5419 required:
5420 - spec
5421 served: true
5422 storage: true
5423 subresources:
5424 status: {}
5425---
5426# Source: partials/templates/policy/meshtls-authentication.yaml
5427apiVersion: apiextensions.k8s.io/v1
5428kind: CustomResourceDefinition
5429metadata:
5430 name: meshtlsauthentications.policy.linkerd.io
5431 labels:
5432 helm.sh/chart: partials-0.1.0
5433 linkerd.io/control-plane-ns: linkerd
5434 annotations:
5435 linkerd.io/created-by: linkerd/helm %!s(<nil>)
5436spec:
5437 group: policy.linkerd.io
5438 names:
5439 kind: MeshTLSAuthentication
5440 plural: meshtlsauthentications
5441 shortNames: [meshtlsauthn]
5442 singular: meshtlsauthentication
5443 scope: Namespaced
5444 versions:
5445 - name: v1alpha1
5446 schema:
5447 openAPIV3Schema:
5448 type: object
5449 properties:
5450 spec:
5451 type: object
5452 description: >-
5453 MeshTLSAuthentication defines a list of authenticated client IDs to be referenced by an `AuthorizationPolicy`. If a client connection has the mutually-authenticated identity that matches ANY of the of the provided identities, the connection is considered authenticated.
5454 oneOf:
5455 - required: [identities]
5456 - required: [identityRefs]
5457 properties:
5458 identities:
5459 type: array
5460 description: >-
5461 Authorizes clients with the provided proxy identity strings (as provided via MTLS)
5462
5463 The `*` prefix can be used to match all identities in a domain. An identity string of `*` indicates that all authentication clients are authorized.
5464 items:
5465 type: string
5466 minItems: 1
5467 identityRefs:
5468 type: array
5469 items:
5470 type: object
5471 properties:
5472 name:
5473 type: string
5474 description: >-
5475 Name is the name of the referent. When unspecified, this refers to all resources of the specified Group and Kind in the specified namespace.
5476 maxLength: 253
5477 minLength: 1
5478 namespace:
5479 type: string
5480 description: >-
5481 Name is the name of the referent. When unspecified, this authentication refers to the local namespace.
5482 maxLength: 253
5483 kind:
5484 type: string
5485 description: >-
5486 Kind is the kind of the referent.
5487 maxLength: 63
5488 minLength: 1
5489 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5490 group:
5491 type: string
5492 description: >-
5493 Group is the group of the referent. When empty, the Kubernetes core API group is inferred."
5494 maxLength: 253
5495 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5496 required:
5497 - kind
5498 minItems: 1
5499 required: [spec]
5500 served: true
5501 storage: true
5502---
5503# Source: partials/templates/policy/network-authentication.yaml
5504apiVersion: apiextensions.k8s.io/v1
5505kind: CustomResourceDefinition
5506metadata:
5507 name: networkauthentications.policy.linkerd.io
5508 labels:
5509 helm.sh/chart: partials-0.1.0
5510 linkerd.io/control-plane-ns: linkerd
5511 annotations:
5512 linkerd.io/created-by: linkerd/helm %!s(<nil>)
5513spec:
5514 group: policy.linkerd.io
5515 names:
5516 kind: NetworkAuthentication
5517 plural: networkauthentications
5518 shortNames: [netauthn, networkauthn]
5519 singular: networkauthentication
5520 scope: Namespaced
5521 versions:
5522 - name: v1alpha1
5523 schema:
5524 openAPIV3Schema:
5525 type: object
5526 properties:
5527 spec:
5528 type: object
5529 description: >-
5530 NetworkAuthentication defines a list of authenticated client networks to be referenced by an `AuthorizationPolicy`. If a client connection originates from ANY of the of the provided networks, the connection is considered authenticated.
5531 properties:
5532 networks:
5533 type: array
5534 items:
5535 type: object
5536 properties:
5537 cidr:
5538 type: string
5539 description: >-
5540 The CIDR of the network to be authorized.
5541 except:
5542 type: array
5543 description: >-
5544 A list of IP networks/addresses not to be included in the above `cidr`.
5545 items:
5546 type: string
5547 required: [cidr]
5548 required: [networks]
5549 required: [spec]
5550 served: true
5551 storage: true
5552---
5553# Source: partials/templates/policy/server-authorization.yaml
5554apiVersion: apiextensions.k8s.io/v1
5555kind: CustomResourceDefinition
5556metadata:
5557 name: serverauthorizations.policy.linkerd.io
5558 labels:
5559 helm.sh/chart: partials-0.1.0
5560 linkerd.io/control-plane-ns: linkerd
5561 annotations:
5562 linkerd.io/created-by: linkerd/helm %!s(<nil>)
5563spec:
5564 group: policy.linkerd.io
5565 names:
5566 kind: ServerAuthorization
5567 plural: serverauthorizations
5568 shortNames: [saz, serverauthz, srvauthz]
5569 singular: serverauthorization
5570 scope: Namespaced
5571 versions:
5572 - name: v1alpha1
5573 deprecated: true
5574 deprecationWarning: "policy.linkerd.io/v1alpha1 ServerAuthorization is deprecated; use policy.linkerd.io/v1beta1 ServerAuthorization"
5575 schema:
5576 openAPIV3Schema:
5577 type: object
5578 properties:
5579 spec:
5580 type: object
5581 description: >-
5582 Authorizes clients to communicate with Linkerd-proxied servers.
5583 properties:
5584 client:
5585 type: object
5586 description: Describes clients authorized to access a server.
5587 properties:
5588 meshTLS:
5589 type: object
5590 properties:
5591 identities:
5592 type: array
5593 description: >-
5594 Authorizes clients with the provided proxy identity strings (as provided via MTLS)
5595
5596 The `*` prefix can be used to match all identities in a domain. An identity string of `*` indicates that all authentication clients are authorized.
5597 items:
5598 type: string
5599 pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
5600 serviceAccounts:
5601 type: array
5602 description: >-
5603 Authorizes clients with the provided proxy identity service accounts (as provided via MTLS)
5604 items:
5605 type: object
5606 properties:
5607 name:
5608 type: string
5609 description: The ServiceAccount's name.
5610 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5611 namespace:
5612 type: string
5613 description: >-
5614 The ServiceAccount's namespace. If unset, the authorization's namespace is used.
5615 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5616 required: [name]
5617 unauthenticatedTLS:
5618 type: boolean
5619 description: >-
5620 Indicates that no client identity is required for communication.
5621
5622 This is mostly important for the identity controller, which must terminate TLS connections from clients that do not yet have a certificate.
5623 networks:
5624 type: array
5625 description: >-
5626 Limits the client IP addresses to which this authorization applies. If unset, the server chooses a default (typically, all IPs or the cluster's pod network).
5627 items:
5628 type: object
5629 properties:
5630 cidr:
5631 type: string
5632 except:
5633 type: array
5634 items:
5635 type: string
5636 required: [cidr]
5637 unauthenticated:
5638 type: boolean
5639 description: >-
5640 Authorizes unauthenticated clients to access a server.
5641 server:
5642 type: object
5643 description: >-
5644 Identifies servers in the same namespace for which this authorization applies.
5645
5646 Only one of `name` or `selector` may be specified.
5647 oneOf:
5648 - required: [name]
5649 - required: [selector]
5650 properties:
5651 name:
5652 type: string
5653 description: References a `Server` instance by name
5654 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5655 selector:
5656 type: object
5657 description: >-
5658 A label query over servers on which this authorization applies.
5659 properties:
5660 matchExpressions:
5661 type: array
5662 items:
5663 type: object
5664 properties:
5665 key:
5666 type: string
5667 operator:
5668 type: string
5669 enum: [In, NotIn, Exists, DoesNotExist]
5670 values:
5671 type: array
5672 items:
5673 type: string
5674 required: [key, operator]
5675 matchLabels:
5676 type: object
5677 x-kubernetes-preserve-unknown-fields: true
5678 required: [server, client]
5679 required: [spec]
5680 served: true
5681 storage: false
5682 - name: v1beta1
5683 additionalPrinterColumns:
5684 - name: Server
5685 type: string
5686 description: The server that this grants access to
5687 jsonPath: .spec.server.name
5688 schema:
5689 openAPIV3Schema:
5690 type: object
5691 properties:
5692 spec:
5693 type: object
5694 description: >-
5695 Authorizes clients to communicate with Linkerd-proxied servers.
5696 properties:
5697 client:
5698 type: object
5699 description: Describes clients authorized to access a server.
5700 properties:
5701 meshTLS:
5702 type: object
5703 properties:
5704 identities:
5705 type: array
5706 description: >-
5707 Authorizes clients with the provided proxy identity strings (as provided via MTLS)
5708
5709 The `*` prefix can be used to match all identities in a domain. An identity string of `*` indicates that all authentication clients are authorized.
5710 items:
5711 type: string
5712 pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
5713 serviceAccounts:
5714 type: array
5715 description: >-
5716 Authorizes clients with the provided proxy identity service accounts (as provided via MTLS)
5717 items:
5718 type: object
5719 properties:
5720 name:
5721 type: string
5722 description: The ServiceAccount's name.
5723 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5724 namespace:
5725 type: string
5726 description: >-
5727 The ServiceAccount's namespace. If unset, the authorization's namespace is used.
5728 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5729 required: [name]
5730 unauthenticatedTLS:
5731 type: boolean
5732 description: >-
5733 Indicates that no client identity is required for communication.
5734
5735 This is mostly important for the identity controller, which must terminate TLS connections from clients that do not yet have a certificate.
5736 networks:
5737 type: array
5738 description: >-
5739 Limits the client IP addresses to which this authorization applies. If unset, the server chooses a default (typically, all IPs or the cluster's pod network).
5740 items:
5741 type: object
5742 properties:
5743 cidr:
5744 type: string
5745 except:
5746 type: array
5747 items:
5748 type: string
5749 required: [cidr]
5750 unauthenticated:
5751 type: boolean
5752 description: >-
5753 Authorizes unauthenticated clients to access a server.
5754 server:
5755 type: object
5756 description: >-
5757 Identifies servers in the same namespace for which this authorization applies.
5758
5759 Only one of `name` or `selector` may be specified.
5760 oneOf:
5761 - required: [name]
5762 - required: [selector]
5763 properties:
5764 name:
5765 type: string
5766 description: References a `Server` instance by name
5767 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5768 selector:
5769 type: object
5770 description: >-
5771 A label query over servers on which this authorization applies.
5772 properties:
5773 matchExpressions:
5774 type: array
5775 items:
5776 type: object
5777 properties:
5778 key:
5779 type: string
5780 operator:
5781 type: string
5782 enum: [In, NotIn, Exists, DoesNotExist]
5783 values:
5784 type: array
5785 items:
5786 type: string
5787 required: [key, operator]
5788 matchLabels:
5789 type: object
5790 x-kubernetes-preserve-unknown-fields: true
5791 required: [server, client]
5792 required: [spec]
5793 served: true
5794 storage: true
5795---
5796# Source: partials/templates/policy/server.yaml
5797apiVersion: apiextensions.k8s.io/v1
5798kind: CustomResourceDefinition
5799metadata:
5800 name: servers.policy.linkerd.io
5801 labels:
5802 helm.sh/chart: partials-0.1.0
5803 linkerd.io/control-plane-ns: linkerd
5804 annotations:
5805 linkerd.io/created-by: linkerd/helm %!s(<nil>)
5806spec:
5807 group: policy.linkerd.io
5808 names:
5809 kind: Server
5810 plural: servers
5811 shortNames: [srv]
5812 singular: server
5813 scope: Namespaced
5814 versions:
5815 - name: v1alpha1
5816 deprecated: true
5817 deprecationWarning: "policy.linkerd.io/v1alpha1 Server is deprecated; use policy.linkerd.io/v1beta1 Server"
5818 schema:
5819 openAPIV3Schema:
5820 type: object
5821 properties:
5822 spec:
5823 type: object
5824 properties:
5825 port:
5826 description: >-
5827 A port name or number. Must exist in a pod spec.
5828 x-kubernetes-int-or-string: true
5829 podSelector:
5830 type: object
5831 description: >-
5832 Selects pods in the same namespace.
5833 oneOf:
5834 - required: [matchExpressions]
5835 - required: [matchLabels]
5836 properties:
5837 matchExpressions:
5838 type: array
5839 items:
5840 type: object
5841 properties:
5842 key:
5843 type: string
5844 operator:
5845 type: string
5846 enum: [In, NotIn, Exists, DoesNotExist]
5847 values:
5848 type: array
5849 items:
5850 type: string
5851 required: [key, operator]
5852 matchLabels:
5853 type: object
5854 x-kubernetes-preserve-unknown-fields: true
5855 proxyProtocol:
5856 type: string
5857 default: unknown
5858 description: >-
5859 Configures protocol discovery for inbound connections.
5860
5861 Supersedes the `config.linkerd.io/opaque-ports` annotation.
5862 required:
5863 - podSelector
5864 - port
5865 required: [spec]
5866 served: true
5867 storage: false
5868 - name: v1beta1
5869 additionalPrinterColumns:
5870 - name: Port
5871 type: string
5872 description: The port the server is listening on
5873 jsonPath: .spec.port
5874 - name: Protocol
5875 type: string
5876 description: The protocol of the server
5877 jsonPath: .spec.proxyProtocol
5878 deprecated: true
5879 deprecationWarning: "policy.linkerd.io/v1alpha1 Server is deprecated; use policy.linkerd.io/v1beta2 Server"
5880 schema:
5881 openAPIV3Schema:
5882 type: object
5883 properties:
5884 spec:
5885 type: object
5886 properties:
5887 port:
5888 description: >-
5889 A port name or number. Must exist in a pod spec.
5890 x-kubernetes-int-or-string: true
5891 podSelector:
5892 type: object
5893 description: >-
5894 Selects pods in the same namespace.
5895
5896 The result of matchLabels and matchExpressions are ANDed. Selects all if empty.
5897 properties:
5898 matchExpressions:
5899 type: array
5900 items:
5901 type: object
5902 properties:
5903 key:
5904 type: string
5905 operator:
5906 type: string
5907 enum: [In, NotIn, Exists, DoesNotExist]
5908 values:
5909 type: array
5910 items:
5911 type: string
5912 required: [key, operator]
5913 matchLabels:
5914 type: object
5915 x-kubernetes-preserve-unknown-fields: true
5916 proxyProtocol:
5917 type: string
5918 default: unknown
5919 description: >-
5920 Configures protocol discovery for inbound connections.
5921
5922 Supersedes the `config.linkerd.io/opaque-ports` annotation.
5923 required:
5924 - podSelector
5925 - port
5926 required: [spec]
5927 served: true
5928 storage: false
5929 - name: v1beta2
5930 additionalPrinterColumns:
5931 - name: Port
5932 type: string
5933 description: The port the server is listening on
5934 jsonPath: .spec.port
5935 - name: Protocol
5936 type: string
5937 description: The protocol of the server
5938 jsonPath: .spec.proxyProtocol
5939 schema:
5940 openAPIV3Schema:
5941 type: object
5942 properties:
5943 spec:
5944 type: object
5945 oneOf:
5946 - required: [podSelector]
5947 - required: [externalWorkloadSelector]
5948 properties:
5949 port:
5950 description: >-
5951 A port name or number. Must exist in a pod spec.
5952 x-kubernetes-int-or-string: true
5953 externalWorkloadSelector:
5954 type: object
5955 description: >-
5956 Selects ExternalWorkloads in the same namespace.
5957
5958 The result of matchLabels and matchExpressions are ANDed. Selects all if empty.
5959 properties:
5960 matchExpressions:
5961 type: array
5962 items:
5963 type: object
5964 properties:
5965 key:
5966 type: string
5967 operator:
5968 type: string
5969 enum: [In, NotIn, Exists, DoesNotExist]
5970 values:
5971 type: array
5972 items:
5973 type: string
5974 required: [key, operator]
5975 matchLabels:
5976 type: object
5977 x-kubernetes-preserve-unknown-fields: true
5978 podSelector:
5979 type: object
5980 description: >-
5981 Selects pods in the same namespace.
5982
5983 The result of matchLabels and matchExpressions are ANDed. Selects all if empty.
5984 properties:
5985 matchExpressions:
5986 type: array
5987 items:
5988 type: object
5989 properties:
5990 key:
5991 type: string
5992 operator:
5993 type: string
5994 enum: [In, NotIn, Exists, DoesNotExist]
5995 values:
5996 type: array
5997 items:
5998 type: string
5999 required: [key, operator]
6000 matchLabels:
6001 type: object
6002 x-kubernetes-preserve-unknown-fields: true
6003 proxyProtocol:
6004 type: string
6005 default: unknown
6006 description: >-
6007 Configures protocol discovery for inbound connections.
6008
6009 Supersedes the `config.linkerd.io/opaque-ports` annotation.
6010 required:
6011 - port
6012 required: [spec]
6013 served: true
6014 storage: true
6015---
6016# Source: partials/templates/serviceprofile.yaml
6017###
6018### Service Profile CRD
6019###
6020apiVersion: apiextensions.k8s.io/v1
6021kind: CustomResourceDefinition
6022metadata:
6023 name: serviceprofiles.linkerd.io
6024 labels:
6025 helm.sh/chart: partials-0.1.0
6026 linkerd.io/control-plane-ns: linkerd
6027 annotations:
6028 linkerd.io/created-by: linkerd/helm %!s(<nil>)
6029spec:
6030 group: linkerd.io
6031 names:
6032 kind: ServiceProfile
6033 plural: serviceprofiles
6034 shortNames:
6035 - sp
6036 singular: serviceprofile
6037 preserveUnknownFields: false
6038 scope: Namespaced
6039 versions:
6040 - name: v1alpha1
6041 schema:
6042 openAPIV3Schema:
6043 type: object
6044 properties:
6045 spec:
6046 type: object
6047 description: Spec is the custom resource spec
6048 properties:
6049 dstOverrides:
6050 type: array
6051 items:
6052 type: object
6053 description: WeightedDst is a weighted alternate destination.
6054 properties:
6055 authority:
6056 type: string
6057 weight:
6058 anyOf:
6059 - type: integer
6060 - type: string
6061 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6062 x-kubernetes-int-or-string: true
6063 required:
6064 - authority
6065 - weight
6066 opaquePorts:
6067 type: array
6068 items:
6069 type: string
6070 retryBudget:
6071 type: object
6072 description: RetryBudget describes the maximum number of retries that should be issued to this service.
6073 properties:
6074 minRetriesPerSecond:
6075 type: integer
6076 format: int32
6077 retryRatio:
6078 type: number
6079 format: float
6080 ttl:
6081 type: string
6082 required:
6083 - minRetriesPerSecond
6084 - retryRatio
6085 - ttl
6086 routes:
6087 type: array
6088 items:
6089 type: object
6090 description: RouteSpec specifies a Route resource.
6091 properties:
6092 name:
6093 type: string
6094 condition:
6095 type: object
6096 description: RequestMatch describes the conditions under which to match a Route.
6097 properties:
6098 all:
6099 type: array
6100 items:
6101 type: object
6102 x-kubernetes-preserve-unknown-fields: true
6103 any:
6104 type: array
6105 items:
6106 type: object
6107 x-kubernetes-preserve-unknown-fields: true
6108 method:
6109 type: string
6110 not:
6111 type: array
6112 items:
6113 type: object
6114 x-kubernetes-preserve-unknown-fields: true
6115 pathRegex:
6116 type: string
6117 isRetryable:
6118 type: boolean
6119 responseClasses:
6120 type: array
6121 items:
6122 type: object
6123 description: ResponseClass describes how to classify a response (e.g. success or failures).
6124 properties:
6125 condition:
6126 type: object
6127 description: ResponseMatch describes the conditions under which to classify a response.
6128 properties:
6129 status:
6130 type: object
6131 description: Range describes a range of integers (e.g. status codes).
6132 properties:
6133 max:
6134 type: integer
6135 format: int32
6136 min:
6137 type: integer
6138 format: int32
6139 all:
6140 type: array
6141 items:
6142 type: object
6143 x-kubernetes-preserve-unknown-fields: true
6144 any:
6145 type: array
6146 items:
6147 type: object
6148 x-kubernetes-preserve-unknown-fields: true
6149 not:
6150 type: object
6151 x-kubernetes-preserve-unknown-fields: true
6152 isFailure:
6153 type: boolean
6154 required:
6155 - condition
6156 timeout:
6157 type: string
6158 required:
6159 - condition
6160 - name
6161 required:
6162 - routes
6163 served: true
6164 storage: false
6165 - name: v1alpha2
6166 schema:
6167 openAPIV3Schema:
6168 type: object
6169 properties:
6170 spec:
6171 type: object
6172 description: Spec is the custom resource spec
6173 properties:
6174 dstOverrides:
6175 type: array
6176 items:
6177 type: object
6178 description: WeightedDst is a weighted alternate destination.
6179 properties:
6180 authority:
6181 type: string
6182 weight:
6183 anyOf:
6184 - type: integer
6185 - type: string
6186 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6187 x-kubernetes-int-or-string: true
6188 required:
6189 - authority
6190 - weight
6191 opaquePorts:
6192 type: array
6193 items:
6194 type: string
6195 retryBudget:
6196 type: object
6197 description: RetryBudget describes the maximum number of retries that should be issued to this service.
6198 properties:
6199 minRetriesPerSecond:
6200 type: integer
6201 format: int32
6202 retryRatio:
6203 type: number
6204 format: float
6205 ttl:
6206 type: string
6207 required:
6208 - minRetriesPerSecond
6209 - retryRatio
6210 - ttl
6211 routes:
6212 type: array
6213 items:
6214 type: object
6215 description: RouteSpec specifies a Route resource.
6216 properties:
6217 name:
6218 type: string
6219 condition:
6220 type: object
6221 description: RequestMatch describes the conditions under which to match a Route.
6222 properties:
6223 all:
6224 type: array
6225 items:
6226 type: object
6227 x-kubernetes-preserve-unknown-fields: true
6228 any:
6229 type: array
6230 items:
6231 type: object
6232 x-kubernetes-preserve-unknown-fields: true
6233 method:
6234 type: string
6235 not:
6236 type: array
6237 items:
6238 type: object
6239 x-kubernetes-preserve-unknown-fields: true
6240 pathRegex:
6241 type: string
6242 isRetryable:
6243 type: boolean
6244 responseClasses:
6245 type: array
6246 items:
6247 type: object
6248 description: ResponseClass describes how to classify a response (e.g. success or failures).
6249 properties:
6250 condition:
6251 type: object
6252 description: ResponseMatch describes the conditions under which to classify a response.
6253 properties:
6254 status:
6255 type: object
6256 description: Range describes a range of integers (e.g. status codes).
6257 properties:
6258 max:
6259 type: integer
6260 format: int32
6261 min:
6262 type: integer
6263 format: int32
6264 all:
6265 type: array
6266 items:
6267 type: object
6268 x-kubernetes-preserve-unknown-fields: true
6269 any:
6270 type: array
6271 items:
6272 type: object
6273 x-kubernetes-preserve-unknown-fields: true
6274 not:
6275 type: object
6276 x-kubernetes-preserve-unknown-fields: true
6277 isFailure:
6278 type: boolean
6279 required:
6280 - condition
6281 timeout:
6282 type: string
6283 required:
6284 - condition
6285 - name
6286 served: true
6287 storage: true
6288---
6289# Source: partials/templates/workload/external-workload.yaml
6290apiVersion: apiextensions.k8s.io/v1
6291kind: CustomResourceDefinition
6292metadata:
6293 name: externalworkloads.workload.linkerd.io
6294 labels:
6295 helm.sh/chart: partials-0.1.0
6296 linkerd.io/control-plane-ns: linkerd
6297 annotations:
6298 linkerd.io/created-by: linkerd/helm %!s(<nil>)
6299spec:
6300 group: workload.linkerd.io
6301 names:
6302 kind: ExternalWorkload
6303 categories:
6304 - external
6305 listKind: ExternalWorkloadList
6306 plural: externalworkloads
6307 shortNames: []
6308 singular: externalworkload
6309 scope: Namespaced
6310 versions:
6311 - name: v1alpha1
6312 additionalPrinterColumns:
6313 - name: Identity
6314 type: string
6315 jsonPath: .spec.meshTls.identity
6316 - name: Age
6317 type: date
6318 jsonPath: .metadata.creationTimestamp
6319 schema:
6320 openAPIV3Schema:
6321 type: object
6322 description: >-
6323 An ExternalWorkload describes a single workload (i.e. a deployable unit) external to the cluster that should be enrolled in the mesh.
6324 properties:
6325 kind:
6326 type: string
6327 metadata:
6328 type: object
6329 spec:
6330 type: object
6331 properties:
6332 ports:
6333 type: array
6334 description: ports describes a list of ports exposed by the workload
6335 items:
6336 type: object
6337 properties:
6338 name:
6339 type: string
6340 description: name must be an IANA_SVC_NAME and unique within the ports set. Each named port can be referred to by services.
6341 protocol:
6342 type: string
6343 default: "TCP"
6344 description: protocol exposed by the port. Must be UDP or TCP. Defaults to TCP.
6345 port:
6346 type: integer
6347 format: int32
6348 maximum: 65535
6349 minimum: 1
6350 required:
6351 - port
6352 meshTls:
6353 type: object
6354 description: meshTls describes TLS settings associated with an external workload.
6355 properties:
6356 identity:
6357 type: string
6358 description: identity of the workload. Corresponds to the identity used in the workload's certificate. It is used by peers to perform verification in the mTLS handshake.
6359 maxLength: 253
6360 minLength: 1
6361 serverName:
6362 type: string
6363 description: serverName is the name of the workload in DNS format. It is used by the workload to terminate TLS using SNI.
6364 maxLength: 253
6365 minLength: 1
6366 required:
6367 - identity
6368 - serverName
6369 workloadIPs:
6370 type: array
6371 description: workloadIPs contains a list of IP addresses that can be used to send traffic to the workload.
6372 items:
6373 type: object
6374 properties:
6375 ip:
6376 type: string
6377 # TODO: relax this in the future when ipv6 is supported
6378 # an external workload (like a pod) should only
6379 # support 2 interfaces
6380 maxItems: 1
6381 required:
6382 - meshTls
6383 status:
6384 type: object
6385 properties:
6386 conditions:
6387 type: array
6388 items:
6389 type: object
6390 properties:
6391 type:
6392 type: string
6393 description: type of the condition in CamelCase or in foo.example.com/CamelCase.
6394 maxLength: 316
6395 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
6396 status:
6397 type: string
6398 description: status of the condition (one of True, False, Unknown)
6399 enum:
6400 - "True"
6401 - "False"
6402 - Unknown
6403 lastProbeTime:
6404 type: string
6405 description: lastProbeTime is the last time the healthcheck endpoint was probed.
6406 format: date-time
6407 lastTransitionTime:
6408 type: string
6409 description: lastTransitionTime is the last time the condition transitioned from one status to another.
6410 format: date-time
6411 message:
6412 type: string
6413 description: message is a human readable message indicating details about the transition. This may be an empty string.
6414 maxLength: 32768
6415 reason:
6416 type: string
6417 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
6418 maxLength: 1024
6419 minLength: 1
6420 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
6421 required:
6422 - status
6423 - type
6424 apiVerson:
6425 type: string
6426 required: [spec]
6427 served: true
6428 storage: false
6429 - name: v1beta1
6430 additionalPrinterColumns:
6431 - name: Identity
6432 type: string
6433 jsonPath: .spec.meshTLS.identity
6434 - name: Age
6435 type: date
6436 jsonPath: .metadata.creationTimestamp
6437 schema:
6438 openAPIV3Schema:
6439 type: object
6440 description: >-
6441 An ExternalWorkload describes a single workload (i.e. a deployable unit) external to the cluster that should be enrolled in the mesh.
6442 properties:
6443 kind:
6444 type: string
6445 metadata:
6446 type: object
6447 spec:
6448 type: object
6449 properties:
6450 ports:
6451 type: array
6452 description: ports describes a list of ports exposed by the workload
6453 items:
6454 type: object
6455 properties:
6456 name:
6457 type: string
6458 description: name must be an IANA_SVC_NAME and unique within the ports set. Each named port can be referred to by services.
6459 protocol:
6460 type: string
6461 default: "TCP"
6462 description: protocol exposed by the port. Must be UDP or TCP. Defaults to TCP.
6463 port:
6464 type: integer
6465 format: int32
6466 maximum: 65535
6467 minimum: 1
6468 required:
6469 - port
6470 meshTLS:
6471 type: object
6472 description: meshTLS describes TLS settings associated with an external workload.
6473 properties:
6474 identity:
6475 type: string
6476 description: identity of the workload. Corresponds to the identity used in the workload's certificate. It is used by peers to perform verification in the mTLS handshake.
6477 maxLength: 253
6478 minLength: 1
6479 serverName:
6480 type: string
6481 description: serverName is the name of the workload in DNS format. It is used by the workload to terminate TLS using SNI.
6482 maxLength: 253
6483 minLength: 1
6484 required:
6485 - identity
6486 - serverName
6487 workloadIPs:
6488 type: array
6489 description: workloadIPs contains a list of IP addresses that can be used to send traffic to the workload.
6490 items:
6491 type: object
6492 properties:
6493 ip:
6494 type: string
6495 # TODO: relax this in the future when ipv6 is supported
6496 # an external workload (like a pod) should only
6497 # support 2 interfaces
6498 maxItems: 1
6499 required:
6500 - meshTLS
6501 status:
6502 type: object
6503 properties:
6504 conditions:
6505 type: array
6506 items:
6507 type: object
6508 properties:
6509 type:
6510 type: string
6511 description: type of the condition in CamelCase or in foo.example.com/CamelCase.
6512 maxLength: 316
6513 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
6514 status:
6515 type: string
6516 description: status of the condition (one of True, False, Unknown)
6517 enum:
6518 - "True"
6519 - "False"
6520 - Unknown
6521 lastProbeTime:
6522 type: string
6523 description: lastProbeTime is the last time the healthcheck endpoint was probed.
6524 format: date-time
6525 lastTransitionTime:
6526 type: string
6527 description: lastTransitionTime is the last time the condition transitioned from one status to another.
6528 format: date-time
6529 message:
6530 type: string
6531 description: message is a human readable message indicating details about the transition. This may be an empty string.
6532 maxLength: 32768
6533 reason:
6534 type: string
6535 description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
6536 maxLength: 1024
6537 minLength: 1
6538 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
6539 required:
6540 - status
6541 - type
6542 apiVerson:
6543 type: string
6544 required: [spec]
6545 served: true
6546 storage: true
6547 subresources:
6548 status: {}
View as plain text