1---
2apiVersion: apiextensions.k8s.io/v1
3kind: CustomResourceDefinition
4metadata:
5 name: authorizationpolicies.policy.linkerd.io
6 annotations:
7 linkerd.io/created-by: linkerd/cli dev-undefined
8 labels:
9 helm.sh/chart: linkerd-crds-0.0.0-undefined
10 linkerd.io/control-plane-ns: linkerd
11spec:
12 group: policy.linkerd.io
13 scope: Namespaced
14 names:
15 kind: AuthorizationPolicy
16 plural: authorizationpolicies
17 singular: authorizationpolicy
18 shortNames: [authzpolicy]
19 versions:
20 - name: v1alpha1
21 served: true
22 storage: true
23 schema:
24 openAPIV3Schema:
25 type: object
26 required: [spec]
27 properties:
28 spec:
29 description: >-
30 Authorizes clients to communicate with Linkerd-proxied server
31 resources.
32 type: object
33 required: [targetRef, requiredAuthenticationRefs]
34 properties:
35 targetRef:
36 description: >-
37 TargetRef references a resource to which the authorization
38 policy applies.
39 type: object
40 required: [kind, name]
41 # Modified from the gateway API.
42 # Copyright 2020 The Kubernetes Authors
43 properties:
44 group:
45 description: >-
46 Group is the group of the referent. When empty, the
47 Kubernetes core API group is inferred.
48 maxLength: 253
49 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
50 type: string
51 kind:
52 description: >-
53 Kind is the kind of the referent.
54 maxLength: 63
55 minLength: 1
56 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
57 type: string
58 name:
59 description: Name is the name of the referent.
60 maxLength: 253
61 minLength: 1
62 type: string
63 requiredAuthenticationRefs:
64 description: >-
65 RequiredAuthenticationRefs enumerates a set of required
66 authentications. ALL authentications must be satisfied for
67 the authorization to apply. If any of the referred objects
68 cannot be found, the authorization will be ignored.
69 type: array
70 items:
71 type: object
72 required: [kind, name]
73 properties:
74 group:
75 description: >-
76 Group is the group of the referent. When empty, the
77 Kubernetes core API group is inferred."
78 maxLength: 253
79 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
80 type: string
81 kind:
82 description: >-
83 Kind is the kind of the referent.
84 maxLength: 63
85 minLength: 1
86 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
87 type: string
88 name:
89 description: >-
90 Name is the name of the referent.
91 maxLength: 253
92 minLength: 1
93 type: string
94 namespace:
95 description: >-
96 Name is the name of the referent. When unspecified,
97 this authentication refers to the local namespace.
98 maxLength: 253
99 type: string
100---
101apiVersion: apiextensions.k8s.io/v1
102kind: CustomResourceDefinition
103metadata:
104 name: httproutes.policy.linkerd.io
105 annotations:
106 linkerd.io/created-by: linkerd/cli dev-undefined
107 labels:
108 helm.sh/chart: linkerd-crds-0.0.0-undefined
109 linkerd.io/control-plane-ns: linkerd
110spec:
111 group: policy.linkerd.io
112 names:
113 kind: HTTPRoute
114 listKind: HTTPRouteList
115 plural: httproutes
116 singular: httproute
117 scope: Namespaced
118 versions:
119 - additionalPrinterColumns:
120 - jsonPath: .spec.hostnames
121 name: Hostnames
122 type: string
123 - jsonPath: .metadata.creationTimestamp
124 name: Age
125 type: date
126 name: v1alpha1
127 schema:
128 openAPIV3Schema:
129 description: HTTPRoute provides a way to route HTTP requests. This includes
130 the capability to match requests by hostname, path, header, or query param.
131 Filters can be used to specify additional processing steps. Backends specify
132 where matching requests should be routed.
133 properties:
134 apiVersion:
135 description: 'APIVersion defines the versioned schema of this representation
136 of an object. Servers should convert recognized schemas to the latest
137 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
138 type: string
139 kind:
140 description: 'Kind is a string value representing the REST resource this
141 object represents. Servers may infer this from the endpoint the client
142 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
143 type: string
144 metadata:
145 type: object
146 spec:
147 description: Spec defines the desired state of HTTPRoute.
148 properties:
149 hostnames:
150 description: "Hostnames defines a set of hostname that should match
151 against the HTTP Host header to select a HTTPRoute to process the
152 request. This matches the RFC 1123 definition of a hostname with
153 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may
154 be prefixed with a wildcard label (`*.`). The wildcard label
155 must appear by itself as the first label. \n If a hostname is specified
156 by both the Listener and HTTPRoute, there must be at least one intersecting
157 hostname for the HTTPRoute to be attached to the Listener. For example:
158 \n * A Listener with `test.example.com` as the hostname matches
159 HTTPRoutes that have either not specified any hostnames, or have
160 specified at least one of `test.example.com` or `*.example.com`.
161 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
162 \ that have either not specified any hostnames or have specified
163 at least one hostname that matches the Listener hostname. For
164 example, `*.example.com`, `test.example.com`, and `foo.test.example.com`
165 would all match. On the other hand, `example.com` and `test.example.net`
166 would not match. \n Hostnames that are prefixed with a wildcard
167 label (`*.`) are interpreted as a suffix match. That means that
168 a match for `*.example.com` would match both `test.example.com`,
169 and `foo.test.example.com`, but not `example.com`. \n If both the
170 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
171 that do not match the Listener hostname MUST be ignored. For example,
172 if a Listener specified `*.example.com`, and the HTTPRoute specified
173 `test.example.com` and `test.example.net`, `test.example.net` must
174 not be considered for a match. \n If both the Listener and HTTPRoute
175 have specified hostnames, and none match with the criteria above,
176 then the HTTPRoute is not accepted. The implementation must raise
177 an 'Accepted' Condition with a status of `False` in the corresponding
178 RouteParentStatus. \n Support: Core"
179 items:
180 description: "Hostname is the fully qualified domain name of a network
181 host. This matches the RFC 1123 definition of a hostname with
182 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
183 may be prefixed with a wildcard label (`*.`). The wildcard label
184 must appear by itself as the first label. \n Hostname can be \"precise\"
185 which is a domain name without the terminating dot of a network
186 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
187 name prefixed with a single wildcard label (e.g. `*.example.com`).
188 \n Note that as per RFC1035 and RFC1123, a *label* must consist
189 of lower case alphanumeric characters or '-', and must start and
190 end with an alphanumeric character. No other punctuation is allowed."
191 maxLength: 253
192 minLength: 1
193 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
194 type: string
195 maxItems: 16
196 type: array
197 parentRefs:
198 description: "ParentRefs references the resources (usually Gateways)
199 that a Route wants to be attached to. Note that the referenced parent
200 resource needs to allow this for the attachment to be complete.
201 For Gateways, that means the Gateway needs to allow attachment from
202 Routes of this kind and namespace. \n The only kind of parent resource
203 with \"Core\" support is Gateway. This API may be extended in the
204 future to support additional kinds of parent resources such as one
205 of the route kinds. \n It is invalid to reference an identical parent
206 more than once. It is valid to reference multiple distinct sections
207 within the same parent resource, such as 2 Listeners within a Gateway.
208 \n It is possible to separately reference multiple distinct objects
209 that may be collapsed by an implementation. For example, some implementations
210 may choose to merge compatible Gateway Listeners together. If that
211 is the case, the list of routes attached to those resources should
212 also be merged."
213 items:
214 description: "ParentReference identifies an API object (usually
215 a Gateway) that can be considered a parent of this resource (usually
216 a route). The only kind of parent resource with \"Core\" support
217 is Gateway. This API may be extended in the future to support
218 additional kinds of parent resources, such as HTTPRoute. \n The
219 API object must be valid in the cluster; the Group and Kind must
220 be registered in the cluster for this reference to be valid."
221 properties:
222 group:
223 default: policy.linkerd.io
224 description: "Group is the group of the referent. \n Support:
225 Core"
226 maxLength: 253
227 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
228 type: string
229 kind:
230 default: Gateway
231 description: "Kind is kind of the referent. \n Support: Core
232 (Gateway) Support: Custom (Other Resources)"
233 maxLength: 63
234 minLength: 1
235 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
236 type: string
237 name:
238 description: "Name is the name of the referent. \n Support:
239 Core"
240 maxLength: 253
241 minLength: 1
242 type: string
243 namespace:
244 description: "Namespace is the namespace of the referent. When
245 unspecified (or empty string), this refers to the local namespace
246 of the Route. \n Support: Core"
247 maxLength: 63
248 minLength: 1
249 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
250 type: string
251 port:
252 description: "port"
253 type: integer
254 sectionName:
255 description: "SectionName is the name of a section within the
256 target resource. In the following resources, SectionName is
257 interpreted as the following: \n * Gateway: Listener Name.
258 When both Port (experimental) and SectionName are specified,
259 the name and port of the selected listener must match both
260 specified values. \n Implementations MAY choose to support
261 attaching Routes to other resources. If that is the case,
262 they MUST clearly document how SectionName is interpreted.
263 \n When unspecified (empty string), this will reference the
264 entire resource. For the purpose of status, an attachment
265 is considered successful if at least one section in the parent
266 resource accepts it. For example, Gateway listeners can restrict
267 which Routes can attach to them by Route kind, namespace,
268 or hostname. If 1 of 2 Gateway listeners accept attachment
269 from the referencing Route, the Route MUST be considered successfully
270 attached. If no Gateway listeners accept attachment from this
271 Route, the Route MUST be considered detached from the Gateway.
272 \n Support: Core"
273 maxLength: 253
274 minLength: 1
275 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
276 type: string
277 required:
278 - name
279 type: object
280 maxItems: 32
281 type: array
282 rules:
283 default:
284 - matches:
285 - path:
286 type: PathPrefix
287 value: /
288 description: Rules are a list of HTTP matchers, filters and actions.
289 items:
290 description: HTTPRouteRule defines semantics for matching an HTTP
291 request based on conditions (matches) and processing it (filters).
292 properties:
293 backendRefs:
294 type: array
295 items:
296 type: object
297 properties:
298 name:
299 type: string
300 port:
301 type: integer
302 namespace:
303 type: string
304 default: "default"
305 filters:
306 description: "Filters defined at this level should be
307 executed if and only if the request is being forwarded
308 to the backend defined here. \n Support: Implementation-specific
309 (For broader support of filters, use the Filters field
310 in HTTPRouteRule.)"
311 items:
312 description: HTTPRouteFilter defines processing steps
313 that must be completed during the request or response
314 lifecycle. HTTPRouteFilters are meant as an extension
315 point to express processing that may be done in Gateway
316 implementations. Some examples include request or
317 response modification, implementing authentication
318 strategies, rate-limiting, and traffic shaping. API
319 guarantee/conformance is defined based on the type
320 of the filter.
321 properties:
322 requestHeaderModifier:
323 description: "RequestHeaderModifier defines a schema
324 for a filter that modifies request headers. \n
325 Support: Core"
326 properties:
327 add:
328 description: "Add adds the given header(s) (name,
329 value) to the request before the action. It
330 appends to any existing values associated
331 with the header name. \n Input: GET /foo HTTP/1.1
332 my-header: foo \n Config: add: - name: \"my-header\"
333 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
334 my-header: foo,bar,baz"
335 items:
336 description: HTTPHeader represents an HTTP
337 Header name and value as defined by RFC
338 7230.
339 properties:
340 name:
341 description: "Name is the name of the
342 HTTP Header to be matched. Name matching
343 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
344 \n If multiple entries specify equivalent
345 header names, the first entry with an
346 equivalent name MUST be considered for
347 a match. Subsequent entries with an
348 equivalent header name MUST be ignored.
349 Due to the case-insensitivity of header
350 names, \"foo\" and \"Foo\" are considered
351 equivalent."
352 maxLength: 256
353 minLength: 1
354 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
355 type: string
356 value:
357 description: Value is the value of HTTP
358 Header to be matched.
359 maxLength: 4096
360 minLength: 1
361 type: string
362 required:
363 - name
364 - value
365 type: object
366 maxItems: 16
367 type: array
368 x-kubernetes-list-map-keys:
369 - name
370 x-kubernetes-list-type: map
371 remove:
372 description: "Remove the given header(s) from
373 the HTTP request before the action. The value
374 of Remove is a list of HTTP header names.
375 Note that the header names are case-insensitive
376 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
377 \n Input: GET /foo HTTP/1.1 my-header1: foo
378 my-header2: bar my-header3: baz \n Config:
379 remove: [\"my-header1\", \"my-header3\"] \n
380 Output: GET /foo HTTP/1.1 my-header2: bar"
381 items:
382 type: string
383 maxItems: 16
384 type: array
385 set:
386 description: "Set overwrites the request with
387 the given header (name, value) before the
388 action. \n Input: GET /foo HTTP/1.1 my-header:
389 foo \n Config: set: - name: \"my-header\"
390 value: \"bar\" \n Output: GET /foo HTTP/1.1
391 my-header: bar"
392 items:
393 description: HTTPHeader represents an HTTP
394 Header name and value as defined by RFC
395 7230.
396 properties:
397 name:
398 description: "Name is the name of the
399 HTTP Header to be matched. Name matching
400 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
401 \n If multiple entries specify equivalent
402 header names, the first entry with an
403 equivalent name MUST be considered for
404 a match. Subsequent entries with an
405 equivalent header name MUST be ignored.
406 Due to the case-insensitivity of header
407 names, \"foo\" and \"Foo\" are considered
408 equivalent."
409 maxLength: 256
410 minLength: 1
411 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
412 type: string
413 value:
414 description: Value is the value of HTTP
415 Header to be matched.
416 maxLength: 4096
417 minLength: 1
418 type: string
419 required:
420 - name
421 - value
422 type: object
423 maxItems: 16
424 type: array
425 x-kubernetes-list-map-keys:
426 - name
427 x-kubernetes-list-type: map
428 type: object
429 requestRedirect:
430 description: "RequestRedirect defines a schema for
431 a filter that responds to the request with an
432 HTTP redirection. \n Support: Core"
433 properties:
434 hostname:
435 description: "Hostname is the hostname to be
436 used in the value of the `Location` header
437 in the response. When empty, the hostname
438 in the `Host` header of the request is used.
439 \n Support: Core"
440 maxLength: 253
441 minLength: 1
442 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
443 type: string
444 path:
445 description: "Path defines parameters used to
446 modify the path of the incoming request. The
447 modified path is then used to construct the
448 `Location` header. When empty, the request
449 path is used as-is. \n Support: Extended"
450 properties:
451 replaceFullPath:
452 description: ReplaceFullPath specifies the
453 value with which to replace the full path
454 of a request during a rewrite or redirect.
455 maxLength: 1024
456 type: string
457 replacePrefixMatch:
458 description: "ReplacePrefixMatch specifies
459 the value with which to replace the prefix
460 match of a request during a rewrite or
461 redirect. For example, a request to \"/foo/bar\"
462 with a prefix match of \"/foo\" and a
463 ReplacePrefixMatch of \"/xyz\" would be
464 modified to \"/xyz/bar\". \n Note that
465 this matches the behavior of the PathPrefix
466 match type. This matches full path elements.
467 A path element refers to the list of labels
468 in the path split by the `/` separator.
469 When specified, a trailing `/` is ignored.
470 For example, the paths `/abc`, `/abc/`,
471 and `/abc/def` would all match the prefix
472 `/abc`, but the path `/abcd` would not.
473 \n Request Path | Prefix Match | Replace
474 Prefix | Modified Path -------------|--------------|----------------|----------
475 /foo/bar | /foo | /xyz |
476 /xyz/bar /foo/bar | /foo |
477 /xyz/ | /xyz/bar /foo/bar |
478 /foo/ | /xyz | /xyz/bar
479 /foo/bar | /foo/ | /xyz/ |
480 /xyz/bar /foo | /foo |
481 /xyz | /xyz /foo/ | /foo
482 \ | /xyz | /xyz/ /foo/bar
483 \ | /foo | <empty string> |
484 /bar /foo/ | /foo | <empty
485 string> | / /foo | /foo |
486 <empty string> | / /foo/ | /foo
487 \ | / | / /foo |
488 /foo | / | /"
489 maxLength: 1024
490 type: string
491 type:
492 description: "Type defines the type of path
493 modifier. Additional types may be added
494 in a future release of the API. \n Note
495 that values may be added to this enum,
496 implementations must ensure that unknown
497 values will not cause a crash. \n Unknown
498 values here must result in the implementation
499 setting the Accepted Condition for the
500 Route to `status: False`, with a Reason
501 of `UnsupportedValue`."
502 enum:
503 - ReplaceFullPath
504 - ReplacePrefixMatch
505 type: string
506 required:
507 - type
508 type: object
509 port:
510 description: "Port is the port to be used in
511 the value of the `Location` header in the
512 response. \n If no port is specified, the
513 redirect port MUST be derived using the following
514 rules: \n * If redirect scheme is not-empty,
515 the redirect port MUST be the well-known port
516 associated with the redirect scheme. Specifically
517 \"http\" to port 80 and \"https\" to port
518 443. If the redirect scheme does not have
519 a well-known port, the listener port of the
520 Gateway SHOULD be used. * If redirect scheme
521 is empty, the redirect port MUST be the Gateway
522 Listener port. \n Implementations SHOULD NOT
523 add the port number in the 'Location' header
524 in the following cases: \n * A Location header
525 that will use HTTP (whether that is determined
526 via the Listener protocol or the Scheme field)
527 _and_ use port 80. * A Location header that
528 will use HTTPS (whether that is determined
529 via the Listener protocol or the Scheme field)
530 _and_ use port 443. \n Support: Extended"
531 format: int32
532 maximum: 65535
533 minimum: 1
534 type: integer
535 scheme:
536 description: "Scheme is the scheme to be used
537 in the value of the `Location` header in the
538 response. When empty, the scheme of the request
539 is used. \n Scheme redirects can affect the
540 port of the redirect, for more information,
541 refer to the documentation for the port field
542 of this filter. \n Note that values may be
543 added to this enum, implementations must ensure
544 that unknown values will not cause a crash.
545 \n Unknown values here must result in the
546 implementation setting the Accepted Condition
547 for the Route to `status: False`, with a Reason
548 of `UnsupportedValue`. \n Support: Extended"
549 enum:
550 - http
551 - https
552 type: string
553 statusCode:
554 default: 302
555 description: "StatusCode is the HTTP status
556 code to be used in response. \n Note that
557 values may be added to this enum, implementations
558 must ensure that unknown values will not cause
559 a crash. \n Unknown values here must result
560 in the implementation setting the Accepted
561 Condition for the Route to `status: False`,
562 with a Reason of `UnsupportedValue`. \n Support:
563 Core"
564 enum:
565 - 301
566 - 302
567 type: integer
568 type: object
569 responseHeaderModifier:
570 description: "ResponseHeaderModifier defines a schema
571 for a filter that modifies response headers. \n
572 Support: Extended"
573 properties:
574 add:
575 description: "Add adds the given header(s) (name,
576 value) to the request before the action. It
577 appends to any existing values associated
578 with the header name. \n Input: GET /foo HTTP/1.1
579 my-header: foo \n Config: add: - name: \"my-header\"
580 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
581 my-header: foo,bar,baz"
582 items:
583 description: HTTPHeader represents an HTTP
584 Header name and value as defined by RFC
585 7230.
586 properties:
587 name:
588 description: "Name is the name of the
589 HTTP Header to be matched. Name matching
590 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
591 \n If multiple entries specify equivalent
592 header names, the first entry with an
593 equivalent name MUST be considered for
594 a match. Subsequent entries with an
595 equivalent header name MUST be ignored.
596 Due to the case-insensitivity of header
597 names, \"foo\" and \"Foo\" are considered
598 equivalent."
599 maxLength: 256
600 minLength: 1
601 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
602 type: string
603 value:
604 description: Value is the value of HTTP
605 Header to be matched.
606 maxLength: 4096
607 minLength: 1
608 type: string
609 required:
610 - name
611 - value
612 type: object
613 maxItems: 16
614 type: array
615 x-kubernetes-list-map-keys:
616 - name
617 x-kubernetes-list-type: map
618 remove:
619 description: "Remove the given header(s) from
620 the HTTP request before the action. The value
621 of Remove is a list of HTTP header names.
622 Note that the header names are case-insensitive
623 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
624 \n Input: GET /foo HTTP/1.1 my-header1: foo
625 my-header2: bar my-header3: baz \n Config:
626 remove: [\"my-header1\", \"my-header3\"] \n
627 Output: GET /foo HTTP/1.1 my-header2: bar"
628 items:
629 type: string
630 maxItems: 16
631 type: array
632 set:
633 description: "Set overwrites the request with
634 the given header (name, value) before the
635 action. \n Input: GET /foo HTTP/1.1 my-header:
636 foo \n Config: set: - name: \"my-header\"
637 value: \"bar\" \n Output: GET /foo HTTP/1.1
638 my-header: bar"
639 items:
640 description: HTTPHeader represents an HTTP
641 Header name and value as defined by RFC
642 7230.
643 properties:
644 name:
645 description: "Name is the name of the
646 HTTP Header to be matched. Name matching
647 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
648 \n If multiple entries specify equivalent
649 header names, the first entry with an
650 equivalent name MUST be considered for
651 a match. Subsequent entries with an
652 equivalent header name MUST be ignored.
653 Due to the case-insensitivity of header
654 names, \"foo\" and \"Foo\" are considered
655 equivalent."
656 maxLength: 256
657 minLength: 1
658 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
659 type: string
660 value:
661 description: Value is the value of HTTP
662 Header to be matched.
663 maxLength: 4096
664 minLength: 1
665 type: string
666 required:
667 - name
668 - value
669 type: object
670 maxItems: 16
671 type: array
672 x-kubernetes-list-map-keys:
673 - name
674 x-kubernetes-list-type: map
675 type: object
676 type:
677 description: "Type identifies the type of filter
678 to apply. As with other API fields, types are
679 classified into three conformance levels: \n -
680 Core: Filter types and their corresponding configuration
681 defined by \"Support: Core\" in this package,
682 e.g. \"RequestHeaderModifier\". All implementations
683 must support core filters. \n - Extended: Filter
684 types and their corresponding configuration defined
685 by \"Support: Extended\" in this package, e.g.
686 \"RequestMirror\". Implementers are encouraged
687 to support extended filters. \n - Implementation-specific:
688 Filters that are defined and supported by specific
689 vendors. In the future, filters showing convergence
690 in behavior across multiple implementations will
691 be considered for inclusion in extended or core
692 conformance levels. Filter-specific configuration
693 for such filters is specified using the ExtensionRef
694 field. `Type` should be set to \"ExtensionRef\"
695 for custom filters. \n Implementers are encouraged
696 to define custom implementation types to extend
697 the core API with implementation-specific behavior.
698 \n If a reference to a custom filter type cannot
699 be resolved, the filter MUST NOT be skipped. Instead,
700 requests that would have been processed by that
701 filter MUST receive a HTTP error response. \n
702 Note that values may be added to this enum, implementations
703 must ensure that unknown values will not cause
704 a crash. \n Unknown values here must result in
705 the implementation setting the Accepted Condition
706 for the Route to `status: False`, with a Reason
707 of `UnsupportedValue`."
708 enum:
709 - RequestHeaderModifier
710 - ResponseHeaderModifier
711 - RequestRedirect
712 type: string
713 required:
714 - type
715 type: object
716 maxItems: 16
717 type: array
718 filters:
719 description: "Filters define the filters that are applied to
720 requests that match this rule. \n The effects of ordering
721 of multiple behaviors are currently unspecified. This can
722 change in the future based on feedback during the alpha stage.
723 \n Conformance-levels at this level are defined based on the
724 type of filter: \n - ALL core filters MUST be supported by
725 all implementations. - Implementers are encouraged to support
726 extended filters. - Implementation-specific custom filters
727 have no API guarantees across implementations. \n Specifying
728 a core filter multiple times has unspecified or custom conformance.
729 \n All filters are expected to be compatible with each other
730 except for the URLRewrite and RequestRedirect filters, which
731 may not be combined. If an implementation can not support
732 other combinations of filters, they must clearly document
733 that limitation. In all cases where incompatible or unsupported
734 filters are specified, implementations MUST add a warning
735 condition to status. \n Support: Core"
736 items:
737 description: HTTPRouteFilter defines processing steps that
738 must be completed during the request or response lifecycle.
739 HTTPRouteFilters are meant as an extension point to express
740 processing that may be done in Gateway implementations.
741 Some examples include request or response modification,
742 implementing authentication strategies, rate-limiting, and
743 traffic shaping. API guarantee/conformance is defined based
744 on the type of the filter.
745 properties:
746 requestHeaderModifier:
747 description: "RequestHeaderModifier defines a schema for
748 a filter that modifies request headers. \n Support:
749 Core"
750 properties:
751 add:
752 description: "Add adds the given header(s) (name,
753 value) to the request before the action. It appends
754 to any existing values associated with the header
755 name. \n Input: GET /foo HTTP/1.1 my-header:
756 foo \n Config: add: - name: \"my-header\" value:
757 \"bar\" \n Output: GET /foo HTTP/1.1 my-header:
758 foo my-header: bar"
759 items:
760 description: HTTPHeader represents an HTTP Header
761 name and value as defined by RFC 7230.
762 properties:
763 name:
764 description: "Name is the name of the HTTP Header
765 to be matched. Name matching MUST be case
766 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
767 \n If multiple entries specify equivalent
768 header names, the first entry with an equivalent
769 name MUST be considered for a match. Subsequent
770 entries with an equivalent header name MUST
771 be ignored. Due to the case-insensitivity
772 of header names, \"foo\" and \"Foo\" are considered
773 equivalent."
774 maxLength: 256
775 minLength: 1
776 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
777 type: string
778 value:
779 description: Value is the value of HTTP Header
780 to be matched.
781 maxLength: 4096
782 minLength: 1
783 type: string
784 required:
785 - name
786 - value
787 type: object
788 maxItems: 16
789 type: array
790 x-kubernetes-list-map-keys:
791 - name
792 x-kubernetes-list-type: map
793 remove:
794 description: "Remove the given header(s) from the
795 HTTP request before the action. The value of Remove
796 is a list of HTTP header names. Note that the header
797 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
798 \n Input: GET /foo HTTP/1.1 my-header1: foo
799 \ my-header2: bar my-header3: baz \n Config:
800 \ remove: [\"my-header1\", \"my-header3\"] \n Output:
801 \ GET /foo HTTP/1.1 my-header2: bar"
802 items:
803 type: string
804 maxItems: 16
805 type: array
806 set:
807 description: "Set overwrites the request with the
808 given header (name, value) before the action. \n
809 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
810 \ set: - name: \"my-header\" value: \"bar\"
811 \n Output: GET /foo HTTP/1.1 my-header: bar"
812 items:
813 description: HTTPHeader represents an HTTP Header
814 name and value as defined by RFC 7230.
815 properties:
816 name:
817 description: "Name is the name of the HTTP Header
818 to be matched. Name matching MUST be case
819 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
820 \n If multiple entries specify equivalent
821 header names, the first entry with an equivalent
822 name MUST be considered for a match. Subsequent
823 entries with an equivalent header name MUST
824 be ignored. Due to the case-insensitivity
825 of header names, \"foo\" and \"Foo\" are considered
826 equivalent."
827 maxLength: 256
828 minLength: 1
829 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
830 type: string
831 value:
832 description: Value is the value of HTTP Header
833 to be matched.
834 maxLength: 4096
835 minLength: 1
836 type: string
837 required:
838 - name
839 - value
840 type: object
841 maxItems: 16
842 type: array
843 x-kubernetes-list-map-keys:
844 - name
845 x-kubernetes-list-type: map
846 type: object
847 requestRedirect:
848 description: "RequestRedirect defines a schema for a filter
849 that responds to the request with an HTTP redirection.
850 \n Support: Core"
851 properties:
852 hostname:
853 description: "Hostname is the hostname to be used
854 in the value of the `Location` header in the response.
855 When empty, the hostname of the request is used.
856 \n Support: Core"
857 maxLength: 253
858 minLength: 1
859 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
860 type: string
861 path:
862 description: "Path defines parameters used to
863 modify the path of the incoming request. The
864 modified path is then used to construct the
865 `Location` header. When empty, the request
866 path is used as-is. \n Support: Extended"
867 properties:
868 replaceFullPath:
869 description: ReplaceFullPath specifies the
870 value with which to replace the full path
871 of a request during a rewrite or redirect.
872 maxLength: 1024
873 type: string
874 replacePrefixMatch:
875 description: "ReplacePrefixMatch specifies
876 the value with which to replace the prefix
877 match of a request during a rewrite or
878 redirect. For example, a request to \"/foo/bar\"
879 with a prefix match of \"/foo\" and a
880 ReplacePrefixMatch of \"/xyz\" would be
881 modified to \"/xyz/bar\". \n Note that
882 this matches the behavior of the PathPrefix
883 match type. This matches full path elements.
884 A path element refers to the list of labels
885 in the path split by the `/` separator.
886 When specified, a trailing `/` is ignored.
887 For example, the paths `/abc`, `/abc/`,
888 and `/abc/def` would all match the prefix
889 `/abc`, but the path `/abcd` would not.
890 \n Request Path | Prefix Match | Replace
891 Prefix | Modified Path -------------|--------------|----------------|----------
892 /foo/bar | /foo | /xyz |
893 /xyz/bar /foo/bar | /foo |
894 /xyz/ | /xyz/bar /foo/bar |
895 /foo/ | /xyz | /xyz/bar
896 /foo/bar | /foo/ | /xyz/ |
897 /xyz/bar /foo | /foo |
898 /xyz | /xyz /foo/ | /foo
899 \ | /xyz | /xyz/ /foo/bar
900 \ | /foo | <empty string> |
901 /bar /foo/ | /foo | <empty
902 string> | / /foo | /foo |
903 <empty string> | / /foo/ | /foo
904 \ | / | / /foo |
905 /foo | / | /"
906 maxLength: 1024
907 type: string
908 type:
909 description: "Type defines the type of path
910 modifier. Additional types may be added
911 in a future release of the API. \n Note
912 that values may be added to this enum,
913 implementations must ensure that unknown
914 values will not cause a crash. \n Unknown
915 values here must result in the implementation
916 setting the Accepted Condition for the
917 Route to `status: False`, with a Reason
918 of `UnsupportedValue`."
919 enum:
920 - ReplaceFullPath
921 - ReplacePrefixMatch
922 type: string
923 required:
924 - type
925 type: object
926 port:
927 description: "Port is the port to be used in the value
928 of the `Location` header in the response. When empty,
929 port (if specified) of the request is used. \n Support:
930 Extended"
931 format: int32
932 maximum: 65535
933 minimum: 1
934 type: integer
935 scheme:
936 description: "Scheme is the scheme to be used in the
937 value of the `Location` header in the response.
938 When empty, the scheme of the request is used. \n
939 Support: Extended"
940 enum:
941 - http
942 - https
943 type: string
944 statusCode:
945 default: 302
946 description: "StatusCode is the HTTP status code to
947 be used in response. \n Support: Core"
948 enum:
949 - 301
950 - 302
951 type: integer
952 type: object
953 type:
954 description: "Type identifies the type of filter to apply.
955 As with other API fields, types are classified into
956 three conformance levels: \n - Core: Filter types and
957 their corresponding configuration defined by \"Support:
958 Core\" in this package, e.g. \"RequestHeaderModifier\".
959 All implementations must support core filters. \n\n "
960 enum:
961 - RequestHeaderModifier
962 - RequestRedirect
963 type: string
964 required:
965 - type
966 type: object
967 maxItems: 16
968 type: array
969 matches:
970 default:
971 - path:
972 type: PathPrefix
973 value: /
974 description: "Matches define conditions used for matching the
975 rule against incoming HTTP requests. Each match is independent,
976 i.e. this rule will be matched if **any** one of the matches
977 is satisfied. \n For example, take the following matches configuration:
978 \n ``` matches: - path: value: \"/foo\" headers: -
979 name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"
980 ``` \n For a request to match against this rule, a request
981 must satisfy EITHER of the two conditions: \n - path prefixed
982 with `/foo` AND contains the header `version: v2` - path prefix
983 of `/v2/foo` \n See the documentation for HTTPRouteMatch on
984 how to specify multiple match conditions that should be ANDed
985 together. \n If no matches are specified, the default is a
986 prefix path match on \"/\", which has the effect of matching
987 every HTTP request. \n Proxy or Load Balancer routing configuration
988 generated from HTTPRoutes MUST prioritize rules based on the
989 following criteria, continuing on ties. Precedence must be
990 given to the the Rule with the largest number of: \n * Characters
991 in a matching non-wildcard hostname. * Characters in a matching
992 hostname. * Characters in a matching path. * Header matches.
993 * Query param matches. \n If ties still exist across multiple
994 Routes, matching precedence MUST be determined in order of
995 the following criteria, continuing on ties: \n * The oldest
996 Route based on creation timestamp. * The Route appearing first
997 in alphabetical order by \"{namespace}/{name}\". \n If ties
998 still exist within the Route that has been given precedence,
999 matching precedence MUST be granted to the first matching
1000 rule meeting the above criteria. \n When no rules matching
1001 a request have been successfully attached to the parent a
1002 request is coming from, a HTTP 404 status code MUST be returned."
1003 items:
1004 description: "HTTPRouteMatch defines the predicate used to
1005 match requests to a given action. Multiple match types are
1006 ANDed together, i.e. the match will evaluate to true only
1007 if all conditions are satisfied. \n For example, the match
1008 below will match a HTTP request only if its path starts
1009 with `/foo` AND it contains the `version: v1` header: \n
1010 ``` match: path: value: \"/foo\" headers: - name:
1011 \"version\" value \"v1\" ```"
1012 properties:
1013 headers:
1014 description: Headers specifies HTTP request header matchers.
1015 Multiple match values are ANDed together, meaning, a
1016 request must match all the specified headers to select
1017 the route.
1018 items:
1019 description: HTTPHeaderMatch describes how to select
1020 a HTTP route by matching HTTP request headers.
1021 properties:
1022 name:
1023 description: "Name is the name of the HTTP Header
1024 to be matched. Name matching MUST be case insensitive.
1025 (See https://tools.ietf.org/html/rfc7230#section-3.2).
1026 \n If multiple entries specify equivalent header
1027 names, only the first entry with an equivalent
1028 name MUST be considered for a match. Subsequent
1029 entries with an equivalent header name MUST be
1030 ignored. Due to the case-insensitivity of header
1031 names, \"foo\" and \"Foo\" are considered equivalent.
1032 \n When a header is repeated in an HTTP request,
1033 it is implementation-specific behavior as to how
1034 this is represented. Generally, proxies should
1035 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
1036 regarding processing a repeated header, with special
1037 handling for \"Set-Cookie\"."
1038 maxLength: 256
1039 minLength: 1
1040 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1041 type: string
1042 type:
1043 default: Exact
1044 description: "Type specifies how to match against
1045 the value of the header. \n Support: Core (Exact)
1046 \n Support: Custom (RegularExpression) \n Since
1047 RegularExpression HeaderMatchType has custom conformance,
1048 implementations can support POSIX, PCRE or any
1049 other dialects of regular expressions. Please
1050 read the implementation's documentation to determine
1051 the supported dialect."
1052 enum:
1053 - Exact
1054 - RegularExpression
1055 type: string
1056 value:
1057 description: Value is the value of HTTP Header to
1058 be matched.
1059 maxLength: 4096
1060 minLength: 1
1061 type: string
1062 required:
1063 - name
1064 - value
1065 type: object
1066 maxItems: 16
1067 type: array
1068 x-kubernetes-list-map-keys:
1069 - name
1070 x-kubernetes-list-type: map
1071 method:
1072 description: "Method specifies HTTP method matcher. When
1073 specified, this route will be matched only if the request
1074 has the specified method. \n Support: Extended"
1075 enum:
1076 - GET
1077 - HEAD
1078 - POST
1079 - PUT
1080 - DELETE
1081 - CONNECT
1082 - OPTIONS
1083 - TRACE
1084 - PATCH
1085 type: string
1086 path:
1087 default:
1088 type: PathPrefix
1089 value: /
1090 description: Path specifies a HTTP request path matcher.
1091 If this field is not specified, a default prefix match
1092 on the "/" path is provided.
1093 properties:
1094 type:
1095 default: PathPrefix
1096 description: "Type specifies how to match against
1097 the path Value. \n Support: Core (Exact, PathPrefix)
1098 \n Support: Custom (RegularExpression)"
1099 enum:
1100 - Exact
1101 - PathPrefix
1102 - RegularExpression
1103 type: string
1104 value:
1105 default: /
1106 description: Value of the HTTP path to match against.
1107 maxLength: 1024
1108 type: string
1109 type: object
1110 queryParams:
1111 description: QueryParams specifies HTTP query parameter
1112 matchers. Multiple match values are ANDed together,
1113 meaning, a request must match all the specified query
1114 parameters to select the route.
1115 items:
1116 description: HTTPQueryParamMatch describes how to select
1117 a HTTP route by matching HTTP query parameters.
1118 properties:
1119 name:
1120 description: Name is the name of the HTTP query
1121 param to be matched. This must be an exact string
1122 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
1123 maxLength: 256
1124 minLength: 1
1125 type: string
1126 type:
1127 default: Exact
1128 description: "Type specifies how to match against
1129 the value of the query parameter. \n Support:
1130 Extended (Exact) \n Support: Custom (RegularExpression)
1131 \n Since RegularExpression QueryParamMatchType
1132 has custom conformance, implementations can support
1133 POSIX, PCRE or any other dialects of regular expressions.
1134 Please read the implementation's documentation
1135 to determine the supported dialect."
1136 enum:
1137 - Exact
1138 - RegularExpression
1139 type: string
1140 value:
1141 description: Value is the value of HTTP query param
1142 to be matched.
1143 maxLength: 1024
1144 minLength: 1
1145 type: string
1146 required:
1147 - name
1148 - value
1149 type: object
1150 maxItems: 16
1151 type: array
1152 x-kubernetes-list-map-keys:
1153 - name
1154 x-kubernetes-list-type: map
1155 type: object
1156 maxItems: 8
1157 type: array
1158 type: object
1159 maxItems: 16
1160 type: array
1161 type: object
1162 status:
1163 description: Status defines the current state of HTTPRoute.
1164 properties:
1165 parents:
1166 description: "Parents is a list of parent resources (usually Gateways)
1167 that are associated with the route, and the status of the route
1168 with respect to each parent. When this route attaches to a parent,
1169 the controller that manages the parent must add an entry to this
1170 list when the controller first sees the route and should update
1171 the entry as appropriate when the route or gateway is modified.
1172 \n Note that parent references that cannot be resolved by an implementation
1173 of this API will not be added to this list. Implementations of this
1174 API can only populate Route status for the Gateways/parent resources
1175 they are responsible for. \n A maximum of 32 Gateways will be represented
1176 in this list. An empty list means the route has not been attached
1177 to any Gateway."
1178 items:
1179 description: RouteParentStatus describes the status of a route with
1180 respect to an associated Parent.
1181 properties:
1182 conditions:
1183 description: "Conditions describes the status of the route with
1184 respect to the Gateway. Note that the route's availability
1185 is also subject to the Gateway's own status conditions and
1186 listener status. \n If the Route's ParentRef specifies an
1187 existing Gateway that supports Routes of this kind AND that
1188 Gateway's controller has sufficient access, then that Gateway's
1189 controller MUST set the \"Accepted\" condition on the Route,
1190 to indicate whether the route has been accepted or rejected
1191 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
1192 if at least one of the Route's rules is implemented by the
1193 Gateway. \n There are a number of cases where the \"Accepted\"
1194 condition may not be set due to lack of controller visibility,
1195 that includes when: \n * The Route refers to a non-existent
1196 parent. * The Route is of a type that the controller does
1197 not support. * The Route is in a namespace the the controller
1198 does not have access to."
1199 items:
1200 description: "Condition contains details for one aspect of
1201 the current state of this API Resource. --- This struct
1202 is intended for direct use as an array at the field path
1203 .status.conditions. For example, type FooStatus struct{
1204 \ // Represents the observations of a foo's current state.
1205 \ // Known .status.conditions.type are: \"Available\",
1206 \"Progressing\", and \"Degraded\" // +patchMergeKey=type
1207 \ // +patchStrategy=merge // +listType=map //
1208 +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
1209 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
1210 \n // other fields }"
1211 properties:
1212 lastTransitionTime:
1213 description: lastTransitionTime is the last time the condition
1214 transitioned from one status to another. This should
1215 be when the underlying condition changed. If that is
1216 not known, then using the time when the API field changed
1217 is acceptable.
1218 format: date-time
1219 type: string
1220 message:
1221 description: message is a human readable message indicating
1222 details about the transition. This may be an empty string.
1223 maxLength: 32768
1224 type: string
1225 observedGeneration:
1226 description: observedGeneration represents the .metadata.generation
1227 that the condition was set based upon. For instance,
1228 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
1229 is 9, the condition is out of date with respect to the
1230 current state of the instance.
1231 format: int64
1232 minimum: 0
1233 type: integer
1234 reason:
1235 description: reason contains a programmatic identifier
1236 indicating the reason for the condition's last transition.
1237 Producers of specific condition types may define expected
1238 values and meanings for this field, and whether the
1239 values are considered a guaranteed API. The value should
1240 be a CamelCase string. This field may not be empty.
1241 maxLength: 1024
1242 minLength: 1
1243 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1244 type: string
1245 status:
1246 description: status of the condition, one of True, False,
1247 Unknown.
1248 enum:
1249 - "True"
1250 - "False"
1251 - Unknown
1252 type: string
1253 type:
1254 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1255 --- Many .condition.type values are consistent across
1256 resources like Available, but because arbitrary conditions
1257 can be useful (see .node.status.conditions), the ability
1258 to deconflict is important. The regex it matches is
1259 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1260 maxLength: 316
1261 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1262 type: string
1263 required:
1264 - lastTransitionTime
1265 - message
1266 - reason
1267 - status
1268 - type
1269 type: object
1270 maxItems: 8
1271 minItems: 1
1272 type: array
1273 x-kubernetes-list-map-keys:
1274 - type
1275 x-kubernetes-list-type: map
1276 controllerName:
1277 description: "ControllerName is a domain/path string that indicates
1278 the name of the controller that wrote this status. This corresponds
1279 with the controllerName field on GatewayClass. \n Example:
1280 \"example.net/gateway-controller\". \n The format of this
1281 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
1282 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
1283 \n Controllers MUST populate this field when writing status.
1284 Controllers should ensure that entries to status populated
1285 with their ControllerName are cleaned up when they are no
1286 longer necessary."
1287 maxLength: 253
1288 minLength: 1
1289 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
1290 type: string
1291 parentRef:
1292 description: ParentRef corresponds with a ParentRef in the spec
1293 that this RouteParentStatus struct describes the status of.
1294 properties:
1295 group:
1296 default: policy.linkerd.io
1297 description: "Group is the group of the referent. \n Support:
1298 Core"
1299 maxLength: 253
1300 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1301 type: string
1302 kind:
1303 default: Gateway
1304 description: "Kind is kind of the referent. \n Support:
1305 Core (Gateway) Support: Custom (Other Resources)"
1306 maxLength: 63
1307 minLength: 1
1308 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1309 type: string
1310 name:
1311 description: "Name is the name of the referent. \n Support:
1312 Core"
1313 maxLength: 253
1314 minLength: 1
1315 type: string
1316 namespace:
1317 description: "Namespace is the namespace of the referent.
1318 When unspecified (or empty string), this refers to the
1319 local namespace of the Route. \n Support: Core"
1320 maxLength: 63
1321 minLength: 1
1322 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1323 type: string
1324 port:
1325 description: "Port is the network port this Route targets.
1326 It can be interpreted differently based on the type of
1327 parent resource. \n When the parent resource is a Gateway,
1328 this targets all listeners listening on the specified
1329 port that also support this kind of Route(and select this
1330 Route). It's not recommended to set `Port` unless the
1331 networking behaviors specified in a Route must apply to
1332 a specific port as opposed to a listener(s) whose port(s)
1333 may be changed. When both Port and SectionName are specified,
1334 the name and port of the selected listener must match
1335 both specified values. \n Implementations MAY choose to
1336 support other parent resources. Implementations supporting
1337 other types of parent resources MUST clearly document
1338 how/if Port is interpreted. \n For the purpose of status,
1339 an attachment is considered successful as long as the
1340 parent resource accepts it partially. For example, Gateway
1341 listeners can restrict which Routes can attach to them
1342 by Route kind, namespace, or hostname. If 1 of 2 Gateway
1343 listeners accept attachment from the referencing Route,
1344 the Route MUST be considered successfully attached. If
1345 no Gateway listeners accept attachment from this Route,
1346 the Route MUST be considered detached from the Gateway.
1347 \n Support: Extended \n <gateway:experimental>"
1348 format: int32
1349 maximum: 65535
1350 minimum: 1
1351 type: integer
1352 sectionName:
1353 description: "SectionName is the name of a section within
1354 the target resource. In the following resources, SectionName
1355 is interpreted as the following: \n * Gateway: Listener
1356 Name. When both Port (experimental) and SectionName are
1357 specified, the name and port of the selected listener
1358 must match both specified values. \n Implementations MAY
1359 choose to support attaching Routes to other resources.
1360 If that is the case, they MUST clearly document how SectionName
1361 is interpreted. \n When unspecified (empty string), this
1362 will reference the entire resource. For the purpose of
1363 status, an attachment is considered successful if at least
1364 one section in the parent resource accepts it. For example,
1365 Gateway listeners can restrict which Routes can attach
1366 to them by Route kind, namespace, or hostname. If 1 of
1367 2 Gateway listeners accept attachment from the referencing
1368 Route, the Route MUST be considered successfully attached.
1369 If no Gateway listeners accept attachment from this Route,
1370 the Route MUST be considered detached from the Gateway.
1371 \n Support: Core"
1372 maxLength: 253
1373 minLength: 1
1374 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1375 type: string
1376 required:
1377 - name
1378 type: object
1379 required:
1380 - controllerName
1381 - parentRef
1382 type: object
1383 maxItems: 32
1384 type: array
1385 required:
1386 - parents
1387 type: object
1388 required:
1389 - spec
1390 type: object
1391 served: true
1392 storage: false
1393 subresources:
1394 status: {}
1395 - additionalPrinterColumns:
1396 - jsonPath: .spec.hostnames
1397 name: Hostnames
1398 type: string
1399 - jsonPath: .metadata.creationTimestamp
1400 name: Age
1401 type: date
1402 name: v1beta1
1403 schema:
1404 openAPIV3Schema:
1405 description: HTTPRoute provides a way to route HTTP requests. This includes
1406 the capability to match requests by hostname, path, header, or query param.
1407 Filters can be used to specify additional processing steps. Backends specify
1408 where matching requests should be routed.
1409 properties:
1410 apiVersion:
1411 description: 'APIVersion defines the versioned schema of this representation
1412 of an object. Servers should convert recognized schemas to the latest
1413 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1414 type: string
1415 kind:
1416 description: 'Kind is a string value representing the REST resource this
1417 object represents. Servers may infer this from the endpoint the client
1418 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1419 type: string
1420 metadata:
1421 type: object
1422 spec:
1423 description: Spec defines the desired state of HTTPRoute.
1424 properties:
1425 hostnames:
1426 description: "Hostnames defines a set of hostname that should match
1427 against the HTTP Host header to select a HTTPRoute to process the
1428 request. This matches the RFC 1123 definition of a hostname with
1429 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may
1430 be prefixed with a wildcard label (`*.`). The wildcard label
1431 must appear by itself as the first label. \n If a hostname is specified
1432 by both the Listener and HTTPRoute, there must be at least one intersecting
1433 hostname for the HTTPRoute to be attached to the Listener. For example:
1434 \n * A Listener with `test.example.com` as the hostname matches
1435 HTTPRoutes that have either not specified any hostnames, or have
1436 specified at least one of `test.example.com` or `*.example.com`.
1437 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
1438 \ that have either not specified any hostnames or have specified
1439 at least one hostname that matches the Listener hostname. For
1440 example, `*.example.com`, `test.example.com`, and `foo.test.example.com`
1441 would all match. On the other hand, `example.com` and `test.example.net`
1442 would not match. \n Hostnames that are prefixed with a wildcard
1443 label (`*.`) are interpreted as a suffix match. That means that
1444 a match for `*.example.com` would match both `test.example.com`,
1445 and `foo.test.example.com`, but not `example.com`. \n If both the
1446 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
1447 that do not match the Listener hostname MUST be ignored. For example,
1448 if a Listener specified `*.example.com`, and the HTTPRoute specified
1449 `test.example.com` and `test.example.net`, `test.example.net` must
1450 not be considered for a match. \n If both the Listener and HTTPRoute
1451 have specified hostnames, and none match with the criteria above,
1452 then the HTTPRoute is not accepted. The implementation must raise
1453 an 'Accepted' Condition with a status of `False` in the corresponding
1454 RouteParentStatus. \n Support: Core"
1455 items:
1456 description: "Hostname is the fully qualified domain name of a network
1457 host. This matches the RFC 1123 definition of a hostname with
1458 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
1459 may be prefixed with a wildcard label (`*.`). The wildcard label
1460 must appear by itself as the first label. \n Hostname can be \"precise\"
1461 which is a domain name without the terminating dot of a network
1462 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
1463 name prefixed with a single wildcard label (e.g. `*.example.com`).
1464 \n Note that as per RFC1035 and RFC1123, a *label* must consist
1465 of lower case alphanumeric characters or '-', and must start and
1466 end with an alphanumeric character. No other punctuation is allowed."
1467 maxLength: 253
1468 minLength: 1
1469 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1470 type: string
1471 maxItems: 16
1472 type: array
1473 parentRefs:
1474 description: "ParentRefs references the resources (usually Gateways)
1475 that a Route wants to be attached to. Note that the referenced parent
1476 resource needs to allow this for the attachment to be complete.
1477 For Gateways, that means the Gateway needs to allow attachment from
1478 Routes of this kind and namespace. \n The only kind of parent resource
1479 with \"Core\" support is Gateway. This API may be extended in the
1480 future to support additional kinds of parent resources such as one
1481 of the route kinds. \n It is invalid to reference an identical parent
1482 more than once. It is valid to reference multiple distinct sections
1483 within the same parent resource, such as 2 Listeners within a Gateway.
1484 \n It is possible to separately reference multiple distinct objects
1485 that may be collapsed by an implementation. For example, some implementations
1486 may choose to merge compatible Gateway Listeners together. If that
1487 is the case, the list of routes attached to those resources should
1488 also be merged."
1489 items:
1490 description: "ParentReference identifies an API object (usually
1491 a Gateway) that can be considered a parent of this resource (usually
1492 a route). The only kind of parent resource with \"Core\" support
1493 is Gateway. This API may be extended in the future to support
1494 additional kinds of parent resources, such as HTTPRoute. \n The
1495 API object must be valid in the cluster; the Group and Kind must
1496 be registered in the cluster for this reference to be valid."
1497 properties:
1498 group:
1499 default: policy.linkerd.io
1500 description: "Group is the group of the referent. \n Support:
1501 Core"
1502 maxLength: 253
1503 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1504 type: string
1505 kind:
1506 default: Gateway
1507 description: "Kind is kind of the referent. \n Support: Core
1508 (Gateway) Support: Custom (Other Resources)"
1509 maxLength: 63
1510 minLength: 1
1511 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1512 type: string
1513 name:
1514 description: "Name is the name of the referent. \n Support:
1515 Core"
1516 maxLength: 253
1517 minLength: 1
1518 type: string
1519 namespace:
1520 description: "Namespace is the namespace of the referent. When
1521 unspecified (or empty string), this refers to the local namespace
1522 of the Route. \n Support: Core"
1523 maxLength: 63
1524 minLength: 1
1525 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1526 type: string
1527 port:
1528 description: "port"
1529 type: integer
1530 sectionName:
1531 description: "SectionName is the name of a section within the
1532 target resource. In the following resources, SectionName is
1533 interpreted as the following: \n * Gateway: Listener Name.
1534 When both Port (experimental) and SectionName are specified,
1535 the name and port of the selected listener must match both
1536 specified values. \n Implementations MAY choose to support
1537 attaching Routes to other resources. If that is the case,
1538 they MUST clearly document how SectionName is interpreted.
1539 \n When unspecified (empty string), this will reference the
1540 entire resource. For the purpose of status, an attachment
1541 is considered successful if at least one section in the parent
1542 resource accepts it. For example, Gateway listeners can restrict
1543 which Routes can attach to them by Route kind, namespace,
1544 or hostname. If 1 of 2 Gateway listeners accept attachment
1545 from the referencing Route, the Route MUST be considered successfully
1546 attached. If no Gateway listeners accept attachment from this
1547 Route, the Route MUST be considered detached from the Gateway.
1548 \n Support: Core"
1549 maxLength: 253
1550 minLength: 1
1551 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1552 type: string
1553 required:
1554 - name
1555 type: object
1556 maxItems: 32
1557 type: array
1558 rules:
1559 default:
1560 - matches:
1561 - path:
1562 type: PathPrefix
1563 value: /
1564 description: Rules are a list of HTTP matchers, filters and actions.
1565 items:
1566 description: HTTPRouteRule defines semantics for matching an HTTP
1567 request based on conditions (matches) and processing it (filters).
1568 properties:
1569 backendRefs:
1570 type: array
1571 items:
1572 type: object
1573 properties:
1574 name:
1575 type: string
1576 port:
1577 type: integer
1578 namespace:
1579 type: string
1580 default: "default"
1581 filters:
1582 description: "Filters defined at this level should be
1583 executed if and only if the request is being forwarded
1584 to the backend defined here. \n Support: Implementation-specific
1585 (For broader support of filters, use the Filters field
1586 in HTTPRouteRule.)"
1587 items:
1588 description: HTTPRouteFilter defines processing steps
1589 that must be completed during the request or response
1590 lifecycle. HTTPRouteFilters are meant as an extension
1591 point to express processing that may be done in Gateway
1592 implementations. Some examples include request or
1593 response modification, implementing authentication
1594 strategies, rate-limiting, and traffic shaping. API
1595 guarantee/conformance is defined based on the type
1596 of the filter.
1597 properties:
1598 requestHeaderModifier:
1599 description: "RequestHeaderModifier defines a schema
1600 for a filter that modifies request headers. \n
1601 Support: Core"
1602 properties:
1603 add:
1604 description: "Add adds the given header(s) (name,
1605 value) to the request before the action. It
1606 appends to any existing values associated
1607 with the header name. \n Input: GET /foo HTTP/1.1
1608 my-header: foo \n Config: add: - name: \"my-header\"
1609 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
1610 my-header: foo,bar,baz"
1611 items:
1612 description: HTTPHeader represents an HTTP
1613 Header name and value as defined by RFC
1614 7230.
1615 properties:
1616 name:
1617 description: "Name is the name of the
1618 HTTP Header to be matched. Name matching
1619 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1620 \n If multiple entries specify equivalent
1621 header names, the first entry with an
1622 equivalent name MUST be considered for
1623 a match. Subsequent entries with an
1624 equivalent header name MUST be ignored.
1625 Due to the case-insensitivity of header
1626 names, \"foo\" and \"Foo\" are considered
1627 equivalent."
1628 maxLength: 256
1629 minLength: 1
1630 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1631 type: string
1632 value:
1633 description: Value is the value of HTTP
1634 Header to be matched.
1635 maxLength: 4096
1636 minLength: 1
1637 type: string
1638 required:
1639 - name
1640 - value
1641 type: object
1642 maxItems: 16
1643 type: array
1644 x-kubernetes-list-map-keys:
1645 - name
1646 x-kubernetes-list-type: map
1647 remove:
1648 description: "Remove the given header(s) from
1649 the HTTP request before the action. The value
1650 of Remove is a list of HTTP header names.
1651 Note that the header names are case-insensitive
1652 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1653 \n Input: GET /foo HTTP/1.1 my-header1: foo
1654 my-header2: bar my-header3: baz \n Config:
1655 remove: [\"my-header1\", \"my-header3\"] \n
1656 Output: GET /foo HTTP/1.1 my-header2: bar"
1657 items:
1658 type: string
1659 maxItems: 16
1660 type: array
1661 set:
1662 description: "Set overwrites the request with
1663 the given header (name, value) before the
1664 action. \n Input: GET /foo HTTP/1.1 my-header:
1665 foo \n Config: set: - name: \"my-header\"
1666 value: \"bar\" \n Output: GET /foo HTTP/1.1
1667 my-header: bar"
1668 items:
1669 description: HTTPHeader represents an HTTP
1670 Header name and value as defined by RFC
1671 7230.
1672 properties:
1673 name:
1674 description: "Name is the name of the
1675 HTTP Header to be matched. Name matching
1676 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1677 \n If multiple entries specify equivalent
1678 header names, the first entry with an
1679 equivalent name MUST be considered for
1680 a match. Subsequent entries with an
1681 equivalent header name MUST be ignored.
1682 Due to the case-insensitivity of header
1683 names, \"foo\" and \"Foo\" are considered
1684 equivalent."
1685 maxLength: 256
1686 minLength: 1
1687 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1688 type: string
1689 value:
1690 description: Value is the value of HTTP
1691 Header to be matched.
1692 maxLength: 4096
1693 minLength: 1
1694 type: string
1695 required:
1696 - name
1697 - value
1698 type: object
1699 maxItems: 16
1700 type: array
1701 x-kubernetes-list-map-keys:
1702 - name
1703 x-kubernetes-list-type: map
1704 type: object
1705 requestRedirect:
1706 description: "RequestRedirect defines a schema for
1707 a filter that responds to the request with an
1708 HTTP redirection. \n Support: Core"
1709 properties:
1710 hostname:
1711 description: "Hostname is the hostname to be
1712 used in the value of the `Location` header
1713 in the response. When empty, the hostname
1714 in the `Host` header of the request is used.
1715 \n Support: Core"
1716 maxLength: 253
1717 minLength: 1
1718 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1719 type: string
1720 path:
1721 description: "Path defines parameters used to
1722 modify the path of the incoming request. The
1723 modified path is then used to construct the
1724 `Location` header. When empty, the request
1725 path is used as-is. \n Support: Extended"
1726 properties:
1727 replaceFullPath:
1728 description: ReplaceFullPath specifies the
1729 value with which to replace the full path
1730 of a request during a rewrite or redirect.
1731 maxLength: 1024
1732 type: string
1733 replacePrefixMatch:
1734 description: "ReplacePrefixMatch specifies
1735 the value with which to replace the prefix
1736 match of a request during a rewrite or
1737 redirect. For example, a request to \"/foo/bar\"
1738 with a prefix match of \"/foo\" and a
1739 ReplacePrefixMatch of \"/xyz\" would be
1740 modified to \"/xyz/bar\". \n Note that
1741 this matches the behavior of the PathPrefix
1742 match type. This matches full path elements.
1743 A path element refers to the list of labels
1744 in the path split by the `/` separator.
1745 When specified, a trailing `/` is ignored.
1746 For example, the paths `/abc`, `/abc/`,
1747 and `/abc/def` would all match the prefix
1748 `/abc`, but the path `/abcd` would not.
1749 \n Request Path | Prefix Match | Replace
1750 Prefix | Modified Path -------------|--------------|----------------|----------
1751 /foo/bar | /foo | /xyz |
1752 /xyz/bar /foo/bar | /foo |
1753 /xyz/ | /xyz/bar /foo/bar |
1754 /foo/ | /xyz | /xyz/bar
1755 /foo/bar | /foo/ | /xyz/ |
1756 /xyz/bar /foo | /foo |
1757 /xyz | /xyz /foo/ | /foo
1758 \ | /xyz | /xyz/ /foo/bar
1759 \ | /foo | <empty string> |
1760 /bar /foo/ | /foo | <empty
1761 string> | / /foo | /foo |
1762 <empty string> | / /foo/ | /foo
1763 \ | / | / /foo |
1764 /foo | / | /"
1765 maxLength: 1024
1766 type: string
1767 type:
1768 description: "Type defines the type of path
1769 modifier. Additional types may be added
1770 in a future release of the API. \n Note
1771 that values may be added to this enum,
1772 implementations must ensure that unknown
1773 values will not cause a crash. \n Unknown
1774 values here must result in the implementation
1775 setting the Accepted Condition for the
1776 Route to `status: False`, with a Reason
1777 of `UnsupportedValue`."
1778 enum:
1779 - ReplaceFullPath
1780 - ReplacePrefixMatch
1781 type: string
1782 required:
1783 - type
1784 type: object
1785 port:
1786 description: "Port is the port to be used in
1787 the value of the `Location` header in the
1788 response. \n If no port is specified, the
1789 redirect port MUST be derived using the following
1790 rules: \n * If redirect scheme is not-empty,
1791 the redirect port MUST be the well-known port
1792 associated with the redirect scheme. Specifically
1793 \"http\" to port 80 and \"https\" to port
1794 443. If the redirect scheme does not have
1795 a well-known port, the listener port of the
1796 Gateway SHOULD be used. * If redirect scheme
1797 is empty, the redirect port MUST be the Gateway
1798 Listener port. \n Implementations SHOULD NOT
1799 add the port number in the 'Location' header
1800 in the following cases: \n * A Location header
1801 that will use HTTP (whether that is determined
1802 via the Listener protocol or the Scheme field)
1803 _and_ use port 80. * A Location header that
1804 will use HTTPS (whether that is determined
1805 via the Listener protocol or the Scheme field)
1806 _and_ use port 443. \n Support: Extended"
1807 format: int32
1808 maximum: 65535
1809 minimum: 1
1810 type: integer
1811 scheme:
1812 description: "Scheme is the scheme to be used
1813 in the value of the `Location` header in the
1814 response. When empty, the scheme of the request
1815 is used. \n Scheme redirects can affect the
1816 port of the redirect, for more information,
1817 refer to the documentation for the port field
1818 of this filter. \n Note that values may be
1819 added to this enum, implementations must ensure
1820 that unknown values will not cause a crash.
1821 \n Unknown values here must result in the
1822 implementation setting the Accepted Condition
1823 for the Route to `status: False`, with a Reason
1824 of `UnsupportedValue`. \n Support: Extended"
1825 enum:
1826 - http
1827 - https
1828 type: string
1829 statusCode:
1830 default: 302
1831 description: "StatusCode is the HTTP status
1832 code to be used in response. \n Note that
1833 values may be added to this enum, implementations
1834 must ensure that unknown values will not cause
1835 a crash. \n Unknown values here must result
1836 in the implementation setting the Accepted
1837 Condition for the Route to `status: False`,
1838 with a Reason of `UnsupportedValue`. \n Support:
1839 Core"
1840 enum:
1841 - 301
1842 - 302
1843 type: integer
1844 type: object
1845 responseHeaderModifier:
1846 description: "ResponseHeaderModifier defines a schema
1847 for a filter that modifies response headers. \n
1848 Support: Extended"
1849 properties:
1850 add:
1851 description: "Add adds the given header(s) (name,
1852 value) to the request before the action. It
1853 appends to any existing values associated
1854 with the header name. \n Input: GET /foo HTTP/1.1
1855 my-header: foo \n Config: add: - name: \"my-header\"
1856 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
1857 my-header: foo,bar,baz"
1858 items:
1859 description: HTTPHeader represents an HTTP
1860 Header name and value as defined by RFC
1861 7230.
1862 properties:
1863 name:
1864 description: "Name is the name of the
1865 HTTP Header to be matched. Name matching
1866 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1867 \n If multiple entries specify equivalent
1868 header names, the first entry with an
1869 equivalent name MUST be considered for
1870 a match. Subsequent entries with an
1871 equivalent header name MUST be ignored.
1872 Due to the case-insensitivity of header
1873 names, \"foo\" and \"Foo\" are considered
1874 equivalent."
1875 maxLength: 256
1876 minLength: 1
1877 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1878 type: string
1879 value:
1880 description: Value is the value of HTTP
1881 Header to be matched.
1882 maxLength: 4096
1883 minLength: 1
1884 type: string
1885 required:
1886 - name
1887 - value
1888 type: object
1889 maxItems: 16
1890 type: array
1891 x-kubernetes-list-map-keys:
1892 - name
1893 x-kubernetes-list-type: map
1894 remove:
1895 description: "Remove the given header(s) from
1896 the HTTP request before the action. The value
1897 of Remove is a list of HTTP header names.
1898 Note that the header names are case-insensitive
1899 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1900 \n Input: GET /foo HTTP/1.1 my-header1: foo
1901 my-header2: bar my-header3: baz \n Config:
1902 remove: [\"my-header1\", \"my-header3\"] \n
1903 Output: GET /foo HTTP/1.1 my-header2: bar"
1904 items:
1905 type: string
1906 maxItems: 16
1907 type: array
1908 set:
1909 description: "Set overwrites the request with
1910 the given header (name, value) before the
1911 action. \n Input: GET /foo HTTP/1.1 my-header:
1912 foo \n Config: set: - name: \"my-header\"
1913 value: \"bar\" \n Output: GET /foo HTTP/1.1
1914 my-header: bar"
1915 items:
1916 description: HTTPHeader represents an HTTP
1917 Header name and value as defined by RFC
1918 7230.
1919 properties:
1920 name:
1921 description: "Name is the name of the
1922 HTTP Header to be matched. Name matching
1923 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1924 \n If multiple entries specify equivalent
1925 header names, the first entry with an
1926 equivalent name MUST be considered for
1927 a match. Subsequent entries with an
1928 equivalent header name MUST be ignored.
1929 Due to the case-insensitivity of header
1930 names, \"foo\" and \"Foo\" are considered
1931 equivalent."
1932 maxLength: 256
1933 minLength: 1
1934 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1935 type: string
1936 value:
1937 description: Value is the value of HTTP
1938 Header to be matched.
1939 maxLength: 4096
1940 minLength: 1
1941 type: string
1942 required:
1943 - name
1944 - value
1945 type: object
1946 maxItems: 16
1947 type: array
1948 x-kubernetes-list-map-keys:
1949 - name
1950 x-kubernetes-list-type: map
1951 type: object
1952 type:
1953 description: "Type identifies the type of filter
1954 to apply. As with other API fields, types are
1955 classified into three conformance levels: \n -
1956 Core: Filter types and their corresponding configuration
1957 defined by \"Support: Core\" in this package,
1958 e.g. \"RequestHeaderModifier\". All implementations
1959 must support core filters. \n - Extended: Filter
1960 types and their corresponding configuration defined
1961 by \"Support: Extended\" in this package, e.g.
1962 \"RequestMirror\". Implementers are encouraged
1963 to support extended filters. \n - Implementation-specific:
1964 Filters that are defined and supported by specific
1965 vendors. In the future, filters showing convergence
1966 in behavior across multiple implementations will
1967 be considered for inclusion in extended or core
1968 conformance levels. Filter-specific configuration
1969 for such filters is specified using the ExtensionRef
1970 field. `Type` should be set to \"ExtensionRef\"
1971 for custom filters. \n Implementers are encouraged
1972 to define custom implementation types to extend
1973 the core API with implementation-specific behavior.
1974 \n If a reference to a custom filter type cannot
1975 be resolved, the filter MUST NOT be skipped. Instead,
1976 requests that would have been processed by that
1977 filter MUST receive a HTTP error response. \n
1978 Note that values may be added to this enum, implementations
1979 must ensure that unknown values will not cause
1980 a crash. \n Unknown values here must result in
1981 the implementation setting the Accepted Condition
1982 for the Route to `status: False`, with a Reason
1983 of `UnsupportedValue`."
1984 enum:
1985 - RequestHeaderModifier
1986 - ResponseHeaderModifier
1987 - RequestRedirect
1988 type: string
1989 required:
1990 - type
1991 type: object
1992 maxItems: 16
1993 type: array
1994 filters:
1995 description: "Filters define the filters that are applied to
1996 requests that match this rule. \n The effects of ordering
1997 of multiple behaviors are currently unspecified. This can
1998 change in the future based on feedback during the alpha stage.
1999 \n Conformance-levels at this level are defined based on the
2000 type of filter: \n - ALL core filters MUST be supported by
2001 all implementations. - Implementers are encouraged to support
2002 extended filters. - Implementation-specific custom filters
2003 have no API guarantees across implementations. \n Specifying
2004 a core filter multiple times has unspecified or custom conformance.
2005 \n All filters are expected to be compatible with each other
2006 except for the URLRewrite and RequestRedirect filters, which
2007 may not be combined. If an implementation can not support
2008 other combinations of filters, they must clearly document
2009 that limitation. In all cases where incompatible or unsupported
2010 filters are specified, implementations MUST add a warning
2011 condition to status. \n Support: Core"
2012 items:
2013 description: HTTPRouteFilter defines processing steps that
2014 must be completed during the request or response lifecycle.
2015 HTTPRouteFilters are meant as an extension point to express
2016 processing that may be done in Gateway implementations.
2017 Some examples include request or response modification,
2018 implementing authentication strategies, rate-limiting, and
2019 traffic shaping. API guarantee/conformance is defined based
2020 on the type of the filter.
2021 properties:
2022 requestHeaderModifier:
2023 description: "RequestHeaderModifier defines a schema for
2024 a filter that modifies request headers. \n Support:
2025 Core"
2026 properties:
2027 add:
2028 description: "Add adds the given header(s) (name,
2029 value) to the request before the action. It appends
2030 to any existing values associated with the header
2031 name. \n Input: GET /foo HTTP/1.1 my-header:
2032 foo \n Config: add: - name: \"my-header\" value:
2033 \"bar\" \n Output: GET /foo HTTP/1.1 my-header:
2034 foo my-header: bar"
2035 items:
2036 description: HTTPHeader represents an HTTP Header
2037 name and value as defined by RFC 7230.
2038 properties:
2039 name:
2040 description: "Name is the name of the HTTP Header
2041 to be matched. Name matching MUST be case
2042 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2043 \n If multiple entries specify equivalent
2044 header names, the first entry with an equivalent
2045 name MUST be considered for a match. Subsequent
2046 entries with an equivalent header name MUST
2047 be ignored. Due to the case-insensitivity
2048 of header names, \"foo\" and \"Foo\" are considered
2049 equivalent."
2050 maxLength: 256
2051 minLength: 1
2052 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2053 type: string
2054 value:
2055 description: Value is the value of HTTP Header
2056 to be matched.
2057 maxLength: 4096
2058 minLength: 1
2059 type: string
2060 required:
2061 - name
2062 - value
2063 type: object
2064 maxItems: 16
2065 type: array
2066 x-kubernetes-list-map-keys:
2067 - name
2068 x-kubernetes-list-type: map
2069 remove:
2070 description: "Remove the given header(s) from the
2071 HTTP request before the action. The value of Remove
2072 is a list of HTTP header names. Note that the header
2073 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
2074 \n Input: GET /foo HTTP/1.1 my-header1: foo
2075 \ my-header2: bar my-header3: baz \n Config:
2076 \ remove: [\"my-header1\", \"my-header3\"] \n Output:
2077 \ GET /foo HTTP/1.1 my-header2: bar"
2078 items:
2079 type: string
2080 maxItems: 16
2081 type: array
2082 set:
2083 description: "Set overwrites the request with the
2084 given header (name, value) before the action. \n
2085 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
2086 \ set: - name: \"my-header\" value: \"bar\"
2087 \n Output: GET /foo HTTP/1.1 my-header: bar"
2088 items:
2089 description: HTTPHeader represents an HTTP Header
2090 name and value as defined by RFC 7230.
2091 properties:
2092 name:
2093 description: "Name is the name of the HTTP Header
2094 to be matched. Name matching MUST be case
2095 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2096 \n If multiple entries specify equivalent
2097 header names, the first entry with an equivalent
2098 name MUST be considered for a match. Subsequent
2099 entries with an equivalent header name MUST
2100 be ignored. Due to the case-insensitivity
2101 of header names, \"foo\" and \"Foo\" are considered
2102 equivalent."
2103 maxLength: 256
2104 minLength: 1
2105 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2106 type: string
2107 value:
2108 description: Value is the value of HTTP Header
2109 to be matched.
2110 maxLength: 4096
2111 minLength: 1
2112 type: string
2113 required:
2114 - name
2115 - value
2116 type: object
2117 maxItems: 16
2118 type: array
2119 x-kubernetes-list-map-keys:
2120 - name
2121 x-kubernetes-list-type: map
2122 type: object
2123 requestRedirect:
2124 description: "RequestRedirect defines a schema for a filter
2125 that responds to the request with an HTTP redirection.
2126 \n Support: Core"
2127 properties:
2128 hostname:
2129 description: "Hostname is the hostname to be used
2130 in the value of the `Location` header in the response.
2131 When empty, the hostname of the request is used.
2132 \n Support: Core"
2133 maxLength: 253
2134 minLength: 1
2135 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2136 type: string
2137 path:
2138 description: "Path defines parameters used to
2139 modify the path of the incoming request. The
2140 modified path is then used to construct the
2141 `Location` header. When empty, the request
2142 path is used as-is. \n Support: Extended"
2143 properties:
2144 replaceFullPath:
2145 description: ReplaceFullPath specifies the
2146 value with which to replace the full path
2147 of a request during a rewrite or redirect.
2148 maxLength: 1024
2149 type: string
2150 replacePrefixMatch:
2151 description: "ReplacePrefixMatch specifies
2152 the value with which to replace the prefix
2153 match of a request during a rewrite or
2154 redirect. For example, a request to \"/foo/bar\"
2155 with a prefix match of \"/foo\" and a
2156 ReplacePrefixMatch of \"/xyz\" would be
2157 modified to \"/xyz/bar\". \n Note that
2158 this matches the behavior of the PathPrefix
2159 match type. This matches full path elements.
2160 A path element refers to the list of labels
2161 in the path split by the `/` separator.
2162 When specified, a trailing `/` is ignored.
2163 For example, the paths `/abc`, `/abc/`,
2164 and `/abc/def` would all match the prefix
2165 `/abc`, but the path `/abcd` would not.
2166 \n Request Path | Prefix Match | Replace
2167 Prefix | Modified Path -------------|--------------|----------------|----------
2168 /foo/bar | /foo | /xyz |
2169 /xyz/bar /foo/bar | /foo |
2170 /xyz/ | /xyz/bar /foo/bar |
2171 /foo/ | /xyz | /xyz/bar
2172 /foo/bar | /foo/ | /xyz/ |
2173 /xyz/bar /foo | /foo |
2174 /xyz | /xyz /foo/ | /foo
2175 \ | /xyz | /xyz/ /foo/bar
2176 \ | /foo | <empty string> |
2177 /bar /foo/ | /foo | <empty
2178 string> | / /foo | /foo |
2179 <empty string> | / /foo/ | /foo
2180 \ | / | / /foo |
2181 /foo | / | /"
2182 maxLength: 1024
2183 type: string
2184 type:
2185 description: "Type defines the type of path
2186 modifier. Additional types may be added
2187 in a future release of the API. \n Note
2188 that values may be added to this enum,
2189 implementations must ensure that unknown
2190 values will not cause a crash. \n Unknown
2191 values here must result in the implementation
2192 setting the Accepted Condition for the
2193 Route to `status: False`, with a Reason
2194 of `UnsupportedValue`."
2195 enum:
2196 - ReplaceFullPath
2197 - ReplacePrefixMatch
2198 type: string
2199 required:
2200 - type
2201 type: object
2202 port:
2203 description: "Port is the port to be used in the value
2204 of the `Location` header in the response. When empty,
2205 port (if specified) of the request is used. \n Support:
2206 Extended"
2207 format: int32
2208 maximum: 65535
2209 minimum: 1
2210 type: integer
2211 scheme:
2212 description: "Scheme is the scheme to be used in the
2213 value of the `Location` header in the response.
2214 When empty, the scheme of the request is used. \n
2215 Support: Extended"
2216 enum:
2217 - http
2218 - https
2219 type: string
2220 statusCode:
2221 default: 302
2222 description: "StatusCode is the HTTP status code to
2223 be used in response. \n Support: Core"
2224 enum:
2225 - 301
2226 - 302
2227 type: integer
2228 type: object
2229 type:
2230 description: "Type identifies the type of filter to apply.
2231 As with other API fields, types are classified into
2232 three conformance levels: \n - Core: Filter types and
2233 their corresponding configuration defined by \"Support:
2234 Core\" in this package, e.g. \"RequestHeaderModifier\"."
2235 enum:
2236 - RequestHeaderModifier
2237 - RequestRedirect
2238 type: string
2239 required:
2240 - type
2241 type: object
2242 maxItems: 16
2243 type: array
2244 matches:
2245 default:
2246 - path:
2247 type: PathPrefix
2248 value: /
2249 description: "Matches define conditions used for matching the
2250 rule against incoming HTTP requests. Each match is independent,
2251 i.e. this rule will be matched if **any** one of the matches
2252 is satisfied. \n For example, take the following matches configuration:
2253 \n ``` matches: - path: value: \"/foo\" headers: -
2254 name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"
2255 ``` \n For a request to match against this rule, a request
2256 must satisfy EITHER of the two conditions: \n - path prefixed
2257 with `/foo` AND contains the header `version: v2` - path prefix
2258 of `/v2/foo` \n See the documentation for HTTPRouteMatch on
2259 how to specify multiple match conditions that should be ANDed
2260 together. \n If no matches are specified, the default is a
2261 prefix path match on \"/\", which has the effect of matching
2262 every HTTP request. \n Proxy or Load Balancer routing configuration
2263 generated from HTTPRoutes MUST prioritize rules based on the
2264 following criteria, continuing on ties. Precedence must be
2265 given to the the Rule with the largest number of: \n * Characters
2266 in a matching non-wildcard hostname. * Characters in a matching
2267 hostname. * Characters in a matching path. * Header matches.
2268 * Query param matches. \n If ties still exist across multiple
2269 Routes, matching precedence MUST be determined in order of
2270 the following criteria, continuing on ties: \n * The oldest
2271 Route based on creation timestamp. * The Route appearing first
2272 in alphabetical order by \"{namespace}/{name}\". \n If ties
2273 still exist within the Route that has been given precedence,
2274 matching precedence MUST be granted to the first matching
2275 rule meeting the above criteria. \n When no rules matching
2276 a request have been successfully attached to the parent a
2277 request is coming from, a HTTP 404 status code MUST be returned."
2278 items:
2279 description: "HTTPRouteMatch defines the predicate used to
2280 match requests to a given action. Multiple match types are
2281 ANDed together, i.e. the match will evaluate to true only
2282 if all conditions are satisfied. \n For example, the match
2283 below will match a HTTP request only if its path starts
2284 with `/foo` AND it contains the `version: v1` header: \n
2285 ``` match: path: value: \"/foo\" headers: - name:
2286 \"version\" value \"v1\" ```"
2287 properties:
2288 headers:
2289 description: Headers specifies HTTP request header matchers.
2290 Multiple match values are ANDed together, meaning, a
2291 request must match all the specified headers to select
2292 the route.
2293 items:
2294 description: HTTPHeaderMatch describes how to select
2295 a HTTP route by matching HTTP request headers.
2296 properties:
2297 name:
2298 description: "Name is the name of the HTTP Header
2299 to be matched. Name matching MUST be case insensitive.
2300 (See https://tools.ietf.org/html/rfc7230#section-3.2).
2301 \n If multiple entries specify equivalent header
2302 names, only the first entry with an equivalent
2303 name MUST be considered for a match. Subsequent
2304 entries with an equivalent header name MUST be
2305 ignored. Due to the case-insensitivity of header
2306 names, \"foo\" and \"Foo\" are considered equivalent.
2307 \n When a header is repeated in an HTTP request,
2308 it is implementation-specific behavior as to how
2309 this is represented. Generally, proxies should
2310 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
2311 regarding processing a repeated header, with special
2312 handling for \"Set-Cookie\"."
2313 maxLength: 256
2314 minLength: 1
2315 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2316 type: string
2317 type:
2318 default: Exact
2319 description: "Type specifies how to match against
2320 the value of the header. \n Support: Core (Exact)
2321 \n Support: Custom (RegularExpression) \n Since
2322 RegularExpression HeaderMatchType has custom conformance,
2323 implementations can support POSIX, PCRE or any
2324 other dialects of regular expressions. Please
2325 read the implementation's documentation to determine
2326 the supported dialect."
2327 enum:
2328 - Exact
2329 - RegularExpression
2330 type: string
2331 value:
2332 description: Value is the value of HTTP Header to
2333 be matched.
2334 maxLength: 4096
2335 minLength: 1
2336 type: string
2337 required:
2338 - name
2339 - value
2340 type: object
2341 maxItems: 16
2342 type: array
2343 x-kubernetes-list-map-keys:
2344 - name
2345 x-kubernetes-list-type: map
2346 method:
2347 description: "Method specifies HTTP method matcher. When
2348 specified, this route will be matched only if the request
2349 has the specified method. \n Support: Extended"
2350 enum:
2351 - GET
2352 - HEAD
2353 - POST
2354 - PUT
2355 - DELETE
2356 - CONNECT
2357 - OPTIONS
2358 - TRACE
2359 - PATCH
2360 type: string
2361 path:
2362 default:
2363 type: PathPrefix
2364 value: /
2365 description: Path specifies a HTTP request path matcher.
2366 If this field is not specified, a default prefix match
2367 on the "/" path is provided.
2368 properties:
2369 type:
2370 default: PathPrefix
2371 description: "Type specifies how to match against
2372 the path Value. \n Support: Core (Exact, PathPrefix)
2373 \n Support: Custom (RegularExpression)"
2374 enum:
2375 - Exact
2376 - PathPrefix
2377 - RegularExpression
2378 type: string
2379 value:
2380 default: /
2381 description: Value of the HTTP path to match against.
2382 maxLength: 1024
2383 type: string
2384 type: object
2385 queryParams:
2386 description: QueryParams specifies HTTP query parameter
2387 matchers. Multiple match values are ANDed together,
2388 meaning, a request must match all the specified query
2389 parameters to select the route.
2390 items:
2391 description: HTTPQueryParamMatch describes how to select
2392 a HTTP route by matching HTTP query parameters.
2393 properties:
2394 name:
2395 description: Name is the name of the HTTP query
2396 param to be matched. This must be an exact string
2397 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
2398 maxLength: 256
2399 minLength: 1
2400 type: string
2401 type:
2402 default: Exact
2403 description: "Type specifies how to match against
2404 the value of the query parameter. \n Support:
2405 Extended (Exact) \n Support: Custom (RegularExpression)
2406 \n Since RegularExpression QueryParamMatchType
2407 has custom conformance, implementations can support
2408 POSIX, PCRE or any other dialects of regular expressions.
2409 Please read the implementation's documentation
2410 to determine the supported dialect."
2411 enum:
2412 - Exact
2413 - RegularExpression
2414 type: string
2415 value:
2416 description: Value is the value of HTTP query param
2417 to be matched.
2418 maxLength: 1024
2419 minLength: 1
2420 type: string
2421 required:
2422 - name
2423 - value
2424 type: object
2425 maxItems: 16
2426 type: array
2427 x-kubernetes-list-map-keys:
2428 - name
2429 x-kubernetes-list-type: map
2430 type: object
2431 maxItems: 8
2432 type: array
2433 type: object
2434 maxItems: 16
2435 type: array
2436 type: object
2437 status:
2438 description: Status defines the current state of HTTPRoute.
2439 properties:
2440 parents:
2441 description: "Parents is a list of parent resources (usually Gateways)
2442 that are associated with the route, and the status of the route
2443 with respect to each parent. When this route attaches to a parent,
2444 the controller that manages the parent must add an entry to this
2445 list when the controller first sees the route and should update
2446 the entry as appropriate when the route or gateway is modified.
2447 \n Note that parent references that cannot be resolved by an implementation
2448 of this API will not be added to this list. Implementations of this
2449 API can only populate Route status for the Gateways/parent resources
2450 they are responsible for. \n A maximum of 32 Gateways will be represented
2451 in this list. An empty list means the route has not been attached
2452 to any Gateway."
2453 items:
2454 description: RouteParentStatus describes the status of a route with
2455 respect to an associated Parent.
2456 properties:
2457 conditions:
2458 description: "Conditions describes the status of the route with
2459 respect to the Gateway. Note that the route's availability
2460 is also subject to the Gateway's own status conditions and
2461 listener status. \n If the Route's ParentRef specifies an
2462 existing Gateway that supports Routes of this kind AND that
2463 Gateway's controller has sufficient access, then that Gateway's
2464 controller MUST set the \"Accepted\" condition on the Route,
2465 to indicate whether the route has been accepted or rejected
2466 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
2467 if at least one of the Route's rules is implemented by the
2468 Gateway. \n There are a number of cases where the \"Accepted\"
2469 condition may not be set due to lack of controller visibility,
2470 that includes when: \n * The Route refers to a non-existent
2471 parent. * The Route is of a type that the controller does
2472 not support. * The Route is in a namespace the the controller
2473 does not have access to."
2474 items:
2475 description: "Condition contains details for one aspect of
2476 the current state of this API Resource. --- This struct
2477 is intended for direct use as an array at the field path
2478 .status.conditions. For example, type FooStatus struct{
2479 \ // Represents the observations of a foo's current state.
2480 \ // Known .status.conditions.type are: \"Available\",
2481 \"Progressing\", and \"Degraded\" // +patchMergeKey=type
2482 \ // +patchStrategy=merge // +listType=map //
2483 +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
2484 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
2485 \n // other fields }"
2486 properties:
2487 lastTransitionTime:
2488 description: lastTransitionTime is the last time the condition
2489 transitioned from one status to another. This should
2490 be when the underlying condition changed. If that is
2491 not known, then using the time when the API field changed
2492 is acceptable.
2493 format: date-time
2494 type: string
2495 message:
2496 description: message is a human readable message indicating
2497 details about the transition. This may be an empty string.
2498 maxLength: 32768
2499 type: string
2500 observedGeneration:
2501 description: observedGeneration represents the .metadata.generation
2502 that the condition was set based upon. For instance,
2503 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
2504 is 9, the condition is out of date with respect to the
2505 current state of the instance.
2506 format: int64
2507 minimum: 0
2508 type: integer
2509 reason:
2510 description: reason contains a programmatic identifier
2511 indicating the reason for the condition's last transition.
2512 Producers of specific condition types may define expected
2513 values and meanings for this field, and whether the
2514 values are considered a guaranteed API. The value should
2515 be a CamelCase string. This field may not be empty.
2516 maxLength: 1024
2517 minLength: 1
2518 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2519 type: string
2520 status:
2521 description: status of the condition, one of True, False,
2522 Unknown.
2523 enum:
2524 - "True"
2525 - "False"
2526 - Unknown
2527 type: string
2528 type:
2529 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2530 --- Many .condition.type values are consistent across
2531 resources like Available, but because arbitrary conditions
2532 can be useful (see .node.status.conditions), the ability
2533 to deconflict is important. The regex it matches is
2534 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2535 maxLength: 316
2536 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2537 type: string
2538 required:
2539 - lastTransitionTime
2540 - message
2541 - reason
2542 - status
2543 - type
2544 type: object
2545 maxItems: 8
2546 minItems: 1
2547 type: array
2548 x-kubernetes-list-map-keys:
2549 - type
2550 x-kubernetes-list-type: map
2551 controllerName:
2552 description: "ControllerName is a domain/path string that indicates
2553 the name of the controller that wrote this status. This corresponds
2554 with the controllerName field on GatewayClass. \n Example:
2555 \"example.net/gateway-controller\". \n The format of this
2556 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
2557 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
2558 \n Controllers MUST populate this field when writing status.
2559 Controllers should ensure that entries to status populated
2560 with their ControllerName are cleaned up when they are no
2561 longer necessary."
2562 maxLength: 253
2563 minLength: 1
2564 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
2565 type: string
2566 parentRef:
2567 description: ParentRef corresponds with a ParentRef in the spec
2568 that this RouteParentStatus struct describes the status of.
2569 properties:
2570 group:
2571 default: policy.linkerd.io
2572 description: "Group is the group of the referent. \n Support:
2573 Core"
2574 maxLength: 253
2575 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2576 type: string
2577 kind:
2578 default: Gateway
2579 description: "Kind is kind of the referent. \n Support:
2580 Core (Gateway) Support: Custom (Other Resources)"
2581 maxLength: 63
2582 minLength: 1
2583 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2584 type: string
2585 name:
2586 description: "Name is the name of the referent. \n Support:
2587 Core"
2588 maxLength: 253
2589 minLength: 1
2590 type: string
2591 namespace:
2592 description: "Namespace is the namespace of the referent.
2593 When unspecified (or empty string), this refers to the
2594 local namespace of the Route. \n Support: Core"
2595 maxLength: 63
2596 minLength: 1
2597 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2598 type: string
2599 port:
2600 description: "Port is the network port this Route targets.
2601 It can be interpreted differently based on the type of
2602 parent resource. \n When the parent resource is a Gateway,
2603 this targets all listeners listening on the specified
2604 port that also support this kind of Route(and select this
2605 Route). It's not recommended to set `Port` unless the
2606 networking behaviors specified in a Route must apply to
2607 a specific port as opposed to a listener(s) whose port(s)
2608 may be changed. When both Port and SectionName are specified,
2609 the name and port of the selected listener must match
2610 both specified values. \n Implementations MAY choose to
2611 support other parent resources. Implementations supporting
2612 other types of parent resources MUST clearly document
2613 how/if Port is interpreted. \n For the purpose of status,
2614 an attachment is considered successful as long as the
2615 parent resource accepts it partially. For example, Gateway
2616 listeners can restrict which Routes can attach to them
2617 by Route kind, namespace, or hostname. If 1 of 2 Gateway
2618 listeners accept attachment from the referencing Route,
2619 the Route MUST be considered successfully attached. If
2620 no Gateway listeners accept attachment from this Route,
2621 the Route MUST be considered detached from the Gateway.
2622 \n Support: Extended \n <gateway:experimental>"
2623 format: int32
2624 maximum: 65535
2625 minimum: 1
2626 type: integer
2627 sectionName:
2628 description: "SectionName is the name of a section within
2629 the target resource. In the following resources, SectionName
2630 is interpreted as the following: \n * Gateway: Listener
2631 Name. When both Port (experimental) and SectionName are
2632 specified, the name and port of the selected listener
2633 must match both specified values. \n Implementations MAY
2634 choose to support attaching Routes to other resources.
2635 If that is the case, they MUST clearly document how SectionName
2636 is interpreted. \n When unspecified (empty string), this
2637 will reference the entire resource. For the purpose of
2638 status, an attachment is considered successful if at least
2639 one section in the parent resource accepts it. For example,
2640 Gateway listeners can restrict which Routes can attach
2641 to them by Route kind, namespace, or hostname. If 1 of
2642 2 Gateway listeners accept attachment from the referencing
2643 Route, the Route MUST be considered successfully attached.
2644 If no Gateway listeners accept attachment from this Route,
2645 the Route MUST be considered detached from the Gateway.
2646 \n Support: Core"
2647 maxLength: 253
2648 minLength: 1
2649 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2650 type: string
2651 required:
2652 - name
2653 type: object
2654 required:
2655 - controllerName
2656 - parentRef
2657 type: object
2658 maxItems: 32
2659 type: array
2660 required:
2661 - parents
2662 type: object
2663 required:
2664 - spec
2665 type: object
2666 served: true
2667 storage: false
2668 subresources:
2669 status: {}
2670 - additionalPrinterColumns:
2671 - jsonPath: .spec.hostnames
2672 name: Hostnames
2673 type: string
2674 - jsonPath: .metadata.creationTimestamp
2675 name: Age
2676 type: date
2677 name: v1beta2
2678 schema:
2679 openAPIV3Schema:
2680 description: HTTPRoute provides a way to route HTTP requests. This includes
2681 the capability to match requests by hostname, path, header, or query param.
2682 Filters can be used to specify additional processing steps. Backends specify
2683 where matching requests should be routed.
2684 properties:
2685 apiVersion:
2686 description: 'APIVersion defines the versioned schema of this representation
2687 of an object. Servers should convert recognized schemas to the latest
2688 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2689 type: string
2690 kind:
2691 description: 'Kind is a string value representing the REST resource this
2692 object represents. Servers may infer this from the endpoint the client
2693 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2694 type: string
2695 metadata:
2696 type: object
2697 spec:
2698 description: Spec defines the desired state of HTTPRoute.
2699 properties:
2700 hostnames:
2701 description: "Hostnames defines a set of hostname that should match
2702 against the HTTP Host header to select a HTTPRoute to process the
2703 request. This matches the RFC 1123 definition of a hostname with
2704 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may
2705 be prefixed with a wildcard label (`*.`). The wildcard label
2706 must appear by itself as the first label. \n If a hostname is specified
2707 by both the Listener and HTTPRoute, there must be at least one intersecting
2708 hostname for the HTTPRoute to be attached to the Listener. For example:
2709 \n * A Listener with `test.example.com` as the hostname matches
2710 HTTPRoutes that have either not specified any hostnames, or have
2711 specified at least one of `test.example.com` or `*.example.com`.
2712 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
2713 \ that have either not specified any hostnames or have specified
2714 at least one hostname that matches the Listener hostname. For
2715 example, `*.example.com`, `test.example.com`, and `foo.test.example.com`
2716 would all match. On the other hand, `example.com` and `test.example.net`
2717 would not match. \n Hostnames that are prefixed with a wildcard
2718 label (`*.`) are interpreted as a suffix match. That means that
2719 a match for `*.example.com` would match both `test.example.com`,
2720 and `foo.test.example.com`, but not `example.com`. \n If both the
2721 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
2722 that do not match the Listener hostname MUST be ignored. For example,
2723 if a Listener specified `*.example.com`, and the HTTPRoute specified
2724 `test.example.com` and `test.example.net`, `test.example.net` must
2725 not be considered for a match. \n If both the Listener and HTTPRoute
2726 have specified hostnames, and none match with the criteria above,
2727 then the HTTPRoute is not accepted. The implementation must raise
2728 an 'Accepted' Condition with a status of `False` in the corresponding
2729 RouteParentStatus. \n Support: Core"
2730 items:
2731 description: "Hostname is the fully qualified domain name of a network
2732 host. This matches the RFC 1123 definition of a hostname with
2733 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
2734 may be prefixed with a wildcard label (`*.`). The wildcard label
2735 must appear by itself as the first label. \n Hostname can be \"precise\"
2736 which is a domain name without the terminating dot of a network
2737 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
2738 name prefixed with a single wildcard label (e.g. `*.example.com`).
2739 \n Note that as per RFC1035 and RFC1123, a *label* must consist
2740 of lower case alphanumeric characters or '-', and must start and
2741 end with an alphanumeric character. No other punctuation is allowed."
2742 maxLength: 253
2743 minLength: 1
2744 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2745 type: string
2746 maxItems: 16
2747 type: array
2748 parentRefs:
2749 description: "ParentRefs references the resources (usually Gateways)
2750 that a Route wants to be attached to. Note that the referenced parent
2751 resource needs to allow this for the attachment to be complete.
2752 For Gateways, that means the Gateway needs to allow attachment from
2753 Routes of this kind and namespace. \n The only kind of parent resource
2754 with \"Core\" support is Gateway. This API may be extended in the
2755 future to support additional kinds of parent resources such as one
2756 of the route kinds. \n It is invalid to reference an identical parent
2757 more than once. It is valid to reference multiple distinct sections
2758 within the same parent resource, such as 2 Listeners within a Gateway.
2759 \n It is possible to separately reference multiple distinct objects
2760 that may be collapsed by an implementation. For example, some implementations
2761 may choose to merge compatible Gateway Listeners together. If that
2762 is the case, the list of routes attached to those resources should
2763 also be merged."
2764 items:
2765 description: "ParentReference identifies an API object (usually
2766 a Gateway) that can be considered a parent of this resource (usually
2767 a route). The only kind of parent resource with \"Core\" support
2768 is Gateway. This API may be extended in the future to support
2769 additional kinds of parent resources, such as HTTPRoute. \n The
2770 API object must be valid in the cluster; the Group and Kind must
2771 be registered in the cluster for this reference to be valid."
2772 properties:
2773 group:
2774 default: policy.linkerd.io
2775 description: "Group is the group of the referent. \n Support:
2776 Core"
2777 maxLength: 253
2778 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2779 type: string
2780 kind:
2781 default: Gateway
2782 description: "Kind is kind of the referent. \n Support: Core
2783 (Gateway) Support: Custom (Other Resources)"
2784 maxLength: 63
2785 minLength: 1
2786 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2787 type: string
2788 name:
2789 description: "Name is the name of the referent. \n Support:
2790 Core"
2791 maxLength: 253
2792 minLength: 1
2793 type: string
2794 namespace:
2795 description: "Namespace is the namespace of the referent. When
2796 unspecified (or empty string), this refers to the local namespace
2797 of the Route. \n Support: Core"
2798 maxLength: 63
2799 minLength: 1
2800 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2801 type: string
2802 port:
2803 description: "Port specifies the destination
2804 port number to use for this resource.
2805 Port is required when the referent is
2806 a Kubernetes Service. In this case, the
2807 port number is the service port number,
2808 not the target port. For other resources,
2809 destination port might be derived from
2810 the referent resource or this field. \n Support: Extended"
2811 format: int32
2812 maximum: 65535
2813 minimum: 1
2814 type: integer
2815 sectionName:
2816 description: "SectionName is the name of a section within the
2817 target resource. In the following resources, SectionName is
2818 interpreted as the following: \n * Gateway: Listener Name.
2819 When both Port (experimental) and SectionName are specified,
2820 the name and port of the selected listener must match both
2821 specified values. \n Implementations MAY choose to support
2822 attaching Routes to other resources. If that is the case,
2823 they MUST clearly document how SectionName is interpreted.
2824 \n When unspecified (empty string), this will reference the
2825 entire resource. For the purpose of status, an attachment
2826 is considered successful if at least one section in the parent
2827 resource accepts it. For example, Gateway listeners can restrict
2828 which Routes can attach to them by Route kind, namespace,
2829 or hostname. If 1 of 2 Gateway listeners accept attachment
2830 from the referencing Route, the Route MUST be considered successfully
2831 attached. If no Gateway listeners accept attachment from this
2832 Route, the Route MUST be considered detached from the Gateway.
2833 \n Support: Core"
2834 maxLength: 253
2835 minLength: 1
2836 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2837 type: string
2838 required:
2839 - name
2840 type: object
2841 maxItems: 32
2842 type: array
2843 rules:
2844 default:
2845 - matches:
2846 - path:
2847 type: PathPrefix
2848 value: /
2849 description: Rules are a list of HTTP matchers, filters and actions.
2850 items:
2851 description: HTTPRouteRule defines semantics for matching an HTTP
2852 request based on conditions (matches) and processing it (filters).
2853 properties:
2854 backendRefs:
2855 description: "BackendRefs defines the backend(s) where matching
2856 requests should be sent. \n Failure behavior here depends
2857 on how many BackendRefs are specified and how many are invalid.
2858 \n If *all* entries in BackendRefs are invalid, and there
2859 are also no filters specified in this route rule, *all* traffic
2860 which matches this rule MUST receive a 500 status code. \n
2861 See the HTTPBackendRef definition for the rules about what
2862 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
2863 is invalid, 500 status codes MUST be returned for requests
2864 that would have otherwise been routed to an invalid backend.
2865 If multiple backends are specified, and some are invalid,
2866 the proportion of requests that would otherwise have been
2867 routed to an invalid backend MUST receive a 500 status code.
2868 \n For example, if two backends are specified with equal weights,
2869 and one is invalid, 50 percent of traffic must receive a 500.
2870 Implementations may choose how that 50 percent is determined.
2871 \n Support: Core for Kubernetes Service \n Support: Implementation-specific
2872 for any other resource \n Support for weight: Core"
2873 items:
2874 description: HTTPBackendRef defines how a HTTPRoute should
2875 forward an HTTP request.
2876 properties:
2877 group:
2878 default: ""
2879 description: Group is the group of the referent. For example,
2880 "gateway.networking.k8s.io". When unspecified or empty
2881 string, core API group is inferred.
2882 maxLength: 253
2883 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2884 type: string
2885 kind:
2886 default: Service
2887 description: Kind is kind of the referent. For example
2888 "HTTPRoute" or "Service". Defaults to "Service" when
2889 not specified.
2890 maxLength: 63
2891 minLength: 1
2892 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2893 type: string
2894 name:
2895 description: Name is the name of the referent.
2896 maxLength: 253
2897 minLength: 1
2898 type: string
2899 namespace:
2900 description: "Namespace is the namespace of the backend.
2901 When unspecified, the local namespace is inferred. \n
2902 Note that when a namespace is specified, a ReferenceGrant
2903 object is required in the referent namespace to allow
2904 that namespace's owner to accept the reference. See
2905 the ReferenceGrant documentation for details. \n Support:
2906 Core"
2907 maxLength: 63
2908 minLength: 1
2909 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2910 type: string
2911 port:
2912 description: Port specifies the destination port number
2913 to use for this resource. Port is required when the
2914 referent is a Kubernetes Service. In this case, the
2915 port number is the service port number, not the target
2916 port. For other resources, destination port might be
2917 derived from the referent resource or this field.
2918 format: int32
2919 maximum: 65535
2920 minimum: 1
2921 type: integer
2922 weight:
2923 default: 1
2924 description: "Weight specifies the proportion of requests
2925 forwarded to the referenced backend. This is computed
2926 as weight/(sum of all weights in this BackendRefs list).
2927 For non-zero values, there may be some epsilon from
2928 the exact proportion defined here depending on the precision
2929 an implementation supports. Weight is not a percentage
2930 and the sum of weights does not need to equal 100. \n
2931 If only one backend is specified and it has a weight
2932 greater than 0, 100% of the traffic is forwarded to
2933 that backend. If weight is set to 0, no traffic should
2934 be forwarded for this entry. If unspecified, weight
2935 defaults to 1. \n Support for this field varies based
2936 on the context where used."
2937 format: int32
2938 maximum: 1000000
2939 minimum: 0
2940 type: integer
2941 filters:
2942 description: "Filters defined at this level should be
2943 executed if and only if the request is being forwarded
2944 to the backend defined here. \n Support: Implementation-specific
2945 (For broader support of filters, use the Filters field
2946 in HTTPRouteRule.)"
2947 items:
2948 description: HTTPRouteFilter defines processing steps
2949 that must be completed during the request or response
2950 lifecycle. HTTPRouteFilters are meant as an extension
2951 point to express processing that may be done in Gateway
2952 implementations. Some examples include request or
2953 response modification, implementing authentication
2954 strategies, rate-limiting, and traffic shaping. API
2955 guarantee/conformance is defined based on the type
2956 of the filter.
2957 properties:
2958 requestHeaderModifier:
2959 description: "RequestHeaderModifier defines a schema
2960 for a filter that modifies request headers. \n
2961 Support: Core"
2962 properties:
2963 add:
2964 description: "Add adds the given header(s) (name,
2965 value) to the request before the action. It
2966 appends to any existing values associated
2967 with the header name. \n Input: GET /foo HTTP/1.1
2968 my-header: foo \n Config: add: - name: \"my-header\"
2969 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
2970 my-header: foo,bar,baz"
2971 items:
2972 description: HTTPHeader represents an HTTP
2973 Header name and value as defined by RFC
2974 7230.
2975 properties:
2976 name:
2977 description: "Name is the name of the
2978 HTTP Header to be matched. Name matching
2979 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2980 \n If multiple entries specify equivalent
2981 header names, the first entry with an
2982 equivalent name MUST be considered for
2983 a match. Subsequent entries with an
2984 equivalent header name MUST be ignored.
2985 Due to the case-insensitivity of header
2986 names, \"foo\" and \"Foo\" are considered
2987 equivalent."
2988 maxLength: 256
2989 minLength: 1
2990 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2991 type: string
2992 value:
2993 description: Value is the value of HTTP
2994 Header to be matched.
2995 maxLength: 4096
2996 minLength: 1
2997 type: string
2998 required:
2999 - name
3000 - value
3001 type: object
3002 maxItems: 16
3003 type: array
3004 x-kubernetes-list-map-keys:
3005 - name
3006 x-kubernetes-list-type: map
3007 remove:
3008 description: "Remove the given header(s) from
3009 the HTTP request before the action. The value
3010 of Remove is a list of HTTP header names.
3011 Note that the header names are case-insensitive
3012 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3013 \n Input: GET /foo HTTP/1.1 my-header1: foo
3014 my-header2: bar my-header3: baz \n Config:
3015 remove: [\"my-header1\", \"my-header3\"] \n
3016 Output: GET /foo HTTP/1.1 my-header2: bar"
3017 items:
3018 type: string
3019 maxItems: 16
3020 type: array
3021 set:
3022 description: "Set overwrites the request with
3023 the given header (name, value) before the
3024 action. \n Input: GET /foo HTTP/1.1 my-header:
3025 foo \n Config: set: - name: \"my-header\"
3026 value: \"bar\" \n Output: GET /foo HTTP/1.1
3027 my-header: bar"
3028 items:
3029 description: HTTPHeader represents an HTTP
3030 Header name and value as defined by RFC
3031 7230.
3032 properties:
3033 name:
3034 description: "Name is the name of the
3035 HTTP Header to be matched. Name matching
3036 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3037 \n If multiple entries specify equivalent
3038 header names, the first entry with an
3039 equivalent name MUST be considered for
3040 a match. Subsequent entries with an
3041 equivalent header name MUST be ignored.
3042 Due to the case-insensitivity of header
3043 names, \"foo\" and \"Foo\" are considered
3044 equivalent."
3045 maxLength: 256
3046 minLength: 1
3047 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3048 type: string
3049 value:
3050 description: Value is the value of HTTP
3051 Header to be matched.
3052 maxLength: 4096
3053 minLength: 1
3054 type: string
3055 required:
3056 - name
3057 - value
3058 type: object
3059 maxItems: 16
3060 type: array
3061 x-kubernetes-list-map-keys:
3062 - name
3063 x-kubernetes-list-type: map
3064 type: object
3065 requestRedirect:
3066 description: "RequestRedirect defines a schema for
3067 a filter that responds to the request with an
3068 HTTP redirection. \n Support: Core"
3069 properties:
3070 hostname:
3071 description: "Hostname is the hostname to be
3072 used in the value of the `Location` header
3073 in the response. When empty, the hostname
3074 in the `Host` header of the request is used.
3075 \n Support: Core"
3076 maxLength: 253
3077 minLength: 1
3078 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3079 type: string
3080 path:
3081 description: "Path defines parameters used to
3082 modify the path of the incoming request. The
3083 modified path is then used to construct the
3084 `Location` header. When empty, the request
3085 path is used as-is. \n Support: Extended"
3086 properties:
3087 replaceFullPath:
3088 description: ReplaceFullPath specifies the
3089 value with which to replace the full path
3090 of a request during a rewrite or redirect.
3091 maxLength: 1024
3092 type: string
3093 replacePrefixMatch:
3094 description: "ReplacePrefixMatch specifies
3095 the value with which to replace the prefix
3096 match of a request during a rewrite or
3097 redirect. For example, a request to \"/foo/bar\"
3098 with a prefix match of \"/foo\" and a
3099 ReplacePrefixMatch of \"/xyz\" would be
3100 modified to \"/xyz/bar\". \n Note that
3101 this matches the behavior of the PathPrefix
3102 match type. This matches full path elements.
3103 A path element refers to the list of labels
3104 in the path split by the `/` separator.
3105 When specified, a trailing `/` is ignored.
3106 For example, the paths `/abc`, `/abc/`,
3107 and `/abc/def` would all match the prefix
3108 `/abc`, but the path `/abcd` would not.
3109 \n Request Path | Prefix Match | Replace
3110 Prefix | Modified Path -------------|--------------|----------------|----------
3111 /foo/bar | /foo | /xyz |
3112 /xyz/bar /foo/bar | /foo |
3113 /xyz/ | /xyz/bar /foo/bar |
3114 /foo/ | /xyz | /xyz/bar
3115 /foo/bar | /foo/ | /xyz/ |
3116 /xyz/bar /foo | /foo |
3117 /xyz | /xyz /foo/ | /foo
3118 \ | /xyz | /xyz/ /foo/bar
3119 \ | /foo | <empty string> |
3120 /bar /foo/ | /foo | <empty
3121 string> | / /foo | /foo |
3122 <empty string> | / /foo/ | /foo
3123 \ | / | / /foo |
3124 /foo | / | /"
3125 maxLength: 1024
3126 type: string
3127 type:
3128 description: "Type defines the type of path
3129 modifier. Additional types may be added
3130 in a future release of the API. \n Note
3131 that values may be added to this enum,
3132 implementations must ensure that unknown
3133 values will not cause a crash. \n Unknown
3134 values here must result in the implementation
3135 setting the Accepted Condition for the
3136 Route to `status: False`, with a Reason
3137 of `UnsupportedValue`."
3138 enum:
3139 - ReplaceFullPath
3140 - ReplacePrefixMatch
3141 type: string
3142 required:
3143 - type
3144 type: object
3145 port:
3146 description: "Port is the port to be used in
3147 the value of the `Location` header in the
3148 response. \n If no port is specified, the
3149 redirect port MUST be derived using the following
3150 rules: \n * If redirect scheme is not-empty,
3151 the redirect port MUST be the well-known port
3152 associated with the redirect scheme. Specifically
3153 \"http\" to port 80 and \"https\" to port
3154 443. If the redirect scheme does not have
3155 a well-known port, the listener port of the
3156 Gateway SHOULD be used. * If redirect scheme
3157 is empty, the redirect port MUST be the Gateway
3158 Listener port. \n Implementations SHOULD NOT
3159 add the port number in the 'Location' header
3160 in the following cases: \n * A Location header
3161 that will use HTTP (whether that is determined
3162 via the Listener protocol or the Scheme field)
3163 _and_ use port 80. * A Location header that
3164 will use HTTPS (whether that is determined
3165 via the Listener protocol or the Scheme field)
3166 _and_ use port 443. \n Support: Extended"
3167 format: int32
3168 maximum: 65535
3169 minimum: 1
3170 type: integer
3171 scheme:
3172 description: "Scheme is the scheme to be used
3173 in the value of the `Location` header in the
3174 response. When empty, the scheme of the request
3175 is used. \n Scheme redirects can affect the
3176 port of the redirect, for more information,
3177 refer to the documentation for the port field
3178 of this filter. \n Note that values may be
3179 added to this enum, implementations must ensure
3180 that unknown values will not cause a crash.
3181 \n Unknown values here must result in the
3182 implementation setting the Accepted Condition
3183 for the Route to `status: False`, with a Reason
3184 of `UnsupportedValue`. \n Support: Extended"
3185 enum:
3186 - http
3187 - https
3188 type: string
3189 statusCode:
3190 default: 302
3191 description: "StatusCode is the HTTP status
3192 code to be used in response. \n Note that
3193 values may be added to this enum, implementations
3194 must ensure that unknown values will not cause
3195 a crash. \n Unknown values here must result
3196 in the implementation setting the Accepted
3197 Condition for the Route to `status: False`,
3198 with a Reason of `UnsupportedValue`. \n Support:
3199 Core"
3200 enum:
3201 - 301
3202 - 302
3203 type: integer
3204 type: object
3205 responseHeaderModifier:
3206 description: "ResponseHeaderModifier defines a schema
3207 for a filter that modifies response headers. \n
3208 Support: Extended"
3209 properties:
3210 add:
3211 description: "Add adds the given header(s) (name,
3212 value) to the request before the action. It
3213 appends to any existing values associated
3214 with the header name. \n Input: GET /foo HTTP/1.1
3215 my-header: foo \n Config: add: - name: \"my-header\"
3216 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
3217 my-header: foo,bar,baz"
3218 items:
3219 description: HTTPHeader represents an HTTP
3220 Header name and value as defined by RFC
3221 7230.
3222 properties:
3223 name:
3224 description: "Name is the name of the
3225 HTTP Header to be matched. Name matching
3226 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3227 \n If multiple entries specify equivalent
3228 header names, the first entry with an
3229 equivalent name MUST be considered for
3230 a match. Subsequent entries with an
3231 equivalent header name MUST be ignored.
3232 Due to the case-insensitivity of header
3233 names, \"foo\" and \"Foo\" are considered
3234 equivalent."
3235 maxLength: 256
3236 minLength: 1
3237 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3238 type: string
3239 value:
3240 description: Value is the value of HTTP
3241 Header to be matched.
3242 maxLength: 4096
3243 minLength: 1
3244 type: string
3245 required:
3246 - name
3247 - value
3248 type: object
3249 maxItems: 16
3250 type: array
3251 x-kubernetes-list-map-keys:
3252 - name
3253 x-kubernetes-list-type: map
3254 remove:
3255 description: "Remove the given header(s) from
3256 the HTTP request before the action. The value
3257 of Remove is a list of HTTP header names.
3258 Note that the header names are case-insensitive
3259 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3260 \n Input: GET /foo HTTP/1.1 my-header1: foo
3261 my-header2: bar my-header3: baz \n Config:
3262 remove: [\"my-header1\", \"my-header3\"] \n
3263 Output: GET /foo HTTP/1.1 my-header2: bar"
3264 items:
3265 type: string
3266 maxItems: 16
3267 type: array
3268 set:
3269 description: "Set overwrites the request with
3270 the given header (name, value) before the
3271 action. \n Input: GET /foo HTTP/1.1 my-header:
3272 foo \n Config: set: - name: \"my-header\"
3273 value: \"bar\" \n Output: GET /foo HTTP/1.1
3274 my-header: bar"
3275 items:
3276 description: HTTPHeader represents an HTTP
3277 Header name and value as defined by RFC
3278 7230.
3279 properties:
3280 name:
3281 description: "Name is the name of the
3282 HTTP Header to be matched. Name matching
3283 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3284 \n If multiple entries specify equivalent
3285 header names, the first entry with an
3286 equivalent name MUST be considered for
3287 a match. Subsequent entries with an
3288 equivalent header name MUST be ignored.
3289 Due to the case-insensitivity of header
3290 names, \"foo\" and \"Foo\" are considered
3291 equivalent."
3292 maxLength: 256
3293 minLength: 1
3294 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3295 type: string
3296 value:
3297 description: Value is the value of HTTP
3298 Header to be matched.
3299 maxLength: 4096
3300 minLength: 1
3301 type: string
3302 required:
3303 - name
3304 - value
3305 type: object
3306 maxItems: 16
3307 type: array
3308 x-kubernetes-list-map-keys:
3309 - name
3310 x-kubernetes-list-type: map
3311 type: object
3312 type:
3313 description: "Type identifies the type of filter
3314 to apply. As with other API fields, types are
3315 classified into three conformance levels: \n -
3316 Core: Filter types and their corresponding configuration
3317 defined by \"Support: Core\" in this package,
3318 e.g. \"RequestHeaderModifier\". All implementations
3319 must support core filters. \n - Extended: Filter
3320 types and their corresponding configuration defined
3321 by \"Support: Extended\" in this package, e.g.
3322 \"RequestMirror\". Implementers are encouraged
3323 to support extended filters. \n - Implementation-specific:
3324 Filters that are defined and supported by specific
3325 vendors. In the future, filters showing convergence
3326 in behavior across multiple implementations will
3327 be considered for inclusion in extended or core
3328 conformance levels. Filter-specific configuration
3329 for such filters is specified using the ExtensionRef
3330 field. `Type` should be set to \"ExtensionRef\"
3331 for custom filters. \n Implementers are encouraged
3332 to define custom implementation types to extend
3333 the core API with implementation-specific behavior.
3334 \n If a reference to a custom filter type cannot
3335 be resolved, the filter MUST NOT be skipped. Instead,
3336 requests that would have been processed by that
3337 filter MUST receive a HTTP error response. \n
3338 Note that values may be added to this enum, implementations
3339 must ensure that unknown values will not cause
3340 a crash. \n Unknown values here must result in
3341 the implementation setting the Accepted Condition
3342 for the Route to `status: False`, with a Reason
3343 of `UnsupportedValue`."
3344 enum:
3345 - RequestHeaderModifier
3346 - ResponseHeaderModifier
3347 - RequestRedirect
3348 type: string
3349 required:
3350 - type
3351 type: object
3352 maxItems: 16
3353 type: array
3354 required:
3355 - name
3356 type: object
3357 maxItems: 16
3358 type: array
3359 filters:
3360 description: "Filters define the filters that are applied to
3361 requests that match this rule. \n The effects of ordering
3362 of multiple behaviors are currently unspecified. This can
3363 change in the future based on feedback during the alpha stage.
3364 \n Conformance-levels at this level are defined based on the
3365 type of filter: \n - ALL core filters MUST be supported by
3366 all implementations. - Implementers are encouraged to support
3367 extended filters. - Implementation-specific custom filters
3368 have no API guarantees across implementations. \n Specifying
3369 a core filter multiple times has unspecified or custom conformance.
3370 \n All filters are expected to be compatible with each other
3371 except for the URLRewrite and RequestRedirect filters, which
3372 may not be combined. If an implementation can not support
3373 other combinations of filters, they must clearly document
3374 that limitation. In all cases where incompatible or unsupported
3375 filters are specified, implementations MUST add a warning
3376 condition to status. \n Support: Core"
3377 items:
3378 description: HTTPRouteFilter defines processing steps that
3379 must be completed during the request or response lifecycle.
3380 HTTPRouteFilters are meant as an extension point to express
3381 processing that may be done in Gateway implementations.
3382 Some examples include request or response modification,
3383 implementing authentication strategies, rate-limiting, and
3384 traffic shaping. API guarantee/conformance is defined based
3385 on the type of the filter.
3386 properties:
3387 requestHeaderModifier:
3388 description: "RequestHeaderModifier defines a schema for
3389 a filter that modifies request headers. \n Support:
3390 Core"
3391 properties:
3392 add:
3393 description: "Add adds the given header(s) (name,
3394 value) to the request before the action. It appends
3395 to any existing values associated with the header
3396 name. \n Input: GET /foo HTTP/1.1 my-header:
3397 foo \n Config: add: - name: \"my-header\" value:
3398 \"bar\" \n Output: GET /foo HTTP/1.1 my-header:
3399 foo my-header: bar"
3400 items:
3401 description: HTTPHeader represents an HTTP Header
3402 name and value as defined by RFC 7230.
3403 properties:
3404 name:
3405 description: "Name is the name of the HTTP Header
3406 to be matched. Name matching MUST be case
3407 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3408 \n If multiple entries specify equivalent
3409 header names, the first entry with an equivalent
3410 name MUST be considered for a match. Subsequent
3411 entries with an equivalent header name MUST
3412 be ignored. Due to the case-insensitivity
3413 of header names, \"foo\" and \"Foo\" are considered
3414 equivalent."
3415 maxLength: 256
3416 minLength: 1
3417 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3418 type: string
3419 value:
3420 description: Value is the value of HTTP Header
3421 to be matched.
3422 maxLength: 4096
3423 minLength: 1
3424 type: string
3425 required:
3426 - name
3427 - value
3428 type: object
3429 maxItems: 16
3430 type: array
3431 x-kubernetes-list-map-keys:
3432 - name
3433 x-kubernetes-list-type: map
3434 remove:
3435 description: "Remove the given header(s) from the
3436 HTTP request before the action. The value of Remove
3437 is a list of HTTP header names. Note that the header
3438 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3439 \n Input: GET /foo HTTP/1.1 my-header1: foo
3440 \ my-header2: bar my-header3: baz \n Config:
3441 \ remove: [\"my-header1\", \"my-header3\"] \n Output:
3442 \ GET /foo HTTP/1.1 my-header2: bar"
3443 items:
3444 type: string
3445 maxItems: 16
3446 type: array
3447 set:
3448 description: "Set overwrites the request with the
3449 given header (name, value) before the action. \n
3450 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
3451 \ set: - name: \"my-header\" value: \"bar\"
3452 \n Output: GET /foo HTTP/1.1 my-header: bar"
3453 items:
3454 description: HTTPHeader represents an HTTP Header
3455 name and value as defined by RFC 7230.
3456 properties:
3457 name:
3458 description: "Name is the name of the HTTP Header
3459 to be matched. Name matching MUST be case
3460 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3461 \n If multiple entries specify equivalent
3462 header names, the first entry with an equivalent
3463 name MUST be considered for a match. Subsequent
3464 entries with an equivalent header name MUST
3465 be ignored. Due to the case-insensitivity
3466 of header names, \"foo\" and \"Foo\" are considered
3467 equivalent."
3468 maxLength: 256
3469 minLength: 1
3470 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3471 type: string
3472 value:
3473 description: Value is the value of HTTP Header
3474 to be matched.
3475 maxLength: 4096
3476 minLength: 1
3477 type: string
3478 required:
3479 - name
3480 - value
3481 type: object
3482 maxItems: 16
3483 type: array
3484 x-kubernetes-list-map-keys:
3485 - name
3486 x-kubernetes-list-type: map
3487 type: object
3488 requestRedirect:
3489 description: "RequestRedirect defines a schema for a filter
3490 that responds to the request with an HTTP redirection.
3491 \n Support: Core"
3492 properties:
3493 hostname:
3494 description: "Hostname is the hostname to be used
3495 in the value of the `Location` header in the response.
3496 When empty, the hostname of the request is used.
3497 \n Support: Core"
3498 maxLength: 253
3499 minLength: 1
3500 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3501 type: string
3502 path:
3503 description: "Path defines parameters used to
3504 modify the path of the incoming request. The
3505 modified path is then used to construct the
3506 `Location` header. When empty, the request
3507 path is used as-is. \n Support: Extended"
3508 properties:
3509 replaceFullPath:
3510 description: ReplaceFullPath specifies the
3511 value with which to replace the full path
3512 of a request during a rewrite or redirect.
3513 maxLength: 1024
3514 type: string
3515 replacePrefixMatch:
3516 description: "ReplacePrefixMatch specifies
3517 the value with which to replace the prefix
3518 match of a request during a rewrite or
3519 redirect. For example, a request to \"/foo/bar\"
3520 with a prefix match of \"/foo\" and a
3521 ReplacePrefixMatch of \"/xyz\" would be
3522 modified to \"/xyz/bar\". \n Note that
3523 this matches the behavior of the PathPrefix
3524 match type. This matches full path elements.
3525 A path element refers to the list of labels
3526 in the path split by the `/` separator.
3527 When specified, a trailing `/` is ignored.
3528 For example, the paths `/abc`, `/abc/`,
3529 and `/abc/def` would all match the prefix
3530 `/abc`, but the path `/abcd` would not.
3531 \n Request Path | Prefix Match | Replace
3532 Prefix | Modified Path -------------|--------------|----------------|----------
3533 /foo/bar | /foo | /xyz |
3534 /xyz/bar /foo/bar | /foo |
3535 /xyz/ | /xyz/bar /foo/bar |
3536 /foo/ | /xyz | /xyz/bar
3537 /foo/bar | /foo/ | /xyz/ |
3538 /xyz/bar /foo | /foo |
3539 /xyz | /xyz /foo/ | /foo
3540 \ | /xyz | /xyz/ /foo/bar
3541 \ | /foo | <empty string> |
3542 /bar /foo/ | /foo | <empty
3543 string> | / /foo | /foo |
3544 <empty string> | / /foo/ | /foo
3545 \ | / | / /foo |
3546 /foo | / | /"
3547 maxLength: 1024
3548 type: string
3549 type:
3550 description: "Type defines the type of path
3551 modifier. Additional types may be added
3552 in a future release of the API. \n Note
3553 that values may be added to this enum,
3554 implementations must ensure that unknown
3555 values will not cause a crash. \n Unknown
3556 values here must result in the implementation
3557 setting the Accepted Condition for the
3558 Route to `status: False`, with a Reason
3559 of `UnsupportedValue`."
3560 enum:
3561 - ReplaceFullPath
3562 - ReplacePrefixMatch
3563 type: string
3564 required:
3565 - type
3566 type: object
3567 port:
3568 description: "Port is the port to be used in the value
3569 of the `Location` header in the response. When empty,
3570 port (if specified) of the request is used. \n Support:
3571 Extended"
3572 format: int32
3573 maximum: 65535
3574 minimum: 1
3575 type: integer
3576 scheme:
3577 description: "Scheme is the scheme to be used in the
3578 value of the `Location` header in the response.
3579 When empty, the scheme of the request is used. \n
3580 Support: Extended"
3581 enum:
3582 - http
3583 - https
3584 type: string
3585 statusCode:
3586 default: 302
3587 description: "StatusCode is the HTTP status code to
3588 be used in response. \n Support: Core"
3589 enum:
3590 - 301
3591 - 302
3592 type: integer
3593 type: object
3594 type:
3595 description: "Type identifies the type of filter to apply.
3596 As with other API fields, types are classified into
3597 three conformance levels: \n - Core: Filter types and
3598 their corresponding configuration defined by \"Support:
3599 Core\" in this package, e.g. \"RequestHeaderModifier\"."
3600 enum:
3601 - RequestHeaderModifier
3602 - RequestRedirect
3603 type: string
3604 required:
3605 - type
3606 type: object
3607 maxItems: 16
3608 type: array
3609 matches:
3610 default:
3611 - path:
3612 type: PathPrefix
3613 value: /
3614 description: "Matches define conditions used for matching the
3615 rule against incoming HTTP requests. Each match is independent,
3616 i.e. this rule will be matched if **any** one of the matches
3617 is satisfied. \n For example, take the following matches configuration:
3618 \n ``` matches: - path: value: \"/foo\" headers: -
3619 name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"
3620 ``` \n For a request to match against this rule, a request
3621 must satisfy EITHER of the two conditions: \n - path prefixed
3622 with `/foo` AND contains the header `version: v2` - path prefix
3623 of `/v2/foo` \n See the documentation for HTTPRouteMatch on
3624 how to specify multiple match conditions that should be ANDed
3625 together. \n If no matches are specified, the default is a
3626 prefix path match on \"/\", which has the effect of matching
3627 every HTTP request. \n Proxy or Load Balancer routing configuration
3628 generated from HTTPRoutes MUST prioritize rules based on the
3629 following criteria, continuing on ties. Precedence must be
3630 given to the the Rule with the largest number of: \n * Characters
3631 in a matching non-wildcard hostname. * Characters in a matching
3632 hostname. * Characters in a matching path. * Header matches.
3633 * Query param matches. \n If ties still exist across multiple
3634 Routes, matching precedence MUST be determined in order of
3635 the following criteria, continuing on ties: \n * The oldest
3636 Route based on creation timestamp. * The Route appearing first
3637 in alphabetical order by \"{namespace}/{name}\". \n If ties
3638 still exist within the Route that has been given precedence,
3639 matching precedence MUST be granted to the first matching
3640 rule meeting the above criteria. \n When no rules matching
3641 a request have been successfully attached to the parent a
3642 request is coming from, a HTTP 404 status code MUST be returned."
3643 items:
3644 description: "HTTPRouteMatch defines the predicate used to
3645 match requests to a given action. Multiple match types are
3646 ANDed together, i.e. the match will evaluate to true only
3647 if all conditions are satisfied. \n For example, the match
3648 below will match a HTTP request only if its path starts
3649 with `/foo` AND it contains the `version: v1` header: \n
3650 ``` match: path: value: \"/foo\" headers: - name:
3651 \"version\" value \"v1\" ```"
3652 properties:
3653 headers:
3654 description: Headers specifies HTTP request header matchers.
3655 Multiple match values are ANDed together, meaning, a
3656 request must match all the specified headers to select
3657 the route.
3658 items:
3659 description: HTTPHeaderMatch describes how to select
3660 a HTTP route by matching HTTP request headers.
3661 properties:
3662 name:
3663 description: "Name is the name of the HTTP Header
3664 to be matched. Name matching MUST be case insensitive.
3665 (See https://tools.ietf.org/html/rfc7230#section-3.2).
3666 \n If multiple entries specify equivalent header
3667 names, only the first entry with an equivalent
3668 name MUST be considered for a match. Subsequent
3669 entries with an equivalent header name MUST be
3670 ignored. Due to the case-insensitivity of header
3671 names, \"foo\" and \"Foo\" are considered equivalent.
3672 \n When a header is repeated in an HTTP request,
3673 it is implementation-specific behavior as to how
3674 this is represented. Generally, proxies should
3675 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
3676 regarding processing a repeated header, with special
3677 handling for \"Set-Cookie\"."
3678 maxLength: 256
3679 minLength: 1
3680 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3681 type: string
3682 type:
3683 default: Exact
3684 description: "Type specifies how to match against
3685 the value of the header. \n Support: Core (Exact)
3686 \n Support: Custom (RegularExpression) \n Since
3687 RegularExpression HeaderMatchType has custom conformance,
3688 implementations can support POSIX, PCRE or any
3689 other dialects of regular expressions. Please
3690 read the implementation's documentation to determine
3691 the supported dialect."
3692 enum:
3693 - Exact
3694 - RegularExpression
3695 type: string
3696 value:
3697 description: Value is the value of HTTP Header to
3698 be matched.
3699 maxLength: 4096
3700 minLength: 1
3701 type: string
3702 required:
3703 - name
3704 - value
3705 type: object
3706 maxItems: 16
3707 type: array
3708 x-kubernetes-list-map-keys:
3709 - name
3710 x-kubernetes-list-type: map
3711 method:
3712 description: "Method specifies HTTP method matcher. When
3713 specified, this route will be matched only if the request
3714 has the specified method. \n Support: Extended"
3715 enum:
3716 - GET
3717 - HEAD
3718 - POST
3719 - PUT
3720 - DELETE
3721 - CONNECT
3722 - OPTIONS
3723 - TRACE
3724 - PATCH
3725 type: string
3726 path:
3727 default:
3728 type: PathPrefix
3729 value: /
3730 description: Path specifies a HTTP request path matcher.
3731 If this field is not specified, a default prefix match
3732 on the "/" path is provided.
3733 properties:
3734 type:
3735 default: PathPrefix
3736 description: "Type specifies how to match against
3737 the path Value. \n Support: Core (Exact, PathPrefix)
3738 \n Support: Custom (RegularExpression)"
3739 enum:
3740 - Exact
3741 - PathPrefix
3742 - RegularExpression
3743 type: string
3744 value:
3745 default: /
3746 description: Value of the HTTP path to match against.
3747 maxLength: 1024
3748 type: string
3749 type: object
3750 queryParams:
3751 description: QueryParams specifies HTTP query parameter
3752 matchers. Multiple match values are ANDed together,
3753 meaning, a request must match all the specified query
3754 parameters to select the route.
3755 items:
3756 description: HTTPQueryParamMatch describes how to select
3757 a HTTP route by matching HTTP query parameters.
3758 properties:
3759 name:
3760 description: Name is the name of the HTTP query
3761 param to be matched. This must be an exact string
3762 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
3763 maxLength: 256
3764 minLength: 1
3765 type: string
3766 type:
3767 default: Exact
3768 description: "Type specifies how to match against
3769 the value of the query parameter. \n Support:
3770 Extended (Exact) \n Support: Custom (RegularExpression)
3771 \n Since RegularExpression QueryParamMatchType
3772 has custom conformance, implementations can support
3773 POSIX, PCRE or any other dialects of regular expressions.
3774 Please read the implementation's documentation
3775 to determine the supported dialect."
3776 enum:
3777 - Exact
3778 - RegularExpression
3779 type: string
3780 value:
3781 description: Value is the value of HTTP query param
3782 to be matched.
3783 maxLength: 1024
3784 minLength: 1
3785 type: string
3786 required:
3787 - name
3788 - value
3789 type: object
3790 maxItems: 16
3791 type: array
3792 x-kubernetes-list-map-keys:
3793 - name
3794 x-kubernetes-list-type: map
3795 type: object
3796 maxItems: 8
3797 type: array
3798 type: object
3799 maxItems: 16
3800 type: array
3801 type: object
3802 status:
3803 description: Status defines the current state of HTTPRoute.
3804 properties:
3805 parents:
3806 description: "Parents is a list of parent resources (usually Gateways)
3807 that are associated with the route, and the status of the route
3808 with respect to each parent. When this route attaches to a parent,
3809 the controller that manages the parent must add an entry to this
3810 list when the controller first sees the route and should update
3811 the entry as appropriate when the route or gateway is modified.
3812 \n Note that parent references that cannot be resolved by an implementation
3813 of this API will not be added to this list. Implementations of this
3814 API can only populate Route status for the Gateways/parent resources
3815 they are responsible for. \n A maximum of 32 Gateways will be represented
3816 in this list. An empty list means the route has not been attached
3817 to any Gateway."
3818 items:
3819 description: RouteParentStatus describes the status of a route with
3820 respect to an associated Parent.
3821 properties:
3822 conditions:
3823 description: "Conditions describes the status of the route with
3824 respect to the Gateway. Note that the route's availability
3825 is also subject to the Gateway's own status conditions and
3826 listener status. \n If the Route's ParentRef specifies an
3827 existing Gateway that supports Routes of this kind AND that
3828 Gateway's controller has sufficient access, then that Gateway's
3829 controller MUST set the \"Accepted\" condition on the Route,
3830 to indicate whether the route has been accepted or rejected
3831 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
3832 if at least one of the Route's rules is implemented by the
3833 Gateway. \n There are a number of cases where the \"Accepted\"
3834 condition may not be set due to lack of controller visibility,
3835 that includes when: \n * The Route refers to a non-existent
3836 parent. * The Route is of a type that the controller does
3837 not support. * The Route is in a namespace the the controller
3838 does not have access to."
3839 items:
3840 description: "Condition contains details for one aspect of
3841 the current state of this API Resource. --- This struct
3842 is intended for direct use as an array at the field path
3843 .status.conditions. For example, type FooStatus struct{
3844 \ // Represents the observations of a foo's current state.
3845 \ // Known .status.conditions.type are: \"Available\",
3846 \"Progressing\", and \"Degraded\" // +patchMergeKey=type
3847 \ // +patchStrategy=merge // +listType=map //
3848 +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
3849 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
3850 \n // other fields }"
3851 properties:
3852 lastTransitionTime:
3853 description: lastTransitionTime is the last time the condition
3854 transitioned from one status to another. This should
3855 be when the underlying condition changed. If that is
3856 not known, then using the time when the API field changed
3857 is acceptable.
3858 format: date-time
3859 type: string
3860 message:
3861 description: message is a human readable message indicating
3862 details about the transition. This may be an empty string.
3863 maxLength: 32768
3864 type: string
3865 observedGeneration:
3866 description: observedGeneration represents the .metadata.generation
3867 that the condition was set based upon. For instance,
3868 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
3869 is 9, the condition is out of date with respect to the
3870 current state of the instance.
3871 format: int64
3872 minimum: 0
3873 type: integer
3874 reason:
3875 description: reason contains a programmatic identifier
3876 indicating the reason for the condition's last transition.
3877 Producers of specific condition types may define expected
3878 values and meanings for this field, and whether the
3879 values are considered a guaranteed API. The value should
3880 be a CamelCase string. This field may not be empty.
3881 maxLength: 1024
3882 minLength: 1
3883 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3884 type: string
3885 status:
3886 description: status of the condition, one of True, False,
3887 Unknown.
3888 enum:
3889 - "True"
3890 - "False"
3891 - Unknown
3892 type: string
3893 type:
3894 description: type of condition in CamelCase or in foo.example.com/CamelCase.
3895 --- Many .condition.type values are consistent across
3896 resources like Available, but because arbitrary conditions
3897 can be useful (see .node.status.conditions), the ability
3898 to deconflict is important. The regex it matches is
3899 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
3900 maxLength: 316
3901 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3902 type: string
3903 required:
3904 - lastTransitionTime
3905 - message
3906 - reason
3907 - status
3908 - type
3909 type: object
3910 maxItems: 8
3911 minItems: 1
3912 type: array
3913 x-kubernetes-list-map-keys:
3914 - type
3915 x-kubernetes-list-type: map
3916 controllerName:
3917 description: "ControllerName is a domain/path string that indicates
3918 the name of the controller that wrote this status. This corresponds
3919 with the controllerName field on GatewayClass. \n Example:
3920 \"example.net/gateway-controller\". \n The format of this
3921 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
3922 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
3923 \n Controllers MUST populate this field when writing status.
3924 Controllers should ensure that entries to status populated
3925 with their ControllerName are cleaned up when they are no
3926 longer necessary."
3927 maxLength: 253
3928 minLength: 1
3929 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
3930 type: string
3931 parentRef:
3932 description: ParentRef corresponds with a ParentRef in the spec
3933 that this RouteParentStatus struct describes the status of.
3934 properties:
3935 group:
3936 default: policy.linkerd.io
3937 description: "Group is the group of the referent. \n Support:
3938 Core"
3939 maxLength: 253
3940 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3941 type: string
3942 kind:
3943 default: Gateway
3944 description: "Kind is kind of the referent. \n Support:
3945 Core (Gateway) Support: Custom (Other Resources)"
3946 maxLength: 63
3947 minLength: 1
3948 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3949 type: string
3950 name:
3951 description: "Name is the name of the referent. \n Support:
3952 Core"
3953 maxLength: 253
3954 minLength: 1
3955 type: string
3956 namespace:
3957 description: "Namespace is the namespace of the referent.
3958 When unspecified (or empty string), this refers to the
3959 local namespace of the Route. \n Support: Core"
3960 maxLength: 63
3961 minLength: 1
3962 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3963 type: string
3964 port:
3965 description: "Port is the network port this Route targets.
3966 It can be interpreted differently based on the type of
3967 parent resource. \n When the parent resource is a Gateway,
3968 this targets all listeners listening on the specified
3969 port that also support this kind of Route(and select this
3970 Route). It's not recommended to set `Port` unless the
3971 networking behaviors specified in a Route must apply to
3972 a specific port as opposed to a listener(s) whose port(s)
3973 may be changed. When both Port and SectionName are specified,
3974 the name and port of the selected listener must match
3975 both specified values. \n Implementations MAY choose to
3976 support other parent resources. Implementations supporting
3977 other types of parent resources MUST clearly document
3978 how/if Port is interpreted. \n For the purpose of status,
3979 an attachment is considered successful as long as the
3980 parent resource accepts it partially. For example, Gateway
3981 listeners can restrict which Routes can attach to them
3982 by Route kind, namespace, or hostname. If 1 of 2 Gateway
3983 listeners accept attachment from the referencing Route,
3984 the Route MUST be considered successfully attached. If
3985 no Gateway listeners accept attachment from this Route,
3986 the Route MUST be considered detached from the Gateway.
3987 \n Support: Extended \n <gateway:experimental>"
3988 format: int32
3989 maximum: 65535
3990 minimum: 1
3991 type: integer
3992 sectionName:
3993 description: "SectionName is the name of a section within
3994 the target resource. In the following resources, SectionName
3995 is interpreted as the following: \n * Gateway: Listener
3996 Name. When both Port (experimental) and SectionName are
3997 specified, the name and port of the selected listener
3998 must match both specified values. \n Implementations MAY
3999 choose to support attaching Routes to other resources.
4000 If that is the case, they MUST clearly document how SectionName
4001 is interpreted. \n When unspecified (empty string), this
4002 will reference the entire resource. For the purpose of
4003 status, an attachment is considered successful if at least
4004 one section in the parent resource accepts it. For example,
4005 Gateway listeners can restrict which Routes can attach
4006 to them by Route kind, namespace, or hostname. If 1 of
4007 2 Gateway listeners accept attachment from the referencing
4008 Route, the Route MUST be considered successfully attached.
4009 If no Gateway listeners accept attachment from this Route,
4010 the Route MUST be considered detached from the Gateway.
4011 \n Support: Core"
4012 maxLength: 253
4013 minLength: 1
4014 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4015 type: string
4016 required:
4017 - name
4018 type: object
4019 required:
4020 - controllerName
4021 - parentRef
4022 type: object
4023 maxItems: 32
4024 type: array
4025 required:
4026 - parents
4027 type: object
4028 required:
4029 - spec
4030 type: object
4031 served: true
4032 storage: false
4033 subresources:
4034 status: {}
4035 - additionalPrinterColumns:
4036 - jsonPath: .spec.hostnames
4037 name: Hostnames
4038 type: string
4039 - jsonPath: .metadata.creationTimestamp
4040 name: Age
4041 type: date
4042 name: v1beta3
4043 schema:
4044 openAPIV3Schema:
4045 description: HTTPRoute provides a way to route HTTP requests. This includes
4046 the capability to match requests by hostname, path, header, or query param.
4047 Filters can be used to specify additional processing steps. Backends specify
4048 where matching requests should be routed.
4049 properties:
4050 apiVersion:
4051 description: 'APIVersion defines the versioned schema of this representation
4052 of an object. Servers should convert recognized schemas to the latest
4053 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
4054 type: string
4055 kind:
4056 description: 'Kind is a string value representing the REST resource this
4057 object represents. Servers may infer this from the endpoint the client
4058 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
4059 type: string
4060 metadata:
4061 type: object
4062 spec:
4063 description: Spec defines the desired state of HTTPRoute.
4064 properties:
4065 hostnames:
4066 description: "Hostnames defines a set of hostname that should match
4067 against the HTTP Host header to select a HTTPRoute to process the
4068 request. This matches the RFC 1123 definition of a hostname with
4069 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may
4070 be prefixed with a wildcard label (`*.`). The wildcard label
4071 must appear by itself as the first label. \n If a hostname is specified
4072 by both the Listener and HTTPRoute, there must be at least one intersecting
4073 hostname for the HTTPRoute to be attached to the Listener. For example:
4074 \n * A Listener with `test.example.com` as the hostname matches
4075 HTTPRoutes that have either not specified any hostnames, or have
4076 specified at least one of `test.example.com` or `*.example.com`.
4077 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
4078 \ that have either not specified any hostnames or have specified
4079 at least one hostname that matches the Listener hostname. For
4080 example, `*.example.com`, `test.example.com`, and `foo.test.example.com`
4081 would all match. On the other hand, `example.com` and `test.example.net`
4082 would not match. \n Hostnames that are prefixed with a wildcard
4083 label (`*.`) are interpreted as a suffix match. That means that
4084 a match for `*.example.com` would match both `test.example.com`,
4085 and `foo.test.example.com`, but not `example.com`. \n If both the
4086 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
4087 that do not match the Listener hostname MUST be ignored. For example,
4088 if a Listener specified `*.example.com`, and the HTTPRoute specified
4089 `test.example.com` and `test.example.net`, `test.example.net` must
4090 not be considered for a match. \n If both the Listener and HTTPRoute
4091 have specified hostnames, and none match with the criteria above,
4092 then the HTTPRoute is not accepted. The implementation must raise
4093 an 'Accepted' Condition with a status of `False` in the corresponding
4094 RouteParentStatus. \n Support: Core"
4095 items:
4096 description: "Hostname is the fully qualified domain name of a network
4097 host. This matches the RFC 1123 definition of a hostname with
4098 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
4099 may be prefixed with a wildcard label (`*.`). The wildcard label
4100 must appear by itself as the first label. \n Hostname can be \"precise\"
4101 which is a domain name without the terminating dot of a network
4102 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
4103 name prefixed with a single wildcard label (e.g. `*.example.com`).
4104 \n Note that as per RFC1035 and RFC1123, a *label* must consist
4105 of lower case alphanumeric characters or '-', and must start and
4106 end with an alphanumeric character. No other punctuation is allowed."
4107 maxLength: 253
4108 minLength: 1
4109 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4110 type: string
4111 maxItems: 16
4112 type: array
4113 parentRefs:
4114 description: "ParentRefs references the resources (usually Gateways)
4115 that a Route wants to be attached to. Note that the referenced parent
4116 resource needs to allow this for the attachment to be complete.
4117 For Gateways, that means the Gateway needs to allow attachment from
4118 Routes of this kind and namespace. \n The only kind of parent resource
4119 with \"Core\" support is Gateway. This API may be extended in the
4120 future to support additional kinds of parent resources such as one
4121 of the route kinds. \n It is invalid to reference an identical parent
4122 more than once. It is valid to reference multiple distinct sections
4123 within the same parent resource, such as 2 Listeners within a Gateway.
4124 \n It is possible to separately reference multiple distinct objects
4125 that may be collapsed by an implementation. For example, some implementations
4126 may choose to merge compatible Gateway Listeners together. If that
4127 is the case, the list of routes attached to those resources should
4128 also be merged."
4129 items:
4130 description: "ParentReference identifies an API object (usually
4131 a Gateway) that can be considered a parent of this resource (usually
4132 a route). The only kind of parent resource with \"Core\" support
4133 is Gateway. This API may be extended in the future to support
4134 additional kinds of parent resources, such as HTTPRoute. \n The
4135 API object must be valid in the cluster; the Group and Kind must
4136 be registered in the cluster for this reference to be valid."
4137 properties:
4138 group:
4139 default: policy.linkerd.io
4140 description: "Group is the group of the referent. \n Support:
4141 Core"
4142 maxLength: 253
4143 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4144 type: string
4145 kind:
4146 default: Gateway
4147 description: "Kind is kind of the referent. \n Support: Core
4148 (Gateway) Support: Custom (Other Resources)"
4149 maxLength: 63
4150 minLength: 1
4151 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4152 type: string
4153 name:
4154 description: "Name is the name of the referent. \n Support:
4155 Core"
4156 maxLength: 253
4157 minLength: 1
4158 type: string
4159 namespace:
4160 description: "Namespace is the namespace of the referent. When
4161 unspecified (or empty string), this refers to the local namespace
4162 of the Route. \n Support: Core"
4163 maxLength: 63
4164 minLength: 1
4165 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4166 type: string
4167 port:
4168 description: "Port specifies the destination
4169 port number to use for this resource.
4170 Port is required when the referent is
4171 a Kubernetes Service. In this case, the
4172 port number is the service port number,
4173 not the target port. For other resources,
4174 destination port might be derived from
4175 the referent resource or this field. \n Support: Extended"
4176 format: int32
4177 maximum: 65535
4178 minimum: 1
4179 type: integer
4180 sectionName:
4181 description: "SectionName is the name of a section within the
4182 target resource. In the following resources, SectionName is
4183 interpreted as the following: \n * Gateway: Listener Name.
4184 When both Port (experimental) and SectionName are specified,
4185 the name and port of the selected listener must match both
4186 specified values. \n Implementations MAY choose to support
4187 attaching Routes to other resources. If that is the case,
4188 they MUST clearly document how SectionName is interpreted.
4189 \n When unspecified (empty string), this will reference the
4190 entire resource. For the purpose of status, an attachment
4191 is considered successful if at least one section in the parent
4192 resource accepts it. For example, Gateway listeners can restrict
4193 which Routes can attach to them by Route kind, namespace,
4194 or hostname. If 1 of 2 Gateway listeners accept attachment
4195 from the referencing Route, the Route MUST be considered successfully
4196 attached. If no Gateway listeners accept attachment from this
4197 Route, the Route MUST be considered detached from the Gateway.
4198 \n Support: Core"
4199 maxLength: 253
4200 minLength: 1
4201 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4202 type: string
4203 required:
4204 - name
4205 type: object
4206 maxItems: 32
4207 type: array
4208 rules:
4209 default:
4210 - matches:
4211 - path:
4212 type: PathPrefix
4213 value: /
4214 description: Rules are a list of HTTP matchers, filters and actions.
4215 items:
4216 description: HTTPRouteRule defines semantics for matching an HTTP
4217 request based on conditions (matches) and processing it (filters).
4218 properties:
4219 backendRefs:
4220 description: "BackendRefs defines the backend(s) where matching
4221 requests should be sent. \n Failure behavior here depends
4222 on how many BackendRefs are specified and how many are invalid.
4223 \n If *all* entries in BackendRefs are invalid, and there
4224 are also no filters specified in this route rule, *all* traffic
4225 which matches this rule MUST receive a 500 status code. \n
4226 See the HTTPBackendRef definition for the rules about what
4227 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
4228 is invalid, 500 status codes MUST be returned for requests
4229 that would have otherwise been routed to an invalid backend.
4230 If multiple backends are specified, and some are invalid,
4231 the proportion of requests that would otherwise have been
4232 routed to an invalid backend MUST receive a 500 status code.
4233 \n For example, if two backends are specified with equal weights,
4234 and one is invalid, 50 percent of traffic must receive a 500.
4235 Implementations may choose how that 50 percent is determined.
4236 \n Support: Core for Kubernetes Service \n Support: Implementation-specific
4237 for any other resource \n Support for weight: Core"
4238 items:
4239 description: HTTPBackendRef defines how a HTTPRoute should
4240 forward an HTTP request.
4241 properties:
4242 group:
4243 default: ""
4244 description: Group is the group of the referent. For example,
4245 "gateway.networking.k8s.io". When unspecified or empty
4246 string, core API group is inferred.
4247 maxLength: 253
4248 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4249 type: string
4250 kind:
4251 default: Service
4252 description: Kind is kind of the referent. For example
4253 "HTTPRoute" or "Service". Defaults to "Service" when
4254 not specified.
4255 maxLength: 63
4256 minLength: 1
4257 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4258 type: string
4259 name:
4260 description: Name is the name of the referent.
4261 maxLength: 253
4262 minLength: 1
4263 type: string
4264 namespace:
4265 description: "Namespace is the namespace of the backend.
4266 When unspecified, the local namespace is inferred. \n
4267 Note that when a namespace is specified, a ReferenceGrant
4268 object is required in the referent namespace to allow
4269 that namespace's owner to accept the reference. See
4270 the ReferenceGrant documentation for details. \n Support:
4271 Core"
4272 maxLength: 63
4273 minLength: 1
4274 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4275 type: string
4276 port:
4277 description: Port specifies the destination port number
4278 to use for this resource. Port is required when the
4279 referent is a Kubernetes Service. In this case, the
4280 port number is the service port number, not the target
4281 port. For other resources, destination port might be
4282 derived from the referent resource or this field.
4283 format: int32
4284 maximum: 65535
4285 minimum: 1
4286 type: integer
4287 weight:
4288 default: 1
4289 description: "Weight specifies the proportion of requests
4290 forwarded to the referenced backend. This is computed
4291 as weight/(sum of all weights in this BackendRefs list).
4292 For non-zero values, there may be some epsilon from
4293 the exact proportion defined here depending on the precision
4294 an implementation supports. Weight is not a percentage
4295 and the sum of weights does not need to equal 100. \n
4296 If only one backend is specified and it has a weight
4297 greater than 0, 100% of the traffic is forwarded to
4298 that backend. If weight is set to 0, no traffic should
4299 be forwarded for this entry. If unspecified, weight
4300 defaults to 1. \n Support for this field varies based
4301 on the context where used."
4302 format: int32
4303 maximum: 1000000
4304 minimum: 0
4305 type: integer
4306 filters:
4307 description: "Filters defined at this level should be
4308 executed if and only if the request is being forwarded
4309 to the backend defined here. \n Support: Implementation-specific
4310 (For broader support of filters, use the Filters field
4311 in HTTPRouteRule.)"
4312 items:
4313 description: HTTPRouteFilter defines processing steps
4314 that must be completed during the request or response
4315 lifecycle. HTTPRouteFilters are meant as an extension
4316 point to express processing that may be done in Gateway
4317 implementations. Some examples include request or
4318 response modification, implementing authentication
4319 strategies, rate-limiting, and traffic shaping. API
4320 guarantee/conformance is defined based on the type
4321 of the filter.
4322 properties:
4323 requestHeaderModifier:
4324 description: "RequestHeaderModifier defines a schema
4325 for a filter that modifies request headers. \n
4326 Support: Core"
4327 properties:
4328 add:
4329 description: "Add adds the given header(s) (name,
4330 value) to the request before the action. It
4331 appends to any existing values associated
4332 with the header name. \n Input: GET /foo HTTP/1.1
4333 my-header: foo \n Config: add: - name: \"my-header\"
4334 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
4335 my-header: foo,bar,baz"
4336 items:
4337 description: HTTPHeader represents an HTTP
4338 Header name and value as defined by RFC
4339 7230.
4340 properties:
4341 name:
4342 description: "Name is the name of the
4343 HTTP Header to be matched. Name matching
4344 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4345 \n If multiple entries specify equivalent
4346 header names, the first entry with an
4347 equivalent name MUST be considered for
4348 a match. Subsequent entries with an
4349 equivalent header name MUST be ignored.
4350 Due to the case-insensitivity of header
4351 names, \"foo\" and \"Foo\" are considered
4352 equivalent."
4353 maxLength: 256
4354 minLength: 1
4355 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4356 type: string
4357 value:
4358 description: Value is the value of HTTP
4359 Header to be matched.
4360 maxLength: 4096
4361 minLength: 1
4362 type: string
4363 required:
4364 - name
4365 - value
4366 type: object
4367 maxItems: 16
4368 type: array
4369 x-kubernetes-list-map-keys:
4370 - name
4371 x-kubernetes-list-type: map
4372 remove:
4373 description: "Remove the given header(s) from
4374 the HTTP request before the action. The value
4375 of Remove is a list of HTTP header names.
4376 Note that the header names are case-insensitive
4377 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
4378 \n Input: GET /foo HTTP/1.1 my-header1: foo
4379 my-header2: bar my-header3: baz \n Config:
4380 remove: [\"my-header1\", \"my-header3\"] \n
4381 Output: GET /foo HTTP/1.1 my-header2: bar"
4382 items:
4383 type: string
4384 maxItems: 16
4385 type: array
4386 set:
4387 description: "Set overwrites the request with
4388 the given header (name, value) before the
4389 action. \n Input: GET /foo HTTP/1.1 my-header:
4390 foo \n Config: set: - name: \"my-header\"
4391 value: \"bar\" \n Output: GET /foo HTTP/1.1
4392 my-header: bar"
4393 items:
4394 description: HTTPHeader represents an HTTP
4395 Header name and value as defined by RFC
4396 7230.
4397 properties:
4398 name:
4399 description: "Name is the name of the
4400 HTTP Header to be matched. Name matching
4401 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4402 \n If multiple entries specify equivalent
4403 header names, the first entry with an
4404 equivalent name MUST be considered for
4405 a match. Subsequent entries with an
4406 equivalent header name MUST be ignored.
4407 Due to the case-insensitivity of header
4408 names, \"foo\" and \"Foo\" are considered
4409 equivalent."
4410 maxLength: 256
4411 minLength: 1
4412 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4413 type: string
4414 value:
4415 description: Value is the value of HTTP
4416 Header to be matched.
4417 maxLength: 4096
4418 minLength: 1
4419 type: string
4420 required:
4421 - name
4422 - value
4423 type: object
4424 maxItems: 16
4425 type: array
4426 x-kubernetes-list-map-keys:
4427 - name
4428 x-kubernetes-list-type: map
4429 type: object
4430 requestRedirect:
4431 description: "RequestRedirect defines a schema for
4432 a filter that responds to the request with an
4433 HTTP redirection. \n Support: Core"
4434 properties:
4435 hostname:
4436 description: "Hostname is the hostname to be
4437 used in the value of the `Location` header
4438 in the response. When empty, the hostname
4439 in the `Host` header of the request is used.
4440 \n Support: Core"
4441 maxLength: 253
4442 minLength: 1
4443 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4444 type: string
4445 path:
4446 description: "Path defines parameters used to
4447 modify the path of the incoming request. The
4448 modified path is then used to construct the
4449 `Location` header. When empty, the request
4450 path is used as-is. \n Support: Extended"
4451 properties:
4452 replaceFullPath:
4453 description: ReplaceFullPath specifies the
4454 value with which to replace the full path
4455 of a request during a rewrite or redirect.
4456 maxLength: 1024
4457 type: string
4458 replacePrefixMatch:
4459 description: "ReplacePrefixMatch specifies
4460 the value with which to replace the prefix
4461 match of a request during a rewrite or
4462 redirect. For example, a request to \"/foo/bar\"
4463 with a prefix match of \"/foo\" and a
4464 ReplacePrefixMatch of \"/xyz\" would be
4465 modified to \"/xyz/bar\". \n Note that
4466 this matches the behavior of the PathPrefix
4467 match type. This matches full path elements.
4468 A path element refers to the list of labels
4469 in the path split by the `/` separator.
4470 When specified, a trailing `/` is ignored.
4471 For example, the paths `/abc`, `/abc/`,
4472 and `/abc/def` would all match the prefix
4473 `/abc`, but the path `/abcd` would not.
4474 \n Request Path | Prefix Match | Replace
4475 Prefix | Modified Path -------------|--------------|----------------|----------
4476 /foo/bar | /foo | /xyz |
4477 /xyz/bar /foo/bar | /foo |
4478 /xyz/ | /xyz/bar /foo/bar |
4479 /foo/ | /xyz | /xyz/bar
4480 /foo/bar | /foo/ | /xyz/ |
4481 /xyz/bar /foo | /foo |
4482 /xyz | /xyz /foo/ | /foo
4483 \ | /xyz | /xyz/ /foo/bar
4484 \ | /foo | <empty string> |
4485 /bar /foo/ | /foo | <empty
4486 string> | / /foo | /foo |
4487 <empty string> | / /foo/ | /foo
4488 \ | / | / /foo |
4489 /foo | / | /"
4490 maxLength: 1024
4491 type: string
4492 type:
4493 description: "Type defines the type of path
4494 modifier. Additional types may be added
4495 in a future release of the API. \n Note
4496 that values may be added to this enum,
4497 implementations must ensure that unknown
4498 values will not cause a crash. \n Unknown
4499 values here must result in the implementation
4500 setting the Accepted Condition for the
4501 Route to `status: False`, with a Reason
4502 of `UnsupportedValue`."
4503 enum:
4504 - ReplaceFullPath
4505 - ReplacePrefixMatch
4506 type: string
4507 required:
4508 - type
4509 type: object
4510 port:
4511 description: "Port is the port to be used in
4512 the value of the `Location` header in the
4513 response. \n If no port is specified, the
4514 redirect port MUST be derived using the following
4515 rules: \n * If redirect scheme is not-empty,
4516 the redirect port MUST be the well-known port
4517 associated with the redirect scheme. Specifically
4518 \"http\" to port 80 and \"https\" to port
4519 443. If the redirect scheme does not have
4520 a well-known port, the listener port of the
4521 Gateway SHOULD be used. * If redirect scheme
4522 is empty, the redirect port MUST be the Gateway
4523 Listener port. \n Implementations SHOULD NOT
4524 add the port number in the 'Location' header
4525 in the following cases: \n * A Location header
4526 that will use HTTP (whether that is determined
4527 via the Listener protocol or the Scheme field)
4528 _and_ use port 80. * A Location header that
4529 will use HTTPS (whether that is determined
4530 via the Listener protocol or the Scheme field)
4531 _and_ use port 443. \n Support: Extended"
4532 format: int32
4533 maximum: 65535
4534 minimum: 1
4535 type: integer
4536 scheme:
4537 description: "Scheme is the scheme to be used
4538 in the value of the `Location` header in the
4539 response. When empty, the scheme of the request
4540 is used. \n Scheme redirects can affect the
4541 port of the redirect, for more information,
4542 refer to the documentation for the port field
4543 of this filter. \n Note that values may be
4544 added to this enum, implementations must ensure
4545 that unknown values will not cause a crash.
4546 \n Unknown values here must result in the
4547 implementation setting the Accepted Condition
4548 for the Route to `status: False`, with a Reason
4549 of `UnsupportedValue`. \n Support: Extended"
4550 enum:
4551 - http
4552 - https
4553 type: string
4554 statusCode:
4555 default: 302
4556 description: "StatusCode is the HTTP status
4557 code to be used in response. \n Note that
4558 values may be added to this enum, implementations
4559 must ensure that unknown values will not cause
4560 a crash. \n Unknown values here must result
4561 in the implementation setting the Accepted
4562 Condition for the Route to `status: False`,
4563 with a Reason of `UnsupportedValue`. \n Support:
4564 Core"
4565 enum:
4566 - 301
4567 - 302
4568 type: integer
4569 type: object
4570 responseHeaderModifier:
4571 description: "ResponseHeaderModifier defines a schema
4572 for a filter that modifies response headers. \n
4573 Support: Extended"
4574 properties:
4575 add:
4576 description: "Add adds the given header(s) (name,
4577 value) to the request before the action. It
4578 appends to any existing values associated
4579 with the header name. \n Input: GET /foo HTTP/1.1
4580 my-header: foo \n Config: add: - name: \"my-header\"
4581 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
4582 my-header: foo,bar,baz"
4583 items:
4584 description: HTTPHeader represents an HTTP
4585 Header name and value as defined by RFC
4586 7230.
4587 properties:
4588 name:
4589 description: "Name is the name of the
4590 HTTP Header to be matched. Name matching
4591 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4592 \n If multiple entries specify equivalent
4593 header names, the first entry with an
4594 equivalent name MUST be considered for
4595 a match. Subsequent entries with an
4596 equivalent header name MUST be ignored.
4597 Due to the case-insensitivity of header
4598 names, \"foo\" and \"Foo\" are considered
4599 equivalent."
4600 maxLength: 256
4601 minLength: 1
4602 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4603 type: string
4604 value:
4605 description: Value is the value of HTTP
4606 Header to be matched.
4607 maxLength: 4096
4608 minLength: 1
4609 type: string
4610 required:
4611 - name
4612 - value
4613 type: object
4614 maxItems: 16
4615 type: array
4616 x-kubernetes-list-map-keys:
4617 - name
4618 x-kubernetes-list-type: map
4619 remove:
4620 description: "Remove the given header(s) from
4621 the HTTP request before the action. The value
4622 of Remove is a list of HTTP header names.
4623 Note that the header names are case-insensitive
4624 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
4625 \n Input: GET /foo HTTP/1.1 my-header1: foo
4626 my-header2: bar my-header3: baz \n Config:
4627 remove: [\"my-header1\", \"my-header3\"] \n
4628 Output: GET /foo HTTP/1.1 my-header2: bar"
4629 items:
4630 type: string
4631 maxItems: 16
4632 type: array
4633 set:
4634 description: "Set overwrites the request with
4635 the given header (name, value) before the
4636 action. \n Input: GET /foo HTTP/1.1 my-header:
4637 foo \n Config: set: - name: \"my-header\"
4638 value: \"bar\" \n Output: GET /foo HTTP/1.1
4639 my-header: bar"
4640 items:
4641 description: HTTPHeader represents an HTTP
4642 Header name and value as defined by RFC
4643 7230.
4644 properties:
4645 name:
4646 description: "Name is the name of the
4647 HTTP Header to be matched. Name matching
4648 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4649 \n If multiple entries specify equivalent
4650 header names, the first entry with an
4651 equivalent name MUST be considered for
4652 a match. Subsequent entries with an
4653 equivalent header name MUST be ignored.
4654 Due to the case-insensitivity of header
4655 names, \"foo\" and \"Foo\" are considered
4656 equivalent."
4657 maxLength: 256
4658 minLength: 1
4659 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4660 type: string
4661 value:
4662 description: Value is the value of HTTP
4663 Header to be matched.
4664 maxLength: 4096
4665 minLength: 1
4666 type: string
4667 required:
4668 - name
4669 - value
4670 type: object
4671 maxItems: 16
4672 type: array
4673 x-kubernetes-list-map-keys:
4674 - name
4675 x-kubernetes-list-type: map
4676 type: object
4677 type:
4678 description: "Type identifies the type of filter
4679 to apply. As with other API fields, types are
4680 classified into three conformance levels: \n -
4681 Core: Filter types and their corresponding configuration
4682 defined by \"Support: Core\" in this package,
4683 e.g. \"RequestHeaderModifier\". All implementations
4684 must support core filters. \n - Extended: Filter
4685 types and their corresponding configuration defined
4686 by \"Support: Extended\" in this package, e.g.
4687 \"RequestMirror\". Implementers are encouraged
4688 to support extended filters. \n - Implementation-specific:
4689 Filters that are defined and supported by specific
4690 vendors. In the future, filters showing convergence
4691 in behavior across multiple implementations will
4692 be considered for inclusion in extended or core
4693 conformance levels. Filter-specific configuration
4694 for such filters is specified using the ExtensionRef
4695 field. `Type` should be set to \"ExtensionRef\"
4696 for custom filters. \n Implementers are encouraged
4697 to define custom implementation types to extend
4698 the core API with implementation-specific behavior.
4699 \n If a reference to a custom filter type cannot
4700 be resolved, the filter MUST NOT be skipped. Instead,
4701 requests that would have been processed by that
4702 filter MUST receive a HTTP error response. \n
4703 Note that values may be added to this enum, implementations
4704 must ensure that unknown values will not cause
4705 a crash. \n Unknown values here must result in
4706 the implementation setting the Accepted Condition
4707 for the Route to `status: False`, with a Reason
4708 of `UnsupportedValue`."
4709 enum:
4710 - RequestHeaderModifier
4711 - ResponseHeaderModifier
4712 - RequestRedirect
4713 type: string
4714 required:
4715 - type
4716 type: object
4717 maxItems: 16
4718 type: array
4719 required:
4720 - name
4721 type: object
4722 maxItems: 16
4723 type: array
4724 filters:
4725 description: "Filters define the filters that are applied to
4726 requests that match this rule. \n The effects of ordering
4727 of multiple behaviors are currently unspecified. This can
4728 change in the future based on feedback during the alpha stage.
4729 \n Conformance-levels at this level are defined based on the
4730 type of filter: \n - ALL core filters MUST be supported by
4731 all implementations. - Implementers are encouraged to support
4732 extended filters. - Implementation-specific custom filters
4733 have no API guarantees across implementations. \n Specifying
4734 a core filter multiple times has unspecified or custom conformance.
4735 \n All filters are expected to be compatible with each other
4736 except for the URLRewrite and RequestRedirect filters, which
4737 may not be combined. If an implementation can not support
4738 other combinations of filters, they must clearly document
4739 that limitation. In all cases where incompatible or unsupported
4740 filters are specified, implementations MUST add a warning
4741 condition to status. \n Support: Core"
4742 items:
4743 description: HTTPRouteFilter defines processing steps that
4744 must be completed during the request or response lifecycle.
4745 HTTPRouteFilters are meant as an extension point to express
4746 processing that may be done in Gateway implementations.
4747 Some examples include request or response modification,
4748 implementing authentication strategies, rate-limiting, and
4749 traffic shaping. API guarantee/conformance is defined based
4750 on the type of the filter.
4751 properties:
4752 requestHeaderModifier:
4753 description: "RequestHeaderModifier defines a schema for
4754 a filter that modifies request headers. \n Support:
4755 Core"
4756 properties:
4757 add:
4758 description: "Add adds the given header(s) (name,
4759 value) to the request before the action. It appends
4760 to any existing values associated with the header
4761 name. \n Input: GET /foo HTTP/1.1 my-header:
4762 foo \n Config: add: - name: \"my-header\" value:
4763 \"bar\" \n Output: GET /foo HTTP/1.1 my-header:
4764 foo my-header: bar"
4765 items:
4766 description: HTTPHeader represents an HTTP Header
4767 name and value as defined by RFC 7230.
4768 properties:
4769 name:
4770 description: "Name is the name of the HTTP Header
4771 to be matched. Name matching MUST be case
4772 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4773 \n If multiple entries specify equivalent
4774 header names, the first entry with an equivalent
4775 name MUST be considered for a match. Subsequent
4776 entries with an equivalent header name MUST
4777 be ignored. Due to the case-insensitivity
4778 of header names, \"foo\" and \"Foo\" are considered
4779 equivalent."
4780 maxLength: 256
4781 minLength: 1
4782 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4783 type: string
4784 value:
4785 description: Value is the value of HTTP Header
4786 to be matched.
4787 maxLength: 4096
4788 minLength: 1
4789 type: string
4790 required:
4791 - name
4792 - value
4793 type: object
4794 maxItems: 16
4795 type: array
4796 x-kubernetes-list-map-keys:
4797 - name
4798 x-kubernetes-list-type: map
4799 remove:
4800 description: "Remove the given header(s) from the
4801 HTTP request before the action. The value of Remove
4802 is a list of HTTP header names. Note that the header
4803 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
4804 \n Input: GET /foo HTTP/1.1 my-header1: foo
4805 \ my-header2: bar my-header3: baz \n Config:
4806 \ remove: [\"my-header1\", \"my-header3\"] \n Output:
4807 \ GET /foo HTTP/1.1 my-header2: bar"
4808 items:
4809 type: string
4810 maxItems: 16
4811 type: array
4812 set:
4813 description: "Set overwrites the request with the
4814 given header (name, value) before the action. \n
4815 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
4816 \ set: - name: \"my-header\" value: \"bar\"
4817 \n Output: GET /foo HTTP/1.1 my-header: bar"
4818 items:
4819 description: HTTPHeader represents an HTTP Header
4820 name and value as defined by RFC 7230.
4821 properties:
4822 name:
4823 description: "Name is the name of the HTTP Header
4824 to be matched. Name matching MUST be case
4825 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4826 \n If multiple entries specify equivalent
4827 header names, the first entry with an equivalent
4828 name MUST be considered for a match. Subsequent
4829 entries with an equivalent header name MUST
4830 be ignored. Due to the case-insensitivity
4831 of header names, \"foo\" and \"Foo\" are considered
4832 equivalent."
4833 maxLength: 256
4834 minLength: 1
4835 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4836 type: string
4837 value:
4838 description: Value is the value of HTTP Header
4839 to be matched.
4840 maxLength: 4096
4841 minLength: 1
4842 type: string
4843 required:
4844 - name
4845 - value
4846 type: object
4847 maxItems: 16
4848 type: array
4849 x-kubernetes-list-map-keys:
4850 - name
4851 x-kubernetes-list-type: map
4852 type: object
4853 requestRedirect:
4854 description: "RequestRedirect defines a schema for a filter
4855 that responds to the request with an HTTP redirection.
4856 \n Support: Core"
4857 properties:
4858 hostname:
4859 description: "Hostname is the hostname to be used
4860 in the value of the `Location` header in the response.
4861 When empty, the hostname of the request is used.
4862 \n Support: Core"
4863 maxLength: 253
4864 minLength: 1
4865 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4866 type: string
4867 path:
4868 description: "Path defines parameters used to
4869 modify the path of the incoming request. The
4870 modified path is then used to construct the
4871 `Location` header. When empty, the request
4872 path is used as-is. \n Support: Extended"
4873 properties:
4874 replaceFullPath:
4875 description: ReplaceFullPath specifies the
4876 value with which to replace the full path
4877 of a request during a rewrite or redirect.
4878 maxLength: 1024
4879 type: string
4880 replacePrefixMatch:
4881 description: "ReplacePrefixMatch specifies
4882 the value with which to replace the prefix
4883 match of a request during a rewrite or
4884 redirect. For example, a request to \"/foo/bar\"
4885 with a prefix match of \"/foo\" and a
4886 ReplacePrefixMatch of \"/xyz\" would be
4887 modified to \"/xyz/bar\". \n Note that
4888 this matches the behavior of the PathPrefix
4889 match type. This matches full path elements.
4890 A path element refers to the list of labels
4891 in the path split by the `/` separator.
4892 When specified, a trailing `/` is ignored.
4893 For example, the paths `/abc`, `/abc/`,
4894 and `/abc/def` would all match the prefix
4895 `/abc`, but the path `/abcd` would not.
4896 \n Request Path | Prefix Match | Replace
4897 Prefix | Modified Path -------------|--------------|----------------|----------
4898 /foo/bar | /foo | /xyz |
4899 /xyz/bar /foo/bar | /foo |
4900 /xyz/ | /xyz/bar /foo/bar |
4901 /foo/ | /xyz | /xyz/bar
4902 /foo/bar | /foo/ | /xyz/ |
4903 /xyz/bar /foo | /foo |
4904 /xyz | /xyz /foo/ | /foo
4905 \ | /xyz | /xyz/ /foo/bar
4906 \ | /foo | <empty string> |
4907 /bar /foo/ | /foo | <empty
4908 string> | / /foo | /foo |
4909 <empty string> | / /foo/ | /foo
4910 \ | / | / /foo |
4911 /foo | / | /"
4912 maxLength: 1024
4913 type: string
4914 type:
4915 description: "Type defines the type of path
4916 modifier. Additional types may be added
4917 in a future release of the API. \n Note
4918 that values may be added to this enum,
4919 implementations must ensure that unknown
4920 values will not cause a crash. \n Unknown
4921 values here must result in the implementation
4922 setting the Accepted Condition for the
4923 Route to `status: False`, with a Reason
4924 of `UnsupportedValue`."
4925 enum:
4926 - ReplaceFullPath
4927 - ReplacePrefixMatch
4928 type: string
4929 required:
4930 - type
4931 type: object
4932 port:
4933 description: "Port is the port to be used in the value
4934 of the `Location` header in the response. When empty,
4935 port (if specified) of the request is used. \n Support:
4936 Extended"
4937 format: int32
4938 maximum: 65535
4939 minimum: 1
4940 type: integer
4941 scheme:
4942 description: "Scheme is the scheme to be used in the
4943 value of the `Location` header in the response.
4944 When empty, the scheme of the request is used. \n
4945 Support: Extended"
4946 enum:
4947 - http
4948 - https
4949 type: string
4950 statusCode:
4951 default: 302
4952 description: "StatusCode is the HTTP status code to
4953 be used in response. \n Support: Core"
4954 enum:
4955 - 301
4956 - 302
4957 type: integer
4958 type: object
4959 type:
4960 description: "Type identifies the type of filter to apply.
4961 As with other API fields, types are classified into
4962 three conformance levels: \n - Core: Filter types and
4963 their corresponding configuration defined by \"Support:
4964 Core\" in this package, e.g. \"RequestHeaderModifier\"."
4965 enum:
4966 - RequestHeaderModifier
4967 - RequestRedirect
4968 type: string
4969 required:
4970 - type
4971 type: object
4972 maxItems: 16
4973 type: array
4974 matches:
4975 default:
4976 - path:
4977 type: PathPrefix
4978 value: /
4979 description: "Matches define conditions used for matching the
4980 rule against incoming HTTP requests. Each match is independent,
4981 i.e. this rule will be matched if **any** one of the matches
4982 is satisfied. \n For example, take the following matches configuration:
4983 \n ``` matches: - path: value: \"/foo\" headers: -
4984 name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"
4985 ``` \n For a request to match against this rule, a request
4986 must satisfy EITHER of the two conditions: \n - path prefixed
4987 with `/foo` AND contains the header `version: v2` - path prefix
4988 of `/v2/foo` \n See the documentation for HTTPRouteMatch on
4989 how to specify multiple match conditions that should be ANDed
4990 together. \n If no matches are specified, the default is a
4991 prefix path match on \"/\", which has the effect of matching
4992 every HTTP request. \n Proxy or Load Balancer routing configuration
4993 generated from HTTPRoutes MUST prioritize rules based on the
4994 following criteria, continuing on ties. Precedence must be
4995 given to the the Rule with the largest number of: \n * Characters
4996 in a matching non-wildcard hostname. * Characters in a matching
4997 hostname. * Characters in a matching path. * Header matches.
4998 * Query param matches. \n If ties still exist across multiple
4999 Routes, matching precedence MUST be determined in order of
5000 the following criteria, continuing on ties: \n * The oldest
5001 Route based on creation timestamp. * The Route appearing first
5002 in alphabetical order by \"{namespace}/{name}\". \n If ties
5003 still exist within the Route that has been given precedence,
5004 matching precedence MUST be granted to the first matching
5005 rule meeting the above criteria. \n When no rules matching
5006 a request have been successfully attached to the parent a
5007 request is coming from, a HTTP 404 status code MUST be returned."
5008 items:
5009 description: "HTTPRouteMatch defines the predicate used to
5010 match requests to a given action. Multiple match types are
5011 ANDed together, i.e. the match will evaluate to true only
5012 if all conditions are satisfied. \n For example, the match
5013 below will match a HTTP request only if its path starts
5014 with `/foo` AND it contains the `version: v1` header: \n
5015 ``` match: path: value: \"/foo\" headers: - name:
5016 \"version\" value \"v1\" ```"
5017 properties:
5018 headers:
5019 description: Headers specifies HTTP request header matchers.
5020 Multiple match values are ANDed together, meaning, a
5021 request must match all the specified headers to select
5022 the route.
5023 items:
5024 description: HTTPHeaderMatch describes how to select
5025 a HTTP route by matching HTTP request headers.
5026 properties:
5027 name:
5028 description: "Name is the name of the HTTP Header
5029 to be matched. Name matching MUST be case insensitive.
5030 (See https://tools.ietf.org/html/rfc7230#section-3.2).
5031 \n If multiple entries specify equivalent header
5032 names, only the first entry with an equivalent
5033 name MUST be considered for a match. Subsequent
5034 entries with an equivalent header name MUST be
5035 ignored. Due to the case-insensitivity of header
5036 names, \"foo\" and \"Foo\" are considered equivalent.
5037 \n When a header is repeated in an HTTP request,
5038 it is implementation-specific behavior as to how
5039 this is represented. Generally, proxies should
5040 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
5041 regarding processing a repeated header, with special
5042 handling for \"Set-Cookie\"."
5043 maxLength: 256
5044 minLength: 1
5045 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5046 type: string
5047 type:
5048 default: Exact
5049 description: "Type specifies how to match against
5050 the value of the header. \n Support: Core (Exact)
5051 \n Support: Custom (RegularExpression) \n Since
5052 RegularExpression HeaderMatchType has custom conformance,
5053 implementations can support POSIX, PCRE or any
5054 other dialects of regular expressions. Please
5055 read the implementation's documentation to determine
5056 the supported dialect."
5057 enum:
5058 - Exact
5059 - RegularExpression
5060 type: string
5061 value:
5062 description: Value is the value of HTTP Header to
5063 be matched.
5064 maxLength: 4096
5065 minLength: 1
5066 type: string
5067 required:
5068 - name
5069 - value
5070 type: object
5071 maxItems: 16
5072 type: array
5073 x-kubernetes-list-map-keys:
5074 - name
5075 x-kubernetes-list-type: map
5076 method:
5077 description: "Method specifies HTTP method matcher. When
5078 specified, this route will be matched only if the request
5079 has the specified method. \n Support: Extended"
5080 enum:
5081 - GET
5082 - HEAD
5083 - POST
5084 - PUT
5085 - DELETE
5086 - CONNECT
5087 - OPTIONS
5088 - TRACE
5089 - PATCH
5090 type: string
5091 path:
5092 default:
5093 type: PathPrefix
5094 value: /
5095 description: Path specifies a HTTP request path matcher.
5096 If this field is not specified, a default prefix match
5097 on the "/" path is provided.
5098 properties:
5099 type:
5100 default: PathPrefix
5101 description: "Type specifies how to match against
5102 the path Value. \n Support: Core (Exact, PathPrefix)
5103 \n Support: Custom (RegularExpression)"
5104 enum:
5105 - Exact
5106 - PathPrefix
5107 - RegularExpression
5108 type: string
5109 value:
5110 default: /
5111 description: Value of the HTTP path to match against.
5112 maxLength: 1024
5113 type: string
5114 type: object
5115 queryParams:
5116 description: QueryParams specifies HTTP query parameter
5117 matchers. Multiple match values are ANDed together,
5118 meaning, a request must match all the specified query
5119 parameters to select the route.
5120 items:
5121 description: HTTPQueryParamMatch describes how to select
5122 a HTTP route by matching HTTP query parameters.
5123 properties:
5124 name:
5125 description: Name is the name of the HTTP query
5126 param to be matched. This must be an exact string
5127 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
5128 maxLength: 256
5129 minLength: 1
5130 type: string
5131 type:
5132 default: Exact
5133 description: "Type specifies how to match against
5134 the value of the query parameter. \n Support:
5135 Extended (Exact) \n Support: Custom (RegularExpression)
5136 \n Since RegularExpression QueryParamMatchType
5137 has custom conformance, implementations can support
5138 POSIX, PCRE or any other dialects of regular expressions.
5139 Please read the implementation's documentation
5140 to determine the supported dialect."
5141 enum:
5142 - Exact
5143 - RegularExpression
5144 type: string
5145 value:
5146 description: Value is the value of HTTP query param
5147 to be matched.
5148 maxLength: 1024
5149 minLength: 1
5150 type: string
5151 required:
5152 - name
5153 - value
5154 type: object
5155 maxItems: 16
5156 type: array
5157 x-kubernetes-list-map-keys:
5158 - name
5159 x-kubernetes-list-type: map
5160 type: object
5161 maxItems: 8
5162 type: array
5163 timeouts:
5164 description: "Timeouts defines the timeouts that can be configured
5165 for an HTTP request. \n Support: Core \n <gateway:experimental>"
5166 properties:
5167 backendRequest:
5168 description: "BackendRequest specifies a timeout for an
5169 individual request from the gateway to a backend service.
5170 Typically used in conjunction with automatic retries,
5171 if supported by an implementation. Default is the value
5172 of Request timeout. \n Support: Extended"
5173 format: duration
5174 type: string
5175 request:
5176 description: "Request specifies a timeout for responding
5177 to client HTTP requests, disabled by default. \n For example,
5178 the following rule will timeout if a client request is
5179 taking longer than 10 seconds to complete: \n ``` rules:
5180 - timeouts: request: 10s backendRefs: ... ``` \n Support:
5181 Core"
5182 format: duration
5183 type: string
5184 type: object
5185 type: object
5186 maxItems: 16
5187 type: array
5188 type: object
5189 status:
5190 description: Status defines the current state of HTTPRoute.
5191 properties:
5192 parents:
5193 description: "Parents is a list of parent resources (usually Gateways)
5194 that are associated with the route, and the status of the route
5195 with respect to each parent. When this route attaches to a parent,
5196 the controller that manages the parent must add an entry to this
5197 list when the controller first sees the route and should update
5198 the entry as appropriate when the route or gateway is modified.
5199 \n Note that parent references that cannot be resolved by an implementation
5200 of this API will not be added to this list. Implementations of this
5201 API can only populate Route status for the Gateways/parent resources
5202 they are responsible for. \n A maximum of 32 Gateways will be represented
5203 in this list. An empty list means the route has not been attached
5204 to any Gateway."
5205 items:
5206 description: RouteParentStatus describes the status of a route with
5207 respect to an associated Parent.
5208 properties:
5209 conditions:
5210 description: "Conditions describes the status of the route with
5211 respect to the Gateway. Note that the route's availability
5212 is also subject to the Gateway's own status conditions and
5213 listener status. \n If the Route's ParentRef specifies an
5214 existing Gateway that supports Routes of this kind AND that
5215 Gateway's controller has sufficient access, then that Gateway's
5216 controller MUST set the \"Accepted\" condition on the Route,
5217 to indicate whether the route has been accepted or rejected
5218 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
5219 if at least one of the Route's rules is implemented by the
5220 Gateway. \n There are a number of cases where the \"Accepted\"
5221 condition may not be set due to lack of controller visibility,
5222 that includes when: \n * The Route refers to a non-existent
5223 parent. * The Route is of a type that the controller does
5224 not support. * The Route is in a namespace the the controller
5225 does not have access to."
5226 items:
5227 description: "Condition contains details for one aspect of
5228 the current state of this API Resource. --- This struct
5229 is intended for direct use as an array at the field path
5230 .status.conditions. For example, type FooStatus struct{
5231 \ // Represents the observations of a foo's current state.
5232 \ // Known .status.conditions.type are: \"Available\",
5233 \"Progressing\", and \"Degraded\" // +patchMergeKey=type
5234 \ // +patchStrategy=merge // +listType=map //
5235 +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
5236 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
5237 \n // other fields }"
5238 properties:
5239 lastTransitionTime:
5240 description: lastTransitionTime is the last time the condition
5241 transitioned from one status to another. This should
5242 be when the underlying condition changed. If that is
5243 not known, then using the time when the API field changed
5244 is acceptable.
5245 format: date-time
5246 type: string
5247 message:
5248 description: message is a human readable message indicating
5249 details about the transition. This may be an empty string.
5250 maxLength: 32768
5251 type: string
5252 observedGeneration:
5253 description: observedGeneration represents the .metadata.generation
5254 that the condition was set based upon. For instance,
5255 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
5256 is 9, the condition is out of date with respect to the
5257 current state of the instance.
5258 format: int64
5259 minimum: 0
5260 type: integer
5261 reason:
5262 description: reason contains a programmatic identifier
5263 indicating the reason for the condition's last transition.
5264 Producers of specific condition types may define expected
5265 values and meanings for this field, and whether the
5266 values are considered a guaranteed API. The value should
5267 be a CamelCase string. This field may not be empty.
5268 maxLength: 1024
5269 minLength: 1
5270 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
5271 type: string
5272 status:
5273 description: status of the condition, one of True, False,
5274 Unknown.
5275 enum:
5276 - "True"
5277 - "False"
5278 - Unknown
5279 type: string
5280 type:
5281 description: type of condition in CamelCase or in foo.example.com/CamelCase.
5282 --- Many .condition.type values are consistent across
5283 resources like Available, but because arbitrary conditions
5284 can be useful (see .node.status.conditions), the ability
5285 to deconflict is important. The regex it matches is
5286 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
5287 maxLength: 316
5288 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
5289 type: string
5290 required:
5291 - lastTransitionTime
5292 - message
5293 - reason
5294 - status
5295 - type
5296 type: object
5297 maxItems: 8
5298 minItems: 1
5299 type: array
5300 x-kubernetes-list-map-keys:
5301 - type
5302 x-kubernetes-list-type: map
5303 controllerName:
5304 description: "ControllerName is a domain/path string that indicates
5305 the name of the controller that wrote this status. This corresponds
5306 with the controllerName field on GatewayClass. \n Example:
5307 \"example.net/gateway-controller\". \n The format of this
5308 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
5309 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
5310 \n Controllers MUST populate this field when writing status.
5311 Controllers should ensure that entries to status populated
5312 with their ControllerName are cleaned up when they are no
5313 longer necessary."
5314 maxLength: 253
5315 minLength: 1
5316 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
5317 type: string
5318 parentRef:
5319 description: ParentRef corresponds with a ParentRef in the spec
5320 that this RouteParentStatus struct describes the status of.
5321 properties:
5322 group:
5323 default: policy.linkerd.io
5324 description: "Group is the group of the referent. \n Support:
5325 Core"
5326 maxLength: 253
5327 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5328 type: string
5329 kind:
5330 default: Gateway
5331 description: "Kind is kind of the referent. \n Support:
5332 Core (Gateway) Support: Custom (Other Resources)"
5333 maxLength: 63
5334 minLength: 1
5335 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5336 type: string
5337 name:
5338 description: "Name is the name of the referent. \n Support:
5339 Core"
5340 maxLength: 253
5341 minLength: 1
5342 type: string
5343 namespace:
5344 description: "Namespace is the namespace of the referent.
5345 When unspecified (or empty string), this refers to the
5346 local namespace of the Route. \n Support: Core"
5347 maxLength: 63
5348 minLength: 1
5349 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
5350 type: string
5351 port:
5352 description: "Port is the network port this Route targets.
5353 It can be interpreted differently based on the type of
5354 parent resource. \n When the parent resource is a Gateway,
5355 this targets all listeners listening on the specified
5356 port that also support this kind of Route(and select this
5357 Route). It's not recommended to set `Port` unless the
5358 networking behaviors specified in a Route must apply to
5359 a specific port as opposed to a listener(s) whose port(s)
5360 may be changed. When both Port and SectionName are specified,
5361 the name and port of the selected listener must match
5362 both specified values. \n Implementations MAY choose to
5363 support other parent resources. Implementations supporting
5364 other types of parent resources MUST clearly document
5365 how/if Port is interpreted. \n For the purpose of status,
5366 an attachment is considered successful as long as the
5367 parent resource accepts it partially. For example, Gateway
5368 listeners can restrict which Routes can attach to them
5369 by Route kind, namespace, or hostname. If 1 of 2 Gateway
5370 listeners accept attachment from the referencing Route,
5371 the Route MUST be considered successfully attached. If
5372 no Gateway listeners accept attachment from this Route,
5373 the Route MUST be considered detached from the Gateway.
5374 \n Support: Extended \n <gateway:experimental>"
5375 format: int32
5376 maximum: 65535
5377 minimum: 1
5378 type: integer
5379 sectionName:
5380 description: "SectionName is the name of a section within
5381 the target resource. In the following resources, SectionName
5382 is interpreted as the following: \n * Gateway: Listener
5383 Name. When both Port (experimental) and SectionName are
5384 specified, the name and port of the selected listener
5385 must match both specified values. \n Implementations MAY
5386 choose to support attaching Routes to other resources.
5387 If that is the case, they MUST clearly document how SectionName
5388 is interpreted. \n When unspecified (empty string), this
5389 will reference the entire resource. For the purpose of
5390 status, an attachment is considered successful if at least
5391 one section in the parent resource accepts it. For example,
5392 Gateway listeners can restrict which Routes can attach
5393 to them by Route kind, namespace, or hostname. If 1 of
5394 2 Gateway listeners accept attachment from the referencing
5395 Route, the Route MUST be considered successfully attached.
5396 If no Gateway listeners accept attachment from this Route,
5397 the Route MUST be considered detached from the Gateway.
5398 \n Support: Core"
5399 maxLength: 253
5400 minLength: 1
5401 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5402 type: string
5403 required:
5404 - name
5405 type: object
5406 required:
5407 - controllerName
5408 - parentRef
5409 type: object
5410 maxItems: 32
5411 type: array
5412 required:
5413 - parents
5414 type: object
5415 required:
5416 - spec
5417 type: object
5418 served: true
5419 storage: true
5420 subresources:
5421 status: {}
5422status:
5423 acceptedNames:
5424 kind: ""
5425 plural: ""
5426 conditions: []
5427 storedVersions: []
5428---
5429apiVersion: apiextensions.k8s.io/v1
5430kind: CustomResourceDefinition
5431metadata:
5432 name: meshtlsauthentications.policy.linkerd.io
5433 annotations:
5434 linkerd.io/created-by: linkerd/cli dev-undefined
5435 labels:
5436 helm.sh/chart: linkerd-crds-0.0.0-undefined
5437 linkerd.io/control-plane-ns: linkerd
5438spec:
5439 group: policy.linkerd.io
5440 scope: Namespaced
5441 names:
5442 kind: MeshTLSAuthentication
5443 plural: meshtlsauthentications
5444 singular: meshtlsauthentication
5445 shortNames: [meshtlsauthn]
5446 versions:
5447 - name: v1alpha1
5448 served: true
5449 storage: true
5450 schema:
5451 openAPIV3Schema:
5452 type: object
5453 required: [spec]
5454 properties:
5455 spec:
5456 description: >-
5457 MeshTLSAuthentication defines a list of authenticated client IDs
5458 to be referenced by an `AuthorizationPolicy`. If a client
5459 connection has the mutually-authenticated identity that matches
5460 ANY of the of the provided identities, the connection is
5461 considered authenticated.
5462 type: object
5463 oneOf:
5464 - required: [identities]
5465 - required: [identityRefs]
5466 properties:
5467 identities:
5468 description: >-
5469 Authorizes clients with the provided proxy identity strings
5470 (as provided via MTLS)
5471
5472 The `*` prefix can be used to match all identities in
5473 a domain. An identity string of `*` indicates that
5474 all authentication clients are authorized.
5475 type: array
5476 minItems: 1
5477 items:
5478 type: string
5479 identityRefs:
5480 type: array
5481 minItems: 1
5482 items:
5483 type: object
5484 required:
5485 - kind
5486 properties:
5487 group:
5488 description: >-
5489 Group is the group of the referent. When empty, the
5490 Kubernetes core API group is inferred."
5491 maxLength: 253
5492 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5493 type: string
5494 kind:
5495 description: >-
5496 Kind is the kind of the referent.
5497 maxLength: 63
5498 minLength: 1
5499 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5500 type: string
5501 name:
5502 description: >-
5503 Name is the name of the referent. When unspecified,
5504 this refers to all resources of the specified Group
5505 and Kind in the specified namespace.
5506 maxLength: 253
5507 minLength: 1
5508 type: string
5509 namespace:
5510 description: >-
5511 Name is the name of the referent. When unspecified,
5512 this authentication refers to the local namespace.
5513 maxLength: 253
5514 type: string
5515---
5516apiVersion: apiextensions.k8s.io/v1
5517kind: CustomResourceDefinition
5518metadata:
5519 name: networkauthentications.policy.linkerd.io
5520 annotations:
5521 linkerd.io/created-by: linkerd/cli dev-undefined
5522 labels:
5523 helm.sh/chart: linkerd-crds-0.0.0-undefined
5524 linkerd.io/control-plane-ns: linkerd
5525spec:
5526 group: policy.linkerd.io
5527 scope: Namespaced
5528 names:
5529 kind: NetworkAuthentication
5530 plural: networkauthentications
5531 singular: networkauthentication
5532 shortNames: [netauthn, networkauthn]
5533 versions:
5534 - name: v1alpha1
5535 served: true
5536 storage: true
5537 schema:
5538 openAPIV3Schema:
5539 type: object
5540 required: [spec]
5541 properties:
5542 spec:
5543 description: >-
5544 NetworkAuthentication defines a list of authenticated client
5545 networks to be referenced by an `AuthorizationPolicy`. If a
5546 client connection originates from ANY of the of the provided
5547 networks, the connection is considered authenticated.
5548 type: object
5549 required: [networks]
5550 properties:
5551 networks:
5552 type: array
5553 items:
5554 type: object
5555 required: [cidr]
5556 properties:
5557 cidr:
5558 description: >-
5559 The CIDR of the network to be authorized.
5560 type: string
5561 except:
5562 description: >-
5563 A list of IP networks/addresses not to be included in
5564 the above `cidr`.
5565 type: array
5566 items:
5567 type: string
5568---
5569apiVersion: apiextensions.k8s.io/v1
5570kind: CustomResourceDefinition
5571metadata:
5572 name: serverauthorizations.policy.linkerd.io
5573 annotations:
5574 linkerd.io/created-by: linkerd/cli dev-undefined
5575 labels:
5576 helm.sh/chart: linkerd-crds-0.0.0-undefined
5577 linkerd.io/control-plane-ns: linkerd
5578spec:
5579 group: policy.linkerd.io
5580 scope: Namespaced
5581 names:
5582 kind: ServerAuthorization
5583 plural: serverauthorizations
5584 singular: serverauthorization
5585 shortNames: [saz, serverauthz, srvauthz]
5586 versions:
5587 - name: v1alpha1
5588 served: true
5589 storage: false
5590 deprecated: true
5591 deprecationWarning: "policy.linkerd.io/v1alpha1 ServerAuthorization is deprecated; use policy.linkerd.io/v1beta1 ServerAuthorization"
5592 schema:
5593 openAPIV3Schema:
5594 type: object
5595 required: [spec]
5596 properties:
5597 spec:
5598 description: >-
5599 Authorizes clients to communicate with Linkerd-proxied servers.
5600 type: object
5601 required: [server, client]
5602 properties:
5603 server:
5604 description: >-
5605 Identifies servers in the same namespace for which this
5606 authorization applies.
5607
5608 Only one of `name` or `selector` may be specified.
5609 type: object
5610 oneOf:
5611 - required: [name]
5612 - required: [selector]
5613 properties:
5614 name:
5615 description: References a `Server` instance by name
5616 type: string
5617 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5618 selector:
5619 description: >-
5620 A label query over servers on which this authorization applies.
5621 type: object
5622 properties:
5623 matchLabels:
5624 type: object
5625 x-kubernetes-preserve-unknown-fields: true
5626 matchExpressions:
5627 type: array
5628 items:
5629 type: object
5630 required: [key, operator]
5631 properties:
5632 key:
5633 type: string
5634 operator:
5635 type: string
5636 enum: [In, NotIn, Exists, DoesNotExist]
5637 values:
5638 type: array
5639 items:
5640 type: string
5641 client:
5642 description: Describes clients authorized to access a server.
5643 type: object
5644 properties:
5645 networks:
5646 description: >-
5647 Limits the client IP addresses to which this
5648 authorization applies. If unset, the server chooses a
5649 default (typically, all IPs or the cluster's pod
5650 network).
5651 type: array
5652 items:
5653 type: object
5654 required: [cidr]
5655 properties:
5656 cidr:
5657 type: string
5658 except:
5659 type: array
5660 items:
5661 type: string
5662 unauthenticated:
5663 description: >-
5664 Authorizes unauthenticated clients to access a server.
5665 type: boolean
5666 meshTLS:
5667 type: object
5668 properties:
5669 unauthenticatedTLS:
5670 type: boolean
5671 description: >-
5672 Indicates that no client identity is required for
5673 communication.
5674
5675 This is mostly important for the identity
5676 controller, which must terminate TLS connections
5677 from clients that do not yet have a certificate.
5678 identities:
5679 description: >-
5680 Authorizes clients with the provided proxy identity
5681 strings (as provided via MTLS)
5682
5683 The `*` prefix can be used to match all identities in
5684 a domain. An identity string of `*` indicates that
5685 all authentication clients are authorized.
5686 type: array
5687 items:
5688 type: string
5689 pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
5690 serviceAccounts:
5691 description: >-
5692 Authorizes clients with the provided proxy identity
5693 service accounts (as provided via MTLS)
5694 type: array
5695 items:
5696 type: object
5697 required: [name]
5698 properties:
5699 name:
5700 description: The ServiceAccount's name.
5701 type: string
5702 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5703 namespace:
5704 description: >-
5705 The ServiceAccount's namespace. If unset, the
5706 authorization's namespace is used.
5707 type: string
5708 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5709 - name: v1beta1
5710 served: true
5711 storage: true
5712 schema:
5713 openAPIV3Schema:
5714 type: object
5715 required: [spec]
5716 properties:
5717 spec:
5718 description: >-
5719 Authorizes clients to communicate with Linkerd-proxied servers.
5720 type: object
5721 required: [server, client]
5722 properties:
5723 server:
5724 description: >-
5725 Identifies servers in the same namespace for which this
5726 authorization applies.
5727
5728 Only one of `name` or `selector` may be specified.
5729 type: object
5730 oneOf:
5731 - required: [name]
5732 - required: [selector]
5733 properties:
5734 name:
5735 description: References a `Server` instance by name
5736 type: string
5737 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5738 selector:
5739 description: >-
5740 A label query over servers on which this authorization applies.
5741 type: object
5742 properties:
5743 matchLabels:
5744 type: object
5745 x-kubernetes-preserve-unknown-fields: true
5746 matchExpressions:
5747 type: array
5748 items:
5749 type: object
5750 required: [key, operator]
5751 properties:
5752 key:
5753 type: string
5754 operator:
5755 type: string
5756 enum: [In, NotIn, Exists, DoesNotExist]
5757 values:
5758 type: array
5759 items:
5760 type: string
5761 client:
5762 description: Describes clients authorized to access a server.
5763 type: object
5764 properties:
5765 networks:
5766 description: >-
5767 Limits the client IP addresses to which this
5768 authorization applies. If unset, the server chooses a
5769 default (typically, all IPs or the cluster's pod
5770 network).
5771 type: array
5772 items:
5773 type: object
5774 required: [cidr]
5775 properties:
5776 cidr:
5777 type: string
5778 except:
5779 type: array
5780 items:
5781 type: string
5782 unauthenticated:
5783 description: >-
5784 Authorizes unauthenticated clients to access a server.
5785 type: boolean
5786 meshTLS:
5787 type: object
5788 properties:
5789 unauthenticatedTLS:
5790 type: boolean
5791 description: >-
5792 Indicates that no client identity is required for
5793 communication.
5794
5795 This is mostly important for the identity
5796 controller, which must terminate TLS connections
5797 from clients that do not yet have a certificate.
5798 identities:
5799 description: >-
5800 Authorizes clients with the provided proxy identity
5801 strings (as provided via MTLS)
5802
5803 The `*` prefix can be used to match all identities in
5804 a domain. An identity string of `*` indicates that
5805 all authentication clients are authorized.
5806 type: array
5807 items:
5808 type: string
5809 pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
5810 serviceAccounts:
5811 description: >-
5812 Authorizes clients with the provided proxy identity
5813 service accounts (as provided via MTLS)
5814 type: array
5815 items:
5816 type: object
5817 required: [name]
5818 properties:
5819 name:
5820 description: The ServiceAccount's name.
5821 type: string
5822 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5823 namespace:
5824 description: >-
5825 The ServiceAccount's namespace. If unset, the
5826 authorization's namespace is used.
5827 type: string
5828 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5829 additionalPrinterColumns:
5830 - name: Server
5831 type: string
5832 description: The server that this grants access to
5833 jsonPath: .spec.server.name
5834---
5835apiVersion: apiextensions.k8s.io/v1
5836kind: CustomResourceDefinition
5837metadata:
5838 name: servers.policy.linkerd.io
5839 annotations:
5840 linkerd.io/created-by: linkerd/cli dev-undefined
5841 labels:
5842 helm.sh/chart: linkerd-crds-0.0.0-undefined
5843 linkerd.io/control-plane-ns: linkerd
5844spec:
5845 group: policy.linkerd.io
5846 names:
5847 kind: Server
5848 plural: servers
5849 singular: server
5850 shortNames: [srv]
5851 scope: Namespaced
5852 versions:
5853 - name: v1alpha1
5854 served: true
5855 storage: false
5856 deprecated: true
5857 deprecationWarning: "policy.linkerd.io/v1alpha1 Server is deprecated; use policy.linkerd.io/v1beta1 Server"
5858 schema:
5859 openAPIV3Schema:
5860 type: object
5861 required: [spec]
5862 properties:
5863 spec:
5864 type: object
5865 required:
5866 - podSelector
5867 - port
5868 properties:
5869 podSelector:
5870 type: object
5871 description: >-
5872 Selects pods in the same namespace.
5873 oneOf:
5874 - required: [matchExpressions]
5875 - required: [matchLabels]
5876 properties:
5877 matchLabels:
5878 type: object
5879 x-kubernetes-preserve-unknown-fields: true
5880 matchExpressions:
5881 type: array
5882 items:
5883 type: object
5884 required: [key, operator]
5885 properties:
5886 key:
5887 type: string
5888 operator:
5889 type: string
5890 enum: [In, NotIn, Exists, DoesNotExist]
5891 values:
5892 type: array
5893 items:
5894 type: string
5895 port:
5896 description: >-
5897 A port name or number. Must exist in a pod spec.
5898 x-kubernetes-int-or-string: true
5899 proxyProtocol:
5900 description: >-
5901 Configures protocol discovery for inbound connections.
5902
5903 Supersedes the `config.linkerd.io/opaque-ports` annotation.
5904 type: string
5905 default: unknown
5906 - name: v1beta1
5907 served: true
5908 storage: false
5909 deprecated: true
5910 deprecationWarning: "policy.linkerd.io/v1alpha1 Server is deprecated; use policy.linkerd.io/v1beta2 Server"
5911 schema:
5912 openAPIV3Schema:
5913 type: object
5914 required: [spec]
5915 properties:
5916 spec:
5917 type: object
5918 required:
5919 - podSelector
5920 - port
5921 properties:
5922 podSelector:
5923 type: object
5924 description: >-
5925 Selects pods in the same namespace.
5926
5927 The result of matchLabels and matchExpressions are ANDed.
5928 Selects all if empty.
5929 properties:
5930 matchLabels:
5931 type: object
5932 x-kubernetes-preserve-unknown-fields: true
5933 matchExpressions:
5934 type: array
5935 items:
5936 type: object
5937 required: [key, operator]
5938 properties:
5939 key:
5940 type: string
5941 operator:
5942 type: string
5943 enum: [In, NotIn, Exists, DoesNotExist]
5944 values:
5945 type: array
5946 items:
5947 type: string
5948 port:
5949 description: >-
5950 A port name or number. Must exist in a pod spec.
5951 x-kubernetes-int-or-string: true
5952 proxyProtocol:
5953 description: >-
5954 Configures protocol discovery for inbound connections.
5955
5956 Supersedes the `config.linkerd.io/opaque-ports` annotation.
5957 type: string
5958 default: unknown
5959 additionalPrinterColumns:
5960 - name: Port
5961 type: string
5962 description: The port the server is listening on
5963 jsonPath: .spec.port
5964 - name: Protocol
5965 type: string
5966 description: The protocol of the server
5967 jsonPath: .spec.proxyProtocol
5968 - name: v1beta2
5969 served: true
5970 storage: true
5971 schema:
5972 openAPIV3Schema:
5973 type: object
5974 required: [spec]
5975 properties:
5976 spec:
5977 type: object
5978 required:
5979 - port
5980 oneOf:
5981 - required: [podSelector]
5982 - required: [externalWorkloadSelector]
5983 properties:
5984 podSelector:
5985 type: object
5986 description: >-
5987 Selects pods in the same namespace.
5988
5989 The result of matchLabels and matchExpressions are ANDed.
5990 Selects all if empty.
5991 properties:
5992 matchLabels:
5993 type: object
5994 x-kubernetes-preserve-unknown-fields: true
5995 matchExpressions:
5996 type: array
5997 items:
5998 type: object
5999 required: [key, operator]
6000 properties:
6001 key:
6002 type: string
6003 operator:
6004 type: string
6005 enum: [In, NotIn, Exists, DoesNotExist]
6006 values:
6007 type: array
6008 items:
6009 type: string
6010 externalWorkloadSelector:
6011 type: object
6012 description: >-
6013 Selects ExternalWorkloads in the same namespace.
6014
6015 The result of matchLabels and matchExpressions are ANDed.
6016 Selects all if empty.
6017 properties:
6018 matchLabels:
6019 type: object
6020 x-kubernetes-preserve-unknown-fields: true
6021 matchExpressions:
6022 type: array
6023 items:
6024 type: object
6025 required: [key, operator]
6026 properties:
6027 key:
6028 type: string
6029 operator:
6030 type: string
6031 enum: [In, NotIn, Exists, DoesNotExist]
6032 values:
6033 type: array
6034 items:
6035 type: string
6036 port:
6037 description: >-
6038 A port name or number. Must exist in a pod spec.
6039 x-kubernetes-int-or-string: true
6040 proxyProtocol:
6041 description: >-
6042 Configures protocol discovery for inbound connections.
6043
6044 Supersedes the `config.linkerd.io/opaque-ports` annotation.
6045 type: string
6046 default: unknown
6047 additionalPrinterColumns:
6048 - name: Port
6049 type: string
6050 description: The port the server is listening on
6051 jsonPath: .spec.port
6052 - name: Protocol
6053 type: string
6054 description: The protocol of the server
6055 jsonPath: .spec.proxyProtocol
6056---
6057###
6058### Service Profile CRD
6059###
6060apiVersion: apiextensions.k8s.io/v1
6061kind: CustomResourceDefinition
6062metadata:
6063 name: serviceprofiles.linkerd.io
6064 annotations:
6065 linkerd.io/created-by: linkerd/cli dev-undefined
6066 labels:
6067 helm.sh/chart: linkerd-crds-0.0.0-undefined
6068 linkerd.io/control-plane-ns: linkerd
6069spec:
6070 group: linkerd.io
6071 versions:
6072 - name: v1alpha1
6073 served: true
6074 storage: false
6075 schema:
6076 openAPIV3Schema:
6077 type: object
6078 properties:
6079 spec:
6080 type: object
6081 description: Spec is the custom resource spec
6082 required:
6083 - routes
6084 properties:
6085 dstOverrides:
6086 type: array
6087 required:
6088 - authority
6089 - weight
6090 items:
6091 type: object
6092 description: WeightedDst is a weighted alternate destination.
6093 properties:
6094 authority:
6095 type: string
6096 weight:
6097 x-kubernetes-int-or-string: true
6098 anyOf:
6099 - type: integer
6100 - type: string
6101 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6102 opaquePorts:
6103 type: array
6104 items:
6105 type: string
6106 retryBudget:
6107 type: object
6108 required:
6109 - minRetriesPerSecond
6110 - retryRatio
6111 - ttl
6112 description: RetryBudget describes the maximum number of retries that should be issued to this service.
6113 properties:
6114 minRetriesPerSecond:
6115 format: int32
6116 type: integer
6117 retryRatio:
6118 type: number
6119 format: float
6120 ttl:
6121 type: string
6122 routes:
6123 type: array
6124 items:
6125 type: object
6126 description: RouteSpec specifies a Route resource.
6127 required:
6128 - condition
6129 - name
6130 properties:
6131 condition:
6132 type: object
6133 description: RequestMatch describes the conditions under which to match a Route.
6134 properties:
6135 pathRegex:
6136 type: string
6137 method:
6138 type: string
6139 all:
6140 type: array
6141 items:
6142 type: object
6143 x-kubernetes-preserve-unknown-fields: true
6144 any:
6145 type: array
6146 items:
6147 type: object
6148 x-kubernetes-preserve-unknown-fields: true
6149 not:
6150 type: array
6151 items:
6152 type: object
6153 x-kubernetes-preserve-unknown-fields: true
6154 isRetryable:
6155 type: boolean
6156 name:
6157 type: string
6158 timeout:
6159 type: string
6160 responseClasses:
6161 type: array
6162 items:
6163 type: object
6164 required:
6165 - condition
6166 description: ResponseClass describes how to classify a response (e.g. success or failures).
6167 properties:
6168 condition:
6169 type: object
6170 description: ResponseMatch describes the conditions under
6171 which to classify a response.
6172 properties:
6173 all:
6174 type: array
6175 items:
6176 type: object
6177 x-kubernetes-preserve-unknown-fields: true
6178 any:
6179 type: array
6180 items:
6181 type: object
6182 x-kubernetes-preserve-unknown-fields: true
6183 not:
6184 type: object
6185 x-kubernetes-preserve-unknown-fields: true
6186 status:
6187 type: object
6188 description: Range describes a range of integers (e.g. status codes).
6189 properties:
6190 max:
6191 format: int32
6192 type: integer
6193 min:
6194 format: int32
6195 type: integer
6196 isFailure:
6197 type: boolean
6198 - name: v1alpha2
6199 served: true
6200 storage: true
6201 schema:
6202 openAPIV3Schema:
6203 type: object
6204 properties:
6205 spec:
6206 type: object
6207 description: Spec is the custom resource spec
6208 properties:
6209 dstOverrides:
6210 type: array
6211 required:
6212 - authority
6213 - weight
6214 items:
6215 type: object
6216 description: WeightedDst is a weighted alternate destination.
6217 properties:
6218 authority:
6219 type: string
6220 weight:
6221 x-kubernetes-int-or-string: true
6222 anyOf:
6223 - type: integer
6224 - type: string
6225 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6226 opaquePorts:
6227 type: array
6228 items:
6229 type: string
6230 retryBudget:
6231 type: object
6232 required:
6233 - minRetriesPerSecond
6234 - retryRatio
6235 - ttl
6236 description: RetryBudget describes the maximum number of retries that should be issued to this service.
6237 properties:
6238 minRetriesPerSecond:
6239 format: int32
6240 type: integer
6241 retryRatio:
6242 type: number
6243 format: float
6244 ttl:
6245 type: string
6246 routes:
6247 type: array
6248 items:
6249 type: object
6250 description: RouteSpec specifies a Route resource.
6251 required:
6252 - condition
6253 - name
6254 properties:
6255 condition:
6256 type: object
6257 description: RequestMatch describes the conditions under which to match a Route.
6258 properties:
6259 pathRegex:
6260 type: string
6261 method:
6262 type: string
6263 all:
6264 type: array
6265 items:
6266 type: object
6267 x-kubernetes-preserve-unknown-fields: true
6268 any:
6269 type: array
6270 items:
6271 type: object
6272 x-kubernetes-preserve-unknown-fields: true
6273 not:
6274 type: array
6275 items:
6276 type: object
6277 x-kubernetes-preserve-unknown-fields: true
6278 isRetryable:
6279 type: boolean
6280 name:
6281 type: string
6282 timeout:
6283 type: string
6284 responseClasses:
6285 type: array
6286 items:
6287 type: object
6288 required:
6289 - condition
6290 description: ResponseClass describes how to classify a response (e.g. success or failures).
6291 properties:
6292 condition:
6293 type: object
6294 description: ResponseMatch describes the conditions under
6295 which to classify a response.
6296 properties:
6297 all:
6298 type: array
6299 items:
6300 type: object
6301 x-kubernetes-preserve-unknown-fields: true
6302 any:
6303 type: array
6304 items:
6305 type: object
6306 x-kubernetes-preserve-unknown-fields: true
6307 not:
6308 type: object
6309 x-kubernetes-preserve-unknown-fields: true
6310 status:
6311 type: object
6312 description: Range describes a range of integers (e.g. status codes).
6313 properties:
6314 max:
6315 format: int32
6316 type: integer
6317 min:
6318 format: int32
6319 type: integer
6320 isFailure:
6321 type: boolean
6322 scope: Namespaced
6323 preserveUnknownFields: false
6324 names:
6325 plural: serviceprofiles
6326 singular: serviceprofile
6327 kind: ServiceProfile
6328 shortNames:
6329 - sp
6330
6331---
6332apiVersion: apiextensions.k8s.io/v1
6333kind: CustomResourceDefinition
6334metadata:
6335 annotations:
6336 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
6337 gateway.networking.k8s.io/bundle-version: v0.7.1
6338 gateway.networking.k8s.io/channel: experimental
6339 linkerd.io/created-by: linkerd/cli dev-undefined
6340 labels:
6341 helm.sh/chart: linkerd-crds-0.0.0-undefined
6342 linkerd.io/control-plane-ns: linkerd
6343 creationTimestamp: null
6344 name: httproutes.gateway.networking.k8s.io
6345spec:
6346 group: gateway.networking.k8s.io
6347 names:
6348 categories:
6349 - gateway-api
6350 kind: HTTPRoute
6351 listKind: HTTPRouteList
6352 plural: httproutes
6353 singular: httproute
6354 scope: Namespaced
6355 versions:
6356 - additionalPrinterColumns:
6357 - jsonPath: .spec.hostnames
6358 name: Hostnames
6359 type: string
6360 - jsonPath: .metadata.creationTimestamp
6361 name: Age
6362 type: date
6363 deprecated: true
6364 deprecationWarning: The v1alpha2 version of HTTPRoute has been deprecated and
6365 will be removed in a future release of the API. Please upgrade to v1beta1.
6366 name: v1alpha2
6367 schema:
6368 openAPIV3Schema:
6369 description: HTTPRoute provides a way to route HTTP requests. This includes
6370 the capability to match requests by hostname, path, header, or query param.
6371 Filters can be used to specify additional processing steps. Backends specify
6372 where matching requests should be routed.
6373 properties:
6374 apiVersion:
6375 description: 'APIVersion defines the versioned schema of this representation
6376 of an object. Servers should convert recognized schemas to the latest
6377 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
6378 type: string
6379 kind:
6380 description: 'Kind is a string value representing the REST resource this
6381 object represents. Servers may infer this from the endpoint the client
6382 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
6383 type: string
6384 metadata:
6385 type: object
6386 spec:
6387 description: Spec defines the desired state of HTTPRoute.
6388 properties:
6389 hostnames:
6390 description: "Hostnames defines a set of hostname that should match
6391 against the HTTP Host header to select a HTTPRoute used to process
6392 the request. Implementations MUST ignore any port value specified
6393 in the HTTP Host header while performing a match. \n Valid values
6394 for Hostnames are determined by RFC 1123 definition of a hostname
6395 with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
6396 may be prefixed with a wildcard label (`*.`). The wildcard label
6397 must appear by itself as the first label. \n If a hostname is specified
6398 by both the Listener and HTTPRoute, there must be at least one intersecting
6399 hostname for the HTTPRoute to be attached to the Listener. For example:
6400 \n * A Listener with `test.example.com` as the hostname matches
6401 HTTPRoutes that have either not specified any hostnames, or have
6402 specified at least one of `test.example.com` or `*.example.com`.
6403 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
6404 that have either not specified any hostnames or have specified at
6405 least one hostname that matches the Listener hostname. For example,
6406 `*.example.com`, `test.example.com`, and `foo.test.example.com`
6407 would all match. On the other hand, `example.com` and `test.example.net`
6408 would not match. \n Hostnames that are prefixed with a wildcard
6409 label (`*.`) are interpreted as a suffix match. That means that
6410 a match for `*.example.com` would match both `test.example.com`,
6411 and `foo.test.example.com`, but not `example.com`. \n If both the
6412 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
6413 that do not match the Listener hostname MUST be ignored. For example,
6414 if a Listener specified `*.example.com`, and the HTTPRoute specified
6415 `test.example.com` and `test.example.net`, `test.example.net` must
6416 not be considered for a match. \n If both the Listener and HTTPRoute
6417 have specified hostnames, and none match with the criteria above,
6418 then the HTTPRoute is not accepted. The implementation must raise
6419 an 'Accepted' Condition with a status of `False` in the corresponding
6420 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
6421 intersecting hostnames (e.g. overlapping wildcard matching and exact
6422 matching hostnames), precedence must be given to rules from the
6423 HTTPRoute with the largest number of: \n * Characters in a matching
6424 non-wildcard hostname. * Characters in a matching hostname. \n If
6425 ties exist across multiple Routes, the matching precedence rules
6426 for HTTPRouteMatches takes over. \n Support: Core"
6427 items:
6428 description: "Hostname is the fully qualified domain name of a network
6429 host. This matches the RFC 1123 definition of a hostname with
6430 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
6431 may be prefixed with a wildcard label (`*.`). The wildcard label
6432 must appear by itself as the first label. \n Hostname can be \"precise\"
6433 which is a domain name without the terminating dot of a network
6434 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
6435 name prefixed with a single wildcard label (e.g. `*.example.com`).
6436 \n Note that as per RFC1035 and RFC1123, a *label* must consist
6437 of lower case alphanumeric characters or '-', and must start and
6438 end with an alphanumeric character. No other punctuation is allowed."
6439 maxLength: 253
6440 minLength: 1
6441 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6442 type: string
6443 maxItems: 16
6444 type: array
6445 parentRefs:
6446 description: "ParentRefs references the resources (usually Gateways)
6447 that a Route wants to be attached to. Note that the referenced parent
6448 resource needs to allow this for the attachment to be complete.
6449 For Gateways, that means the Gateway needs to allow attachment from
6450 Routes of this kind and namespace. \n The only kind of parent resource
6451 with \"Core\" support is Gateway. This API may be extended in the
6452 future to support additional kinds of parent resources such as one
6453 of the route kinds. \n It is invalid to reference an identical parent
6454 more than once. It is valid to reference multiple distinct sections
6455 within the same parent resource, such as 2 Listeners within a Gateway.
6456 \n It is possible to separately reference multiple distinct objects
6457 that may be collapsed by an implementation. For example, some implementations
6458 may choose to merge compatible Gateway Listeners together. If that
6459 is the case, the list of routes attached to those resources should
6460 also be merged. \n Note that for ParentRefs that cross namespace
6461 boundaries, there are specific rules. Cross-namespace references
6462 are only valid if they are explicitly allowed by something in the
6463 namespace they are referring to. For example, Gateway has the AllowedRoutes
6464 field, and ReferenceGrant provides a generic way to enable any other
6465 kind of cross-namespace reference."
6466 items:
6467 description: "ParentReference identifies an API object (usually
6468 a Gateway) that can be considered a parent of this resource (usually
6469 a route). The only kind of parent resource with \"Core\" support
6470 is Gateway. This API may be extended in the future to support
6471 additional kinds of parent resources, such as HTTPRoute. \n The
6472 API object must be valid in the cluster; the Group and Kind must
6473 be registered in the cluster for this reference to be valid."
6474 properties:
6475 group:
6476 default: gateway.networking.k8s.io
6477 description: "Group is the group of the referent. When unspecified,
6478 \"gateway.networking.k8s.io\" is inferred. To set the core
6479 API group (such as for a \"Service\" kind referent), Group
6480 must be explicitly set to \"\" (empty string). \n Support:
6481 Core"
6482 maxLength: 253
6483 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6484 type: string
6485 kind:
6486 default: Gateway
6487 description: "Kind is kind of the referent. \n Support: Core
6488 (Gateway) \n Support: Implementation-specific (Other Resources)"
6489 maxLength: 63
6490 minLength: 1
6491 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
6492 type: string
6493 name:
6494 description: "Name is the name of the referent. \n Support:
6495 Core"
6496 maxLength: 253
6497 minLength: 1
6498 type: string
6499 namespace:
6500 description: "Namespace is the namespace of the referent. When
6501 unspecified, this refers to the local namespace of the Route.
6502 \n Note that there are specific rules for ParentRefs which
6503 cross namespace boundaries. Cross-namespace references are
6504 only valid if they are explicitly allowed by something in
6505 the namespace they are referring to. For example: Gateway
6506 has the AllowedRoutes field, and ReferenceGrant provides a
6507 generic way to enable any other kind of cross-namespace reference.
6508 \n Support: Core"
6509 maxLength: 63
6510 minLength: 1
6511 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
6512 type: string
6513 port:
6514 description: "Port is the network port this Route targets. It
6515 can be interpreted differently based on the type of parent
6516 resource. \n When the parent resource is a Gateway, this targets
6517 all listeners listening on the specified port that also support
6518 this kind of Route(and select this Route). It's not recommended
6519 to set `Port` unless the networking behaviors specified in
6520 a Route must apply to a specific port as opposed to a listener(s)
6521 whose port(s) may be changed. When both Port and SectionName
6522 are specified, the name and port of the selected listener
6523 must match both specified values. \n Implementations MAY choose
6524 to support other parent resources. Implementations supporting
6525 other types of parent resources MUST clearly document how/if
6526 Port is interpreted. \n For the purpose of status, an attachment
6527 is considered successful as long as the parent resource accepts
6528 it partially. For example, Gateway listeners can restrict
6529 which Routes can attach to them by Route kind, namespace,
6530 or hostname. If 1 of 2 Gateway listeners accept attachment
6531 from the referencing Route, the Route MUST be considered successfully
6532 attached. If no Gateway listeners accept attachment from this
6533 Route, the Route MUST be considered detached from the Gateway.
6534 \n Support: Extended \n <gateway:experimental>"
6535 format: int32
6536 maximum: 65535
6537 minimum: 1
6538 type: integer
6539 sectionName:
6540 description: "SectionName is the name of a section within the
6541 target resource. In the following resources, SectionName is
6542 interpreted as the following: \n * Gateway: Listener Name.
6543 When both Port (experimental) and SectionName are specified,
6544 the name and port of the selected listener must match both
6545 specified values. \n Implementations MAY choose to support
6546 attaching Routes to other resources. If that is the case,
6547 they MUST clearly document how SectionName is interpreted.
6548 \n When unspecified (empty string), this will reference the
6549 entire resource. For the purpose of status, an attachment
6550 is considered successful if at least one section in the parent
6551 resource accepts it. For example, Gateway listeners can restrict
6552 which Routes can attach to them by Route kind, namespace,
6553 or hostname. If 1 of 2 Gateway listeners accept attachment
6554 from the referencing Route, the Route MUST be considered successfully
6555 attached. If no Gateway listeners accept attachment from this
6556 Route, the Route MUST be considered detached from the Gateway.
6557 \n Support: Core"
6558 maxLength: 253
6559 minLength: 1
6560 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6561 type: string
6562 required:
6563 - name
6564 type: object
6565 maxItems: 32
6566 type: array
6567 rules:
6568 default:
6569 - matches:
6570 - path:
6571 type: PathPrefix
6572 value: /
6573 description: Rules are a list of HTTP matchers, filters and actions.
6574 items:
6575 description: HTTPRouteRule defines semantics for matching an HTTP
6576 request based on conditions (matches), processing it (filters),
6577 and forwarding the request to an API object (backendRefs).
6578 properties:
6579 backendRefs:
6580 description: "BackendRefs defines the backend(s) where matching
6581 requests should be sent. \n Failure behavior here depends
6582 on how many BackendRefs are specified and how many are invalid.
6583 \n If *all* entries in BackendRefs are invalid, and there
6584 are also no filters specified in this route rule, *all* traffic
6585 which matches this rule MUST receive a 500 status code. \n
6586 See the HTTPBackendRef definition for the rules about what
6587 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
6588 is invalid, 500 status codes MUST be returned for requests
6589 that would have otherwise been routed to an invalid backend.
6590 If multiple backends are specified, and some are invalid,
6591 the proportion of requests that would otherwise have been
6592 routed to an invalid backend MUST receive a 500 status code.
6593 \n For example, if two backends are specified with equal weights,
6594 and one is invalid, 50 percent of traffic must receive a 500.
6595 Implementations may choose how that 50 percent is determined.
6596 \n Support: Core for Kubernetes Service \n Support: Extended
6597 for Kubernetes ServiceImport \n Support: Implementation-specific
6598 for any other resource \n Support for weight: Core"
6599 items:
6600 description: HTTPBackendRef defines how a HTTPRoute should
6601 forward an HTTP request.
6602 properties:
6603 filters:
6604 description: "Filters defined at this level should be
6605 executed if and only if the request is being forwarded
6606 to the backend defined here. \n Support: Implementation-specific
6607 (For broader support of filters, use the Filters field
6608 in HTTPRouteRule.)"
6609 items:
6610 description: HTTPRouteFilter defines processing steps
6611 that must be completed during the request or response
6612 lifecycle. HTTPRouteFilters are meant as an extension
6613 point to express processing that may be done in Gateway
6614 implementations. Some examples include request or
6615 response modification, implementing authentication
6616 strategies, rate-limiting, and traffic shaping. API
6617 guarantee/conformance is defined based on the type
6618 of the filter.
6619 properties:
6620 extensionRef:
6621 description: "ExtensionRef is an optional, implementation-specific
6622 extension to the \"filter\" behavior. For example,
6623 resource \"myroutefilter\" in group \"networking.example.net\").
6624 ExtensionRef MUST NOT be used for core and extended
6625 filters. \n Support: Implementation-specific"
6626 properties:
6627 group:
6628 description: Group is the group of the referent.
6629 For example, "gateway.networking.k8s.io".
6630 When unspecified or empty string, core API
6631 group is inferred.
6632 maxLength: 253
6633 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6634 type: string
6635 kind:
6636 description: Kind is kind of the referent. For
6637 example "HTTPRoute" or "Service".
6638 maxLength: 63
6639 minLength: 1
6640 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
6641 type: string
6642 name:
6643 description: Name is the name of the referent.
6644 maxLength: 253
6645 minLength: 1
6646 type: string
6647 required:
6648 - group
6649 - kind
6650 - name
6651 type: object
6652 requestHeaderModifier:
6653 description: "RequestHeaderModifier defines a schema
6654 for a filter that modifies request headers. \n
6655 Support: Core"
6656 properties:
6657 add:
6658 description: "Add adds the given header(s) (name,
6659 value) to the request before the action. It
6660 appends to any existing values associated
6661 with the header name. \n Input: GET /foo HTTP/1.1
6662 my-header: foo \n Config: add: - name: \"my-header\"
6663 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
6664 my-header: foo,bar,baz"
6665 items:
6666 description: HTTPHeader represents an HTTP
6667 Header name and value as defined by RFC
6668 7230.
6669 properties:
6670 name:
6671 description: "Name is the name of the
6672 HTTP Header to be matched. Name matching
6673 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
6674 \n If multiple entries specify equivalent
6675 header names, the first entry with an
6676 equivalent name MUST be considered for
6677 a match. Subsequent entries with an
6678 equivalent header name MUST be ignored.
6679 Due to the case-insensitivity of header
6680 names, \"foo\" and \"Foo\" are considered
6681 equivalent."
6682 maxLength: 256
6683 minLength: 1
6684 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
6685 type: string
6686 value:
6687 description: Value is the value of HTTP
6688 Header to be matched.
6689 maxLength: 4096
6690 minLength: 1
6691 type: string
6692 required:
6693 - name
6694 - value
6695 type: object
6696 maxItems: 16
6697 type: array
6698 x-kubernetes-list-map-keys:
6699 - name
6700 x-kubernetes-list-type: map
6701 remove:
6702 description: "Remove the given header(s) from
6703 the HTTP request before the action. The value
6704 of Remove is a list of HTTP header names.
6705 Note that the header names are case-insensitive
6706 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
6707 \n Input: GET /foo HTTP/1.1 my-header1: foo
6708 my-header2: bar my-header3: baz \n Config:
6709 remove: [\"my-header1\", \"my-header3\"] \n
6710 Output: GET /foo HTTP/1.1 my-header2: bar"
6711 items:
6712 type: string
6713 maxItems: 16
6714 type: array
6715 set:
6716 description: "Set overwrites the request with
6717 the given header (name, value) before the
6718 action. \n Input: GET /foo HTTP/1.1 my-header:
6719 foo \n Config: set: - name: \"my-header\"
6720 value: \"bar\" \n Output: GET /foo HTTP/1.1
6721 my-header: bar"
6722 items:
6723 description: HTTPHeader represents an HTTP
6724 Header name and value as defined by RFC
6725 7230.
6726 properties:
6727 name:
6728 description: "Name is the name of the
6729 HTTP Header to be matched. Name matching
6730 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
6731 \n If multiple entries specify equivalent
6732 header names, the first entry with an
6733 equivalent name MUST be considered for
6734 a match. Subsequent entries with an
6735 equivalent header name MUST be ignored.
6736 Due to the case-insensitivity of header
6737 names, \"foo\" and \"Foo\" are considered
6738 equivalent."
6739 maxLength: 256
6740 minLength: 1
6741 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
6742 type: string
6743 value:
6744 description: Value is the value of HTTP
6745 Header to be matched.
6746 maxLength: 4096
6747 minLength: 1
6748 type: string
6749 required:
6750 - name
6751 - value
6752 type: object
6753 maxItems: 16
6754 type: array
6755 x-kubernetes-list-map-keys:
6756 - name
6757 x-kubernetes-list-type: map
6758 type: object
6759 requestMirror:
6760 description: "RequestMirror defines a schema for
6761 a filter that mirrors requests. Requests are sent
6762 to the specified destination, but responses from
6763 that destination are ignored. \n Support: Extended"
6764 properties:
6765 backendRef:
6766 description: "BackendRef references a resource
6767 where mirrored requests are sent. \n If the
6768 referent cannot be found, this BackendRef
6769 is invalid and must be dropped from the Gateway.
6770 The controller must ensure the \"ResolvedRefs\"
6771 condition on the Route status is set to `status:
6772 False` and not configure this backend in the
6773 underlying implementation. \n If there is
6774 a cross-namespace reference to an *existing*
6775 object that is not allowed by a ReferenceGrant,
6776 the controller must ensure the \"ResolvedRefs\"
6777 \ condition on the Route is set to `status:
6778 False`, with the \"RefNotPermitted\" reason
6779 and not configure this backend in the underlying
6780 implementation. \n In either error case, the
6781 Message of the `ResolvedRefs` Condition should
6782 be used to provide more detail about the problem.
6783 \n Support: Extended for Kubernetes Service
6784 \n Support: Implementation-specific for any
6785 other resource"
6786 properties:
6787 group:
6788 default: ""
6789 description: Group is the group of the referent.
6790 For example, "gateway.networking.k8s.io".
6791 When unspecified or empty string, core
6792 API group is inferred.
6793 maxLength: 253
6794 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6795 type: string
6796 kind:
6797 default: Service
6798 description: "Kind is the Kubernetes resource
6799 kind of the referent. For example \"Service\".
6800 \n Defaults to \"Service\" when not specified.
6801 \n ExternalName services can refer to
6802 CNAME DNS records that may live outside
6803 of the cluster and as such are difficult
6804 to reason about in terms of conformance.
6805 They also may not be safe to forward to
6806 (see CVE-2021-25740 for more information).
6807 Implementations SHOULD NOT support ExternalName
6808 Services. \n Support: Core (Services with
6809 a type other than ExternalName) \n Support:
6810 Implementation-specific (Services with
6811 type ExternalName)"
6812 maxLength: 63
6813 minLength: 1
6814 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
6815 type: string
6816 name:
6817 description: Name is the name of the referent.
6818 maxLength: 253
6819 minLength: 1
6820 type: string
6821 namespace:
6822 description: "Namespace is the namespace
6823 of the backend. When unspecified, the
6824 local namespace is inferred. \n Note that
6825 when a namespace different than the local
6826 namespace is specified, a ReferenceGrant
6827 object is required in the referent namespace
6828 to allow that namespace's owner to accept
6829 the reference. See the ReferenceGrant
6830 documentation for details. \n Support:
6831 Core"
6832 maxLength: 63
6833 minLength: 1
6834 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
6835 type: string
6836 port:
6837 description: Port specifies the destination
6838 port number to use for this resource.
6839 Port is required when the referent is
6840 a Kubernetes Service. In this case, the
6841 port number is the service port number,
6842 not the target port. For other resources,
6843 destination port might be derived from
6844 the referent resource or this field.
6845 format: int32
6846 maximum: 65535
6847 minimum: 1
6848 type: integer
6849 required:
6850 - name
6851 type: object
6852 required:
6853 - backendRef
6854 type: object
6855 requestRedirect:
6856 description: "RequestRedirect defines a schema for
6857 a filter that responds to the request with an
6858 HTTP redirection. \n Support: Core"
6859 properties:
6860 hostname:
6861 description: "Hostname is the hostname to be
6862 used in the value of the `Location` header
6863 in the response. When empty, the hostname
6864 in the `Host` header of the request is used.
6865 \n Support: Core"
6866 maxLength: 253
6867 minLength: 1
6868 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6869 type: string
6870 path:
6871 description: "Path defines parameters used to
6872 modify the path of the incoming request. The
6873 modified path is then used to construct the
6874 `Location` header. When empty, the request
6875 path is used as-is. \n Support: Extended"
6876 properties:
6877 replaceFullPath:
6878 description: ReplaceFullPath specifies the
6879 value with which to replace the full path
6880 of a request during a rewrite or redirect.
6881 maxLength: 1024
6882 type: string
6883 replacePrefixMatch:
6884 description: "ReplacePrefixMatch specifies
6885 the value with which to replace the prefix
6886 match of a request during a rewrite or
6887 redirect. For example, a request to \"/foo/bar\"
6888 with a prefix match of \"/foo\" would
6889 be modified to \"/bar\". \n Note that
6890 this matches the behavior of the PathPrefix
6891 match type. This matches full path elements.
6892 A path element refers to the list of labels
6893 in the path split by the `/` separator.
6894 When specified, a trailing `/` is ignored.
6895 For example, the paths `/abc`, `/abc/`,
6896 and `/abc/def` would all match the prefix
6897 `/abc`, but the path `/abcd` would not."
6898 maxLength: 1024
6899 type: string
6900 type:
6901 description: "Type defines the type of path
6902 modifier. Additional types may be added
6903 in a future release of the API. \n Note
6904 that values may be added to this enum,
6905 implementations must ensure that unknown
6906 values will not cause a crash. \n Unknown
6907 values here must result in the implementation
6908 setting the Accepted Condition for the
6909 Route to `status: False`, with a Reason
6910 of `UnsupportedValue`."
6911 enum:
6912 - ReplaceFullPath
6913 - ReplacePrefixMatch
6914 type: string
6915 required:
6916 - type
6917 type: object
6918 port:
6919 description: "Port is the port to be used in
6920 the value of the `Location` header in the
6921 response. \n If no port is specified, the
6922 redirect port MUST be derived using the following
6923 rules: \n * If redirect scheme is not-empty,
6924 the redirect port MUST be the well-known port
6925 associated with the redirect scheme. Specifically
6926 \"http\" to port 80 and \"https\" to port
6927 443. If the redirect scheme does not have
6928 a well-known port, the listener port of the
6929 Gateway SHOULD be used. * If redirect scheme
6930 is empty, the redirect port MUST be the Gateway
6931 Listener port. \n Implementations SHOULD NOT
6932 add the port number in the 'Location' header
6933 in the following cases: \n * A Location header
6934 that will use HTTP (whether that is determined
6935 via the Listener protocol or the Scheme field)
6936 _and_ use port 80. * A Location header that
6937 will use HTTPS (whether that is determined
6938 via the Listener protocol or the Scheme field)
6939 _and_ use port 443. \n Support: Extended"
6940 format: int32
6941 maximum: 65535
6942 minimum: 1
6943 type: integer
6944 scheme:
6945 description: "Scheme is the scheme to be used
6946 in the value of the `Location` header in the
6947 response. When empty, the scheme of the request
6948 is used. \n Scheme redirects can affect the
6949 port of the redirect, for more information,
6950 refer to the documentation for the port field
6951 of this filter. \n Note that values may be
6952 added to this enum, implementations must ensure
6953 that unknown values will not cause a crash.
6954 \n Unknown values here must result in the
6955 implementation setting the Accepted Condition
6956 for the Route to `status: False`, with a Reason
6957 of `UnsupportedValue`. \n Support: Extended"
6958 enum:
6959 - http
6960 - https
6961 type: string
6962 statusCode:
6963 default: 302
6964 description: "StatusCode is the HTTP status
6965 code to be used in response. \n Note that
6966 values may be added to this enum, implementations
6967 must ensure that unknown values will not cause
6968 a crash. \n Unknown values here must result
6969 in the implementation setting the Accepted
6970 Condition for the Route to `status: False`,
6971 with a Reason of `UnsupportedValue`. \n Support:
6972 Core"
6973 enum:
6974 - 301
6975 - 302
6976 type: integer
6977 type: object
6978 responseHeaderModifier:
6979 description: "ResponseHeaderModifier defines a schema
6980 for a filter that modifies response headers. \n
6981 Support: Extended"
6982 properties:
6983 add:
6984 description: "Add adds the given header(s) (name,
6985 value) to the request before the action. It
6986 appends to any existing values associated
6987 with the header name. \n Input: GET /foo HTTP/1.1
6988 my-header: foo \n Config: add: - name: \"my-header\"
6989 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
6990 my-header: foo,bar,baz"
6991 items:
6992 description: HTTPHeader represents an HTTP
6993 Header name and value as defined by RFC
6994 7230.
6995 properties:
6996 name:
6997 description: "Name is the name of the
6998 HTTP Header to be matched. Name matching
6999 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7000 \n If multiple entries specify equivalent
7001 header names, the first entry with an
7002 equivalent name MUST be considered for
7003 a match. Subsequent entries with an
7004 equivalent header name MUST be ignored.
7005 Due to the case-insensitivity of header
7006 names, \"foo\" and \"Foo\" are considered
7007 equivalent."
7008 maxLength: 256
7009 minLength: 1
7010 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7011 type: string
7012 value:
7013 description: Value is the value of HTTP
7014 Header to be matched.
7015 maxLength: 4096
7016 minLength: 1
7017 type: string
7018 required:
7019 - name
7020 - value
7021 type: object
7022 maxItems: 16
7023 type: array
7024 x-kubernetes-list-map-keys:
7025 - name
7026 x-kubernetes-list-type: map
7027 remove:
7028 description: "Remove the given header(s) from
7029 the HTTP request before the action. The value
7030 of Remove is a list of HTTP header names.
7031 Note that the header names are case-insensitive
7032 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
7033 \n Input: GET /foo HTTP/1.1 my-header1: foo
7034 my-header2: bar my-header3: baz \n Config:
7035 remove: [\"my-header1\", \"my-header3\"] \n
7036 Output: GET /foo HTTP/1.1 my-header2: bar"
7037 items:
7038 type: string
7039 maxItems: 16
7040 type: array
7041 set:
7042 description: "Set overwrites the request with
7043 the given header (name, value) before the
7044 action. \n Input: GET /foo HTTP/1.1 my-header:
7045 foo \n Config: set: - name: \"my-header\"
7046 value: \"bar\" \n Output: GET /foo HTTP/1.1
7047 my-header: bar"
7048 items:
7049 description: HTTPHeader represents an HTTP
7050 Header name and value as defined by RFC
7051 7230.
7052 properties:
7053 name:
7054 description: "Name is the name of the
7055 HTTP Header to be matched. Name matching
7056 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7057 \n If multiple entries specify equivalent
7058 header names, the first entry with an
7059 equivalent name MUST be considered for
7060 a match. Subsequent entries with an
7061 equivalent header name MUST be ignored.
7062 Due to the case-insensitivity of header
7063 names, \"foo\" and \"Foo\" are considered
7064 equivalent."
7065 maxLength: 256
7066 minLength: 1
7067 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7068 type: string
7069 value:
7070 description: Value is the value of HTTP
7071 Header to be matched.
7072 maxLength: 4096
7073 minLength: 1
7074 type: string
7075 required:
7076 - name
7077 - value
7078 type: object
7079 maxItems: 16
7080 type: array
7081 x-kubernetes-list-map-keys:
7082 - name
7083 x-kubernetes-list-type: map
7084 type: object
7085 type:
7086 description: "Type identifies the type of filter
7087 to apply. As with other API fields, types are
7088 classified into three conformance levels: \n -
7089 Core: Filter types and their corresponding configuration
7090 defined by \"Support: Core\" in this package,
7091 e.g. \"RequestHeaderModifier\". All implementations
7092 must support core filters. \n - Extended: Filter
7093 types and their corresponding configuration defined
7094 by \"Support: Extended\" in this package, e.g.
7095 \"RequestMirror\". Implementers are encouraged
7096 to support extended filters. \n - Implementation-specific:
7097 Filters that are defined and supported by specific
7098 vendors. In the future, filters showing convergence
7099 in behavior across multiple implementations will
7100 be considered for inclusion in extended or core
7101 conformance levels. Filter-specific configuration
7102 for such filters is specified using the ExtensionRef
7103 field. `Type` should be set to \"ExtensionRef\"
7104 for custom filters. \n Implementers are encouraged
7105 to define custom implementation types to extend
7106 the core API with implementation-specific behavior.
7107 \n If a reference to a custom filter type cannot
7108 be resolved, the filter MUST NOT be skipped. Instead,
7109 requests that would have been processed by that
7110 filter MUST receive a HTTP error response. \n
7111 Note that values may be added to this enum, implementations
7112 must ensure that unknown values will not cause
7113 a crash. \n Unknown values here must result in
7114 the implementation setting the Accepted Condition
7115 for the Route to `status: False`, with a Reason
7116 of `UnsupportedValue`."
7117 enum:
7118 - RequestHeaderModifier
7119 - ResponseHeaderModifier
7120 - RequestMirror
7121 - RequestRedirect
7122 - URLRewrite
7123 - ExtensionRef
7124 type: string
7125 urlRewrite:
7126 description: "URLRewrite defines a schema for a
7127 filter that modifies a request during forwarding.
7128 \n Support: Extended"
7129 properties:
7130 hostname:
7131 description: "Hostname is the value to be used
7132 to replace the Host header value during forwarding.
7133 \n Support: Extended"
7134 maxLength: 253
7135 minLength: 1
7136 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7137 type: string
7138 path:
7139 description: "Path defines a path rewrite. \n
7140 Support: Extended"
7141 properties:
7142 replaceFullPath:
7143 description: ReplaceFullPath specifies the
7144 value with which to replace the full path
7145 of a request during a rewrite or redirect.
7146 maxLength: 1024
7147 type: string
7148 replacePrefixMatch:
7149 description: "ReplacePrefixMatch specifies
7150 the value with which to replace the prefix
7151 match of a request during a rewrite or
7152 redirect. For example, a request to \"/foo/bar\"
7153 with a prefix match of \"/foo\" would
7154 be modified to \"/bar\". \n Note that
7155 this matches the behavior of the PathPrefix
7156 match type. This matches full path elements.
7157 A path element refers to the list of labels
7158 in the path split by the `/` separator.
7159 When specified, a trailing `/` is ignored.
7160 For example, the paths `/abc`, `/abc/`,
7161 and `/abc/def` would all match the prefix
7162 `/abc`, but the path `/abcd` would not."
7163 maxLength: 1024
7164 type: string
7165 type:
7166 description: "Type defines the type of path
7167 modifier. Additional types may be added
7168 in a future release of the API. \n Note
7169 that values may be added to this enum,
7170 implementations must ensure that unknown
7171 values will not cause a crash. \n Unknown
7172 values here must result in the implementation
7173 setting the Accepted Condition for the
7174 Route to `status: False`, with a Reason
7175 of `UnsupportedValue`."
7176 enum:
7177 - ReplaceFullPath
7178 - ReplacePrefixMatch
7179 type: string
7180 required:
7181 - type
7182 type: object
7183 type: object
7184 required:
7185 - type
7186 type: object
7187 maxItems: 16
7188 type: array
7189 group:
7190 default: ""
7191 description: Group is the group of the referent. For example,
7192 "gateway.networking.k8s.io". When unspecified or empty
7193 string, core API group is inferred.
7194 maxLength: 253
7195 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7196 type: string
7197 kind:
7198 default: Service
7199 description: "Kind is the Kubernetes resource kind of
7200 the referent. For example \"Service\". \n Defaults to
7201 \"Service\" when not specified. \n ExternalName services
7202 can refer to CNAME DNS records that may live outside
7203 of the cluster and as such are difficult to reason about
7204 in terms of conformance. They also may not be safe to
7205 forward to (see CVE-2021-25740 for more information).
7206 Implementations SHOULD NOT support ExternalName Services.
7207 \n Support: Core (Services with a type other than ExternalName)
7208 \n Support: Implementation-specific (Services with type
7209 ExternalName)"
7210 maxLength: 63
7211 minLength: 1
7212 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
7213 type: string
7214 name:
7215 description: Name is the name of the referent.
7216 maxLength: 253
7217 minLength: 1
7218 type: string
7219 namespace:
7220 description: "Namespace is the namespace of the backend.
7221 When unspecified, the local namespace is inferred. \n
7222 Note that when a namespace different than the local
7223 namespace is specified, a ReferenceGrant object is required
7224 in the referent namespace to allow that namespace's
7225 owner to accept the reference. See the ReferenceGrant
7226 documentation for details. \n Support: Core"
7227 maxLength: 63
7228 minLength: 1
7229 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
7230 type: string
7231 port:
7232 description: Port specifies the destination port number
7233 to use for this resource. Port is required when the
7234 referent is a Kubernetes Service. In this case, the
7235 port number is the service port number, not the target
7236 port. For other resources, destination port might be
7237 derived from the referent resource or this field.
7238 format: int32
7239 maximum: 65535
7240 minimum: 1
7241 type: integer
7242 weight:
7243 default: 1
7244 description: "Weight specifies the proportion of requests
7245 forwarded to the referenced backend. This is computed
7246 as weight/(sum of all weights in this BackendRefs list).
7247 For non-zero values, there may be some epsilon from
7248 the exact proportion defined here depending on the precision
7249 an implementation supports. Weight is not a percentage
7250 and the sum of weights does not need to equal 100. \n
7251 If only one backend is specified and it has a weight
7252 greater than 0, 100% of the traffic is forwarded to
7253 that backend. If weight is set to 0, no traffic should
7254 be forwarded for this entry. If unspecified, weight
7255 defaults to 1. \n Support for this field varies based
7256 on the context where used."
7257 format: int32
7258 maximum: 1000000
7259 minimum: 0
7260 type: integer
7261 required:
7262 - name
7263 type: object
7264 maxItems: 16
7265 type: array
7266 filters:
7267 description: "Filters define the filters that are applied to
7268 requests that match this rule. \n The effects of ordering
7269 of multiple behaviors are currently unspecified. This can
7270 change in the future based on feedback during the alpha stage.
7271 \n Conformance-levels at this level are defined based on the
7272 type of filter: \n - ALL core filters MUST be supported by
7273 all implementations. - Implementers are encouraged to support
7274 extended filters. - Implementation-specific custom filters
7275 have no API guarantees across implementations. \n Specifying
7276 a core filter multiple times has unspecified or implementation-specific
7277 conformance. \n All filters are expected to be compatible
7278 with each other except for the URLRewrite and RequestRedirect
7279 filters, which may not be combined. If an implementation can
7280 not support other combinations of filters, they must clearly
7281 document that limitation. In all cases where incompatible
7282 or unsupported filters are specified, implementations MUST
7283 add a warning condition to status. \n Support: Core"
7284 items:
7285 description: HTTPRouteFilter defines processing steps that
7286 must be completed during the request or response lifecycle.
7287 HTTPRouteFilters are meant as an extension point to express
7288 processing that may be done in Gateway implementations.
7289 Some examples include request or response modification,
7290 implementing authentication strategies, rate-limiting, and
7291 traffic shaping. API guarantee/conformance is defined based
7292 on the type of the filter.
7293 properties:
7294 extensionRef:
7295 description: "ExtensionRef is an optional, implementation-specific
7296 extension to the \"filter\" behavior. For example,
7297 resource \"myroutefilter\" in group \"networking.example.net\").
7298 ExtensionRef MUST NOT be used for core and extended
7299 filters. \n Support: Implementation-specific"
7300 properties:
7301 group:
7302 description: Group is the group of the referent. For
7303 example, "gateway.networking.k8s.io". When unspecified
7304 or empty string, core API group is inferred.
7305 maxLength: 253
7306 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7307 type: string
7308 kind:
7309 description: Kind is kind of the referent. For example
7310 "HTTPRoute" or "Service".
7311 maxLength: 63
7312 minLength: 1
7313 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
7314 type: string
7315 name:
7316 description: Name is the name of the referent.
7317 maxLength: 253
7318 minLength: 1
7319 type: string
7320 required:
7321 - group
7322 - kind
7323 - name
7324 type: object
7325 requestHeaderModifier:
7326 description: "RequestHeaderModifier defines a schema for
7327 a filter that modifies request headers. \n Support:
7328 Core"
7329 properties:
7330 add:
7331 description: "Add adds the given header(s) (name,
7332 value) to the request before the action. It appends
7333 to any existing values associated with the header
7334 name. \n Input: GET /foo HTTP/1.1 my-header: foo
7335 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
7336 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
7337 items:
7338 description: HTTPHeader represents an HTTP Header
7339 name and value as defined by RFC 7230.
7340 properties:
7341 name:
7342 description: "Name is the name of the HTTP Header
7343 to be matched. Name matching MUST be case
7344 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7345 \n If multiple entries specify equivalent
7346 header names, the first entry with an equivalent
7347 name MUST be considered for a match. Subsequent
7348 entries with an equivalent header name MUST
7349 be ignored. Due to the case-insensitivity
7350 of header names, \"foo\" and \"Foo\" are considered
7351 equivalent."
7352 maxLength: 256
7353 minLength: 1
7354 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7355 type: string
7356 value:
7357 description: Value is the value of HTTP Header
7358 to be matched.
7359 maxLength: 4096
7360 minLength: 1
7361 type: string
7362 required:
7363 - name
7364 - value
7365 type: object
7366 maxItems: 16
7367 type: array
7368 x-kubernetes-list-map-keys:
7369 - name
7370 x-kubernetes-list-type: map
7371 remove:
7372 description: "Remove the given header(s) from the
7373 HTTP request before the action. The value of Remove
7374 is a list of HTTP header names. Note that the header
7375 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
7376 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
7377 bar my-header3: baz \n Config: remove: [\"my-header1\",
7378 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
7379 bar"
7380 items:
7381 type: string
7382 maxItems: 16
7383 type: array
7384 set:
7385 description: "Set overwrites the request with the
7386 given header (name, value) before the action. \n
7387 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
7388 set: - name: \"my-header\" value: \"bar\" \n Output:
7389 GET /foo HTTP/1.1 my-header: bar"
7390 items:
7391 description: HTTPHeader represents an HTTP Header
7392 name and value as defined by RFC 7230.
7393 properties:
7394 name:
7395 description: "Name is the name of the HTTP Header
7396 to be matched. Name matching MUST be case
7397 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7398 \n If multiple entries specify equivalent
7399 header names, the first entry with an equivalent
7400 name MUST be considered for a match. Subsequent
7401 entries with an equivalent header name MUST
7402 be ignored. Due to the case-insensitivity
7403 of header names, \"foo\" and \"Foo\" are considered
7404 equivalent."
7405 maxLength: 256
7406 minLength: 1
7407 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7408 type: string
7409 value:
7410 description: Value is the value of HTTP Header
7411 to be matched.
7412 maxLength: 4096
7413 minLength: 1
7414 type: string
7415 required:
7416 - name
7417 - value
7418 type: object
7419 maxItems: 16
7420 type: array
7421 x-kubernetes-list-map-keys:
7422 - name
7423 x-kubernetes-list-type: map
7424 type: object
7425 requestMirror:
7426 description: "RequestMirror defines a schema for a filter
7427 that mirrors requests. Requests are sent to the specified
7428 destination, but responses from that destination are
7429 ignored. \n Support: Extended"
7430 properties:
7431 backendRef:
7432 description: "BackendRef references a resource where
7433 mirrored requests are sent. \n If the referent cannot
7434 be found, this BackendRef is invalid and must be
7435 dropped from the Gateway. The controller must ensure
7436 the \"ResolvedRefs\" condition on the Route status
7437 is set to `status: False` and not configure this
7438 backend in the underlying implementation. \n If
7439 there is a cross-namespace reference to an *existing*
7440 object that is not allowed by a ReferenceGrant,
7441 the controller must ensure the \"ResolvedRefs\"
7442 \ condition on the Route is set to `status: False`,
7443 with the \"RefNotPermitted\" reason and not configure
7444 this backend in the underlying implementation. \n
7445 In either error case, the Message of the `ResolvedRefs`
7446 Condition should be used to provide more detail
7447 about the problem. \n Support: Extended for Kubernetes
7448 Service \n Support: Implementation-specific for
7449 any other resource"
7450 properties:
7451 group:
7452 default: ""
7453 description: Group is the group of the referent.
7454 For example, "gateway.networking.k8s.io". When
7455 unspecified or empty string, core API group
7456 is inferred.
7457 maxLength: 253
7458 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7459 type: string
7460 kind:
7461 default: Service
7462 description: "Kind is the Kubernetes resource
7463 kind of the referent. For example \"Service\".
7464 \n Defaults to \"Service\" when not specified.
7465 \n ExternalName services can refer to CNAME
7466 DNS records that may live outside of the cluster
7467 and as such are difficult to reason about in
7468 terms of conformance. They also may not be safe
7469 to forward to (see CVE-2021-25740 for more information).
7470 Implementations SHOULD NOT support ExternalName
7471 Services. \n Support: Core (Services with a
7472 type other than ExternalName) \n Support: Implementation-specific
7473 (Services with type ExternalName)"
7474 maxLength: 63
7475 minLength: 1
7476 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
7477 type: string
7478 name:
7479 description: Name is the name of the referent.
7480 maxLength: 253
7481 minLength: 1
7482 type: string
7483 namespace:
7484 description: "Namespace is the namespace of the
7485 backend. When unspecified, the local namespace
7486 is inferred. \n Note that when a namespace different
7487 than the local namespace is specified, a ReferenceGrant
7488 object is required in the referent namespace
7489 to allow that namespace's owner to accept the
7490 reference. See the ReferenceGrant documentation
7491 for details. \n Support: Core"
7492 maxLength: 63
7493 minLength: 1
7494 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
7495 type: string
7496 port:
7497 description: Port specifies the destination port
7498 number to use for this resource. Port is required
7499 when the referent is a Kubernetes Service. In
7500 this case, the port number is the service port
7501 number, not the target port. For other resources,
7502 destination port might be derived from the referent
7503 resource or this field.
7504 format: int32
7505 maximum: 65535
7506 minimum: 1
7507 type: integer
7508 required:
7509 - name
7510 type: object
7511 required:
7512 - backendRef
7513 type: object
7514 requestRedirect:
7515 description: "RequestRedirect defines a schema for a filter
7516 that responds to the request with an HTTP redirection.
7517 \n Support: Core"
7518 properties:
7519 hostname:
7520 description: "Hostname is the hostname to be used
7521 in the value of the `Location` header in the response.
7522 When empty, the hostname in the `Host` header of
7523 the request is used. \n Support: Core"
7524 maxLength: 253
7525 minLength: 1
7526 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7527 type: string
7528 path:
7529 description: "Path defines parameters used to modify
7530 the path of the incoming request. The modified path
7531 is then used to construct the `Location` header.
7532 When empty, the request path is used as-is. \n Support:
7533 Extended"
7534 properties:
7535 replaceFullPath:
7536 description: ReplaceFullPath specifies the value
7537 with which to replace the full path of a request
7538 during a rewrite or redirect.
7539 maxLength: 1024
7540 type: string
7541 replacePrefixMatch:
7542 description: "ReplacePrefixMatch specifies the
7543 value with which to replace the prefix match
7544 of a request during a rewrite or redirect. For
7545 example, a request to \"/foo/bar\" with a prefix
7546 match of \"/foo\" would be modified to \"/bar\".
7547 \n Note that this matches the behavior of the
7548 PathPrefix match type. This matches full path
7549 elements. A path element refers to the list
7550 of labels in the path split by the `/` separator.
7551 When specified, a trailing `/` is ignored. For
7552 example, the paths `/abc`, `/abc/`, and `/abc/def`
7553 would all match the prefix `/abc`, but the path
7554 `/abcd` would not."
7555 maxLength: 1024
7556 type: string
7557 type:
7558 description: "Type defines the type of path modifier.
7559 Additional types may be added in a future release
7560 of the API. \n Note that values may be added
7561 to this enum, implementations must ensure that
7562 unknown values will not cause a crash. \n Unknown
7563 values here must result in the implementation
7564 setting the Accepted Condition for the Route
7565 to `status: False`, with a Reason of `UnsupportedValue`."
7566 enum:
7567 - ReplaceFullPath
7568 - ReplacePrefixMatch
7569 type: string
7570 required:
7571 - type
7572 type: object
7573 port:
7574 description: "Port is the port to be used in the value
7575 of the `Location` header in the response. \n If
7576 no port is specified, the redirect port MUST be
7577 derived using the following rules: \n * If redirect
7578 scheme is not-empty, the redirect port MUST be the
7579 well-known port associated with the redirect scheme.
7580 Specifically \"http\" to port 80 and \"https\" to
7581 port 443. If the redirect scheme does not have a
7582 well-known port, the listener port of the Gateway
7583 SHOULD be used. * If redirect scheme is empty, the
7584 redirect port MUST be the Gateway Listener port.
7585 \n Implementations SHOULD NOT add the port number
7586 in the 'Location' header in the following cases:
7587 \n * A Location header that will use HTTP (whether
7588 that is determined via the Listener protocol or
7589 the Scheme field) _and_ use port 80. * A Location
7590 header that will use HTTPS (whether that is determined
7591 via the Listener protocol or the Scheme field) _and_
7592 use port 443. \n Support: Extended"
7593 format: int32
7594 maximum: 65535
7595 minimum: 1
7596 type: integer
7597 scheme:
7598 description: "Scheme is the scheme to be used in the
7599 value of the `Location` header in the response.
7600 When empty, the scheme of the request is used. \n
7601 Scheme redirects can affect the port of the redirect,
7602 for more information, refer to the documentation
7603 for the port field of this filter. \n Note that
7604 values may be added to this enum, implementations
7605 must ensure that unknown values will not cause a
7606 crash. \n Unknown values here must result in the
7607 implementation setting the Accepted Condition for
7608 the Route to `status: False`, with a Reason of `UnsupportedValue`.
7609 \n Support: Extended"
7610 enum:
7611 - http
7612 - https
7613 type: string
7614 statusCode:
7615 default: 302
7616 description: "StatusCode is the HTTP status code to
7617 be used in response. \n Note that values may be
7618 added to this enum, implementations must ensure
7619 that unknown values will not cause a crash. \n Unknown
7620 values here must result in the implementation setting
7621 the Accepted Condition for the Route to `status:
7622 False`, with a Reason of `UnsupportedValue`. \n
7623 Support: Core"
7624 enum:
7625 - 301
7626 - 302
7627 type: integer
7628 type: object
7629 responseHeaderModifier:
7630 description: "ResponseHeaderModifier defines a schema
7631 for a filter that modifies response headers. \n Support:
7632 Extended"
7633 properties:
7634 add:
7635 description: "Add adds the given header(s) (name,
7636 value) to the request before the action. It appends
7637 to any existing values associated with the header
7638 name. \n Input: GET /foo HTTP/1.1 my-header: foo
7639 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
7640 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
7641 items:
7642 description: HTTPHeader represents an HTTP Header
7643 name and value as defined by RFC 7230.
7644 properties:
7645 name:
7646 description: "Name is the name of the HTTP Header
7647 to be matched. Name matching MUST be case
7648 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7649 \n If multiple entries specify equivalent
7650 header names, the first entry with an equivalent
7651 name MUST be considered for a match. Subsequent
7652 entries with an equivalent header name MUST
7653 be ignored. Due to the case-insensitivity
7654 of header names, \"foo\" and \"Foo\" are considered
7655 equivalent."
7656 maxLength: 256
7657 minLength: 1
7658 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7659 type: string
7660 value:
7661 description: Value is the value of HTTP Header
7662 to be matched.
7663 maxLength: 4096
7664 minLength: 1
7665 type: string
7666 required:
7667 - name
7668 - value
7669 type: object
7670 maxItems: 16
7671 type: array
7672 x-kubernetes-list-map-keys:
7673 - name
7674 x-kubernetes-list-type: map
7675 remove:
7676 description: "Remove the given header(s) from the
7677 HTTP request before the action. The value of Remove
7678 is a list of HTTP header names. Note that the header
7679 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
7680 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
7681 bar my-header3: baz \n Config: remove: [\"my-header1\",
7682 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
7683 bar"
7684 items:
7685 type: string
7686 maxItems: 16
7687 type: array
7688 set:
7689 description: "Set overwrites the request with the
7690 given header (name, value) before the action. \n
7691 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
7692 set: - name: \"my-header\" value: \"bar\" \n Output:
7693 GET /foo HTTP/1.1 my-header: bar"
7694 items:
7695 description: HTTPHeader represents an HTTP Header
7696 name and value as defined by RFC 7230.
7697 properties:
7698 name:
7699 description: "Name is the name of the HTTP Header
7700 to be matched. Name matching MUST be case
7701 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7702 \n If multiple entries specify equivalent
7703 header names, the first entry with an equivalent
7704 name MUST be considered for a match. Subsequent
7705 entries with an equivalent header name MUST
7706 be ignored. Due to the case-insensitivity
7707 of header names, \"foo\" and \"Foo\" are considered
7708 equivalent."
7709 maxLength: 256
7710 minLength: 1
7711 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7712 type: string
7713 value:
7714 description: Value is the value of HTTP Header
7715 to be matched.
7716 maxLength: 4096
7717 minLength: 1
7718 type: string
7719 required:
7720 - name
7721 - value
7722 type: object
7723 maxItems: 16
7724 type: array
7725 x-kubernetes-list-map-keys:
7726 - name
7727 x-kubernetes-list-type: map
7728 type: object
7729 type:
7730 description: "Type identifies the type of filter to apply.
7731 As with other API fields, types are classified into
7732 three conformance levels: \n - Core: Filter types and
7733 their corresponding configuration defined by \"Support:
7734 Core\" in this package, e.g. \"RequestHeaderModifier\".
7735 All implementations must support core filters. \n -
7736 Extended: Filter types and their corresponding configuration
7737 defined by \"Support: Extended\" in this package, e.g.
7738 \"RequestMirror\". Implementers are encouraged to support
7739 extended filters. \n - Implementation-specific: Filters
7740 that are defined and supported by specific vendors.
7741 In the future, filters showing convergence in behavior
7742 across multiple implementations will be considered for
7743 inclusion in extended or core conformance levels. Filter-specific
7744 configuration for such filters is specified using the
7745 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
7746 for custom filters. \n Implementers are encouraged to
7747 define custom implementation types to extend the core
7748 API with implementation-specific behavior. \n If a reference
7749 to a custom filter type cannot be resolved, the filter
7750 MUST NOT be skipped. Instead, requests that would have
7751 been processed by that filter MUST receive a HTTP error
7752 response. \n Note that values may be added to this enum,
7753 implementations must ensure that unknown values will
7754 not cause a crash. \n Unknown values here must result
7755 in the implementation setting the Accepted Condition
7756 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
7757 enum:
7758 - RequestHeaderModifier
7759 - ResponseHeaderModifier
7760 - RequestMirror
7761 - RequestRedirect
7762 - URLRewrite
7763 - ExtensionRef
7764 type: string
7765 urlRewrite:
7766 description: "URLRewrite defines a schema for a filter
7767 that modifies a request during forwarding. \n Support:
7768 Extended"
7769 properties:
7770 hostname:
7771 description: "Hostname is the value to be used to
7772 replace the Host header value during forwarding.
7773 \n Support: Extended"
7774 maxLength: 253
7775 minLength: 1
7776 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7777 type: string
7778 path:
7779 description: "Path defines a path rewrite. \n Support:
7780 Extended"
7781 properties:
7782 replaceFullPath:
7783 description: ReplaceFullPath specifies the value
7784 with which to replace the full path of a request
7785 during a rewrite or redirect.
7786 maxLength: 1024
7787 type: string
7788 replacePrefixMatch:
7789 description: "ReplacePrefixMatch specifies the
7790 value with which to replace the prefix match
7791 of a request during a rewrite or redirect. For
7792 example, a request to \"/foo/bar\" with a prefix
7793 match of \"/foo\" would be modified to \"/bar\".
7794 \n Note that this matches the behavior of the
7795 PathPrefix match type. This matches full path
7796 elements. A path element refers to the list
7797 of labels in the path split by the `/` separator.
7798 When specified, a trailing `/` is ignored. For
7799 example, the paths `/abc`, `/abc/`, and `/abc/def`
7800 would all match the prefix `/abc`, but the path
7801 `/abcd` would not."
7802 maxLength: 1024
7803 type: string
7804 type:
7805 description: "Type defines the type of path modifier.
7806 Additional types may be added in a future release
7807 of the API. \n Note that values may be added
7808 to this enum, implementations must ensure that
7809 unknown values will not cause a crash. \n Unknown
7810 values here must result in the implementation
7811 setting the Accepted Condition for the Route
7812 to `status: False`, with a Reason of `UnsupportedValue`."
7813 enum:
7814 - ReplaceFullPath
7815 - ReplacePrefixMatch
7816 type: string
7817 required:
7818 - type
7819 type: object
7820 type: object
7821 required:
7822 - type
7823 type: object
7824 maxItems: 16
7825 type: array
7826 matches:
7827 default:
7828 - path:
7829 type: PathPrefix
7830 value: /
7831 description: "Matches define conditions used for matching the
7832 rule against incoming HTTP requests. Each match is independent,
7833 i.e. this rule will be matched if **any** one of the matches
7834 is satisfied. \n For example, take the following matches configuration:
7835 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
7836 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
7837 to match against this rule, a request must satisfy EITHER
7838 of the two conditions: \n - path prefixed with `/foo` AND
7839 contains the header `version: v2` - path prefix of `/v2/foo`
7840 \n See the documentation for HTTPRouteMatch on how to specify
7841 multiple match conditions that should be ANDed together. \n
7842 If no matches are specified, the default is a prefix path
7843 match on \"/\", which has the effect of matching every HTTP
7844 request. \n Proxy or Load Balancer routing configuration generated
7845 from HTTPRoutes MUST prioritize matches based on the following
7846 criteria, continuing on ties. Across all rules specified on
7847 applicable Routes, precedence must be given to the match having:
7848 \n * \"Exact\" path match. * \"Prefix\" path match with largest
7849 number of characters. * Method match. * Largest number of
7850 header matches. * Largest number of query param matches. \n
7851 Note: The precedence of RegularExpression path matches are
7852 implementation-specific. \n If ties still exist across multiple
7853 Routes, matching precedence MUST be determined in order of
7854 the following criteria, continuing on ties: \n * The oldest
7855 Route based on creation timestamp. * The Route appearing first
7856 in alphabetical order by \"{namespace}/{name}\". \n If ties
7857 still exist within an HTTPRoute, matching precedence MUST
7858 be granted to the FIRST matching rule (in list order) with
7859 a match meeting the above criteria. \n When no rules matching
7860 a request have been successfully attached to the parent a
7861 request is coming from, a HTTP 404 status code MUST be returned."
7862 items:
7863 description: "HTTPRouteMatch defines the predicate used to
7864 match requests to a given action. Multiple match types are
7865 ANDed together, i.e. the match will evaluate to true only
7866 if all conditions are satisfied. \n For example, the match
7867 below will match a HTTP request only if its path starts
7868 with `/foo` AND it contains the `version: v1` header: \n
7869 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
7870 value \"v1\" \n ```"
7871 properties:
7872 headers:
7873 description: Headers specifies HTTP request header matchers.
7874 Multiple match values are ANDed together, meaning, a
7875 request must match all the specified headers to select
7876 the route.
7877 items:
7878 description: HTTPHeaderMatch describes how to select
7879 a HTTP route by matching HTTP request headers.
7880 properties:
7881 name:
7882 description: "Name is the name of the HTTP Header
7883 to be matched. Name matching MUST be case insensitive.
7884 (See https://tools.ietf.org/html/rfc7230#section-3.2).
7885 \n If multiple entries specify equivalent header
7886 names, only the first entry with an equivalent
7887 name MUST be considered for a match. Subsequent
7888 entries with an equivalent header name MUST be
7889 ignored. Due to the case-insensitivity of header
7890 names, \"foo\" and \"Foo\" are considered equivalent.
7891 \n When a header is repeated in an HTTP request,
7892 it is implementation-specific behavior as to how
7893 this is represented. Generally, proxies should
7894 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
7895 regarding processing a repeated header, with special
7896 handling for \"Set-Cookie\"."
7897 maxLength: 256
7898 minLength: 1
7899 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7900 type: string
7901 type:
7902 default: Exact
7903 description: "Type specifies how to match against
7904 the value of the header. \n Support: Core (Exact)
7905 \n Support: Implementation-specific (RegularExpression)
7906 \n Since RegularExpression HeaderMatchType has
7907 implementation-specific conformance, implementations
7908 can support POSIX, PCRE or any other dialects
7909 of regular expressions. Please read the implementation's
7910 documentation to determine the supported dialect."
7911 enum:
7912 - Exact
7913 - RegularExpression
7914 type: string
7915 value:
7916 description: Value is the value of HTTP Header to
7917 be matched.
7918 maxLength: 4096
7919 minLength: 1
7920 type: string
7921 required:
7922 - name
7923 - value
7924 type: object
7925 maxItems: 16
7926 type: array
7927 x-kubernetes-list-map-keys:
7928 - name
7929 x-kubernetes-list-type: map
7930 method:
7931 description: "Method specifies HTTP method matcher. When
7932 specified, this route will be matched only if the request
7933 has the specified method. \n Support: Extended"
7934 enum:
7935 - GET
7936 - HEAD
7937 - POST
7938 - PUT
7939 - DELETE
7940 - CONNECT
7941 - OPTIONS
7942 - TRACE
7943 - PATCH
7944 type: string
7945 path:
7946 default:
7947 type: PathPrefix
7948 value: /
7949 description: Path specifies a HTTP request path matcher.
7950 If this field is not specified, a default prefix match
7951 on the "/" path is provided.
7952 properties:
7953 type:
7954 default: PathPrefix
7955 description: "Type specifies how to match against
7956 the path Value. \n Support: Core (Exact, PathPrefix)
7957 \n Support: Implementation-specific (RegularExpression)"
7958 enum:
7959 - Exact
7960 - PathPrefix
7961 - RegularExpression
7962 type: string
7963 value:
7964 default: /
7965 description: Value of the HTTP path to match against.
7966 maxLength: 1024
7967 type: string
7968 type: object
7969 queryParams:
7970 description: "QueryParams specifies HTTP query parameter
7971 matchers. Multiple match values are ANDed together,
7972 meaning, a request must match all the specified query
7973 parameters to select the route. \n Support: Extended"
7974 items:
7975 description: HTTPQueryParamMatch describes how to select
7976 a HTTP route by matching HTTP query parameters.
7977 properties:
7978 name:
7979 description: "Name is the name of the HTTP query
7980 param to be matched. This must be an exact string
7981 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
7982 \n If multiple entries specify equivalent query
7983 param names, only the first entry with an equivalent
7984 name MUST be considered for a match. Subsequent
7985 entries with an equivalent query param name MUST
7986 be ignored. \n If a query param is repeated in
7987 an HTTP request, the behavior is purposely left
7988 undefined, since different data planes have different
7989 capabilities. However, it is *recommended* that
7990 implementations should match against the first
7991 value of the param if the data plane supports
7992 it, as this behavior is expected in other load
7993 balancing contexts outside of the Gateway API.
7994 \n Users SHOULD NOT route traffic based on repeated
7995 query params to guard themselves against potential
7996 differences in the implementations."
7997 maxLength: 256
7998 minLength: 1
7999 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
8000 type: string
8001 type:
8002 default: Exact
8003 description: "Type specifies how to match against
8004 the value of the query parameter. \n Support:
8005 Extended (Exact) \n Support: Implementation-specific
8006 (RegularExpression) \n Since RegularExpression
8007 QueryParamMatchType has Implementation-specific
8008 conformance, implementations can support POSIX,
8009 PCRE or any other dialects of regular expressions.
8010 Please read the implementation's documentation
8011 to determine the supported dialect."
8012 enum:
8013 - Exact
8014 - RegularExpression
8015 type: string
8016 value:
8017 description: Value is the value of HTTP query param
8018 to be matched.
8019 maxLength: 1024
8020 minLength: 1
8021 type: string
8022 required:
8023 - name
8024 - value
8025 type: object
8026 maxItems: 16
8027 type: array
8028 x-kubernetes-list-map-keys:
8029 - name
8030 x-kubernetes-list-type: map
8031 type: object
8032 maxItems: 8
8033 type: array
8034 type: object
8035 maxItems: 16
8036 type: array
8037 type: object
8038 status:
8039 description: Status defines the current state of HTTPRoute.
8040 properties:
8041 parents:
8042 description: "Parents is a list of parent resources (usually Gateways)
8043 that are associated with the route, and the status of the route
8044 with respect to each parent. When this route attaches to a parent,
8045 the controller that manages the parent must add an entry to this
8046 list when the controller first sees the route and should update
8047 the entry as appropriate when the route or gateway is modified.
8048 \n Note that parent references that cannot be resolved by an implementation
8049 of this API will not be added to this list. Implementations of this
8050 API can only populate Route status for the Gateways/parent resources
8051 they are responsible for. \n A maximum of 32 Gateways will be represented
8052 in this list. An empty list means the route has not been attached
8053 to any Gateway."
8054 items:
8055 description: RouteParentStatus describes the status of a route with
8056 respect to an associated Parent.
8057 properties:
8058 conditions:
8059 description: "Conditions describes the status of the route with
8060 respect to the Gateway. Note that the route's availability
8061 is also subject to the Gateway's own status conditions and
8062 listener status. \n If the Route's ParentRef specifies an
8063 existing Gateway that supports Routes of this kind AND that
8064 Gateway's controller has sufficient access, then that Gateway's
8065 controller MUST set the \"Accepted\" condition on the Route,
8066 to indicate whether the route has been accepted or rejected
8067 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
8068 if at least one of the Route's rules is implemented by the
8069 Gateway. \n There are a number of cases where the \"Accepted\"
8070 condition may not be set due to lack of controller visibility,
8071 that includes when: \n * The Route refers to a non-existent
8072 parent. * The Route is of a type that the controller does
8073 not support. * The Route is in a namespace the controller
8074 does not have access to."
8075 items:
8076 description: "Condition contains details for one aspect of
8077 the current state of this API Resource. --- This struct
8078 is intended for direct use as an array at the field path
8079 .status.conditions. For example, \n type FooStatus struct{
8080 // Represents the observations of a foo's current state.
8081 // Known .status.conditions.type are: \"Available\", \"Progressing\",
8082 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
8083 // +listType=map // +listMapKey=type Conditions []metav1.Condition
8084 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
8085 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
8086 }"
8087 properties:
8088 lastTransitionTime:
8089 description: lastTransitionTime is the last time the condition
8090 transitioned from one status to another. This should
8091 be when the underlying condition changed. If that is
8092 not known, then using the time when the API field changed
8093 is acceptable.
8094 format: date-time
8095 type: string
8096 message:
8097 description: message is a human readable message indicating
8098 details about the transition. This may be an empty string.
8099 maxLength: 32768
8100 type: string
8101 observedGeneration:
8102 description: observedGeneration represents the .metadata.generation
8103 that the condition was set based upon. For instance,
8104 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
8105 is 9, the condition is out of date with respect to the
8106 current state of the instance.
8107 format: int64
8108 minimum: 0
8109 type: integer
8110 reason:
8111 description: reason contains a programmatic identifier
8112 indicating the reason for the condition's last transition.
8113 Producers of specific condition types may define expected
8114 values and meanings for this field, and whether the
8115 values are considered a guaranteed API. The value should
8116 be a CamelCase string. This field may not be empty.
8117 maxLength: 1024
8118 minLength: 1
8119 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
8120 type: string
8121 status:
8122 description: status of the condition, one of True, False,
8123 Unknown.
8124 enum:
8125 - "True"
8126 - "False"
8127 - Unknown
8128 type: string
8129 type:
8130 description: type of condition in CamelCase or in foo.example.com/CamelCase.
8131 --- Many .condition.type values are consistent across
8132 resources like Available, but because arbitrary conditions
8133 can be useful (see .node.status.conditions), the ability
8134 to deconflict is important. The regex it matches is
8135 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
8136 maxLength: 316
8137 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
8138 type: string
8139 required:
8140 - lastTransitionTime
8141 - message
8142 - reason
8143 - status
8144 - type
8145 type: object
8146 maxItems: 8
8147 minItems: 1
8148 type: array
8149 x-kubernetes-list-map-keys:
8150 - type
8151 x-kubernetes-list-type: map
8152 controllerName:
8153 description: "ControllerName is a domain/path string that indicates
8154 the name of the controller that wrote this status. This corresponds
8155 with the controllerName field on GatewayClass. \n Example:
8156 \"example.net/gateway-controller\". \n The format of this
8157 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
8158 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
8159 \n Controllers MUST populate this field when writing status.
8160 Controllers should ensure that entries to status populated
8161 with their ControllerName are cleaned up when they are no
8162 longer necessary."
8163 maxLength: 253
8164 minLength: 1
8165 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
8166 type: string
8167 parentRef:
8168 description: ParentRef corresponds with a ParentRef in the spec
8169 that this RouteParentStatus struct describes the status of.
8170 properties:
8171 group:
8172 default: gateway.networking.k8s.io
8173 description: "Group is the group of the referent. When unspecified,
8174 \"gateway.networking.k8s.io\" is inferred. To set the
8175 core API group (such as for a \"Service\" kind referent),
8176 Group must be explicitly set to \"\" (empty string). \n
8177 Support: Core"
8178 maxLength: 253
8179 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8180 type: string
8181 kind:
8182 default: Gateway
8183 description: "Kind is kind of the referent. \n Support:
8184 Core (Gateway) \n Support: Implementation-specific (Other
8185 Resources)"
8186 maxLength: 63
8187 minLength: 1
8188 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
8189 type: string
8190 name:
8191 description: "Name is the name of the referent. \n Support:
8192 Core"
8193 maxLength: 253
8194 minLength: 1
8195 type: string
8196 namespace:
8197 description: "Namespace is the namespace of the referent.
8198 When unspecified, this refers to the local namespace of
8199 the Route. \n Note that there are specific rules for ParentRefs
8200 which cross namespace boundaries. Cross-namespace references
8201 are only valid if they are explicitly allowed by something
8202 in the namespace they are referring to. For example: Gateway
8203 has the AllowedRoutes field, and ReferenceGrant provides
8204 a generic way to enable any other kind of cross-namespace
8205 reference. \n Support: Core"
8206 maxLength: 63
8207 minLength: 1
8208 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
8209 type: string
8210 port:
8211 description: "Port is the network port this Route targets.
8212 It can be interpreted differently based on the type of
8213 parent resource. \n When the parent resource is a Gateway,
8214 this targets all listeners listening on the specified
8215 port that also support this kind of Route(and select this
8216 Route). It's not recommended to set `Port` unless the
8217 networking behaviors specified in a Route must apply to
8218 a specific port as opposed to a listener(s) whose port(s)
8219 may be changed. When both Port and SectionName are specified,
8220 the name and port of the selected listener must match
8221 both specified values. \n Implementations MAY choose to
8222 support other parent resources. Implementations supporting
8223 other types of parent resources MUST clearly document
8224 how/if Port is interpreted. \n For the purpose of status,
8225 an attachment is considered successful as long as the
8226 parent resource accepts it partially. For example, Gateway
8227 listeners can restrict which Routes can attach to them
8228 by Route kind, namespace, or hostname. If 1 of 2 Gateway
8229 listeners accept attachment from the referencing Route,
8230 the Route MUST be considered successfully attached. If
8231 no Gateway listeners accept attachment from this Route,
8232 the Route MUST be considered detached from the Gateway.
8233 \n Support: Extended \n <gateway:experimental>"
8234 format: int32
8235 maximum: 65535
8236 minimum: 1
8237 type: integer
8238 sectionName:
8239 description: "SectionName is the name of a section within
8240 the target resource. In the following resources, SectionName
8241 is interpreted as the following: \n * Gateway: Listener
8242 Name. When both Port (experimental) and SectionName are
8243 specified, the name and port of the selected listener
8244 must match both specified values. \n Implementations MAY
8245 choose to support attaching Routes to other resources.
8246 If that is the case, they MUST clearly document how SectionName
8247 is interpreted. \n When unspecified (empty string), this
8248 will reference the entire resource. For the purpose of
8249 status, an attachment is considered successful if at least
8250 one section in the parent resource accepts it. For example,
8251 Gateway listeners can restrict which Routes can attach
8252 to them by Route kind, namespace, or hostname. If 1 of
8253 2 Gateway listeners accept attachment from the referencing
8254 Route, the Route MUST be considered successfully attached.
8255 If no Gateway listeners accept attachment from this Route,
8256 the Route MUST be considered detached from the Gateway.
8257 \n Support: Core"
8258 maxLength: 253
8259 minLength: 1
8260 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8261 type: string
8262 required:
8263 - name
8264 type: object
8265 required:
8266 - controllerName
8267 - parentRef
8268 type: object
8269 maxItems: 32
8270 type: array
8271 required:
8272 - parents
8273 type: object
8274 required:
8275 - spec
8276 type: object
8277 served: true
8278 storage: false
8279 subresources:
8280 status: {}
8281 - additionalPrinterColumns:
8282 - jsonPath: .spec.hostnames
8283 name: Hostnames
8284 type: string
8285 - jsonPath: .metadata.creationTimestamp
8286 name: Age
8287 type: date
8288 name: v1beta1
8289 schema:
8290 openAPIV3Schema:
8291 description: HTTPRoute provides a way to route HTTP requests. This includes
8292 the capability to match requests by hostname, path, header, or query param.
8293 Filters can be used to specify additional processing steps. Backends specify
8294 where matching requests should be routed.
8295 properties:
8296 apiVersion:
8297 description: 'APIVersion defines the versioned schema of this representation
8298 of an object. Servers should convert recognized schemas to the latest
8299 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
8300 type: string
8301 kind:
8302 description: 'Kind is a string value representing the REST resource this
8303 object represents. Servers may infer this from the endpoint the client
8304 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
8305 type: string
8306 metadata:
8307 type: object
8308 spec:
8309 description: Spec defines the desired state of HTTPRoute.
8310 properties:
8311 hostnames:
8312 description: "Hostnames defines a set of hostname that should match
8313 against the HTTP Host header to select a HTTPRoute used to process
8314 the request. Implementations MUST ignore any port value specified
8315 in the HTTP Host header while performing a match. \n Valid values
8316 for Hostnames are determined by RFC 1123 definition of a hostname
8317 with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
8318 may be prefixed with a wildcard label (`*.`). The wildcard label
8319 must appear by itself as the first label. \n If a hostname is specified
8320 by both the Listener and HTTPRoute, there must be at least one intersecting
8321 hostname for the HTTPRoute to be attached to the Listener. For example:
8322 \n * A Listener with `test.example.com` as the hostname matches
8323 HTTPRoutes that have either not specified any hostnames, or have
8324 specified at least one of `test.example.com` or `*.example.com`.
8325 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
8326 that have either not specified any hostnames or have specified at
8327 least one hostname that matches the Listener hostname. For example,
8328 `*.example.com`, `test.example.com`, and `foo.test.example.com`
8329 would all match. On the other hand, `example.com` and `test.example.net`
8330 would not match. \n Hostnames that are prefixed with a wildcard
8331 label (`*.`) are interpreted as a suffix match. That means that
8332 a match for `*.example.com` would match both `test.example.com`,
8333 and `foo.test.example.com`, but not `example.com`. \n If both the
8334 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
8335 that do not match the Listener hostname MUST be ignored. For example,
8336 if a Listener specified `*.example.com`, and the HTTPRoute specified
8337 `test.example.com` and `test.example.net`, `test.example.net` must
8338 not be considered for a match. \n If both the Listener and HTTPRoute
8339 have specified hostnames, and none match with the criteria above,
8340 then the HTTPRoute is not accepted. The implementation must raise
8341 an 'Accepted' Condition with a status of `False` in the corresponding
8342 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
8343 intersecting hostnames (e.g. overlapping wildcard matching and exact
8344 matching hostnames), precedence must be given to rules from the
8345 HTTPRoute with the largest number of: \n * Characters in a matching
8346 non-wildcard hostname. * Characters in a matching hostname. \n If
8347 ties exist across multiple Routes, the matching precedence rules
8348 for HTTPRouteMatches takes over. \n Support: Core"
8349 items:
8350 description: "Hostname is the fully qualified domain name of a network
8351 host. This matches the RFC 1123 definition of a hostname with
8352 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
8353 may be prefixed with a wildcard label (`*.`). The wildcard label
8354 must appear by itself as the first label. \n Hostname can be \"precise\"
8355 which is a domain name without the terminating dot of a network
8356 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
8357 name prefixed with a single wildcard label (e.g. `*.example.com`).
8358 \n Note that as per RFC1035 and RFC1123, a *label* must consist
8359 of lower case alphanumeric characters or '-', and must start and
8360 end with an alphanumeric character. No other punctuation is allowed."
8361 maxLength: 253
8362 minLength: 1
8363 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8364 type: string
8365 maxItems: 16
8366 type: array
8367 parentRefs:
8368 description: "ParentRefs references the resources (usually Gateways)
8369 that a Route wants to be attached to. Note that the referenced parent
8370 resource needs to allow this for the attachment to be complete.
8371 For Gateways, that means the Gateway needs to allow attachment from
8372 Routes of this kind and namespace. \n The only kind of parent resource
8373 with \"Core\" support is Gateway. This API may be extended in the
8374 future to support additional kinds of parent resources such as one
8375 of the route kinds. \n It is invalid to reference an identical parent
8376 more than once. It is valid to reference multiple distinct sections
8377 within the same parent resource, such as 2 Listeners within a Gateway.
8378 \n It is possible to separately reference multiple distinct objects
8379 that may be collapsed by an implementation. For example, some implementations
8380 may choose to merge compatible Gateway Listeners together. If that
8381 is the case, the list of routes attached to those resources should
8382 also be merged. \n Note that for ParentRefs that cross namespace
8383 boundaries, there are specific rules. Cross-namespace references
8384 are only valid if they are explicitly allowed by something in the
8385 namespace they are referring to. For example, Gateway has the AllowedRoutes
8386 field, and ReferenceGrant provides a generic way to enable any other
8387 kind of cross-namespace reference."
8388 items:
8389 description: "ParentReference identifies an API object (usually
8390 a Gateway) that can be considered a parent of this resource (usually
8391 a route). The only kind of parent resource with \"Core\" support
8392 is Gateway. This API may be extended in the future to support
8393 additional kinds of parent resources, such as HTTPRoute. \n The
8394 API object must be valid in the cluster; the Group and Kind must
8395 be registered in the cluster for this reference to be valid."
8396 properties:
8397 group:
8398 default: gateway.networking.k8s.io
8399 description: "Group is the group of the referent. When unspecified,
8400 \"gateway.networking.k8s.io\" is inferred. To set the core
8401 API group (such as for a \"Service\" kind referent), Group
8402 must be explicitly set to \"\" (empty string). \n Support:
8403 Core"
8404 maxLength: 253
8405 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8406 type: string
8407 kind:
8408 default: Gateway
8409 description: "Kind is kind of the referent. \n Support: Core
8410 (Gateway) \n Support: Implementation-specific (Other Resources)"
8411 maxLength: 63
8412 minLength: 1
8413 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
8414 type: string
8415 name:
8416 description: "Name is the name of the referent. \n Support:
8417 Core"
8418 maxLength: 253
8419 minLength: 1
8420 type: string
8421 namespace:
8422 description: "Namespace is the namespace of the referent. When
8423 unspecified, this refers to the local namespace of the Route.
8424 \n Note that there are specific rules for ParentRefs which
8425 cross namespace boundaries. Cross-namespace references are
8426 only valid if they are explicitly allowed by something in
8427 the namespace they are referring to. For example: Gateway
8428 has the AllowedRoutes field, and ReferenceGrant provides a
8429 generic way to enable any other kind of cross-namespace reference.
8430 \n Support: Core"
8431 maxLength: 63
8432 minLength: 1
8433 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
8434 type: string
8435 port:
8436 description: "Port is the network port this Route targets. It
8437 can be interpreted differently based on the type of parent
8438 resource. \n When the parent resource is a Gateway, this targets
8439 all listeners listening on the specified port that also support
8440 this kind of Route(and select this Route). It's not recommended
8441 to set `Port` unless the networking behaviors specified in
8442 a Route must apply to a specific port as opposed to a listener(s)
8443 whose port(s) may be changed. When both Port and SectionName
8444 are specified, the name and port of the selected listener
8445 must match both specified values. \n Implementations MAY choose
8446 to support other parent resources. Implementations supporting
8447 other types of parent resources MUST clearly document how/if
8448 Port is interpreted. \n For the purpose of status, an attachment
8449 is considered successful as long as the parent resource accepts
8450 it partially. For example, Gateway listeners can restrict
8451 which Routes can attach to them by Route kind, namespace,
8452 or hostname. If 1 of 2 Gateway listeners accept attachment
8453 from the referencing Route, the Route MUST be considered successfully
8454 attached. If no Gateway listeners accept attachment from this
8455 Route, the Route MUST be considered detached from the Gateway.
8456 \n Support: Extended \n <gateway:experimental>"
8457 format: int32
8458 maximum: 65535
8459 minimum: 1
8460 type: integer
8461 sectionName:
8462 description: "SectionName is the name of a section within the
8463 target resource. In the following resources, SectionName is
8464 interpreted as the following: \n * Gateway: Listener Name.
8465 When both Port (experimental) and SectionName are specified,
8466 the name and port of the selected listener must match both
8467 specified values. \n Implementations MAY choose to support
8468 attaching Routes to other resources. If that is the case,
8469 they MUST clearly document how SectionName is interpreted.
8470 \n When unspecified (empty string), this will reference the
8471 entire resource. For the purpose of status, an attachment
8472 is considered successful if at least one section in the parent
8473 resource accepts it. For example, Gateway listeners can restrict
8474 which Routes can attach to them by Route kind, namespace,
8475 or hostname. If 1 of 2 Gateway listeners accept attachment
8476 from the referencing Route, the Route MUST be considered successfully
8477 attached. If no Gateway listeners accept attachment from this
8478 Route, the Route MUST be considered detached from the Gateway.
8479 \n Support: Core"
8480 maxLength: 253
8481 minLength: 1
8482 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8483 type: string
8484 required:
8485 - name
8486 type: object
8487 maxItems: 32
8488 type: array
8489 rules:
8490 default:
8491 - matches:
8492 - path:
8493 type: PathPrefix
8494 value: /
8495 description: Rules are a list of HTTP matchers, filters and actions.
8496 items:
8497 description: HTTPRouteRule defines semantics for matching an HTTP
8498 request based on conditions (matches), processing it (filters),
8499 and forwarding the request to an API object (backendRefs).
8500 properties:
8501 backendRefs:
8502 description: "BackendRefs defines the backend(s) where matching
8503 requests should be sent. \n Failure behavior here depends
8504 on how many BackendRefs are specified and how many are invalid.
8505 \n If *all* entries in BackendRefs are invalid, and there
8506 are also no filters specified in this route rule, *all* traffic
8507 which matches this rule MUST receive a 500 status code. \n
8508 See the HTTPBackendRef definition for the rules about what
8509 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
8510 is invalid, 500 status codes MUST be returned for requests
8511 that would have otherwise been routed to an invalid backend.
8512 If multiple backends are specified, and some are invalid,
8513 the proportion of requests that would otherwise have been
8514 routed to an invalid backend MUST receive a 500 status code.
8515 \n For example, if two backends are specified with equal weights,
8516 and one is invalid, 50 percent of traffic must receive a 500.
8517 Implementations may choose how that 50 percent is determined.
8518 \n Support: Core for Kubernetes Service \n Support: Extended
8519 for Kubernetes ServiceImport \n Support: Implementation-specific
8520 for any other resource \n Support for weight: Core"
8521 items:
8522 description: HTTPBackendRef defines how a HTTPRoute should
8523 forward an HTTP request.
8524 properties:
8525 filters:
8526 description: "Filters defined at this level should be
8527 executed if and only if the request is being forwarded
8528 to the backend defined here. \n Support: Implementation-specific
8529 (For broader support of filters, use the Filters field
8530 in HTTPRouteRule.)"
8531 items:
8532 description: HTTPRouteFilter defines processing steps
8533 that must be completed during the request or response
8534 lifecycle. HTTPRouteFilters are meant as an extension
8535 point to express processing that may be done in Gateway
8536 implementations. Some examples include request or
8537 response modification, implementing authentication
8538 strategies, rate-limiting, and traffic shaping. API
8539 guarantee/conformance is defined based on the type
8540 of the filter.
8541 properties:
8542 extensionRef:
8543 description: "ExtensionRef is an optional, implementation-specific
8544 extension to the \"filter\" behavior. For example,
8545 resource \"myroutefilter\" in group \"networking.example.net\").
8546 ExtensionRef MUST NOT be used for core and extended
8547 filters. \n Support: Implementation-specific"
8548 properties:
8549 group:
8550 description: Group is the group of the referent.
8551 For example, "gateway.networking.k8s.io".
8552 When unspecified or empty string, core API
8553 group is inferred.
8554 maxLength: 253
8555 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8556 type: string
8557 kind:
8558 description: Kind is kind of the referent. For
8559 example "HTTPRoute" or "Service".
8560 maxLength: 63
8561 minLength: 1
8562 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
8563 type: string
8564 name:
8565 description: Name is the name of the referent.
8566 maxLength: 253
8567 minLength: 1
8568 type: string
8569 required:
8570 - group
8571 - kind
8572 - name
8573 type: object
8574 requestHeaderModifier:
8575 description: "RequestHeaderModifier defines a schema
8576 for a filter that modifies request headers. \n
8577 Support: Core"
8578 properties:
8579 add:
8580 description: "Add adds the given header(s) (name,
8581 value) to the request before the action. It
8582 appends to any existing values associated
8583 with the header name. \n Input: GET /foo HTTP/1.1
8584 my-header: foo \n Config: add: - name: \"my-header\"
8585 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
8586 my-header: foo,bar,baz"
8587 items:
8588 description: HTTPHeader represents an HTTP
8589 Header name and value as defined by RFC
8590 7230.
8591 properties:
8592 name:
8593 description: "Name is the name of the
8594 HTTP Header to be matched. Name matching
8595 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
8596 \n If multiple entries specify equivalent
8597 header names, the first entry with an
8598 equivalent name MUST be considered for
8599 a match. Subsequent entries with an
8600 equivalent header name MUST be ignored.
8601 Due to the case-insensitivity of header
8602 names, \"foo\" and \"Foo\" are considered
8603 equivalent."
8604 maxLength: 256
8605 minLength: 1
8606 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
8607 type: string
8608 value:
8609 description: Value is the value of HTTP
8610 Header to be matched.
8611 maxLength: 4096
8612 minLength: 1
8613 type: string
8614 required:
8615 - name
8616 - value
8617 type: object
8618 maxItems: 16
8619 type: array
8620 x-kubernetes-list-map-keys:
8621 - name
8622 x-kubernetes-list-type: map
8623 remove:
8624 description: "Remove the given header(s) from
8625 the HTTP request before the action. The value
8626 of Remove is a list of HTTP header names.
8627 Note that the header names are case-insensitive
8628 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
8629 \n Input: GET /foo HTTP/1.1 my-header1: foo
8630 my-header2: bar my-header3: baz \n Config:
8631 remove: [\"my-header1\", \"my-header3\"] \n
8632 Output: GET /foo HTTP/1.1 my-header2: bar"
8633 items:
8634 type: string
8635 maxItems: 16
8636 type: array
8637 set:
8638 description: "Set overwrites the request with
8639 the given header (name, value) before the
8640 action. \n Input: GET /foo HTTP/1.1 my-header:
8641 foo \n Config: set: - name: \"my-header\"
8642 value: \"bar\" \n Output: GET /foo HTTP/1.1
8643 my-header: bar"
8644 items:
8645 description: HTTPHeader represents an HTTP
8646 Header name and value as defined by RFC
8647 7230.
8648 properties:
8649 name:
8650 description: "Name is the name of the
8651 HTTP Header to be matched. Name matching
8652 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
8653 \n If multiple entries specify equivalent
8654 header names, the first entry with an
8655 equivalent name MUST be considered for
8656 a match. Subsequent entries with an
8657 equivalent header name MUST be ignored.
8658 Due to the case-insensitivity of header
8659 names, \"foo\" and \"Foo\" are considered
8660 equivalent."
8661 maxLength: 256
8662 minLength: 1
8663 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
8664 type: string
8665 value:
8666 description: Value is the value of HTTP
8667 Header to be matched.
8668 maxLength: 4096
8669 minLength: 1
8670 type: string
8671 required:
8672 - name
8673 - value
8674 type: object
8675 maxItems: 16
8676 type: array
8677 x-kubernetes-list-map-keys:
8678 - name
8679 x-kubernetes-list-type: map
8680 type: object
8681 requestMirror:
8682 description: "RequestMirror defines a schema for
8683 a filter that mirrors requests. Requests are sent
8684 to the specified destination, but responses from
8685 that destination are ignored. \n Support: Extended"
8686 properties:
8687 backendRef:
8688 description: "BackendRef references a resource
8689 where mirrored requests are sent. \n If the
8690 referent cannot be found, this BackendRef
8691 is invalid and must be dropped from the Gateway.
8692 The controller must ensure the \"ResolvedRefs\"
8693 condition on the Route status is set to `status:
8694 False` and not configure this backend in the
8695 underlying implementation. \n If there is
8696 a cross-namespace reference to an *existing*
8697 object that is not allowed by a ReferenceGrant,
8698 the controller must ensure the \"ResolvedRefs\"
8699 \ condition on the Route is set to `status:
8700 False`, with the \"RefNotPermitted\" reason
8701 and not configure this backend in the underlying
8702 implementation. \n In either error case, the
8703 Message of the `ResolvedRefs` Condition should
8704 be used to provide more detail about the problem.
8705 \n Support: Extended for Kubernetes Service
8706 \n Support: Implementation-specific for any
8707 other resource"
8708 properties:
8709 group:
8710 default: ""
8711 description: Group is the group of the referent.
8712 For example, "gateway.networking.k8s.io".
8713 When unspecified or empty string, core
8714 API group is inferred.
8715 maxLength: 253
8716 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8717 type: string
8718 kind:
8719 default: Service
8720 description: "Kind is the Kubernetes resource
8721 kind of the referent. For example \"Service\".
8722 \n Defaults to \"Service\" when not specified.
8723 \n ExternalName services can refer to
8724 CNAME DNS records that may live outside
8725 of the cluster and as such are difficult
8726 to reason about in terms of conformance.
8727 They also may not be safe to forward to
8728 (see CVE-2021-25740 for more information).
8729 Implementations SHOULD NOT support ExternalName
8730 Services. \n Support: Core (Services with
8731 a type other than ExternalName) \n Support:
8732 Implementation-specific (Services with
8733 type ExternalName)"
8734 maxLength: 63
8735 minLength: 1
8736 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
8737 type: string
8738 name:
8739 description: Name is the name of the referent.
8740 maxLength: 253
8741 minLength: 1
8742 type: string
8743 namespace:
8744 description: "Namespace is the namespace
8745 of the backend. When unspecified, the
8746 local namespace is inferred. \n Note that
8747 when a namespace different than the local
8748 namespace is specified, a ReferenceGrant
8749 object is required in the referent namespace
8750 to allow that namespace's owner to accept
8751 the reference. See the ReferenceGrant
8752 documentation for details. \n Support:
8753 Core"
8754 maxLength: 63
8755 minLength: 1
8756 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
8757 type: string
8758 port:
8759 description: Port specifies the destination
8760 port number to use for this resource.
8761 Port is required when the referent is
8762 a Kubernetes Service. In this case, the
8763 port number is the service port number,
8764 not the target port. For other resources,
8765 destination port might be derived from
8766 the referent resource or this field.
8767 format: int32
8768 maximum: 65535
8769 minimum: 1
8770 type: integer
8771 required:
8772 - name
8773 type: object
8774 required:
8775 - backendRef
8776 type: object
8777 requestRedirect:
8778 description: "RequestRedirect defines a schema for
8779 a filter that responds to the request with an
8780 HTTP redirection. \n Support: Core"
8781 properties:
8782 hostname:
8783 description: "Hostname is the hostname to be
8784 used in the value of the `Location` header
8785 in the response. When empty, the hostname
8786 in the `Host` header of the request is used.
8787 \n Support: Core"
8788 maxLength: 253
8789 minLength: 1
8790 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8791 type: string
8792 path:
8793 description: "Path defines parameters used to
8794 modify the path of the incoming request. The
8795 modified path is then used to construct the
8796 `Location` header. When empty, the request
8797 path is used as-is. \n Support: Extended"
8798 properties:
8799 replaceFullPath:
8800 description: ReplaceFullPath specifies the
8801 value with which to replace the full path
8802 of a request during a rewrite or redirect.
8803 maxLength: 1024
8804 type: string
8805 replacePrefixMatch:
8806 description: "ReplacePrefixMatch specifies
8807 the value with which to replace the prefix
8808 match of a request during a rewrite or
8809 redirect. For example, a request to \"/foo/bar\"
8810 with a prefix match of \"/foo\" would
8811 be modified to \"/bar\". \n Note that
8812 this matches the behavior of the PathPrefix
8813 match type. This matches full path elements.
8814 A path element refers to the list of labels
8815 in the path split by the `/` separator.
8816 When specified, a trailing `/` is ignored.
8817 For example, the paths `/abc`, `/abc/`,
8818 and `/abc/def` would all match the prefix
8819 `/abc`, but the path `/abcd` would not."
8820 maxLength: 1024
8821 type: string
8822 type:
8823 description: "Type defines the type of path
8824 modifier. Additional types may be added
8825 in a future release of the API. \n Note
8826 that values may be added to this enum,
8827 implementations must ensure that unknown
8828 values will not cause a crash. \n Unknown
8829 values here must result in the implementation
8830 setting the Accepted Condition for the
8831 Route to `status: False`, with a Reason
8832 of `UnsupportedValue`."
8833 enum:
8834 - ReplaceFullPath
8835 - ReplacePrefixMatch
8836 type: string
8837 required:
8838 - type
8839 type: object
8840 port:
8841 description: "Port is the port to be used in
8842 the value of the `Location` header in the
8843 response. \n If no port is specified, the
8844 redirect port MUST be derived using the following
8845 rules: \n * If redirect scheme is not-empty,
8846 the redirect port MUST be the well-known port
8847 associated with the redirect scheme. Specifically
8848 \"http\" to port 80 and \"https\" to port
8849 443. If the redirect scheme does not have
8850 a well-known port, the listener port of the
8851 Gateway SHOULD be used. * If redirect scheme
8852 is empty, the redirect port MUST be the Gateway
8853 Listener port. \n Implementations SHOULD NOT
8854 add the port number in the 'Location' header
8855 in the following cases: \n * A Location header
8856 that will use HTTP (whether that is determined
8857 via the Listener protocol or the Scheme field)
8858 _and_ use port 80. * A Location header that
8859 will use HTTPS (whether that is determined
8860 via the Listener protocol or the Scheme field)
8861 _and_ use port 443. \n Support: Extended"
8862 format: int32
8863 maximum: 65535
8864 minimum: 1
8865 type: integer
8866 scheme:
8867 description: "Scheme is the scheme to be used
8868 in the value of the `Location` header in the
8869 response. When empty, the scheme of the request
8870 is used. \n Scheme redirects can affect the
8871 port of the redirect, for more information,
8872 refer to the documentation for the port field
8873 of this filter. \n Note that values may be
8874 added to this enum, implementations must ensure
8875 that unknown values will not cause a crash.
8876 \n Unknown values here must result in the
8877 implementation setting the Accepted Condition
8878 for the Route to `status: False`, with a Reason
8879 of `UnsupportedValue`. \n Support: Extended"
8880 enum:
8881 - http
8882 - https
8883 type: string
8884 statusCode:
8885 default: 302
8886 description: "StatusCode is the HTTP status
8887 code to be used in response. \n Note that
8888 values may be added to this enum, implementations
8889 must ensure that unknown values will not cause
8890 a crash. \n Unknown values here must result
8891 in the implementation setting the Accepted
8892 Condition for the Route to `status: False`,
8893 with a Reason of `UnsupportedValue`. \n Support:
8894 Core"
8895 enum:
8896 - 301
8897 - 302
8898 type: integer
8899 type: object
8900 responseHeaderModifier:
8901 description: "ResponseHeaderModifier defines a schema
8902 for a filter that modifies response headers. \n
8903 Support: Extended"
8904 properties:
8905 add:
8906 description: "Add adds the given header(s) (name,
8907 value) to the request before the action. It
8908 appends to any existing values associated
8909 with the header name. \n Input: GET /foo HTTP/1.1
8910 my-header: foo \n Config: add: - name: \"my-header\"
8911 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
8912 my-header: foo,bar,baz"
8913 items:
8914 description: HTTPHeader represents an HTTP
8915 Header name and value as defined by RFC
8916 7230.
8917 properties:
8918 name:
8919 description: "Name is the name of the
8920 HTTP Header to be matched. Name matching
8921 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
8922 \n If multiple entries specify equivalent
8923 header names, the first entry with an
8924 equivalent name MUST be considered for
8925 a match. Subsequent entries with an
8926 equivalent header name MUST be ignored.
8927 Due to the case-insensitivity of header
8928 names, \"foo\" and \"Foo\" are considered
8929 equivalent."
8930 maxLength: 256
8931 minLength: 1
8932 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
8933 type: string
8934 value:
8935 description: Value is the value of HTTP
8936 Header to be matched.
8937 maxLength: 4096
8938 minLength: 1
8939 type: string
8940 required:
8941 - name
8942 - value
8943 type: object
8944 maxItems: 16
8945 type: array
8946 x-kubernetes-list-map-keys:
8947 - name
8948 x-kubernetes-list-type: map
8949 remove:
8950 description: "Remove the given header(s) from
8951 the HTTP request before the action. The value
8952 of Remove is a list of HTTP header names.
8953 Note that the header names are case-insensitive
8954 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
8955 \n Input: GET /foo HTTP/1.1 my-header1: foo
8956 my-header2: bar my-header3: baz \n Config:
8957 remove: [\"my-header1\", \"my-header3\"] \n
8958 Output: GET /foo HTTP/1.1 my-header2: bar"
8959 items:
8960 type: string
8961 maxItems: 16
8962 type: array
8963 set:
8964 description: "Set overwrites the request with
8965 the given header (name, value) before the
8966 action. \n Input: GET /foo HTTP/1.1 my-header:
8967 foo \n Config: set: - name: \"my-header\"
8968 value: \"bar\" \n Output: GET /foo HTTP/1.1
8969 my-header: bar"
8970 items:
8971 description: HTTPHeader represents an HTTP
8972 Header name and value as defined by RFC
8973 7230.
8974 properties:
8975 name:
8976 description: "Name is the name of the
8977 HTTP Header to be matched. Name matching
8978 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
8979 \n If multiple entries specify equivalent
8980 header names, the first entry with an
8981 equivalent name MUST be considered for
8982 a match. Subsequent entries with an
8983 equivalent header name MUST be ignored.
8984 Due to the case-insensitivity of header
8985 names, \"foo\" and \"Foo\" are considered
8986 equivalent."
8987 maxLength: 256
8988 minLength: 1
8989 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
8990 type: string
8991 value:
8992 description: Value is the value of HTTP
8993 Header to be matched.
8994 maxLength: 4096
8995 minLength: 1
8996 type: string
8997 required:
8998 - name
8999 - value
9000 type: object
9001 maxItems: 16
9002 type: array
9003 x-kubernetes-list-map-keys:
9004 - name
9005 x-kubernetes-list-type: map
9006 type: object
9007 type:
9008 description: "Type identifies the type of filter
9009 to apply. As with other API fields, types are
9010 classified into three conformance levels: \n -
9011 Core: Filter types and their corresponding configuration
9012 defined by \"Support: Core\" in this package,
9013 e.g. \"RequestHeaderModifier\". All implementations
9014 must support core filters. \n - Extended: Filter
9015 types and their corresponding configuration defined
9016 by \"Support: Extended\" in this package, e.g.
9017 \"RequestMirror\". Implementers are encouraged
9018 to support extended filters. \n - Implementation-specific:
9019 Filters that are defined and supported by specific
9020 vendors. In the future, filters showing convergence
9021 in behavior across multiple implementations will
9022 be considered for inclusion in extended or core
9023 conformance levels. Filter-specific configuration
9024 for such filters is specified using the ExtensionRef
9025 field. `Type` should be set to \"ExtensionRef\"
9026 for custom filters. \n Implementers are encouraged
9027 to define custom implementation types to extend
9028 the core API with implementation-specific behavior.
9029 \n If a reference to a custom filter type cannot
9030 be resolved, the filter MUST NOT be skipped. Instead,
9031 requests that would have been processed by that
9032 filter MUST receive a HTTP error response. \n
9033 Note that values may be added to this enum, implementations
9034 must ensure that unknown values will not cause
9035 a crash. \n Unknown values here must result in
9036 the implementation setting the Accepted Condition
9037 for the Route to `status: False`, with a Reason
9038 of `UnsupportedValue`."
9039 enum:
9040 - RequestHeaderModifier
9041 - ResponseHeaderModifier
9042 - RequestMirror
9043 - RequestRedirect
9044 - URLRewrite
9045 - ExtensionRef
9046 type: string
9047 urlRewrite:
9048 description: "URLRewrite defines a schema for a
9049 filter that modifies a request during forwarding.
9050 \n Support: Extended"
9051 properties:
9052 hostname:
9053 description: "Hostname is the value to be used
9054 to replace the Host header value during forwarding.
9055 \n Support: Extended"
9056 maxLength: 253
9057 minLength: 1
9058 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9059 type: string
9060 path:
9061 description: "Path defines a path rewrite. \n
9062 Support: Extended"
9063 properties:
9064 replaceFullPath:
9065 description: ReplaceFullPath specifies the
9066 value with which to replace the full path
9067 of a request during a rewrite or redirect.
9068 maxLength: 1024
9069 type: string
9070 replacePrefixMatch:
9071 description: "ReplacePrefixMatch specifies
9072 the value with which to replace the prefix
9073 match of a request during a rewrite or
9074 redirect. For example, a request to \"/foo/bar\"
9075 with a prefix match of \"/foo\" would
9076 be modified to \"/bar\". \n Note that
9077 this matches the behavior of the PathPrefix
9078 match type. This matches full path elements.
9079 A path element refers to the list of labels
9080 in the path split by the `/` separator.
9081 When specified, a trailing `/` is ignored.
9082 For example, the paths `/abc`, `/abc/`,
9083 and `/abc/def` would all match the prefix
9084 `/abc`, but the path `/abcd` would not."
9085 maxLength: 1024
9086 type: string
9087 type:
9088 description: "Type defines the type of path
9089 modifier. Additional types may be added
9090 in a future release of the API. \n Note
9091 that values may be added to this enum,
9092 implementations must ensure that unknown
9093 values will not cause a crash. \n Unknown
9094 values here must result in the implementation
9095 setting the Accepted Condition for the
9096 Route to `status: False`, with a Reason
9097 of `UnsupportedValue`."
9098 enum:
9099 - ReplaceFullPath
9100 - ReplacePrefixMatch
9101 type: string
9102 required:
9103 - type
9104 type: object
9105 type: object
9106 required:
9107 - type
9108 type: object
9109 maxItems: 16
9110 type: array
9111 group:
9112 default: ""
9113 description: Group is the group of the referent. For example,
9114 "gateway.networking.k8s.io". When unspecified or empty
9115 string, core API group is inferred.
9116 maxLength: 253
9117 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9118 type: string
9119 kind:
9120 default: Service
9121 description: "Kind is the Kubernetes resource kind of
9122 the referent. For example \"Service\". \n Defaults to
9123 \"Service\" when not specified. \n ExternalName services
9124 can refer to CNAME DNS records that may live outside
9125 of the cluster and as such are difficult to reason about
9126 in terms of conformance. They also may not be safe to
9127 forward to (see CVE-2021-25740 for more information).
9128 Implementations SHOULD NOT support ExternalName Services.
9129 \n Support: Core (Services with a type other than ExternalName)
9130 \n Support: Implementation-specific (Services with type
9131 ExternalName)"
9132 maxLength: 63
9133 minLength: 1
9134 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
9135 type: string
9136 name:
9137 description: Name is the name of the referent.
9138 maxLength: 253
9139 minLength: 1
9140 type: string
9141 namespace:
9142 description: "Namespace is the namespace of the backend.
9143 When unspecified, the local namespace is inferred. \n
9144 Note that when a namespace different than the local
9145 namespace is specified, a ReferenceGrant object is required
9146 in the referent namespace to allow that namespace's
9147 owner to accept the reference. See the ReferenceGrant
9148 documentation for details. \n Support: Core"
9149 maxLength: 63
9150 minLength: 1
9151 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
9152 type: string
9153 port:
9154 description: Port specifies the destination port number
9155 to use for this resource. Port is required when the
9156 referent is a Kubernetes Service. In this case, the
9157 port number is the service port number, not the target
9158 port. For other resources, destination port might be
9159 derived from the referent resource or this field.
9160 format: int32
9161 maximum: 65535
9162 minimum: 1
9163 type: integer
9164 weight:
9165 default: 1
9166 description: "Weight specifies the proportion of requests
9167 forwarded to the referenced backend. This is computed
9168 as weight/(sum of all weights in this BackendRefs list).
9169 For non-zero values, there may be some epsilon from
9170 the exact proportion defined here depending on the precision
9171 an implementation supports. Weight is not a percentage
9172 and the sum of weights does not need to equal 100. \n
9173 If only one backend is specified and it has a weight
9174 greater than 0, 100% of the traffic is forwarded to
9175 that backend. If weight is set to 0, no traffic should
9176 be forwarded for this entry. If unspecified, weight
9177 defaults to 1. \n Support for this field varies based
9178 on the context where used."
9179 format: int32
9180 maximum: 1000000
9181 minimum: 0
9182 type: integer
9183 required:
9184 - name
9185 type: object
9186 maxItems: 16
9187 type: array
9188 filters:
9189 description: "Filters define the filters that are applied to
9190 requests that match this rule. \n The effects of ordering
9191 of multiple behaviors are currently unspecified. This can
9192 change in the future based on feedback during the alpha stage.
9193 \n Conformance-levels at this level are defined based on the
9194 type of filter: \n - ALL core filters MUST be supported by
9195 all implementations. - Implementers are encouraged to support
9196 extended filters. - Implementation-specific custom filters
9197 have no API guarantees across implementations. \n Specifying
9198 a core filter multiple times has unspecified or implementation-specific
9199 conformance. \n All filters are expected to be compatible
9200 with each other except for the URLRewrite and RequestRedirect
9201 filters, which may not be combined. If an implementation can
9202 not support other combinations of filters, they must clearly
9203 document that limitation. In all cases where incompatible
9204 or unsupported filters are specified, implementations MUST
9205 add a warning condition to status. \n Support: Core"
9206 items:
9207 description: HTTPRouteFilter defines processing steps that
9208 must be completed during the request or response lifecycle.
9209 HTTPRouteFilters are meant as an extension point to express
9210 processing that may be done in Gateway implementations.
9211 Some examples include request or response modification,
9212 implementing authentication strategies, rate-limiting, and
9213 traffic shaping. API guarantee/conformance is defined based
9214 on the type of the filter.
9215 properties:
9216 extensionRef:
9217 description: "ExtensionRef is an optional, implementation-specific
9218 extension to the \"filter\" behavior. For example,
9219 resource \"myroutefilter\" in group \"networking.example.net\").
9220 ExtensionRef MUST NOT be used for core and extended
9221 filters. \n Support: Implementation-specific"
9222 properties:
9223 group:
9224 description: Group is the group of the referent. For
9225 example, "gateway.networking.k8s.io". When unspecified
9226 or empty string, core API group is inferred.
9227 maxLength: 253
9228 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9229 type: string
9230 kind:
9231 description: Kind is kind of the referent. For example
9232 "HTTPRoute" or "Service".
9233 maxLength: 63
9234 minLength: 1
9235 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
9236 type: string
9237 name:
9238 description: Name is the name of the referent.
9239 maxLength: 253
9240 minLength: 1
9241 type: string
9242 required:
9243 - group
9244 - kind
9245 - name
9246 type: object
9247 requestHeaderModifier:
9248 description: "RequestHeaderModifier defines a schema for
9249 a filter that modifies request headers. \n Support:
9250 Core"
9251 properties:
9252 add:
9253 description: "Add adds the given header(s) (name,
9254 value) to the request before the action. It appends
9255 to any existing values associated with the header
9256 name. \n Input: GET /foo HTTP/1.1 my-header: foo
9257 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
9258 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
9259 items:
9260 description: HTTPHeader represents an HTTP Header
9261 name and value as defined by RFC 7230.
9262 properties:
9263 name:
9264 description: "Name is the name of the HTTP Header
9265 to be matched. Name matching MUST be case
9266 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
9267 \n If multiple entries specify equivalent
9268 header names, the first entry with an equivalent
9269 name MUST be considered for a match. Subsequent
9270 entries with an equivalent header name MUST
9271 be ignored. Due to the case-insensitivity
9272 of header names, \"foo\" and \"Foo\" are considered
9273 equivalent."
9274 maxLength: 256
9275 minLength: 1
9276 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9277 type: string
9278 value:
9279 description: Value is the value of HTTP Header
9280 to be matched.
9281 maxLength: 4096
9282 minLength: 1
9283 type: string
9284 required:
9285 - name
9286 - value
9287 type: object
9288 maxItems: 16
9289 type: array
9290 x-kubernetes-list-map-keys:
9291 - name
9292 x-kubernetes-list-type: map
9293 remove:
9294 description: "Remove the given header(s) from the
9295 HTTP request before the action. The value of Remove
9296 is a list of HTTP header names. Note that the header
9297 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
9298 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
9299 bar my-header3: baz \n Config: remove: [\"my-header1\",
9300 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
9301 bar"
9302 items:
9303 type: string
9304 maxItems: 16
9305 type: array
9306 set:
9307 description: "Set overwrites the request with the
9308 given header (name, value) before the action. \n
9309 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
9310 set: - name: \"my-header\" value: \"bar\" \n Output:
9311 GET /foo HTTP/1.1 my-header: bar"
9312 items:
9313 description: HTTPHeader represents an HTTP Header
9314 name and value as defined by RFC 7230.
9315 properties:
9316 name:
9317 description: "Name is the name of the HTTP Header
9318 to be matched. Name matching MUST be case
9319 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
9320 \n If multiple entries specify equivalent
9321 header names, the first entry with an equivalent
9322 name MUST be considered for a match. Subsequent
9323 entries with an equivalent header name MUST
9324 be ignored. Due to the case-insensitivity
9325 of header names, \"foo\" and \"Foo\" are considered
9326 equivalent."
9327 maxLength: 256
9328 minLength: 1
9329 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9330 type: string
9331 value:
9332 description: Value is the value of HTTP Header
9333 to be matched.
9334 maxLength: 4096
9335 minLength: 1
9336 type: string
9337 required:
9338 - name
9339 - value
9340 type: object
9341 maxItems: 16
9342 type: array
9343 x-kubernetes-list-map-keys:
9344 - name
9345 x-kubernetes-list-type: map
9346 type: object
9347 requestMirror:
9348 description: "RequestMirror defines a schema for a filter
9349 that mirrors requests. Requests are sent to the specified
9350 destination, but responses from that destination are
9351 ignored. \n Support: Extended"
9352 properties:
9353 backendRef:
9354 description: "BackendRef references a resource where
9355 mirrored requests are sent. \n If the referent cannot
9356 be found, this BackendRef is invalid and must be
9357 dropped from the Gateway. The controller must ensure
9358 the \"ResolvedRefs\" condition on the Route status
9359 is set to `status: False` and not configure this
9360 backend in the underlying implementation. \n If
9361 there is a cross-namespace reference to an *existing*
9362 object that is not allowed by a ReferenceGrant,
9363 the controller must ensure the \"ResolvedRefs\"
9364 \ condition on the Route is set to `status: False`,
9365 with the \"RefNotPermitted\" reason and not configure
9366 this backend in the underlying implementation. \n
9367 In either error case, the Message of the `ResolvedRefs`
9368 Condition should be used to provide more detail
9369 about the problem. \n Support: Extended for Kubernetes
9370 Service \n Support: Implementation-specific for
9371 any other resource"
9372 properties:
9373 group:
9374 default: ""
9375 description: Group is the group of the referent.
9376 For example, "gateway.networking.k8s.io". When
9377 unspecified or empty string, core API group
9378 is inferred.
9379 maxLength: 253
9380 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9381 type: string
9382 kind:
9383 default: Service
9384 description: "Kind is the Kubernetes resource
9385 kind of the referent. For example \"Service\".
9386 \n Defaults to \"Service\" when not specified.
9387 \n ExternalName services can refer to CNAME
9388 DNS records that may live outside of the cluster
9389 and as such are difficult to reason about in
9390 terms of conformance. They also may not be safe
9391 to forward to (see CVE-2021-25740 for more information).
9392 Implementations SHOULD NOT support ExternalName
9393 Services. \n Support: Core (Services with a
9394 type other than ExternalName) \n Support: Implementation-specific
9395 (Services with type ExternalName)"
9396 maxLength: 63
9397 minLength: 1
9398 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
9399 type: string
9400 name:
9401 description: Name is the name of the referent.
9402 maxLength: 253
9403 minLength: 1
9404 type: string
9405 namespace:
9406 description: "Namespace is the namespace of the
9407 backend. When unspecified, the local namespace
9408 is inferred. \n Note that when a namespace different
9409 than the local namespace is specified, a ReferenceGrant
9410 object is required in the referent namespace
9411 to allow that namespace's owner to accept the
9412 reference. See the ReferenceGrant documentation
9413 for details. \n Support: Core"
9414 maxLength: 63
9415 minLength: 1
9416 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
9417 type: string
9418 port:
9419 description: Port specifies the destination port
9420 number to use for this resource. Port is required
9421 when the referent is a Kubernetes Service. In
9422 this case, the port number is the service port
9423 number, not the target port. For other resources,
9424 destination port might be derived from the referent
9425 resource or this field.
9426 format: int32
9427 maximum: 65535
9428 minimum: 1
9429 type: integer
9430 required:
9431 - name
9432 type: object
9433 required:
9434 - backendRef
9435 type: object
9436 requestRedirect:
9437 description: "RequestRedirect defines a schema for a filter
9438 that responds to the request with an HTTP redirection.
9439 \n Support: Core"
9440 properties:
9441 hostname:
9442 description: "Hostname is the hostname to be used
9443 in the value of the `Location` header in the response.
9444 When empty, the hostname in the `Host` header of
9445 the request is used. \n Support: Core"
9446 maxLength: 253
9447 minLength: 1
9448 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9449 type: string
9450 path:
9451 description: "Path defines parameters used to modify
9452 the path of the incoming request. The modified path
9453 is then used to construct the `Location` header.
9454 When empty, the request path is used as-is. \n Support:
9455 Extended"
9456 properties:
9457 replaceFullPath:
9458 description: ReplaceFullPath specifies the value
9459 with which to replace the full path of a request
9460 during a rewrite or redirect.
9461 maxLength: 1024
9462 type: string
9463 replacePrefixMatch:
9464 description: "ReplacePrefixMatch specifies the
9465 value with which to replace the prefix match
9466 of a request during a rewrite or redirect. For
9467 example, a request to \"/foo/bar\" with a prefix
9468 match of \"/foo\" would be modified to \"/bar\".
9469 \n Note that this matches the behavior of the
9470 PathPrefix match type. This matches full path
9471 elements. A path element refers to the list
9472 of labels in the path split by the `/` separator.
9473 When specified, a trailing `/` is ignored. For
9474 example, the paths `/abc`, `/abc/`, and `/abc/def`
9475 would all match the prefix `/abc`, but the path
9476 `/abcd` would not."
9477 maxLength: 1024
9478 type: string
9479 type:
9480 description: "Type defines the type of path modifier.
9481 Additional types may be added in a future release
9482 of the API. \n Note that values may be added
9483 to this enum, implementations must ensure that
9484 unknown values will not cause a crash. \n Unknown
9485 values here must result in the implementation
9486 setting the Accepted Condition for the Route
9487 to `status: False`, with a Reason of `UnsupportedValue`."
9488 enum:
9489 - ReplaceFullPath
9490 - ReplacePrefixMatch
9491 type: string
9492 required:
9493 - type
9494 type: object
9495 port:
9496 description: "Port is the port to be used in the value
9497 of the `Location` header in the response. \n If
9498 no port is specified, the redirect port MUST be
9499 derived using the following rules: \n * If redirect
9500 scheme is not-empty, the redirect port MUST be the
9501 well-known port associated with the redirect scheme.
9502 Specifically \"http\" to port 80 and \"https\" to
9503 port 443. If the redirect scheme does not have a
9504 well-known port, the listener port of the Gateway
9505 SHOULD be used. * If redirect scheme is empty, the
9506 redirect port MUST be the Gateway Listener port.
9507 \n Implementations SHOULD NOT add the port number
9508 in the 'Location' header in the following cases:
9509 \n * A Location header that will use HTTP (whether
9510 that is determined via the Listener protocol or
9511 the Scheme field) _and_ use port 80. * A Location
9512 header that will use HTTPS (whether that is determined
9513 via the Listener protocol or the Scheme field) _and_
9514 use port 443. \n Support: Extended"
9515 format: int32
9516 maximum: 65535
9517 minimum: 1
9518 type: integer
9519 scheme:
9520 description: "Scheme is the scheme to be used in the
9521 value of the `Location` header in the response.
9522 When empty, the scheme of the request is used. \n
9523 Scheme redirects can affect the port of the redirect,
9524 for more information, refer to the documentation
9525 for the port field of this filter. \n Note that
9526 values may be added to this enum, implementations
9527 must ensure that unknown values will not cause a
9528 crash. \n Unknown values here must result in the
9529 implementation setting the Accepted Condition for
9530 the Route to `status: False`, with a Reason of `UnsupportedValue`.
9531 \n Support: Extended"
9532 enum:
9533 - http
9534 - https
9535 type: string
9536 statusCode:
9537 default: 302
9538 description: "StatusCode is the HTTP status code to
9539 be used in response. \n Note that values may be
9540 added to this enum, implementations must ensure
9541 that unknown values will not cause a crash. \n Unknown
9542 values here must result in the implementation setting
9543 the Accepted Condition for the Route to `status:
9544 False`, with a Reason of `UnsupportedValue`. \n
9545 Support: Core"
9546 enum:
9547 - 301
9548 - 302
9549 type: integer
9550 type: object
9551 responseHeaderModifier:
9552 description: "ResponseHeaderModifier defines a schema
9553 for a filter that modifies response headers. \n Support:
9554 Extended"
9555 properties:
9556 add:
9557 description: "Add adds the given header(s) (name,
9558 value) to the request before the action. It appends
9559 to any existing values associated with the header
9560 name. \n Input: GET /foo HTTP/1.1 my-header: foo
9561 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
9562 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
9563 items:
9564 description: HTTPHeader represents an HTTP Header
9565 name and value as defined by RFC 7230.
9566 properties:
9567 name:
9568 description: "Name is the name of the HTTP Header
9569 to be matched. Name matching MUST be case
9570 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
9571 \n If multiple entries specify equivalent
9572 header names, the first entry with an equivalent
9573 name MUST be considered for a match. Subsequent
9574 entries with an equivalent header name MUST
9575 be ignored. Due to the case-insensitivity
9576 of header names, \"foo\" and \"Foo\" are considered
9577 equivalent."
9578 maxLength: 256
9579 minLength: 1
9580 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9581 type: string
9582 value:
9583 description: Value is the value of HTTP Header
9584 to be matched.
9585 maxLength: 4096
9586 minLength: 1
9587 type: string
9588 required:
9589 - name
9590 - value
9591 type: object
9592 maxItems: 16
9593 type: array
9594 x-kubernetes-list-map-keys:
9595 - name
9596 x-kubernetes-list-type: map
9597 remove:
9598 description: "Remove the given header(s) from the
9599 HTTP request before the action. The value of Remove
9600 is a list of HTTP header names. Note that the header
9601 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
9602 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
9603 bar my-header3: baz \n Config: remove: [\"my-header1\",
9604 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
9605 bar"
9606 items:
9607 type: string
9608 maxItems: 16
9609 type: array
9610 set:
9611 description: "Set overwrites the request with the
9612 given header (name, value) before the action. \n
9613 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
9614 set: - name: \"my-header\" value: \"bar\" \n Output:
9615 GET /foo HTTP/1.1 my-header: bar"
9616 items:
9617 description: HTTPHeader represents an HTTP Header
9618 name and value as defined by RFC 7230.
9619 properties:
9620 name:
9621 description: "Name is the name of the HTTP Header
9622 to be matched. Name matching MUST be case
9623 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
9624 \n If multiple entries specify equivalent
9625 header names, the first entry with an equivalent
9626 name MUST be considered for a match. Subsequent
9627 entries with an equivalent header name MUST
9628 be ignored. Due to the case-insensitivity
9629 of header names, \"foo\" and \"Foo\" are considered
9630 equivalent."
9631 maxLength: 256
9632 minLength: 1
9633 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9634 type: string
9635 value:
9636 description: Value is the value of HTTP Header
9637 to be matched.
9638 maxLength: 4096
9639 minLength: 1
9640 type: string
9641 required:
9642 - name
9643 - value
9644 type: object
9645 maxItems: 16
9646 type: array
9647 x-kubernetes-list-map-keys:
9648 - name
9649 x-kubernetes-list-type: map
9650 type: object
9651 type:
9652 description: "Type identifies the type of filter to apply.
9653 As with other API fields, types are classified into
9654 three conformance levels: \n - Core: Filter types and
9655 their corresponding configuration defined by \"Support:
9656 Core\" in this package, e.g. \"RequestHeaderModifier\".
9657 All implementations must support core filters. \n -
9658 Extended: Filter types and their corresponding configuration
9659 defined by \"Support: Extended\" in this package, e.g.
9660 \"RequestMirror\". Implementers are encouraged to support
9661 extended filters. \n - Implementation-specific: Filters
9662 that are defined and supported by specific vendors.
9663 In the future, filters showing convergence in behavior
9664 across multiple implementations will be considered for
9665 inclusion in extended or core conformance levels. Filter-specific
9666 configuration for such filters is specified using the
9667 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
9668 for custom filters. \n Implementers are encouraged to
9669 define custom implementation types to extend the core
9670 API with implementation-specific behavior. \n If a reference
9671 to a custom filter type cannot be resolved, the filter
9672 MUST NOT be skipped. Instead, requests that would have
9673 been processed by that filter MUST receive a HTTP error
9674 response. \n Note that values may be added to this enum,
9675 implementations must ensure that unknown values will
9676 not cause a crash. \n Unknown values here must result
9677 in the implementation setting the Accepted Condition
9678 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
9679 enum:
9680 - RequestHeaderModifier
9681 - ResponseHeaderModifier
9682 - RequestMirror
9683 - RequestRedirect
9684 - URLRewrite
9685 - ExtensionRef
9686 type: string
9687 urlRewrite:
9688 description: "URLRewrite defines a schema for a filter
9689 that modifies a request during forwarding. \n Support:
9690 Extended"
9691 properties:
9692 hostname:
9693 description: "Hostname is the value to be used to
9694 replace the Host header value during forwarding.
9695 \n Support: Extended"
9696 maxLength: 253
9697 minLength: 1
9698 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9699 type: string
9700 path:
9701 description: "Path defines a path rewrite. \n Support:
9702 Extended"
9703 properties:
9704 replaceFullPath:
9705 description: ReplaceFullPath specifies the value
9706 with which to replace the full path of a request
9707 during a rewrite or redirect.
9708 maxLength: 1024
9709 type: string
9710 replacePrefixMatch:
9711 description: "ReplacePrefixMatch specifies the
9712 value with which to replace the prefix match
9713 of a request during a rewrite or redirect. For
9714 example, a request to \"/foo/bar\" with a prefix
9715 match of \"/foo\" would be modified to \"/bar\".
9716 \n Note that this matches the behavior of the
9717 PathPrefix match type. This matches full path
9718 elements. A path element refers to the list
9719 of labels in the path split by the `/` separator.
9720 When specified, a trailing `/` is ignored. For
9721 example, the paths `/abc`, `/abc/`, and `/abc/def`
9722 would all match the prefix `/abc`, but the path
9723 `/abcd` would not."
9724 maxLength: 1024
9725 type: string
9726 type:
9727 description: "Type defines the type of path modifier.
9728 Additional types may be added in a future release
9729 of the API. \n Note that values may be added
9730 to this enum, implementations must ensure that
9731 unknown values will not cause a crash. \n Unknown
9732 values here must result in the implementation
9733 setting the Accepted Condition for the Route
9734 to `status: False`, with a Reason of `UnsupportedValue`."
9735 enum:
9736 - ReplaceFullPath
9737 - ReplacePrefixMatch
9738 type: string
9739 required:
9740 - type
9741 type: object
9742 type: object
9743 required:
9744 - type
9745 type: object
9746 maxItems: 16
9747 type: array
9748 matches:
9749 default:
9750 - path:
9751 type: PathPrefix
9752 value: /
9753 description: "Matches define conditions used for matching the
9754 rule against incoming HTTP requests. Each match is independent,
9755 i.e. this rule will be matched if **any** one of the matches
9756 is satisfied. \n For example, take the following matches configuration:
9757 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
9758 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
9759 to match against this rule, a request must satisfy EITHER
9760 of the two conditions: \n - path prefixed with `/foo` AND
9761 contains the header `version: v2` - path prefix of `/v2/foo`
9762 \n See the documentation for HTTPRouteMatch on how to specify
9763 multiple match conditions that should be ANDed together. \n
9764 If no matches are specified, the default is a prefix path
9765 match on \"/\", which has the effect of matching every HTTP
9766 request. \n Proxy or Load Balancer routing configuration generated
9767 from HTTPRoutes MUST prioritize matches based on the following
9768 criteria, continuing on ties. Across all rules specified on
9769 applicable Routes, precedence must be given to the match having:
9770 \n * \"Exact\" path match. * \"Prefix\" path match with largest
9771 number of characters. * Method match. * Largest number of
9772 header matches. * Largest number of query param matches. \n
9773 Note: The precedence of RegularExpression path matches are
9774 implementation-specific. \n If ties still exist across multiple
9775 Routes, matching precedence MUST be determined in order of
9776 the following criteria, continuing on ties: \n * The oldest
9777 Route based on creation timestamp. * The Route appearing first
9778 in alphabetical order by \"{namespace}/{name}\". \n If ties
9779 still exist within an HTTPRoute, matching precedence MUST
9780 be granted to the FIRST matching rule (in list order) with
9781 a match meeting the above criteria. \n When no rules matching
9782 a request have been successfully attached to the parent a
9783 request is coming from, a HTTP 404 status code MUST be returned."
9784 items:
9785 description: "HTTPRouteMatch defines the predicate used to
9786 match requests to a given action. Multiple match types are
9787 ANDed together, i.e. the match will evaluate to true only
9788 if all conditions are satisfied. \n For example, the match
9789 below will match a HTTP request only if its path starts
9790 with `/foo` AND it contains the `version: v1` header: \n
9791 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
9792 value \"v1\" \n ```"
9793 properties:
9794 headers:
9795 description: Headers specifies HTTP request header matchers.
9796 Multiple match values are ANDed together, meaning, a
9797 request must match all the specified headers to select
9798 the route.
9799 items:
9800 description: HTTPHeaderMatch describes how to select
9801 a HTTP route by matching HTTP request headers.
9802 properties:
9803 name:
9804 description: "Name is the name of the HTTP Header
9805 to be matched. Name matching MUST be case insensitive.
9806 (See https://tools.ietf.org/html/rfc7230#section-3.2).
9807 \n If multiple entries specify equivalent header
9808 names, only the first entry with an equivalent
9809 name MUST be considered for a match. Subsequent
9810 entries with an equivalent header name MUST be
9811 ignored. Due to the case-insensitivity of header
9812 names, \"foo\" and \"Foo\" are considered equivalent.
9813 \n When a header is repeated in an HTTP request,
9814 it is implementation-specific behavior as to how
9815 this is represented. Generally, proxies should
9816 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
9817 regarding processing a repeated header, with special
9818 handling for \"Set-Cookie\"."
9819 maxLength: 256
9820 minLength: 1
9821 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9822 type: string
9823 type:
9824 default: Exact
9825 description: "Type specifies how to match against
9826 the value of the header. \n Support: Core (Exact)
9827 \n Support: Implementation-specific (RegularExpression)
9828 \n Since RegularExpression HeaderMatchType has
9829 implementation-specific conformance, implementations
9830 can support POSIX, PCRE or any other dialects
9831 of regular expressions. Please read the implementation's
9832 documentation to determine the supported dialect."
9833 enum:
9834 - Exact
9835 - RegularExpression
9836 type: string
9837 value:
9838 description: Value is the value of HTTP Header to
9839 be matched.
9840 maxLength: 4096
9841 minLength: 1
9842 type: string
9843 required:
9844 - name
9845 - value
9846 type: object
9847 maxItems: 16
9848 type: array
9849 x-kubernetes-list-map-keys:
9850 - name
9851 x-kubernetes-list-type: map
9852 method:
9853 description: "Method specifies HTTP method matcher. When
9854 specified, this route will be matched only if the request
9855 has the specified method. \n Support: Extended"
9856 enum:
9857 - GET
9858 - HEAD
9859 - POST
9860 - PUT
9861 - DELETE
9862 - CONNECT
9863 - OPTIONS
9864 - TRACE
9865 - PATCH
9866 type: string
9867 path:
9868 default:
9869 type: PathPrefix
9870 value: /
9871 description: Path specifies a HTTP request path matcher.
9872 If this field is not specified, a default prefix match
9873 on the "/" path is provided.
9874 properties:
9875 type:
9876 default: PathPrefix
9877 description: "Type specifies how to match against
9878 the path Value. \n Support: Core (Exact, PathPrefix)
9879 \n Support: Implementation-specific (RegularExpression)"
9880 enum:
9881 - Exact
9882 - PathPrefix
9883 - RegularExpression
9884 type: string
9885 value:
9886 default: /
9887 description: Value of the HTTP path to match against.
9888 maxLength: 1024
9889 type: string
9890 type: object
9891 queryParams:
9892 description: "QueryParams specifies HTTP query parameter
9893 matchers. Multiple match values are ANDed together,
9894 meaning, a request must match all the specified query
9895 parameters to select the route. \n Support: Extended"
9896 items:
9897 description: HTTPQueryParamMatch describes how to select
9898 a HTTP route by matching HTTP query parameters.
9899 properties:
9900 name:
9901 description: "Name is the name of the HTTP query
9902 param to be matched. This must be an exact string
9903 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
9904 \n If multiple entries specify equivalent query
9905 param names, only the first entry with an equivalent
9906 name MUST be considered for a match. Subsequent
9907 entries with an equivalent query param name MUST
9908 be ignored. \n If a query param is repeated in
9909 an HTTP request, the behavior is purposely left
9910 undefined, since different data planes have different
9911 capabilities. However, it is *recommended* that
9912 implementations should match against the first
9913 value of the param if the data plane supports
9914 it, as this behavior is expected in other load
9915 balancing contexts outside of the Gateway API.
9916 \n Users SHOULD NOT route traffic based on repeated
9917 query params to guard themselves against potential
9918 differences in the implementations."
9919 maxLength: 256
9920 minLength: 1
9921 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9922 type: string
9923 type:
9924 default: Exact
9925 description: "Type specifies how to match against
9926 the value of the query parameter. \n Support:
9927 Extended (Exact) \n Support: Implementation-specific
9928 (RegularExpression) \n Since RegularExpression
9929 QueryParamMatchType has Implementation-specific
9930 conformance, implementations can support POSIX,
9931 PCRE or any other dialects of regular expressions.
9932 Please read the implementation's documentation
9933 to determine the supported dialect."
9934 enum:
9935 - Exact
9936 - RegularExpression
9937 type: string
9938 value:
9939 description: Value is the value of HTTP query param
9940 to be matched.
9941 maxLength: 1024
9942 minLength: 1
9943 type: string
9944 required:
9945 - name
9946 - value
9947 type: object
9948 maxItems: 16
9949 type: array
9950 x-kubernetes-list-map-keys:
9951 - name
9952 x-kubernetes-list-type: map
9953 type: object
9954 maxItems: 8
9955 type: array
9956 type: object
9957 maxItems: 16
9958 type: array
9959 type: object
9960 status:
9961 description: Status defines the current state of HTTPRoute.
9962 properties:
9963 parents:
9964 description: "Parents is a list of parent resources (usually Gateways)
9965 that are associated with the route, and the status of the route
9966 with respect to each parent. When this route attaches to a parent,
9967 the controller that manages the parent must add an entry to this
9968 list when the controller first sees the route and should update
9969 the entry as appropriate when the route or gateway is modified.
9970 \n Note that parent references that cannot be resolved by an implementation
9971 of this API will not be added to this list. Implementations of this
9972 API can only populate Route status for the Gateways/parent resources
9973 they are responsible for. \n A maximum of 32 Gateways will be represented
9974 in this list. An empty list means the route has not been attached
9975 to any Gateway."
9976 items:
9977 description: RouteParentStatus describes the status of a route with
9978 respect to an associated Parent.
9979 properties:
9980 conditions:
9981 description: "Conditions describes the status of the route with
9982 respect to the Gateway. Note that the route's availability
9983 is also subject to the Gateway's own status conditions and
9984 listener status. \n If the Route's ParentRef specifies an
9985 existing Gateway that supports Routes of this kind AND that
9986 Gateway's controller has sufficient access, then that Gateway's
9987 controller MUST set the \"Accepted\" condition on the Route,
9988 to indicate whether the route has been accepted or rejected
9989 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
9990 if at least one of the Route's rules is implemented by the
9991 Gateway. \n There are a number of cases where the \"Accepted\"
9992 condition may not be set due to lack of controller visibility,
9993 that includes when: \n * The Route refers to a non-existent
9994 parent. * The Route is of a type that the controller does
9995 not support. * The Route is in a namespace the controller
9996 does not have access to."
9997 items:
9998 description: "Condition contains details for one aspect of
9999 the current state of this API Resource. --- This struct
10000 is intended for direct use as an array at the field path
10001 .status.conditions. For example, \n type FooStatus struct{
10002 // Represents the observations of a foo's current state.
10003 // Known .status.conditions.type are: \"Available\", \"Progressing\",
10004 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
10005 // +listType=map // +listMapKey=type Conditions []metav1.Condition
10006 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
10007 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
10008 }"
10009 properties:
10010 lastTransitionTime:
10011 description: lastTransitionTime is the last time the condition
10012 transitioned from one status to another. This should
10013 be when the underlying condition changed. If that is
10014 not known, then using the time when the API field changed
10015 is acceptable.
10016 format: date-time
10017 type: string
10018 message:
10019 description: message is a human readable message indicating
10020 details about the transition. This may be an empty string.
10021 maxLength: 32768
10022 type: string
10023 observedGeneration:
10024 description: observedGeneration represents the .metadata.generation
10025 that the condition was set based upon. For instance,
10026 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
10027 is 9, the condition is out of date with respect to the
10028 current state of the instance.
10029 format: int64
10030 minimum: 0
10031 type: integer
10032 reason:
10033 description: reason contains a programmatic identifier
10034 indicating the reason for the condition's last transition.
10035 Producers of specific condition types may define expected
10036 values and meanings for this field, and whether the
10037 values are considered a guaranteed API. The value should
10038 be a CamelCase string. This field may not be empty.
10039 maxLength: 1024
10040 minLength: 1
10041 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
10042 type: string
10043 status:
10044 description: status of the condition, one of True, False,
10045 Unknown.
10046 enum:
10047 - "True"
10048 - "False"
10049 - Unknown
10050 type: string
10051 type:
10052 description: type of condition in CamelCase or in foo.example.com/CamelCase.
10053 --- Many .condition.type values are consistent across
10054 resources like Available, but because arbitrary conditions
10055 can be useful (see .node.status.conditions), the ability
10056 to deconflict is important. The regex it matches is
10057 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
10058 maxLength: 316
10059 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
10060 type: string
10061 required:
10062 - lastTransitionTime
10063 - message
10064 - reason
10065 - status
10066 - type
10067 type: object
10068 maxItems: 8
10069 minItems: 1
10070 type: array
10071 x-kubernetes-list-map-keys:
10072 - type
10073 x-kubernetes-list-type: map
10074 controllerName:
10075 description: "ControllerName is a domain/path string that indicates
10076 the name of the controller that wrote this status. This corresponds
10077 with the controllerName field on GatewayClass. \n Example:
10078 \"example.net/gateway-controller\". \n The format of this
10079 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
10080 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
10081 \n Controllers MUST populate this field when writing status.
10082 Controllers should ensure that entries to status populated
10083 with their ControllerName are cleaned up when they are no
10084 longer necessary."
10085 maxLength: 253
10086 minLength: 1
10087 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
10088 type: string
10089 parentRef:
10090 description: ParentRef corresponds with a ParentRef in the spec
10091 that this RouteParentStatus struct describes the status of.
10092 properties:
10093 group:
10094 default: gateway.networking.k8s.io
10095 description: "Group is the group of the referent. When unspecified,
10096 \"gateway.networking.k8s.io\" is inferred. To set the
10097 core API group (such as for a \"Service\" kind referent),
10098 Group must be explicitly set to \"\" (empty string). \n
10099 Support: Core"
10100 maxLength: 253
10101 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10102 type: string
10103 kind:
10104 default: Gateway
10105 description: "Kind is kind of the referent. \n Support:
10106 Core (Gateway) \n Support: Implementation-specific (Other
10107 Resources)"
10108 maxLength: 63
10109 minLength: 1
10110 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10111 type: string
10112 name:
10113 description: "Name is the name of the referent. \n Support:
10114 Core"
10115 maxLength: 253
10116 minLength: 1
10117 type: string
10118 namespace:
10119 description: "Namespace is the namespace of the referent.
10120 When unspecified, this refers to the local namespace of
10121 the Route. \n Note that there are specific rules for ParentRefs
10122 which cross namespace boundaries. Cross-namespace references
10123 are only valid if they are explicitly allowed by something
10124 in the namespace they are referring to. For example: Gateway
10125 has the AllowedRoutes field, and ReferenceGrant provides
10126 a generic way to enable any other kind of cross-namespace
10127 reference. \n Support: Core"
10128 maxLength: 63
10129 minLength: 1
10130 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
10131 type: string
10132 port:
10133 description: "Port is the network port this Route targets.
10134 It can be interpreted differently based on the type of
10135 parent resource. \n When the parent resource is a Gateway,
10136 this targets all listeners listening on the specified
10137 port that also support this kind of Route(and select this
10138 Route). It's not recommended to set `Port` unless the
10139 networking behaviors specified in a Route must apply to
10140 a specific port as opposed to a listener(s) whose port(s)
10141 may be changed. When both Port and SectionName are specified,
10142 the name and port of the selected listener must match
10143 both specified values. \n Implementations MAY choose to
10144 support other parent resources. Implementations supporting
10145 other types of parent resources MUST clearly document
10146 how/if Port is interpreted. \n For the purpose of status,
10147 an attachment is considered successful as long as the
10148 parent resource accepts it partially. For example, Gateway
10149 listeners can restrict which Routes can attach to them
10150 by Route kind, namespace, or hostname. If 1 of 2 Gateway
10151 listeners accept attachment from the referencing Route,
10152 the Route MUST be considered successfully attached. If
10153 no Gateway listeners accept attachment from this Route,
10154 the Route MUST be considered detached from the Gateway.
10155 \n Support: Extended \n <gateway:experimental>"
10156 format: int32
10157 maximum: 65535
10158 minimum: 1
10159 type: integer
10160 sectionName:
10161 description: "SectionName is the name of a section within
10162 the target resource. In the following resources, SectionName
10163 is interpreted as the following: \n * Gateway: Listener
10164 Name. When both Port (experimental) and SectionName are
10165 specified, the name and port of the selected listener
10166 must match both specified values. \n Implementations MAY
10167 choose to support attaching Routes to other resources.
10168 If that is the case, they MUST clearly document how SectionName
10169 is interpreted. \n When unspecified (empty string), this
10170 will reference the entire resource. For the purpose of
10171 status, an attachment is considered successful if at least
10172 one section in the parent resource accepts it. For example,
10173 Gateway listeners can restrict which Routes can attach
10174 to them by Route kind, namespace, or hostname. If 1 of
10175 2 Gateway listeners accept attachment from the referencing
10176 Route, the Route MUST be considered successfully attached.
10177 If no Gateway listeners accept attachment from this Route,
10178 the Route MUST be considered detached from the Gateway.
10179 \n Support: Core"
10180 maxLength: 253
10181 minLength: 1
10182 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10183 type: string
10184 required:
10185 - name
10186 type: object
10187 required:
10188 - controllerName
10189 - parentRef
10190 type: object
10191 maxItems: 32
10192 type: array
10193 required:
10194 - parents
10195 type: object
10196 required:
10197 - spec
10198 type: object
10199 served: true
10200 storage: true
10201 subresources:
10202 status: {}
10203status:
10204 acceptedNames:
10205 kind: ""
10206 plural: ""
10207 conditions: null
10208 storedVersions: null
10209
10210
10211---
10212apiVersion: apiextensions.k8s.io/v1
10213kind: CustomResourceDefinition
10214metadata:
10215 annotations:
10216 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
10217 gateway.networking.k8s.io/bundle-version: v0.7.1
10218 gateway.networking.k8s.io/channel: experimental
10219 linkerd.io/created-by: linkerd/cli dev-undefined
10220 labels:
10221 helm.sh/chart: linkerd-crds-0.0.0-undefined
10222 linkerd.io/control-plane-ns: linkerd
10223 creationTimestamp: null
10224 name: grpcroutes.gateway.networking.k8s.io
10225spec:
10226 group: gateway.networking.k8s.io
10227 names:
10228 categories:
10229 - gateway-api
10230 kind: GRPCRoute
10231 listKind: GRPCRouteList
10232 plural: grpcroutes
10233 singular: grpcroute
10234 scope: Namespaced
10235 versions:
10236 - additionalPrinterColumns:
10237 - jsonPath: .spec.hostnames
10238 name: Hostnames
10239 type: string
10240 - jsonPath: .metadata.creationTimestamp
10241 name: Age
10242 type: date
10243 name: v1alpha2
10244 schema:
10245 openAPIV3Schema:
10246 description: "GRPCRoute provides a way to route gRPC requests. This includes
10247 the capability to match requests by hostname, gRPC service, gRPC method,
10248 or HTTP/2 header. Filters can be used to specify additional processing steps.
10249 Backends specify where matching requests will be routed. \n GRPCRoute falls
10250 under extended support within the Gateway API. Within the following specification,
10251 the word \"MUST\" indicates that an implementation supporting GRPCRoute
10252 must conform to the indicated requirement, but an implementation not supporting
10253 this route type need not follow the requirement unless explicitly indicated.
10254 \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType`
10255 MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1,
10256 i.e. via ALPN. If the implementation does not support this, then it MUST
10257 set the \"Accepted\" condition to \"False\" for the affected listener with
10258 a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2
10259 connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute`
10260 with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c,
10261 https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade
10262 from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4).
10263 If the implementation does not support this, then it MUST set the \"Accepted\"
10264 condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\".
10265 Implementations MAY also accept HTTP/2 connections with an upgrade from
10266 HTTP/1, i.e. without prior knowledge. \n Support: Extended"
10267 properties:
10268 apiVersion:
10269 description: 'APIVersion defines the versioned schema of this representation
10270 of an object. Servers should convert recognized schemas to the latest
10271 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
10272 type: string
10273 kind:
10274 description: 'Kind is a string value representing the REST resource this
10275 object represents. Servers may infer this from the endpoint the client
10276 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
10277 type: string
10278 metadata:
10279 type: object
10280 spec:
10281 description: Spec defines the desired state of GRPCRoute.
10282 properties:
10283 hostnames:
10284 description: "Hostnames defines a set of hostnames to match against
10285 the GRPC Host header to select a GRPCRoute to process the request.
10286 This matches the RFC 1123 definition of a hostname with 2 notable
10287 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
10288 with a wildcard label (`*.`). The wildcard label MUST appear by
10289 itself as the first label. \n If a hostname is specified by both
10290 the Listener and GRPCRoute, there MUST be at least one intersecting
10291 hostname for the GRPCRoute to be attached to the Listener. For example:
10292 \n * A Listener with `test.example.com` as the hostname matches
10293 GRPCRoutes that have either not specified any hostnames, or have
10294 specified at least one of `test.example.com` or `*.example.com`.
10295 * A Listener with `*.example.com` as the hostname matches GRPCRoutes
10296 that have either not specified any hostnames or have specified at
10297 least one hostname that matches the Listener hostname. For example,
10298 `test.example.com` and `*.example.com` would both match. On the
10299 other hand, `example.com` and `test.example.net` would not match.
10300 \n Hostnames that are prefixed with a wildcard label (`*.`) are
10301 interpreted as a suffix match. That means that a match for `*.example.com`
10302 would match both `test.example.com`, and `foo.test.example.com`,
10303 but not `example.com`. \n If both the Listener and GRPCRoute have
10304 specified hostnames, any GRPCRoute hostnames that do not match the
10305 Listener hostname MUST be ignored. For example, if a Listener specified
10306 `*.example.com`, and the GRPCRoute specified `test.example.com`
10307 and `test.example.net`, `test.example.net` MUST NOT be considered
10308 for a match. \n If both the Listener and GRPCRoute have specified
10309 hostnames, and none match with the criteria above, then the GRPCRoute
10310 MUST NOT be accepted by the implementation. The implementation MUST
10311 raise an 'Accepted' Condition with a status of `False` in the corresponding
10312 RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute
10313 is attached to a Listener and that listener already has another
10314 Route (B) of the other type attached and the intersection of the
10315 hostnames of A and B is non-empty, then the implementation MUST
10316 accept exactly one of these two routes, determined by the following
10317 criteria, in order: \n * The oldest Route based on creation timestamp.
10318 * The Route appearing first in alphabetical order by \"{namespace}/{name}\".
10319 \n The rejected Route MUST raise an 'Accepted' condition with a
10320 status of 'False' in the corresponding RouteParentStatus. \n Support:
10321 Core"
10322 items:
10323 description: "Hostname is the fully qualified domain name of a network
10324 host. This matches the RFC 1123 definition of a hostname with
10325 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
10326 may be prefixed with a wildcard label (`*.`). The wildcard label
10327 must appear by itself as the first label. \n Hostname can be \"precise\"
10328 which is a domain name without the terminating dot of a network
10329 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
10330 name prefixed with a single wildcard label (e.g. `*.example.com`).
10331 \n Note that as per RFC1035 and RFC1123, a *label* must consist
10332 of lower case alphanumeric characters or '-', and must start and
10333 end with an alphanumeric character. No other punctuation is allowed."
10334 maxLength: 253
10335 minLength: 1
10336 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10337 type: string
10338 maxItems: 16
10339 type: array
10340 parentRefs:
10341 description: "ParentRefs references the resources (usually Gateways)
10342 that a Route wants to be attached to. Note that the referenced parent
10343 resource needs to allow this for the attachment to be complete.
10344 For Gateways, that means the Gateway needs to allow attachment from
10345 Routes of this kind and namespace. \n The only kind of parent resource
10346 with \"Core\" support is Gateway. This API may be extended in the
10347 future to support additional kinds of parent resources such as one
10348 of the route kinds. \n It is invalid to reference an identical parent
10349 more than once. It is valid to reference multiple distinct sections
10350 within the same parent resource, such as 2 Listeners within a Gateway.
10351 \n It is possible to separately reference multiple distinct objects
10352 that may be collapsed by an implementation. For example, some implementations
10353 may choose to merge compatible Gateway Listeners together. If that
10354 is the case, the list of routes attached to those resources should
10355 also be merged. \n Note that for ParentRefs that cross namespace
10356 boundaries, there are specific rules. Cross-namespace references
10357 are only valid if they are explicitly allowed by something in the
10358 namespace they are referring to. For example, Gateway has the AllowedRoutes
10359 field, and ReferenceGrant provides a generic way to enable any other
10360 kind of cross-namespace reference."
10361 items:
10362 description: "ParentReference identifies an API object (usually
10363 a Gateway) that can be considered a parent of this resource (usually
10364 a route). The only kind of parent resource with \"Core\" support
10365 is Gateway. This API may be extended in the future to support
10366 additional kinds of parent resources, such as HTTPRoute. \n The
10367 API object must be valid in the cluster; the Group and Kind must
10368 be registered in the cluster for this reference to be valid."
10369 properties:
10370 group:
10371 default: gateway.networking.k8s.io
10372 description: "Group is the group of the referent. When unspecified,
10373 \"gateway.networking.k8s.io\" is inferred. To set the core
10374 API group (such as for a \"Service\" kind referent), Group
10375 must be explicitly set to \"\" (empty string). \n Support:
10376 Core"
10377 maxLength: 253
10378 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10379 type: string
10380 kind:
10381 default: Gateway
10382 description: "Kind is kind of the referent. \n Support: Core
10383 (Gateway) \n Support: Implementation-specific (Other Resources)"
10384 maxLength: 63
10385 minLength: 1
10386 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10387 type: string
10388 name:
10389 description: "Name is the name of the referent. \n Support:
10390 Core"
10391 maxLength: 253
10392 minLength: 1
10393 type: string
10394 namespace:
10395 description: "Namespace is the namespace of the referent. When
10396 unspecified, this refers to the local namespace of the Route.
10397 \n Note that there are specific rules for ParentRefs which
10398 cross namespace boundaries. Cross-namespace references are
10399 only valid if they are explicitly allowed by something in
10400 the namespace they are referring to. For example: Gateway
10401 has the AllowedRoutes field, and ReferenceGrant provides a
10402 generic way to enable any other kind of cross-namespace reference.
10403 \n Support: Core"
10404 maxLength: 63
10405 minLength: 1
10406 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
10407 type: string
10408 port:
10409 description: "Port is the network port this Route targets. It
10410 can be interpreted differently based on the type of parent
10411 resource. \n When the parent resource is a Gateway, this targets
10412 all listeners listening on the specified port that also support
10413 this kind of Route(and select this Route). It's not recommended
10414 to set `Port` unless the networking behaviors specified in
10415 a Route must apply to a specific port as opposed to a listener(s)
10416 whose port(s) may be changed. When both Port and SectionName
10417 are specified, the name and port of the selected listener
10418 must match both specified values. \n Implementations MAY choose
10419 to support other parent resources. Implementations supporting
10420 other types of parent resources MUST clearly document how/if
10421 Port is interpreted. \n For the purpose of status, an attachment
10422 is considered successful as long as the parent resource accepts
10423 it partially. For example, Gateway listeners can restrict
10424 which Routes can attach to them by Route kind, namespace,
10425 or hostname. If 1 of 2 Gateway listeners accept attachment
10426 from the referencing Route, the Route MUST be considered successfully
10427 attached. If no Gateway listeners accept attachment from this
10428 Route, the Route MUST be considered detached from the Gateway.
10429 \n Support: Extended \n <gateway:experimental>"
10430 format: int32
10431 maximum: 65535
10432 minimum: 1
10433 type: integer
10434 sectionName:
10435 description: "SectionName is the name of a section within the
10436 target resource. In the following resources, SectionName is
10437 interpreted as the following: \n * Gateway: Listener Name.
10438 When both Port (experimental) and SectionName are specified,
10439 the name and port of the selected listener must match both
10440 specified values. \n Implementations MAY choose to support
10441 attaching Routes to other resources. If that is the case,
10442 they MUST clearly document how SectionName is interpreted.
10443 \n When unspecified (empty string), this will reference the
10444 entire resource. For the purpose of status, an attachment
10445 is considered successful if at least one section in the parent
10446 resource accepts it. For example, Gateway listeners can restrict
10447 which Routes can attach to them by Route kind, namespace,
10448 or hostname. If 1 of 2 Gateway listeners accept attachment
10449 from the referencing Route, the Route MUST be considered successfully
10450 attached. If no Gateway listeners accept attachment from this
10451 Route, the Route MUST be considered detached from the Gateway.
10452 \n Support: Core"
10453 maxLength: 253
10454 minLength: 1
10455 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10456 type: string
10457 required:
10458 - name
10459 type: object
10460 maxItems: 32
10461 type: array
10462 rules:
10463 default:
10464 - matches:
10465 - method:
10466 type: Exact
10467 description: Rules are a list of GRPC matchers, filters and actions.
10468 items:
10469 description: GRPCRouteRule defines the semantics for matching a
10470 gRPC request based on conditions (matches), processing it (filters),
10471 and forwarding the request to an API object (backendRefs).
10472 properties:
10473 backendRefs:
10474 description: "BackendRefs defines the backend(s) where matching
10475 requests should be sent. \n Failure behavior here depends
10476 on how many BackendRefs are specified and how many are invalid.
10477 \n If *all* entries in BackendRefs are invalid, and there
10478 are also no filters specified in this route rule, *all* traffic
10479 which matches this rule MUST receive an `UNAVAILABLE` status.
10480 \n See the GRPCBackendRef definition for the rules about what
10481 makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef
10482 is invalid, `UNAVAILABLE` statuses MUST be returned for requests
10483 that would have otherwise been routed to an invalid backend.
10484 If multiple backends are specified, and some are invalid,
10485 the proportion of requests that would otherwise have been
10486 routed to an invalid backend MUST receive an `UNAVAILABLE`
10487 status. \n For example, if two backends are specified with
10488 equal weights, and one is invalid, 50 percent of traffic MUST
10489 receive an `UNAVAILABLE` status. Implementations may choose
10490 how that 50 percent is determined. \n Support: Core for Kubernetes
10491 Service \n Support: Implementation-specific for any other
10492 resource \n Support for weight: Core"
10493 items:
10494 description: GRPCBackendRef defines how a GRPCRoute forwards
10495 a gRPC request.
10496 properties:
10497 filters:
10498 description: "Filters defined at this level MUST be executed
10499 if and only if the request is being forwarded to the
10500 backend defined here. \n Support: Implementation-specific
10501 (For broader support of filters, use the Filters field
10502 in GRPCRouteRule.)"
10503 items:
10504 description: GRPCRouteFilter defines processing steps
10505 that must be completed during the request or response
10506 lifecycle. GRPCRouteFilters are meant as an extension
10507 point to express processing that may be done in Gateway
10508 implementations. Some examples include request or
10509 response modification, implementing authentication
10510 strategies, rate-limiting, and traffic shaping. API
10511 guarantee/conformance is defined based on the type
10512 of the filter.
10513 properties:
10514 extensionRef:
10515 description: "ExtensionRef is an optional, implementation-specific
10516 extension to the \"filter\" behavior. For example,
10517 resource \"myroutefilter\" in group \"networking.example.net\").
10518 ExtensionRef MUST NOT be used for core and extended
10519 filters. \n Support: Implementation-specific"
10520 properties:
10521 group:
10522 description: Group is the group of the referent.
10523 For example, "gateway.networking.k8s.io".
10524 When unspecified or empty string, core API
10525 group is inferred.
10526 maxLength: 253
10527 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10528 type: string
10529 kind:
10530 description: Kind is kind of the referent. For
10531 example "HTTPRoute" or "Service".
10532 maxLength: 63
10533 minLength: 1
10534 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10535 type: string
10536 name:
10537 description: Name is the name of the referent.
10538 maxLength: 253
10539 minLength: 1
10540 type: string
10541 required:
10542 - group
10543 - kind
10544 - name
10545 type: object
10546 requestHeaderModifier:
10547 description: "RequestHeaderModifier defines a schema
10548 for a filter that modifies request headers. \n
10549 Support: Core"
10550 properties:
10551 add:
10552 description: "Add adds the given header(s) (name,
10553 value) to the request before the action. It
10554 appends to any existing values associated
10555 with the header name. \n Input: GET /foo HTTP/1.1
10556 my-header: foo \n Config: add: - name: \"my-header\"
10557 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
10558 my-header: foo,bar,baz"
10559 items:
10560 description: HTTPHeader represents an HTTP
10561 Header name and value as defined by RFC
10562 7230.
10563 properties:
10564 name:
10565 description: "Name is the name of the
10566 HTTP Header to be matched. Name matching
10567 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
10568 \n If multiple entries specify equivalent
10569 header names, the first entry with an
10570 equivalent name MUST be considered for
10571 a match. Subsequent entries with an
10572 equivalent header name MUST be ignored.
10573 Due to the case-insensitivity of header
10574 names, \"foo\" and \"Foo\" are considered
10575 equivalent."
10576 maxLength: 256
10577 minLength: 1
10578 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
10579 type: string
10580 value:
10581 description: Value is the value of HTTP
10582 Header to be matched.
10583 maxLength: 4096
10584 minLength: 1
10585 type: string
10586 required:
10587 - name
10588 - value
10589 type: object
10590 maxItems: 16
10591 type: array
10592 x-kubernetes-list-map-keys:
10593 - name
10594 x-kubernetes-list-type: map
10595 remove:
10596 description: "Remove the given header(s) from
10597 the HTTP request before the action. The value
10598 of Remove is a list of HTTP header names.
10599 Note that the header names are case-insensitive
10600 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
10601 \n Input: GET /foo HTTP/1.1 my-header1: foo
10602 my-header2: bar my-header3: baz \n Config:
10603 remove: [\"my-header1\", \"my-header3\"] \n
10604 Output: GET /foo HTTP/1.1 my-header2: bar"
10605 items:
10606 type: string
10607 maxItems: 16
10608 type: array
10609 set:
10610 description: "Set overwrites the request with
10611 the given header (name, value) before the
10612 action. \n Input: GET /foo HTTP/1.1 my-header:
10613 foo \n Config: set: - name: \"my-header\"
10614 value: \"bar\" \n Output: GET /foo HTTP/1.1
10615 my-header: bar"
10616 items:
10617 description: HTTPHeader represents an HTTP
10618 Header name and value as defined by RFC
10619 7230.
10620 properties:
10621 name:
10622 description: "Name is the name of the
10623 HTTP Header to be matched. Name matching
10624 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
10625 \n If multiple entries specify equivalent
10626 header names, the first entry with an
10627 equivalent name MUST be considered for
10628 a match. Subsequent entries with an
10629 equivalent header name MUST be ignored.
10630 Due to the case-insensitivity of header
10631 names, \"foo\" and \"Foo\" are considered
10632 equivalent."
10633 maxLength: 256
10634 minLength: 1
10635 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
10636 type: string
10637 value:
10638 description: Value is the value of HTTP
10639 Header to be matched.
10640 maxLength: 4096
10641 minLength: 1
10642 type: string
10643 required:
10644 - name
10645 - value
10646 type: object
10647 maxItems: 16
10648 type: array
10649 x-kubernetes-list-map-keys:
10650 - name
10651 x-kubernetes-list-type: map
10652 type: object
10653 requestMirror:
10654 description: "RequestMirror defines a schema for
10655 a filter that mirrors requests. Requests are sent
10656 to the specified destination, but responses from
10657 that destination are ignored. \n Support: Extended"
10658 properties:
10659 backendRef:
10660 description: "BackendRef references a resource
10661 where mirrored requests are sent. \n If the
10662 referent cannot be found, this BackendRef
10663 is invalid and must be dropped from the Gateway.
10664 The controller must ensure the \"ResolvedRefs\"
10665 condition on the Route status is set to `status:
10666 False` and not configure this backend in the
10667 underlying implementation. \n If there is
10668 a cross-namespace reference to an *existing*
10669 object that is not allowed by a ReferenceGrant,
10670 the controller must ensure the \"ResolvedRefs\"
10671 \ condition on the Route is set to `status:
10672 False`, with the \"RefNotPermitted\" reason
10673 and not configure this backend in the underlying
10674 implementation. \n In either error case, the
10675 Message of the `ResolvedRefs` Condition should
10676 be used to provide more detail about the problem.
10677 \n Support: Extended for Kubernetes Service
10678 \n Support: Implementation-specific for any
10679 other resource"
10680 properties:
10681 group:
10682 default: ""
10683 description: Group is the group of the referent.
10684 For example, "gateway.networking.k8s.io".
10685 When unspecified or empty string, core
10686 API group is inferred.
10687 maxLength: 253
10688 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10689 type: string
10690 kind:
10691 default: Service
10692 description: "Kind is the Kubernetes resource
10693 kind of the referent. For example \"Service\".
10694 \n Defaults to \"Service\" when not specified.
10695 \n ExternalName services can refer to
10696 CNAME DNS records that may live outside
10697 of the cluster and as such are difficult
10698 to reason about in terms of conformance.
10699 They also may not be safe to forward to
10700 (see CVE-2021-25740 for more information).
10701 Implementations SHOULD NOT support ExternalName
10702 Services. \n Support: Core (Services with
10703 a type other than ExternalName) \n Support:
10704 Implementation-specific (Services with
10705 type ExternalName)"
10706 maxLength: 63
10707 minLength: 1
10708 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10709 type: string
10710 name:
10711 description: Name is the name of the referent.
10712 maxLength: 253
10713 minLength: 1
10714 type: string
10715 namespace:
10716 description: "Namespace is the namespace
10717 of the backend. When unspecified, the
10718 local namespace is inferred. \n Note that
10719 when a namespace different than the local
10720 namespace is specified, a ReferenceGrant
10721 object is required in the referent namespace
10722 to allow that namespace's owner to accept
10723 the reference. See the ReferenceGrant
10724 documentation for details. \n Support:
10725 Core"
10726 maxLength: 63
10727 minLength: 1
10728 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
10729 type: string
10730 port:
10731 description: Port specifies the destination
10732 port number to use for this resource.
10733 Port is required when the referent is
10734 a Kubernetes Service. In this case, the
10735 port number is the service port number,
10736 not the target port. For other resources,
10737 destination port might be derived from
10738 the referent resource or this field.
10739 format: int32
10740 maximum: 65535
10741 minimum: 1
10742 type: integer
10743 required:
10744 - name
10745 type: object
10746 required:
10747 - backendRef
10748 type: object
10749 responseHeaderModifier:
10750 description: "ResponseHeaderModifier defines a schema
10751 for a filter that modifies response headers. \n
10752 Support: Extended"
10753 properties:
10754 add:
10755 description: "Add adds the given header(s) (name,
10756 value) to the request before the action. It
10757 appends to any existing values associated
10758 with the header name. \n Input: GET /foo HTTP/1.1
10759 my-header: foo \n Config: add: - name: \"my-header\"
10760 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
10761 my-header: foo,bar,baz"
10762 items:
10763 description: HTTPHeader represents an HTTP
10764 Header name and value as defined by RFC
10765 7230.
10766 properties:
10767 name:
10768 description: "Name is the name of the
10769 HTTP Header to be matched. Name matching
10770 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
10771 \n If multiple entries specify equivalent
10772 header names, the first entry with an
10773 equivalent name MUST be considered for
10774 a match. Subsequent entries with an
10775 equivalent header name MUST be ignored.
10776 Due to the case-insensitivity of header
10777 names, \"foo\" and \"Foo\" are considered
10778 equivalent."
10779 maxLength: 256
10780 minLength: 1
10781 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
10782 type: string
10783 value:
10784 description: Value is the value of HTTP
10785 Header to be matched.
10786 maxLength: 4096
10787 minLength: 1
10788 type: string
10789 required:
10790 - name
10791 - value
10792 type: object
10793 maxItems: 16
10794 type: array
10795 x-kubernetes-list-map-keys:
10796 - name
10797 x-kubernetes-list-type: map
10798 remove:
10799 description: "Remove the given header(s) from
10800 the HTTP request before the action. The value
10801 of Remove is a list of HTTP header names.
10802 Note that the header names are case-insensitive
10803 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
10804 \n Input: GET /foo HTTP/1.1 my-header1: foo
10805 my-header2: bar my-header3: baz \n Config:
10806 remove: [\"my-header1\", \"my-header3\"] \n
10807 Output: GET /foo HTTP/1.1 my-header2: bar"
10808 items:
10809 type: string
10810 maxItems: 16
10811 type: array
10812 set:
10813 description: "Set overwrites the request with
10814 the given header (name, value) before the
10815 action. \n Input: GET /foo HTTP/1.1 my-header:
10816 foo \n Config: set: - name: \"my-header\"
10817 value: \"bar\" \n Output: GET /foo HTTP/1.1
10818 my-header: bar"
10819 items:
10820 description: HTTPHeader represents an HTTP
10821 Header name and value as defined by RFC
10822 7230.
10823 properties:
10824 name:
10825 description: "Name is the name of the
10826 HTTP Header to be matched. Name matching
10827 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
10828 \n If multiple entries specify equivalent
10829 header names, the first entry with an
10830 equivalent name MUST be considered for
10831 a match. Subsequent entries with an
10832 equivalent header name MUST be ignored.
10833 Due to the case-insensitivity of header
10834 names, \"foo\" and \"Foo\" are considered
10835 equivalent."
10836 maxLength: 256
10837 minLength: 1
10838 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
10839 type: string
10840 value:
10841 description: Value is the value of HTTP
10842 Header to be matched.
10843 maxLength: 4096
10844 minLength: 1
10845 type: string
10846 required:
10847 - name
10848 - value
10849 type: object
10850 maxItems: 16
10851 type: array
10852 x-kubernetes-list-map-keys:
10853 - name
10854 x-kubernetes-list-type: map
10855 type: object
10856 type:
10857 description: "Type identifies the type of filter
10858 to apply. As with other API fields, types are
10859 classified into three conformance levels: \n -
10860 Core: Filter types and their corresponding configuration
10861 defined by \"Support: Core\" in this package,
10862 e.g. \"RequestHeaderModifier\". All implementations
10863 supporting GRPCRoute MUST support core filters.
10864 \n - Extended: Filter types and their corresponding
10865 configuration defined by \"Support: Extended\"
10866 in this package, e.g. \"RequestMirror\". Implementers
10867 are encouraged to support extended filters. \n
10868 - Implementation-specific: Filters that are defined
10869 and supported by specific vendors. In the future,
10870 filters showing convergence in behavior across
10871 multiple implementations will be considered for
10872 inclusion in extended or core conformance levels.
10873 Filter-specific configuration for such filters
10874 is specified using the ExtensionRef field. `Type`
10875 MUST be set to \"ExtensionRef\" for custom filters.
10876 \n Implementers are encouraged to define custom
10877 implementation types to extend the core API with
10878 implementation-specific behavior. \n If a reference
10879 to a custom filter type cannot be resolved, the
10880 filter MUST NOT be skipped. Instead, requests
10881 that would have been processed by that filter
10882 MUST receive a HTTP error response. \n "
10883 enum:
10884 - ResponseHeaderModifier
10885 - RequestHeaderModifier
10886 - RequestMirror
10887 - ExtensionRef
10888 type: string
10889 required:
10890 - type
10891 type: object
10892 maxItems: 16
10893 type: array
10894 group:
10895 default: ""
10896 description: Group is the group of the referent. For example,
10897 "gateway.networking.k8s.io". When unspecified or empty
10898 string, core API group is inferred.
10899 maxLength: 253
10900 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10901 type: string
10902 kind:
10903 default: Service
10904 description: "Kind is the Kubernetes resource kind of
10905 the referent. For example \"Service\". \n Defaults to
10906 \"Service\" when not specified. \n ExternalName services
10907 can refer to CNAME DNS records that may live outside
10908 of the cluster and as such are difficult to reason about
10909 in terms of conformance. They also may not be safe to
10910 forward to (see CVE-2021-25740 for more information).
10911 Implementations SHOULD NOT support ExternalName Services.
10912 \n Support: Core (Services with a type other than ExternalName)
10913 \n Support: Implementation-specific (Services with type
10914 ExternalName)"
10915 maxLength: 63
10916 minLength: 1
10917 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10918 type: string
10919 name:
10920 description: Name is the name of the referent.
10921 maxLength: 253
10922 minLength: 1
10923 type: string
10924 namespace:
10925 description: "Namespace is the namespace of the backend.
10926 When unspecified, the local namespace is inferred. \n
10927 Note that when a namespace different than the local
10928 namespace is specified, a ReferenceGrant object is required
10929 in the referent namespace to allow that namespace's
10930 owner to accept the reference. See the ReferenceGrant
10931 documentation for details. \n Support: Core"
10932 maxLength: 63
10933 minLength: 1
10934 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
10935 type: string
10936 port:
10937 description: Port specifies the destination port number
10938 to use for this resource. Port is required when the
10939 referent is a Kubernetes Service. In this case, the
10940 port number is the service port number, not the target
10941 port. For other resources, destination port might be
10942 derived from the referent resource or this field.
10943 format: int32
10944 maximum: 65535
10945 minimum: 1
10946 type: integer
10947 weight:
10948 default: 1
10949 description: "Weight specifies the proportion of requests
10950 forwarded to the referenced backend. This is computed
10951 as weight/(sum of all weights in this BackendRefs list).
10952 For non-zero values, there may be some epsilon from
10953 the exact proportion defined here depending on the precision
10954 an implementation supports. Weight is not a percentage
10955 and the sum of weights does not need to equal 100. \n
10956 If only one backend is specified and it has a weight
10957 greater than 0, 100% of the traffic is forwarded to
10958 that backend. If weight is set to 0, no traffic should
10959 be forwarded for this entry. If unspecified, weight
10960 defaults to 1. \n Support for this field varies based
10961 on the context where used."
10962 format: int32
10963 maximum: 1000000
10964 minimum: 0
10965 type: integer
10966 required:
10967 - name
10968 type: object
10969 maxItems: 16
10970 type: array
10971 filters:
10972 description: "Filters define the filters that are applied to
10973 requests that match this rule. \n The effects of ordering
10974 of multiple behaviors are currently unspecified. This can
10975 change in the future based on feedback during the alpha stage.
10976 \n Conformance-levels at this level are defined based on the
10977 type of filter: \n - ALL core filters MUST be supported by
10978 all implementations that support GRPCRoute. - Implementers
10979 are encouraged to support extended filters. - Implementation-specific
10980 custom filters have no API guarantees across implementations.
10981 \n Specifying a core filter multiple times has unspecified
10982 or implementation-specific conformance. Support: Core"
10983 items:
10984 description: GRPCRouteFilter defines processing steps that
10985 must be completed during the request or response lifecycle.
10986 GRPCRouteFilters are meant as an extension point to express
10987 processing that may be done in Gateway implementations.
10988 Some examples include request or response modification,
10989 implementing authentication strategies, rate-limiting, and
10990 traffic shaping. API guarantee/conformance is defined based
10991 on the type of the filter.
10992 properties:
10993 extensionRef:
10994 description: "ExtensionRef is an optional, implementation-specific
10995 extension to the \"filter\" behavior. For example,
10996 resource \"myroutefilter\" in group \"networking.example.net\").
10997 ExtensionRef MUST NOT be used for core and extended
10998 filters. \n Support: Implementation-specific"
10999 properties:
11000 group:
11001 description: Group is the group of the referent. For
11002 example, "gateway.networking.k8s.io". When unspecified
11003 or empty string, core API group is inferred.
11004 maxLength: 253
11005 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
11006 type: string
11007 kind:
11008 description: Kind is kind of the referent. For example
11009 "HTTPRoute" or "Service".
11010 maxLength: 63
11011 minLength: 1
11012 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
11013 type: string
11014 name:
11015 description: Name is the name of the referent.
11016 maxLength: 253
11017 minLength: 1
11018 type: string
11019 required:
11020 - group
11021 - kind
11022 - name
11023 type: object
11024 requestHeaderModifier:
11025 description: "RequestHeaderModifier defines a schema for
11026 a filter that modifies request headers. \n Support:
11027 Core"
11028 properties:
11029 add:
11030 description: "Add adds the given header(s) (name,
11031 value) to the request before the action. It appends
11032 to any existing values associated with the header
11033 name. \n Input: GET /foo HTTP/1.1 my-header: foo
11034 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
11035 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
11036 items:
11037 description: HTTPHeader represents an HTTP Header
11038 name and value as defined by RFC 7230.
11039 properties:
11040 name:
11041 description: "Name is the name of the HTTP Header
11042 to be matched. Name matching MUST be case
11043 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
11044 \n If multiple entries specify equivalent
11045 header names, the first entry with an equivalent
11046 name MUST be considered for a match. Subsequent
11047 entries with an equivalent header name MUST
11048 be ignored. Due to the case-insensitivity
11049 of header names, \"foo\" and \"Foo\" are considered
11050 equivalent."
11051 maxLength: 256
11052 minLength: 1
11053 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11054 type: string
11055 value:
11056 description: Value is the value of HTTP Header
11057 to be matched.
11058 maxLength: 4096
11059 minLength: 1
11060 type: string
11061 required:
11062 - name
11063 - value
11064 type: object
11065 maxItems: 16
11066 type: array
11067 x-kubernetes-list-map-keys:
11068 - name
11069 x-kubernetes-list-type: map
11070 remove:
11071 description: "Remove the given header(s) from the
11072 HTTP request before the action. The value of Remove
11073 is a list of HTTP header names. Note that the header
11074 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
11075 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
11076 bar my-header3: baz \n Config: remove: [\"my-header1\",
11077 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
11078 bar"
11079 items:
11080 type: string
11081 maxItems: 16
11082 type: array
11083 set:
11084 description: "Set overwrites the request with the
11085 given header (name, value) before the action. \n
11086 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
11087 set: - name: \"my-header\" value: \"bar\" \n Output:
11088 GET /foo HTTP/1.1 my-header: bar"
11089 items:
11090 description: HTTPHeader represents an HTTP Header
11091 name and value as defined by RFC 7230.
11092 properties:
11093 name:
11094 description: "Name is the name of the HTTP Header
11095 to be matched. Name matching MUST be case
11096 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
11097 \n If multiple entries specify equivalent
11098 header names, the first entry with an equivalent
11099 name MUST be considered for a match. Subsequent
11100 entries with an equivalent header name MUST
11101 be ignored. Due to the case-insensitivity
11102 of header names, \"foo\" and \"Foo\" are considered
11103 equivalent."
11104 maxLength: 256
11105 minLength: 1
11106 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11107 type: string
11108 value:
11109 description: Value is the value of HTTP Header
11110 to be matched.
11111 maxLength: 4096
11112 minLength: 1
11113 type: string
11114 required:
11115 - name
11116 - value
11117 type: object
11118 maxItems: 16
11119 type: array
11120 x-kubernetes-list-map-keys:
11121 - name
11122 x-kubernetes-list-type: map
11123 type: object
11124 requestMirror:
11125 description: "RequestMirror defines a schema for a filter
11126 that mirrors requests. Requests are sent to the specified
11127 destination, but responses from that destination are
11128 ignored. \n Support: Extended"
11129 properties:
11130 backendRef:
11131 description: "BackendRef references a resource where
11132 mirrored requests are sent. \n If the referent cannot
11133 be found, this BackendRef is invalid and must be
11134 dropped from the Gateway. The controller must ensure
11135 the \"ResolvedRefs\" condition on the Route status
11136 is set to `status: False` and not configure this
11137 backend in the underlying implementation. \n If
11138 there is a cross-namespace reference to an *existing*
11139 object that is not allowed by a ReferenceGrant,
11140 the controller must ensure the \"ResolvedRefs\"
11141 \ condition on the Route is set to `status: False`,
11142 with the \"RefNotPermitted\" reason and not configure
11143 this backend in the underlying implementation. \n
11144 In either error case, the Message of the `ResolvedRefs`
11145 Condition should be used to provide more detail
11146 about the problem. \n Support: Extended for Kubernetes
11147 Service \n Support: Implementation-specific for
11148 any other resource"
11149 properties:
11150 group:
11151 default: ""
11152 description: Group is the group of the referent.
11153 For example, "gateway.networking.k8s.io". When
11154 unspecified or empty string, core API group
11155 is inferred.
11156 maxLength: 253
11157 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
11158 type: string
11159 kind:
11160 default: Service
11161 description: "Kind is the Kubernetes resource
11162 kind of the referent. For example \"Service\".
11163 \n Defaults to \"Service\" when not specified.
11164 \n ExternalName services can refer to CNAME
11165 DNS records that may live outside of the cluster
11166 and as such are difficult to reason about in
11167 terms of conformance. They also may not be safe
11168 to forward to (see CVE-2021-25740 for more information).
11169 Implementations SHOULD NOT support ExternalName
11170 Services. \n Support: Core (Services with a
11171 type other than ExternalName) \n Support: Implementation-specific
11172 (Services with type ExternalName)"
11173 maxLength: 63
11174 minLength: 1
11175 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
11176 type: string
11177 name:
11178 description: Name is the name of the referent.
11179 maxLength: 253
11180 minLength: 1
11181 type: string
11182 namespace:
11183 description: "Namespace is the namespace of the
11184 backend. When unspecified, the local namespace
11185 is inferred. \n Note that when a namespace different
11186 than the local namespace is specified, a ReferenceGrant
11187 object is required in the referent namespace
11188 to allow that namespace's owner to accept the
11189 reference. See the ReferenceGrant documentation
11190 for details. \n Support: Core"
11191 maxLength: 63
11192 minLength: 1
11193 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
11194 type: string
11195 port:
11196 description: Port specifies the destination port
11197 number to use for this resource. Port is required
11198 when the referent is a Kubernetes Service. In
11199 this case, the port number is the service port
11200 number, not the target port. For other resources,
11201 destination port might be derived from the referent
11202 resource or this field.
11203 format: int32
11204 maximum: 65535
11205 minimum: 1
11206 type: integer
11207 required:
11208 - name
11209 type: object
11210 required:
11211 - backendRef
11212 type: object
11213 responseHeaderModifier:
11214 description: "ResponseHeaderModifier defines a schema
11215 for a filter that modifies response headers. \n Support:
11216 Extended"
11217 properties:
11218 add:
11219 description: "Add adds the given header(s) (name,
11220 value) to the request before the action. It appends
11221 to any existing values associated with the header
11222 name. \n Input: GET /foo HTTP/1.1 my-header: foo
11223 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
11224 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
11225 items:
11226 description: HTTPHeader represents an HTTP Header
11227 name and value as defined by RFC 7230.
11228 properties:
11229 name:
11230 description: "Name is the name of the HTTP Header
11231 to be matched. Name matching MUST be case
11232 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
11233 \n If multiple entries specify equivalent
11234 header names, the first entry with an equivalent
11235 name MUST be considered for a match. Subsequent
11236 entries with an equivalent header name MUST
11237 be ignored. Due to the case-insensitivity
11238 of header names, \"foo\" and \"Foo\" are considered
11239 equivalent."
11240 maxLength: 256
11241 minLength: 1
11242 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11243 type: string
11244 value:
11245 description: Value is the value of HTTP Header
11246 to be matched.
11247 maxLength: 4096
11248 minLength: 1
11249 type: string
11250 required:
11251 - name
11252 - value
11253 type: object
11254 maxItems: 16
11255 type: array
11256 x-kubernetes-list-map-keys:
11257 - name
11258 x-kubernetes-list-type: map
11259 remove:
11260 description: "Remove the given header(s) from the
11261 HTTP request before the action. The value of Remove
11262 is a list of HTTP header names. Note that the header
11263 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
11264 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
11265 bar my-header3: baz \n Config: remove: [\"my-header1\",
11266 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
11267 bar"
11268 items:
11269 type: string
11270 maxItems: 16
11271 type: array
11272 set:
11273 description: "Set overwrites the request with the
11274 given header (name, value) before the action. \n
11275 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
11276 set: - name: \"my-header\" value: \"bar\" \n Output:
11277 GET /foo HTTP/1.1 my-header: bar"
11278 items:
11279 description: HTTPHeader represents an HTTP Header
11280 name and value as defined by RFC 7230.
11281 properties:
11282 name:
11283 description: "Name is the name of the HTTP Header
11284 to be matched. Name matching MUST be case
11285 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
11286 \n If multiple entries specify equivalent
11287 header names, the first entry with an equivalent
11288 name MUST be considered for a match. Subsequent
11289 entries with an equivalent header name MUST
11290 be ignored. Due to the case-insensitivity
11291 of header names, \"foo\" and \"Foo\" are considered
11292 equivalent."
11293 maxLength: 256
11294 minLength: 1
11295 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11296 type: string
11297 value:
11298 description: Value is the value of HTTP Header
11299 to be matched.
11300 maxLength: 4096
11301 minLength: 1
11302 type: string
11303 required:
11304 - name
11305 - value
11306 type: object
11307 maxItems: 16
11308 type: array
11309 x-kubernetes-list-map-keys:
11310 - name
11311 x-kubernetes-list-type: map
11312 type: object
11313 type:
11314 description: "Type identifies the type of filter to apply.
11315 As with other API fields, types are classified into
11316 three conformance levels: \n - Core: Filter types and
11317 their corresponding configuration defined by \"Support:
11318 Core\" in this package, e.g. \"RequestHeaderModifier\".
11319 All implementations supporting GRPCRoute MUST support
11320 core filters. \n - Extended: Filter types and their
11321 corresponding configuration defined by \"Support: Extended\"
11322 in this package, e.g. \"RequestMirror\". Implementers
11323 are encouraged to support extended filters. \n - Implementation-specific:
11324 Filters that are defined and supported by specific vendors.
11325 In the future, filters showing convergence in behavior
11326 across multiple implementations will be considered for
11327 inclusion in extended or core conformance levels. Filter-specific
11328 configuration for such filters is specified using the
11329 ExtensionRef field. `Type` MUST be set to \"ExtensionRef\"
11330 for custom filters. \n Implementers are encouraged to
11331 define custom implementation types to extend the core
11332 API with implementation-specific behavior. \n If a reference
11333 to a custom filter type cannot be resolved, the filter
11334 MUST NOT be skipped. Instead, requests that would have
11335 been processed by that filter MUST receive a HTTP error
11336 response. \n "
11337 enum:
11338 - ResponseHeaderModifier
11339 - RequestHeaderModifier
11340 - RequestMirror
11341 - ExtensionRef
11342 type: string
11343 required:
11344 - type
11345 type: object
11346 maxItems: 16
11347 type: array
11348 matches:
11349 description: "Matches define conditions used for matching the
11350 rule against incoming gRPC requests. Each match is independent,
11351 i.e. this rule will be matched if **any** one of the matches
11352 is satisfied. \n For example, take the following matches configuration:
11353 \n ``` matches: - method: service: foo.bar headers: values:
11354 version: 2 - method: service: foo.bar.v2 ``` \n For a request
11355 to match against this rule, it MUST satisfy EITHER of the
11356 two conditions: \n - service of foo.bar AND contains the header
11357 `version: 2` - service of foo.bar.v2 \n See the documentation
11358 for GRPCRouteMatch on how to specify multiple match conditions
11359 to be ANDed together. \n If no matches are specified, the
11360 implementation MUST match every gRPC request. \n Proxy or
11361 Load Balancer routing configuration generated from GRPCRoutes
11362 MUST prioritize rules based on the following criteria, continuing
11363 on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.
11364 Precedence MUST be given to the rule with the largest number
11365 of: \n * Characters in a matching non-wildcard hostname. *
11366 Characters in a matching hostname. * Characters in a matching
11367 service. * Characters in a matching method. * Header matches.
11368 \n If ties still exist across multiple Routes, matching precedence
11369 MUST be determined in order of the following criteria, continuing
11370 on ties: \n * The oldest Route based on creation timestamp.
11371 * The Route appearing first in alphabetical order by \"{namespace}/{name}\".
11372 \n If ties still exist within the Route that has been given
11373 precedence, matching precedence MUST be granted to the first
11374 matching rule meeting the above criteria."
11375 items:
11376 description: "GRPCRouteMatch defines the predicate used to
11377 match requests to a given action. Multiple match types are
11378 ANDed together, i.e. the match will evaluate to true only
11379 if all conditions are satisfied. \n For example, the match
11380 below will match a gRPC request only if its service is `foo`
11381 AND it contains the `version: v1` header: \n ``` matches:
11382 - method: type: Exact service: \"foo\" headers: - name:
11383 \"version\" value \"v1\" \n ```"
11384 properties:
11385 headers:
11386 description: Headers specifies gRPC request header matchers.
11387 Multiple match values are ANDed together, meaning, a
11388 request MUST match all the specified headers to select
11389 the route.
11390 items:
11391 description: GRPCHeaderMatch describes how to select
11392 a gRPC route by matching gRPC request headers.
11393 properties:
11394 name:
11395 description: "Name is the name of the gRPC Header
11396 to be matched. \n If multiple entries specify
11397 equivalent header names, only the first entry
11398 with an equivalent name MUST be considered for
11399 a match. Subsequent entries with an equivalent
11400 header name MUST be ignored. Due to the case-insensitivity
11401 of header names, \"foo\" and \"Foo\" are considered
11402 equivalent."
11403 maxLength: 256
11404 minLength: 1
11405 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11406 type: string
11407 type:
11408 default: Exact
11409 description: Type specifies how to match against
11410 the value of the header.
11411 enum:
11412 - Exact
11413 - RegularExpression
11414 type: string
11415 value:
11416 description: Value is the value of the gRPC Header
11417 to be matched.
11418 maxLength: 4096
11419 minLength: 1
11420 type: string
11421 required:
11422 - name
11423 - value
11424 type: object
11425 maxItems: 16
11426 type: array
11427 x-kubernetes-list-map-keys:
11428 - name
11429 x-kubernetes-list-type: map
11430 method:
11431 description: Method specifies a gRPC request service/method
11432 matcher. If this field is not specified, all services
11433 and methods will match.
11434 properties:
11435 method:
11436 description: "Value of the method to match against.
11437 If left empty or omitted, will match all services.
11438 \n At least one of Service and Method MUST be a
11439 non-empty string."
11440 maxLength: 1024
11441 type: string
11442 service:
11443 description: "Value of the service to match against.
11444 If left empty or omitted, will match any service.
11445 \n At least one of Service and Method MUST be a
11446 non-empty string."
11447 maxLength: 1024
11448 type: string
11449 type:
11450 default: Exact
11451 description: "Type specifies how to match against
11452 the service and/or method. Support: Core (Exact
11453 with service and method specified) \n Support: Implementation-specific
11454 (Exact with method specified but no service specified)
11455 \n Support: Implementation-specific (RegularExpression)"
11456 enum:
11457 - Exact
11458 - RegularExpression
11459 type: string
11460 type: object
11461 type: object
11462 maxItems: 8
11463 type: array
11464 type: object
11465 maxItems: 16
11466 type: array
11467 type: object
11468 status:
11469 description: Status defines the current state of GRPCRoute.
11470 properties:
11471 parents:
11472 description: "Parents is a list of parent resources (usually Gateways)
11473 that are associated with the route, and the status of the route
11474 with respect to each parent. When this route attaches to a parent,
11475 the controller that manages the parent must add an entry to this
11476 list when the controller first sees the route and should update
11477 the entry as appropriate when the route or gateway is modified.
11478 \n Note that parent references that cannot be resolved by an implementation
11479 of this API will not be added to this list. Implementations of this
11480 API can only populate Route status for the Gateways/parent resources
11481 they are responsible for. \n A maximum of 32 Gateways will be represented
11482 in this list. An empty list means the route has not been attached
11483 to any Gateway."
11484 items:
11485 description: RouteParentStatus describes the status of a route with
11486 respect to an associated Parent.
11487 properties:
11488 conditions:
11489 description: "Conditions describes the status of the route with
11490 respect to the Gateway. Note that the route's availability
11491 is also subject to the Gateway's own status conditions and
11492 listener status. \n If the Route's ParentRef specifies an
11493 existing Gateway that supports Routes of this kind AND that
11494 Gateway's controller has sufficient access, then that Gateway's
11495 controller MUST set the \"Accepted\" condition on the Route,
11496 to indicate whether the route has been accepted or rejected
11497 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
11498 if at least one of the Route's rules is implemented by the
11499 Gateway. \n There are a number of cases where the \"Accepted\"
11500 condition may not be set due to lack of controller visibility,
11501 that includes when: \n * The Route refers to a non-existent
11502 parent. * The Route is of a type that the controller does
11503 not support. * The Route is in a namespace the controller
11504 does not have access to."
11505 items:
11506 description: "Condition contains details for one aspect of
11507 the current state of this API Resource. --- This struct
11508 is intended for direct use as an array at the field path
11509 .status.conditions. For example, \n type FooStatus struct{
11510 // Represents the observations of a foo's current state.
11511 // Known .status.conditions.type are: \"Available\", \"Progressing\",
11512 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
11513 // +listType=map // +listMapKey=type Conditions []metav1.Condition
11514 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
11515 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
11516 }"
11517 properties:
11518 lastTransitionTime:
11519 description: lastTransitionTime is the last time the condition
11520 transitioned from one status to another. This should
11521 be when the underlying condition changed. If that is
11522 not known, then using the time when the API field changed
11523 is acceptable.
11524 format: date-time
11525 type: string
11526 message:
11527 description: message is a human readable message indicating
11528 details about the transition. This may be an empty string.
11529 maxLength: 32768
11530 type: string
11531 observedGeneration:
11532 description: observedGeneration represents the .metadata.generation
11533 that the condition was set based upon. For instance,
11534 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
11535 is 9, the condition is out of date with respect to the
11536 current state of the instance.
11537 format: int64
11538 minimum: 0
11539 type: integer
11540 reason:
11541 description: reason contains a programmatic identifier
11542 indicating the reason for the condition's last transition.
11543 Producers of specific condition types may define expected
11544 values and meanings for this field, and whether the
11545 values are considered a guaranteed API. The value should
11546 be a CamelCase string. This field may not be empty.
11547 maxLength: 1024
11548 minLength: 1
11549 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
11550 type: string
11551 status:
11552 description: status of the condition, one of True, False,
11553 Unknown.
11554 enum:
11555 - "True"
11556 - "False"
11557 - Unknown
11558 type: string
11559 type:
11560 description: type of condition in CamelCase or in foo.example.com/CamelCase.
11561 --- Many .condition.type values are consistent across
11562 resources like Available, but because arbitrary conditions
11563 can be useful (see .node.status.conditions), the ability
11564 to deconflict is important. The regex it matches is
11565 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
11566 maxLength: 316
11567 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
11568 type: string
11569 required:
11570 - lastTransitionTime
11571 - message
11572 - reason
11573 - status
11574 - type
11575 type: object
11576 maxItems: 8
11577 minItems: 1
11578 type: array
11579 x-kubernetes-list-map-keys:
11580 - type
11581 x-kubernetes-list-type: map
11582 controllerName:
11583 description: "ControllerName is a domain/path string that indicates
11584 the name of the controller that wrote this status. This corresponds
11585 with the controllerName field on GatewayClass. \n Example:
11586 \"example.net/gateway-controller\". \n The format of this
11587 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
11588 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
11589 \n Controllers MUST populate this field when writing status.
11590 Controllers should ensure that entries to status populated
11591 with their ControllerName are cleaned up when they are no
11592 longer necessary."
11593 maxLength: 253
11594 minLength: 1
11595 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
11596 type: string
11597 parentRef:
11598 description: ParentRef corresponds with a ParentRef in the spec
11599 that this RouteParentStatus struct describes the status of.
11600 properties:
11601 group:
11602 default: gateway.networking.k8s.io
11603 description: "Group is the group of the referent. When unspecified,
11604 \"gateway.networking.k8s.io\" is inferred. To set the
11605 core API group (such as for a \"Service\" kind referent),
11606 Group must be explicitly set to \"\" (empty string). \n
11607 Support: Core"
11608 maxLength: 253
11609 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
11610 type: string
11611 kind:
11612 default: Gateway
11613 description: "Kind is kind of the referent. \n Support:
11614 Core (Gateway) \n Support: Implementation-specific (Other
11615 Resources)"
11616 maxLength: 63
11617 minLength: 1
11618 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
11619 type: string
11620 name:
11621 description: "Name is the name of the referent. \n Support:
11622 Core"
11623 maxLength: 253
11624 minLength: 1
11625 type: string
11626 namespace:
11627 description: "Namespace is the namespace of the referent.
11628 When unspecified, this refers to the local namespace of
11629 the Route. \n Note that there are specific rules for ParentRefs
11630 which cross namespace boundaries. Cross-namespace references
11631 are only valid if they are explicitly allowed by something
11632 in the namespace they are referring to. For example: Gateway
11633 has the AllowedRoutes field, and ReferenceGrant provides
11634 a generic way to enable any other kind of cross-namespace
11635 reference. \n Support: Core"
11636 maxLength: 63
11637 minLength: 1
11638 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
11639 type: string
11640 port:
11641 description: "Port is the network port this Route targets.
11642 It can be interpreted differently based on the type of
11643 parent resource. \n When the parent resource is a Gateway,
11644 this targets all listeners listening on the specified
11645 port that also support this kind of Route(and select this
11646 Route). It's not recommended to set `Port` unless the
11647 networking behaviors specified in a Route must apply to
11648 a specific port as opposed to a listener(s) whose port(s)
11649 may be changed. When both Port and SectionName are specified,
11650 the name and port of the selected listener must match
11651 both specified values. \n Implementations MAY choose to
11652 support other parent resources. Implementations supporting
11653 other types of parent resources MUST clearly document
11654 how/if Port is interpreted. \n For the purpose of status,
11655 an attachment is considered successful as long as the
11656 parent resource accepts it partially. For example, Gateway
11657 listeners can restrict which Routes can attach to them
11658 by Route kind, namespace, or hostname. If 1 of 2 Gateway
11659 listeners accept attachment from the referencing Route,
11660 the Route MUST be considered successfully attached. If
11661 no Gateway listeners accept attachment from this Route,
11662 the Route MUST be considered detached from the Gateway.
11663 \n Support: Extended \n <gateway:experimental>"
11664 format: int32
11665 maximum: 65535
11666 minimum: 1
11667 type: integer
11668 sectionName:
11669 description: "SectionName is the name of a section within
11670 the target resource. In the following resources, SectionName
11671 is interpreted as the following: \n * Gateway: Listener
11672 Name. When both Port (experimental) and SectionName are
11673 specified, the name and port of the selected listener
11674 must match both specified values. \n Implementations MAY
11675 choose to support attaching Routes to other resources.
11676 If that is the case, they MUST clearly document how SectionName
11677 is interpreted. \n When unspecified (empty string), this
11678 will reference the entire resource. For the purpose of
11679 status, an attachment is considered successful if at least
11680 one section in the parent resource accepts it. For example,
11681 Gateway listeners can restrict which Routes can attach
11682 to them by Route kind, namespace, or hostname. If 1 of
11683 2 Gateway listeners accept attachment from the referencing
11684 Route, the Route MUST be considered successfully attached.
11685 If no Gateway listeners accept attachment from this Route,
11686 the Route MUST be considered detached from the Gateway.
11687 \n Support: Core"
11688 maxLength: 253
11689 minLength: 1
11690 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
11691 type: string
11692 required:
11693 - name
11694 type: object
11695 required:
11696 - controllerName
11697 - parentRef
11698 type: object
11699 maxItems: 32
11700 type: array
11701 required:
11702 - parents
11703 type: object
11704 type: object
11705 served: true
11706 storage: true
11707 subresources:
11708 status: {}
11709status:
11710 acceptedNames:
11711 kind: ""
11712 plural: ""
11713 conditions: null
11714 storedVersions: null
11715
11716---
11717apiVersion: apiextensions.k8s.io/v1
11718kind: CustomResourceDefinition
11719metadata:
11720 name: externalworkloads.workload.linkerd.io
11721 annotations:
11722 linkerd.io/created-by: linkerd/cli dev-undefined
11723 labels:
11724 helm.sh/chart: linkerd-crds-0.0.0-undefined
11725 linkerd.io/control-plane-ns: linkerd
11726spec:
11727 group: workload.linkerd.io
11728 names:
11729 categories:
11730 - external
11731 kind: ExternalWorkload
11732 listKind: ExternalWorkloadList
11733 plural: externalworkloads
11734 singular: externalworkload
11735 shortNames: []
11736 scope: Namespaced
11737 versions:
11738 - name: v1alpha1
11739 served: true
11740 storage: false
11741 schema:
11742 openAPIV3Schema:
11743 description: >-
11744 An ExternalWorkload describes a single workload (i.e. a deployable unit) external
11745 to the cluster that should be enrolled in the mesh.
11746 type: object
11747 required: [spec]
11748 properties:
11749 apiVerson:
11750 type: string
11751 kind:
11752 type: string
11753 metadata:
11754 type: object
11755 spec:
11756 properties:
11757 meshTls:
11758 description: meshTls describes TLS settings associated with an
11759 external workload.
11760 properties:
11761 identity:
11762 type: string
11763 description: identity of the workload. Corresponds to the
11764 identity used in the workload's certificate. It is used
11765 by peers to perform verification in the mTLS handshake.
11766 minLength: 1
11767 maxLength: 253
11768 serverName:
11769 type: string
11770 description: serverName is the name of the workload in DNS
11771 format. It is used by the workload to terminate TLS using
11772 SNI.
11773 minLength: 1
11774 maxLength: 253
11775 type: object
11776 required:
11777 - identity
11778 - serverName
11779 ports:
11780 type: array
11781 description: ports describes a list of ports exposed by the
11782 workload
11783 items:
11784 properties:
11785 name:
11786 type: string
11787 description: name must be an IANA_SVC_NAME and unique
11788 within the ports set. Each named port can be referred
11789 to by services.
11790 port:
11791 format: int32
11792 maximum: 65535
11793 minimum: 1
11794 type: integer
11795 protocol:
11796 description: protocol exposed by the port. Must be UDP or
11797 TCP. Defaults to TCP.
11798 type: string
11799 default: "TCP"
11800 type: object
11801 required:
11802 - port
11803 workloadIPs:
11804 type: array
11805 description: workloadIPs contains a list of IP addresses that
11806 can be used to send traffic to the workload.
11807 items:
11808 type: object
11809 properties:
11810 ip:
11811 type: string
11812 # TODO: relax this in the future when ipv6 is supported
11813 # an external workload (like a pod) should only
11814 # support 2 interfaces
11815 maxItems: 1
11816 type: object
11817 required:
11818 - meshTls
11819 status:
11820 type: object
11821 properties:
11822 conditions:
11823 type: array
11824 items:
11825 type: object
11826 properties:
11827 lastProbeTime:
11828 description: lastProbeTime is the last time the
11829 healthcheck endpoint was probed.
11830 format: date-time
11831 type: string
11832 lastTransitionTime:
11833 description: lastTransitionTime is the last time the
11834 condition transitioned from one status to another.
11835 format: date-time
11836 type: string
11837 status:
11838 description: status of the condition (one of True, False, Unknown)
11839 enum:
11840 - "True"
11841 - "False"
11842 - Unknown
11843 type: string
11844 type:
11845 description: type of the condition in CamelCase or in
11846 foo.example.com/CamelCase.
11847 maxLength: 316
11848 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
11849 type: string
11850 reason:
11851 description: reason contains a programmatic identifier
11852 indicating the reason for the condition's last
11853 transition. Producers of specific condition types may
11854 define expected values and meanings for this field, and
11855 whether the values are considered a guaranteed API. The
11856 value should be a CamelCase string. This field may not
11857 be empty.
11858 maxLength: 1024
11859 minLength: 1
11860 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
11861 type: string
11862 message:
11863 description: message is a human readable message
11864 indicating details about the transition. This may be an
11865 empty string.
11866 maxLength: 32768
11867 type: string
11868 required:
11869 - status
11870 - type
11871 additionalPrinterColumns:
11872 - jsonPath: .spec.meshTls.identity
11873 name: Identity
11874 type: string
11875 - jsonPath: .metadata.creationTimestamp
11876 name: Age
11877 type: date
11878 - name: v1beta1
11879 served: true
11880 storage: true
11881 subresources:
11882 status: {}
11883 schema:
11884 openAPIV3Schema:
11885 description: >-
11886 An ExternalWorkload describes a single workload (i.e. a deployable unit) external
11887 to the cluster that should be enrolled in the mesh.
11888 type: object
11889 required: [spec]
11890 properties:
11891 apiVerson:
11892 type: string
11893 kind:
11894 type: string
11895 metadata:
11896 type: object
11897 spec:
11898 properties:
11899 meshTLS:
11900 description: meshTLS describes TLS settings associated with an
11901 external workload.
11902 properties:
11903 identity:
11904 type: string
11905 description: identity of the workload. Corresponds to the
11906 identity used in the workload's certificate. It is used
11907 by peers to perform verification in the mTLS handshake.
11908 minLength: 1
11909 maxLength: 253
11910 serverName:
11911 type: string
11912 description: serverName is the name of the workload in DNS
11913 format. It is used by the workload to terminate TLS using
11914 SNI.
11915 minLength: 1
11916 maxLength: 253
11917 type: object
11918 required:
11919 - identity
11920 - serverName
11921 ports:
11922 type: array
11923 description: ports describes a list of ports exposed by the
11924 workload
11925 items:
11926 properties:
11927 name:
11928 type: string
11929 description: name must be an IANA_SVC_NAME and unique
11930 within the ports set. Each named port can be referred
11931 to by services.
11932 port:
11933 format: int32
11934 maximum: 65535
11935 minimum: 1
11936 type: integer
11937 protocol:
11938 description: protocol exposed by the port. Must be UDP or
11939 TCP. Defaults to TCP.
11940 type: string
11941 default: "TCP"
11942 type: object
11943 required:
11944 - port
11945 workloadIPs:
11946 type: array
11947 description: workloadIPs contains a list of IP addresses that
11948 can be used to send traffic to the workload.
11949 items:
11950 type: object
11951 properties:
11952 ip:
11953 type: string
11954 # TODO: relax this in the future when ipv6 is supported
11955 # an external workload (like a pod) should only
11956 # support 2 interfaces
11957 maxItems: 1
11958 type: object
11959 required:
11960 - meshTLS
11961 status:
11962 type: object
11963 properties:
11964 conditions:
11965 type: array
11966 items:
11967 type: object
11968 properties:
11969 lastProbeTime:
11970 description: lastProbeTime is the last time the
11971 healthcheck endpoint was probed.
11972 format: date-time
11973 type: string
11974 lastTransitionTime:
11975 description: lastTransitionTime is the last time the
11976 condition transitioned from one status to another.
11977 format: date-time
11978 type: string
11979 status:
11980 description: status of the condition (one of True, False, Unknown)
11981 enum:
11982 - "True"
11983 - "False"
11984 - Unknown
11985 type: string
11986 type:
11987 description: type of the condition in CamelCase or in
11988 foo.example.com/CamelCase.
11989 maxLength: 316
11990 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
11991 type: string
11992 reason:
11993 description: reason contains a programmatic identifier
11994 indicating the reason for the condition's last
11995 transition. Producers of specific condition types may
11996 define expected values and meanings for this field, and
11997 whether the values are considered a guaranteed API. The
11998 value should be a CamelCase string. This field may not
11999 be empty.
12000 maxLength: 1024
12001 minLength: 1
12002 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
12003 type: string
12004 message:
12005 description: message is a human readable message
12006 indicating details about the transition. This may be an
12007 empty string.
12008 maxLength: 32768
12009 type: string
12010 required:
12011 - status
12012 - type
12013 additionalPrinterColumns:
12014 - jsonPath: .spec.meshTLS.identity
12015 name: Identity
12016 type: string
12017 - jsonPath: .metadata.creationTimestamp
12018 name: Age
12019 type: date
View as plain text