1---
2# Source: linkerd-crds/templates/policy/authorization-policy.yaml
3---
4apiVersion: apiextensions.k8s.io/v1
5kind: CustomResourceDefinition
6metadata:
7 name: authorizationpolicies.policy.linkerd.io
8 annotations:
9 linkerd.io/created-by: linkerd/helm linkerd-version
10 labels:
11 helm.sh/chart: linkerd-crds-
12 linkerd.io/control-plane-ns: linkerd-dev
13spec:
14 group: policy.linkerd.io
15 scope: Namespaced
16 names:
17 kind: AuthorizationPolicy
18 plural: authorizationpolicies
19 singular: authorizationpolicy
20 shortNames: [authzpolicy]
21 versions:
22 - name: v1alpha1
23 served: true
24 storage: true
25 schema:
26 openAPIV3Schema:
27 type: object
28 required: [spec]
29 properties:
30 spec:
31 description: >-
32 Authorizes clients to communicate with Linkerd-proxied server
33 resources.
34 type: object
35 required: [targetRef, requiredAuthenticationRefs]
36 properties:
37 targetRef:
38 description: >-
39 TargetRef references a resource to which the authorization
40 policy applies.
41 type: object
42 required: [kind, name]
43 # Modified from the gateway API.
44 # Copyright 2020 The Kubernetes Authors
45 properties:
46 group:
47 description: >-
48 Group is the group of the referent. When empty, the
49 Kubernetes core API group is inferred.
50 maxLength: 253
51 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
52 type: string
53 kind:
54 description: >-
55 Kind is the kind of the referent.
56 maxLength: 63
57 minLength: 1
58 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
59 type: string
60 name:
61 description: Name is the name of the referent.
62 maxLength: 253
63 minLength: 1
64 type: string
65 requiredAuthenticationRefs:
66 description: >-
67 RequiredAuthenticationRefs enumerates a set of required
68 authentications. ALL authentications must be satisfied for
69 the authorization to apply. If any of the referred objects
70 cannot be found, the authorization will be ignored.
71 type: array
72 items:
73 type: object
74 required: [kind, name]
75 properties:
76 group:
77 description: >-
78 Group is the group of the referent. When empty, the
79 Kubernetes core API group is inferred."
80 maxLength: 253
81 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
82 type: string
83 kind:
84 description: >-
85 Kind is the kind of the referent.
86 maxLength: 63
87 minLength: 1
88 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
89 type: string
90 name:
91 description: >-
92 Name is the name of the referent.
93 maxLength: 253
94 minLength: 1
95 type: string
96 namespace:
97 description: >-
98 Name is the name of the referent. When unspecified,
99 this authentication refers to the local namespace.
100 maxLength: 253
101 type: string
102---
103# Source: linkerd-crds/templates/policy/httproute.yaml
104---
105apiVersion: apiextensions.k8s.io/v1
106kind: CustomResourceDefinition
107metadata:
108 name: httproutes.policy.linkerd.io
109 annotations:
110 linkerd.io/created-by: linkerd/helm linkerd-version
111 labels:
112 helm.sh/chart: linkerd-crds-
113 linkerd.io/control-plane-ns: linkerd-dev
114spec:
115 group: policy.linkerd.io
116 names:
117 kind: HTTPRoute
118 listKind: HTTPRouteList
119 plural: httproutes
120 singular: httproute
121 scope: Namespaced
122 versions:
123 - additionalPrinterColumns:
124 - jsonPath: .spec.hostnames
125 name: Hostnames
126 type: string
127 - jsonPath: .metadata.creationTimestamp
128 name: Age
129 type: date
130 name: v1alpha1
131 schema:
132 openAPIV3Schema:
133 description: HTTPRoute provides a way to route HTTP requests. This includes
134 the capability to match requests by hostname, path, header, or query param.
135 Filters can be used to specify additional processing steps. Backends specify
136 where matching requests should be routed.
137 properties:
138 apiVersion:
139 description: 'APIVersion defines the versioned schema of this representation
140 of an object. Servers should convert recognized schemas to the latest
141 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
142 type: string
143 kind:
144 description: 'Kind is a string value representing the REST resource this
145 object represents. Servers may infer this from the endpoint the client
146 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
147 type: string
148 metadata:
149 type: object
150 spec:
151 description: Spec defines the desired state of HTTPRoute.
152 properties:
153 hostnames:
154 description: "Hostnames defines a set of hostname that should match
155 against the HTTP Host header to select a HTTPRoute to process the
156 request. This matches the RFC 1123 definition of a hostname with
157 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may
158 be prefixed with a wildcard label (`*.`). The wildcard label
159 must appear by itself as the first label. \n If a hostname is specified
160 by both the Listener and HTTPRoute, there must be at least one intersecting
161 hostname for the HTTPRoute to be attached to the Listener. For example:
162 \n * A Listener with `test.example.com` as the hostname matches
163 HTTPRoutes that have either not specified any hostnames, or have
164 specified at least one of `test.example.com` or `*.example.com`.
165 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
166 \ that have either not specified any hostnames or have specified
167 at least one hostname that matches the Listener hostname. For
168 example, `*.example.com`, `test.example.com`, and `foo.test.example.com`
169 would all match. On the other hand, `example.com` and `test.example.net`
170 would not match. \n Hostnames that are prefixed with a wildcard
171 label (`*.`) are interpreted as a suffix match. That means that
172 a match for `*.example.com` would match both `test.example.com`,
173 and `foo.test.example.com`, but not `example.com`. \n If both the
174 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
175 that do not match the Listener hostname MUST be ignored. For example,
176 if a Listener specified `*.example.com`, and the HTTPRoute specified
177 `test.example.com` and `test.example.net`, `test.example.net` must
178 not be considered for a match. \n If both the Listener and HTTPRoute
179 have specified hostnames, and none match with the criteria above,
180 then the HTTPRoute is not accepted. The implementation must raise
181 an 'Accepted' Condition with a status of `False` in the corresponding
182 RouteParentStatus. \n Support: Core"
183 items:
184 description: "Hostname is the fully qualified domain name of a network
185 host. This matches the RFC 1123 definition of a hostname with
186 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
187 may be prefixed with a wildcard label (`*.`). The wildcard label
188 must appear by itself as the first label. \n Hostname can be \"precise\"
189 which is a domain name without the terminating dot of a network
190 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
191 name prefixed with a single wildcard label (e.g. `*.example.com`).
192 \n Note that as per RFC1035 and RFC1123, a *label* must consist
193 of lower case alphanumeric characters or '-', and must start and
194 end with an alphanumeric character. No other punctuation is allowed."
195 maxLength: 253
196 minLength: 1
197 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
198 type: string
199 maxItems: 16
200 type: array
201 parentRefs:
202 description: "ParentRefs references the resources (usually Gateways)
203 that a Route wants to be attached to. Note that the referenced parent
204 resource needs to allow this for the attachment to be complete.
205 For Gateways, that means the Gateway needs to allow attachment from
206 Routes of this kind and namespace. \n The only kind of parent resource
207 with \"Core\" support is Gateway. This API may be extended in the
208 future to support additional kinds of parent resources such as one
209 of the route kinds. \n It is invalid to reference an identical parent
210 more than once. It is valid to reference multiple distinct sections
211 within the same parent resource, such as 2 Listeners within a Gateway.
212 \n It is possible to separately reference multiple distinct objects
213 that may be collapsed by an implementation. For example, some implementations
214 may choose to merge compatible Gateway Listeners together. If that
215 is the case, the list of routes attached to those resources should
216 also be merged."
217 items:
218 description: "ParentReference identifies an API object (usually
219 a Gateway) that can be considered a parent of this resource (usually
220 a route). The only kind of parent resource with \"Core\" support
221 is Gateway. This API may be extended in the future to support
222 additional kinds of parent resources, such as HTTPRoute. \n The
223 API object must be valid in the cluster; the Group and Kind must
224 be registered in the cluster for this reference to be valid."
225 properties:
226 group:
227 default: policy.linkerd.io
228 description: "Group is the group of the referent. \n Support:
229 Core"
230 maxLength: 253
231 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
232 type: string
233 kind:
234 default: Gateway
235 description: "Kind is kind of the referent. \n Support: Core
236 (Gateway) Support: Custom (Other Resources)"
237 maxLength: 63
238 minLength: 1
239 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
240 type: string
241 name:
242 description: "Name is the name of the referent. \n Support:
243 Core"
244 maxLength: 253
245 minLength: 1
246 type: string
247 namespace:
248 description: "Namespace is the namespace of the referent. When
249 unspecified (or empty string), this refers to the local namespace
250 of the Route. \n Support: Core"
251 maxLength: 63
252 minLength: 1
253 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
254 type: string
255 port:
256 description: "port"
257 type: integer
258 sectionName:
259 description: "SectionName is the name of a section within the
260 target resource. In the following resources, SectionName is
261 interpreted as the following: \n * Gateway: Listener Name.
262 When both Port (experimental) and SectionName are specified,
263 the name and port of the selected listener must match both
264 specified values. \n Implementations MAY choose to support
265 attaching Routes to other resources. If that is the case,
266 they MUST clearly document how SectionName is interpreted.
267 \n When unspecified (empty string), this will reference the
268 entire resource. For the purpose of status, an attachment
269 is considered successful if at least one section in the parent
270 resource accepts it. For example, Gateway listeners can restrict
271 which Routes can attach to them by Route kind, namespace,
272 or hostname. If 1 of 2 Gateway listeners accept attachment
273 from the referencing Route, the Route MUST be considered successfully
274 attached. If no Gateway listeners accept attachment from this
275 Route, the Route MUST be considered detached from the Gateway.
276 \n Support: Core"
277 maxLength: 253
278 minLength: 1
279 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
280 type: string
281 required:
282 - name
283 type: object
284 maxItems: 32
285 type: array
286 rules:
287 default:
288 - matches:
289 - path:
290 type: PathPrefix
291 value: /
292 description: Rules are a list of HTTP matchers, filters and actions.
293 items:
294 description: HTTPRouteRule defines semantics for matching an HTTP
295 request based on conditions (matches) and processing it (filters).
296 properties:
297 backendRefs:
298 type: array
299 items:
300 type: object
301 properties:
302 name:
303 type: string
304 port:
305 type: integer
306 namespace:
307 type: string
308 default: "default"
309 filters:
310 description: "Filters defined at this level should be
311 executed if and only if the request is being forwarded
312 to the backend defined here. \n Support: Implementation-specific
313 (For broader support of filters, use the Filters field
314 in HTTPRouteRule.)"
315 items:
316 description: HTTPRouteFilter defines processing steps
317 that must be completed during the request or response
318 lifecycle. HTTPRouteFilters are meant as an extension
319 point to express processing that may be done in Gateway
320 implementations. Some examples include request or
321 response modification, implementing authentication
322 strategies, rate-limiting, and traffic shaping. API
323 guarantee/conformance is defined based on the type
324 of the filter.
325 properties:
326 requestHeaderModifier:
327 description: "RequestHeaderModifier defines a schema
328 for a filter that modifies request headers. \n
329 Support: Core"
330 properties:
331 add:
332 description: "Add adds the given header(s) (name,
333 value) to the request before the action. It
334 appends to any existing values associated
335 with the header name. \n Input: GET /foo HTTP/1.1
336 my-header: foo \n Config: add: - name: \"my-header\"
337 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
338 my-header: foo,bar,baz"
339 items:
340 description: HTTPHeader represents an HTTP
341 Header name and value as defined by RFC
342 7230.
343 properties:
344 name:
345 description: "Name is the name of the
346 HTTP Header to be matched. Name matching
347 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
348 \n If multiple entries specify equivalent
349 header names, the first entry with an
350 equivalent name MUST be considered for
351 a match. Subsequent entries with an
352 equivalent header name MUST be ignored.
353 Due to the case-insensitivity of header
354 names, \"foo\" and \"Foo\" are considered
355 equivalent."
356 maxLength: 256
357 minLength: 1
358 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
359 type: string
360 value:
361 description: Value is the value of HTTP
362 Header to be matched.
363 maxLength: 4096
364 minLength: 1
365 type: string
366 required:
367 - name
368 - value
369 type: object
370 maxItems: 16
371 type: array
372 x-kubernetes-list-map-keys:
373 - name
374 x-kubernetes-list-type: map
375 remove:
376 description: "Remove the given header(s) from
377 the HTTP request before the action. The value
378 of Remove is a list of HTTP header names.
379 Note that the header names are case-insensitive
380 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
381 \n Input: GET /foo HTTP/1.1 my-header1: foo
382 my-header2: bar my-header3: baz \n Config:
383 remove: [\"my-header1\", \"my-header3\"] \n
384 Output: GET /foo HTTP/1.1 my-header2: bar"
385 items:
386 type: string
387 maxItems: 16
388 type: array
389 set:
390 description: "Set overwrites the request with
391 the given header (name, value) before the
392 action. \n Input: GET /foo HTTP/1.1 my-header:
393 foo \n Config: set: - name: \"my-header\"
394 value: \"bar\" \n Output: GET /foo HTTP/1.1
395 my-header: bar"
396 items:
397 description: HTTPHeader represents an HTTP
398 Header name and value as defined by RFC
399 7230.
400 properties:
401 name:
402 description: "Name is the name of the
403 HTTP Header to be matched. Name matching
404 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
405 \n If multiple entries specify equivalent
406 header names, the first entry with an
407 equivalent name MUST be considered for
408 a match. Subsequent entries with an
409 equivalent header name MUST be ignored.
410 Due to the case-insensitivity of header
411 names, \"foo\" and \"Foo\" are considered
412 equivalent."
413 maxLength: 256
414 minLength: 1
415 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
416 type: string
417 value:
418 description: Value is the value of HTTP
419 Header to be matched.
420 maxLength: 4096
421 minLength: 1
422 type: string
423 required:
424 - name
425 - value
426 type: object
427 maxItems: 16
428 type: array
429 x-kubernetes-list-map-keys:
430 - name
431 x-kubernetes-list-type: map
432 type: object
433 requestRedirect:
434 description: "RequestRedirect defines a schema for
435 a filter that responds to the request with an
436 HTTP redirection. \n Support: Core"
437 properties:
438 hostname:
439 description: "Hostname is the hostname to be
440 used in the value of the `Location` header
441 in the response. When empty, the hostname
442 in the `Host` header of the request is used.
443 \n Support: Core"
444 maxLength: 253
445 minLength: 1
446 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
447 type: string
448 path:
449 description: "Path defines parameters used to
450 modify the path of the incoming request. The
451 modified path is then used to construct the
452 `Location` header. When empty, the request
453 path is used as-is. \n Support: Extended"
454 properties:
455 replaceFullPath:
456 description: ReplaceFullPath specifies the
457 value with which to replace the full path
458 of a request during a rewrite or redirect.
459 maxLength: 1024
460 type: string
461 replacePrefixMatch:
462 description: "ReplacePrefixMatch specifies
463 the value with which to replace the prefix
464 match of a request during a rewrite or
465 redirect. For example, a request to \"/foo/bar\"
466 with a prefix match of \"/foo\" and a
467 ReplacePrefixMatch of \"/xyz\" would be
468 modified to \"/xyz/bar\". \n Note that
469 this matches the behavior of the PathPrefix
470 match type. This matches full path elements.
471 A path element refers to the list of labels
472 in the path split by the `/` separator.
473 When specified, a trailing `/` is ignored.
474 For example, the paths `/abc`, `/abc/`,
475 and `/abc/def` would all match the prefix
476 `/abc`, but the path `/abcd` would not.
477 \n Request Path | Prefix Match | Replace
478 Prefix | Modified Path -------------|--------------|----------------|----------
479 /foo/bar | /foo | /xyz |
480 /xyz/bar /foo/bar | /foo |
481 /xyz/ | /xyz/bar /foo/bar |
482 /foo/ | /xyz | /xyz/bar
483 /foo/bar | /foo/ | /xyz/ |
484 /xyz/bar /foo | /foo |
485 /xyz | /xyz /foo/ | /foo
486 \ | /xyz | /xyz/ /foo/bar
487 \ | /foo | <empty string> |
488 /bar /foo/ | /foo | <empty
489 string> | / /foo | /foo |
490 <empty string> | / /foo/ | /foo
491 \ | / | / /foo |
492 /foo | / | /"
493 maxLength: 1024
494 type: string
495 type:
496 description: "Type defines the type of path
497 modifier. Additional types may be added
498 in a future release of the API. \n Note
499 that values may be added to this enum,
500 implementations must ensure that unknown
501 values will not cause a crash. \n Unknown
502 values here must result in the implementation
503 setting the Accepted Condition for the
504 Route to `status: False`, with a Reason
505 of `UnsupportedValue`."
506 enum:
507 - ReplaceFullPath
508 - ReplacePrefixMatch
509 type: string
510 required:
511 - type
512 type: object
513 port:
514 description: "Port is the port to be used in
515 the value of the `Location` header in the
516 response. \n If no port is specified, the
517 redirect port MUST be derived using the following
518 rules: \n * If redirect scheme is not-empty,
519 the redirect port MUST be the well-known port
520 associated with the redirect scheme. Specifically
521 \"http\" to port 80 and \"https\" to port
522 443. If the redirect scheme does not have
523 a well-known port, the listener port of the
524 Gateway SHOULD be used. * If redirect scheme
525 is empty, the redirect port MUST be the Gateway
526 Listener port. \n Implementations SHOULD NOT
527 add the port number in the 'Location' header
528 in the following cases: \n * A Location header
529 that will use HTTP (whether that is determined
530 via the Listener protocol or the Scheme field)
531 _and_ use port 80. * A Location header that
532 will use HTTPS (whether that is determined
533 via the Listener protocol or the Scheme field)
534 _and_ use port 443. \n Support: Extended"
535 format: int32
536 maximum: 65535
537 minimum: 1
538 type: integer
539 scheme:
540 description: "Scheme is the scheme to be used
541 in the value of the `Location` header in the
542 response. When empty, the scheme of the request
543 is used. \n Scheme redirects can affect the
544 port of the redirect, for more information,
545 refer to the documentation for the port field
546 of this filter. \n Note that values may be
547 added to this enum, implementations must ensure
548 that unknown values will not cause a crash.
549 \n Unknown values here must result in the
550 implementation setting the Accepted Condition
551 for the Route to `status: False`, with a Reason
552 of `UnsupportedValue`. \n Support: Extended"
553 enum:
554 - http
555 - https
556 type: string
557 statusCode:
558 default: 302
559 description: "StatusCode is the HTTP status
560 code to be used in response. \n Note that
561 values may be added to this enum, implementations
562 must ensure that unknown values will not cause
563 a crash. \n Unknown values here must result
564 in the implementation setting the Accepted
565 Condition for the Route to `status: False`,
566 with a Reason of `UnsupportedValue`. \n Support:
567 Core"
568 enum:
569 - 301
570 - 302
571 type: integer
572 type: object
573 responseHeaderModifier:
574 description: "ResponseHeaderModifier defines a schema
575 for a filter that modifies response headers. \n
576 Support: Extended"
577 properties:
578 add:
579 description: "Add adds the given header(s) (name,
580 value) to the request before the action. It
581 appends to any existing values associated
582 with the header name. \n Input: GET /foo HTTP/1.1
583 my-header: foo \n Config: add: - name: \"my-header\"
584 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
585 my-header: foo,bar,baz"
586 items:
587 description: HTTPHeader represents an HTTP
588 Header name and value as defined by RFC
589 7230.
590 properties:
591 name:
592 description: "Name is the name of the
593 HTTP Header to be matched. Name matching
594 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
595 \n If multiple entries specify equivalent
596 header names, the first entry with an
597 equivalent name MUST be considered for
598 a match. Subsequent entries with an
599 equivalent header name MUST be ignored.
600 Due to the case-insensitivity of header
601 names, \"foo\" and \"Foo\" are considered
602 equivalent."
603 maxLength: 256
604 minLength: 1
605 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
606 type: string
607 value:
608 description: Value is the value of HTTP
609 Header to be matched.
610 maxLength: 4096
611 minLength: 1
612 type: string
613 required:
614 - name
615 - value
616 type: object
617 maxItems: 16
618 type: array
619 x-kubernetes-list-map-keys:
620 - name
621 x-kubernetes-list-type: map
622 remove:
623 description: "Remove the given header(s) from
624 the HTTP request before the action. The value
625 of Remove is a list of HTTP header names.
626 Note that the header names are case-insensitive
627 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
628 \n Input: GET /foo HTTP/1.1 my-header1: foo
629 my-header2: bar my-header3: baz \n Config:
630 remove: [\"my-header1\", \"my-header3\"] \n
631 Output: GET /foo HTTP/1.1 my-header2: bar"
632 items:
633 type: string
634 maxItems: 16
635 type: array
636 set:
637 description: "Set overwrites the request with
638 the given header (name, value) before the
639 action. \n Input: GET /foo HTTP/1.1 my-header:
640 foo \n Config: set: - name: \"my-header\"
641 value: \"bar\" \n Output: GET /foo HTTP/1.1
642 my-header: bar"
643 items:
644 description: HTTPHeader represents an HTTP
645 Header name and value as defined by RFC
646 7230.
647 properties:
648 name:
649 description: "Name is the name of the
650 HTTP Header to be matched. Name matching
651 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
652 \n If multiple entries specify equivalent
653 header names, the first entry with an
654 equivalent name MUST be considered for
655 a match. Subsequent entries with an
656 equivalent header name MUST be ignored.
657 Due to the case-insensitivity of header
658 names, \"foo\" and \"Foo\" are considered
659 equivalent."
660 maxLength: 256
661 minLength: 1
662 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
663 type: string
664 value:
665 description: Value is the value of HTTP
666 Header to be matched.
667 maxLength: 4096
668 minLength: 1
669 type: string
670 required:
671 - name
672 - value
673 type: object
674 maxItems: 16
675 type: array
676 x-kubernetes-list-map-keys:
677 - name
678 x-kubernetes-list-type: map
679 type: object
680 type:
681 description: "Type identifies the type of filter
682 to apply. As with other API fields, types are
683 classified into three conformance levels: \n -
684 Core: Filter types and their corresponding configuration
685 defined by \"Support: Core\" in this package,
686 e.g. \"RequestHeaderModifier\". All implementations
687 must support core filters. \n - Extended: Filter
688 types and their corresponding configuration defined
689 by \"Support: Extended\" in this package, e.g.
690 \"RequestMirror\". Implementers are encouraged
691 to support extended filters. \n - Implementation-specific:
692 Filters that are defined and supported by specific
693 vendors. In the future, filters showing convergence
694 in behavior across multiple implementations will
695 be considered for inclusion in extended or core
696 conformance levels. Filter-specific configuration
697 for such filters is specified using the ExtensionRef
698 field. `Type` should be set to \"ExtensionRef\"
699 for custom filters. \n Implementers are encouraged
700 to define custom implementation types to extend
701 the core API with implementation-specific behavior.
702 \n If a reference to a custom filter type cannot
703 be resolved, the filter MUST NOT be skipped. Instead,
704 requests that would have been processed by that
705 filter MUST receive a HTTP error response. \n
706 Note that values may be added to this enum, implementations
707 must ensure that unknown values will not cause
708 a crash. \n Unknown values here must result in
709 the implementation setting the Accepted Condition
710 for the Route to `status: False`, with a Reason
711 of `UnsupportedValue`."
712 enum:
713 - RequestHeaderModifier
714 - ResponseHeaderModifier
715 - RequestRedirect
716 type: string
717 required:
718 - type
719 type: object
720 maxItems: 16
721 type: array
722 filters:
723 description: "Filters define the filters that are applied to
724 requests that match this rule. \n The effects of ordering
725 of multiple behaviors are currently unspecified. This can
726 change in the future based on feedback during the alpha stage.
727 \n Conformance-levels at this level are defined based on the
728 type of filter: \n - ALL core filters MUST be supported by
729 all implementations. - Implementers are encouraged to support
730 extended filters. - Implementation-specific custom filters
731 have no API guarantees across implementations. \n Specifying
732 a core filter multiple times has unspecified or custom conformance.
733 \n All filters are expected to be compatible with each other
734 except for the URLRewrite and RequestRedirect filters, which
735 may not be combined. If an implementation can not support
736 other combinations of filters, they must clearly document
737 that limitation. In all cases where incompatible or unsupported
738 filters are specified, implementations MUST add a warning
739 condition to status. \n Support: Core"
740 items:
741 description: HTTPRouteFilter defines processing steps that
742 must be completed during the request or response lifecycle.
743 HTTPRouteFilters are meant as an extension point to express
744 processing that may be done in Gateway implementations.
745 Some examples include request or response modification,
746 implementing authentication strategies, rate-limiting, and
747 traffic shaping. API guarantee/conformance is defined based
748 on the type of the filter.
749 properties:
750 requestHeaderModifier:
751 description: "RequestHeaderModifier defines a schema for
752 a filter that modifies request headers. \n Support:
753 Core"
754 properties:
755 add:
756 description: "Add adds the given header(s) (name,
757 value) to the request before the action. It appends
758 to any existing values associated with the header
759 name. \n Input: GET /foo HTTP/1.1 my-header:
760 foo \n Config: add: - name: \"my-header\" value:
761 \"bar\" \n Output: GET /foo HTTP/1.1 my-header:
762 foo my-header: bar"
763 items:
764 description: HTTPHeader represents an HTTP Header
765 name and value as defined by RFC 7230.
766 properties:
767 name:
768 description: "Name is the name of the HTTP Header
769 to be matched. Name matching MUST be case
770 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
771 \n If multiple entries specify equivalent
772 header names, the first entry with an equivalent
773 name MUST be considered for a match. Subsequent
774 entries with an equivalent header name MUST
775 be ignored. Due to the case-insensitivity
776 of header names, \"foo\" and \"Foo\" are considered
777 equivalent."
778 maxLength: 256
779 minLength: 1
780 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
781 type: string
782 value:
783 description: Value is the value of HTTP Header
784 to be matched.
785 maxLength: 4096
786 minLength: 1
787 type: string
788 required:
789 - name
790 - value
791 type: object
792 maxItems: 16
793 type: array
794 x-kubernetes-list-map-keys:
795 - name
796 x-kubernetes-list-type: map
797 remove:
798 description: "Remove the given header(s) from the
799 HTTP request before the action. The value of Remove
800 is a list of HTTP header names. Note that the header
801 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
802 \n Input: GET /foo HTTP/1.1 my-header1: foo
803 \ my-header2: bar my-header3: baz \n Config:
804 \ remove: [\"my-header1\", \"my-header3\"] \n Output:
805 \ GET /foo HTTP/1.1 my-header2: bar"
806 items:
807 type: string
808 maxItems: 16
809 type: array
810 set:
811 description: "Set overwrites the request with the
812 given header (name, value) before the action. \n
813 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
814 \ set: - name: \"my-header\" value: \"bar\"
815 \n Output: GET /foo HTTP/1.1 my-header: bar"
816 items:
817 description: HTTPHeader represents an HTTP Header
818 name and value as defined by RFC 7230.
819 properties:
820 name:
821 description: "Name is the name of the HTTP Header
822 to be matched. Name matching MUST be case
823 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
824 \n If multiple entries specify equivalent
825 header names, the first entry with an equivalent
826 name MUST be considered for a match. Subsequent
827 entries with an equivalent header name MUST
828 be ignored. Due to the case-insensitivity
829 of header names, \"foo\" and \"Foo\" are considered
830 equivalent."
831 maxLength: 256
832 minLength: 1
833 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
834 type: string
835 value:
836 description: Value is the value of HTTP Header
837 to be matched.
838 maxLength: 4096
839 minLength: 1
840 type: string
841 required:
842 - name
843 - value
844 type: object
845 maxItems: 16
846 type: array
847 x-kubernetes-list-map-keys:
848 - name
849 x-kubernetes-list-type: map
850 type: object
851 requestRedirect:
852 description: "RequestRedirect defines a schema for a filter
853 that responds to the request with an HTTP redirection.
854 \n Support: Core"
855 properties:
856 hostname:
857 description: "Hostname is the hostname to be used
858 in the value of the `Location` header in the response.
859 When empty, the hostname of the request is used.
860 \n Support: Core"
861 maxLength: 253
862 minLength: 1
863 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
864 type: string
865 path:
866 description: "Path defines parameters used to
867 modify the path of the incoming request. The
868 modified path is then used to construct the
869 `Location` header. When empty, the request
870 path is used as-is. \n Support: Extended"
871 properties:
872 replaceFullPath:
873 description: ReplaceFullPath specifies the
874 value with which to replace the full path
875 of a request during a rewrite or redirect.
876 maxLength: 1024
877 type: string
878 replacePrefixMatch:
879 description: "ReplacePrefixMatch specifies
880 the value with which to replace the prefix
881 match of a request during a rewrite or
882 redirect. For example, a request to \"/foo/bar\"
883 with a prefix match of \"/foo\" and a
884 ReplacePrefixMatch of \"/xyz\" would be
885 modified to \"/xyz/bar\". \n Note that
886 this matches the behavior of the PathPrefix
887 match type. This matches full path elements.
888 A path element refers to the list of labels
889 in the path split by the `/` separator.
890 When specified, a trailing `/` is ignored.
891 For example, the paths `/abc`, `/abc/`,
892 and `/abc/def` would all match the prefix
893 `/abc`, but the path `/abcd` would not.
894 \n Request Path | Prefix Match | Replace
895 Prefix | Modified Path -------------|--------------|----------------|----------
896 /foo/bar | /foo | /xyz |
897 /xyz/bar /foo/bar | /foo |
898 /xyz/ | /xyz/bar /foo/bar |
899 /foo/ | /xyz | /xyz/bar
900 /foo/bar | /foo/ | /xyz/ |
901 /xyz/bar /foo | /foo |
902 /xyz | /xyz /foo/ | /foo
903 \ | /xyz | /xyz/ /foo/bar
904 \ | /foo | <empty string> |
905 /bar /foo/ | /foo | <empty
906 string> | / /foo | /foo |
907 <empty string> | / /foo/ | /foo
908 \ | / | / /foo |
909 /foo | / | /"
910 maxLength: 1024
911 type: string
912 type:
913 description: "Type defines the type of path
914 modifier. Additional types may be added
915 in a future release of the API. \n Note
916 that values may be added to this enum,
917 implementations must ensure that unknown
918 values will not cause a crash. \n Unknown
919 values here must result in the implementation
920 setting the Accepted Condition for the
921 Route to `status: False`, with a Reason
922 of `UnsupportedValue`."
923 enum:
924 - ReplaceFullPath
925 - ReplacePrefixMatch
926 type: string
927 required:
928 - type
929 type: object
930 port:
931 description: "Port is the port to be used in the value
932 of the `Location` header in the response. When empty,
933 port (if specified) of the request is used. \n Support:
934 Extended"
935 format: int32
936 maximum: 65535
937 minimum: 1
938 type: integer
939 scheme:
940 description: "Scheme is the scheme to be used in the
941 value of the `Location` header in the response.
942 When empty, the scheme of the request is used. \n
943 Support: Extended"
944 enum:
945 - http
946 - https
947 type: string
948 statusCode:
949 default: 302
950 description: "StatusCode is the HTTP status code to
951 be used in response. \n Support: Core"
952 enum:
953 - 301
954 - 302
955 type: integer
956 type: object
957 type:
958 description: "Type identifies the type of filter to apply.
959 As with other API fields, types are classified into
960 three conformance levels: \n - Core: Filter types and
961 their corresponding configuration defined by \"Support:
962 Core\" in this package, e.g. \"RequestHeaderModifier\".
963 All implementations must support core filters. \n\n "
964 enum:
965 - RequestHeaderModifier
966 - RequestRedirect
967 type: string
968 required:
969 - type
970 type: object
971 maxItems: 16
972 type: array
973 matches:
974 default:
975 - path:
976 type: PathPrefix
977 value: /
978 description: "Matches define conditions used for matching the
979 rule against incoming HTTP requests. Each match is independent,
980 i.e. this rule will be matched if **any** one of the matches
981 is satisfied. \n For example, take the following matches configuration:
982 \n ``` matches: - path: value: \"/foo\" headers: -
983 name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"
984 ``` \n For a request to match against this rule, a request
985 must satisfy EITHER of the two conditions: \n - path prefixed
986 with `/foo` AND contains the header `version: v2` - path prefix
987 of `/v2/foo` \n See the documentation for HTTPRouteMatch on
988 how to specify multiple match conditions that should be ANDed
989 together. \n If no matches are specified, the default is a
990 prefix path match on \"/\", which has the effect of matching
991 every HTTP request. \n Proxy or Load Balancer routing configuration
992 generated from HTTPRoutes MUST prioritize rules based on the
993 following criteria, continuing on ties. Precedence must be
994 given to the the Rule with the largest number of: \n * Characters
995 in a matching non-wildcard hostname. * Characters in a matching
996 hostname. * Characters in a matching path. * Header matches.
997 * Query param matches. \n If ties still exist across multiple
998 Routes, matching precedence MUST be determined in order of
999 the following criteria, continuing on ties: \n * The oldest
1000 Route based on creation timestamp. * The Route appearing first
1001 in alphabetical order by \"{namespace}/{name}\". \n If ties
1002 still exist within the Route that has been given precedence,
1003 matching precedence MUST be granted to the first matching
1004 rule meeting the above criteria. \n When no rules matching
1005 a request have been successfully attached to the parent a
1006 request is coming from, a HTTP 404 status code MUST be returned."
1007 items:
1008 description: "HTTPRouteMatch defines the predicate used to
1009 match requests to a given action. Multiple match types are
1010 ANDed together, i.e. the match will evaluate to true only
1011 if all conditions are satisfied. \n For example, the match
1012 below will match a HTTP request only if its path starts
1013 with `/foo` AND it contains the `version: v1` header: \n
1014 ``` match: path: value: \"/foo\" headers: - name:
1015 \"version\" value \"v1\" ```"
1016 properties:
1017 headers:
1018 description: Headers specifies HTTP request header matchers.
1019 Multiple match values are ANDed together, meaning, a
1020 request must match all the specified headers to select
1021 the route.
1022 items:
1023 description: HTTPHeaderMatch describes how to select
1024 a HTTP route by matching HTTP request headers.
1025 properties:
1026 name:
1027 description: "Name is the name of the HTTP Header
1028 to be matched. Name matching MUST be case insensitive.
1029 (See https://tools.ietf.org/html/rfc7230#section-3.2).
1030 \n If multiple entries specify equivalent header
1031 names, only the first entry with an equivalent
1032 name MUST be considered for a match. Subsequent
1033 entries with an equivalent header name MUST be
1034 ignored. Due to the case-insensitivity of header
1035 names, \"foo\" and \"Foo\" are considered equivalent.
1036 \n When a header is repeated in an HTTP request,
1037 it is implementation-specific behavior as to how
1038 this is represented. Generally, proxies should
1039 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
1040 regarding processing a repeated header, with special
1041 handling for \"Set-Cookie\"."
1042 maxLength: 256
1043 minLength: 1
1044 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1045 type: string
1046 type:
1047 default: Exact
1048 description: "Type specifies how to match against
1049 the value of the header. \n Support: Core (Exact)
1050 \n Support: Custom (RegularExpression) \n Since
1051 RegularExpression HeaderMatchType has custom conformance,
1052 implementations can support POSIX, PCRE or any
1053 other dialects of regular expressions. Please
1054 read the implementation's documentation to determine
1055 the supported dialect."
1056 enum:
1057 - Exact
1058 - RegularExpression
1059 type: string
1060 value:
1061 description: Value is the value of HTTP Header to
1062 be matched.
1063 maxLength: 4096
1064 minLength: 1
1065 type: string
1066 required:
1067 - name
1068 - value
1069 type: object
1070 maxItems: 16
1071 type: array
1072 x-kubernetes-list-map-keys:
1073 - name
1074 x-kubernetes-list-type: map
1075 method:
1076 description: "Method specifies HTTP method matcher. When
1077 specified, this route will be matched only if the request
1078 has the specified method. \n Support: Extended"
1079 enum:
1080 - GET
1081 - HEAD
1082 - POST
1083 - PUT
1084 - DELETE
1085 - CONNECT
1086 - OPTIONS
1087 - TRACE
1088 - PATCH
1089 type: string
1090 path:
1091 default:
1092 type: PathPrefix
1093 value: /
1094 description: Path specifies a HTTP request path matcher.
1095 If this field is not specified, a default prefix match
1096 on the "/" path is provided.
1097 properties:
1098 type:
1099 default: PathPrefix
1100 description: "Type specifies how to match against
1101 the path Value. \n Support: Core (Exact, PathPrefix)
1102 \n Support: Custom (RegularExpression)"
1103 enum:
1104 - Exact
1105 - PathPrefix
1106 - RegularExpression
1107 type: string
1108 value:
1109 default: /
1110 description: Value of the HTTP path to match against.
1111 maxLength: 1024
1112 type: string
1113 type: object
1114 queryParams:
1115 description: QueryParams specifies HTTP query parameter
1116 matchers. Multiple match values are ANDed together,
1117 meaning, a request must match all the specified query
1118 parameters to select the route.
1119 items:
1120 description: HTTPQueryParamMatch describes how to select
1121 a HTTP route by matching HTTP query parameters.
1122 properties:
1123 name:
1124 description: Name is the name of the HTTP query
1125 param to be matched. This must be an exact string
1126 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
1127 maxLength: 256
1128 minLength: 1
1129 type: string
1130 type:
1131 default: Exact
1132 description: "Type specifies how to match against
1133 the value of the query parameter. \n Support:
1134 Extended (Exact) \n Support: Custom (RegularExpression)
1135 \n Since RegularExpression QueryParamMatchType
1136 has custom conformance, implementations can support
1137 POSIX, PCRE or any other dialects of regular expressions.
1138 Please read the implementation's documentation
1139 to determine the supported dialect."
1140 enum:
1141 - Exact
1142 - RegularExpression
1143 type: string
1144 value:
1145 description: Value is the value of HTTP query param
1146 to be matched.
1147 maxLength: 1024
1148 minLength: 1
1149 type: string
1150 required:
1151 - name
1152 - value
1153 type: object
1154 maxItems: 16
1155 type: array
1156 x-kubernetes-list-map-keys:
1157 - name
1158 x-kubernetes-list-type: map
1159 type: object
1160 maxItems: 8
1161 type: array
1162 type: object
1163 maxItems: 16
1164 type: array
1165 type: object
1166 status:
1167 description: Status defines the current state of HTTPRoute.
1168 properties:
1169 parents:
1170 description: "Parents is a list of parent resources (usually Gateways)
1171 that are associated with the route, and the status of the route
1172 with respect to each parent. When this route attaches to a parent,
1173 the controller that manages the parent must add an entry to this
1174 list when the controller first sees the route and should update
1175 the entry as appropriate when the route or gateway is modified.
1176 \n Note that parent references that cannot be resolved by an implementation
1177 of this API will not be added to this list. Implementations of this
1178 API can only populate Route status for the Gateways/parent resources
1179 they are responsible for. \n A maximum of 32 Gateways will be represented
1180 in this list. An empty list means the route has not been attached
1181 to any Gateway."
1182 items:
1183 description: RouteParentStatus describes the status of a route with
1184 respect to an associated Parent.
1185 properties:
1186 conditions:
1187 description: "Conditions describes the status of the route with
1188 respect to the Gateway. Note that the route's availability
1189 is also subject to the Gateway's own status conditions and
1190 listener status. \n If the Route's ParentRef specifies an
1191 existing Gateway that supports Routes of this kind AND that
1192 Gateway's controller has sufficient access, then that Gateway's
1193 controller MUST set the \"Accepted\" condition on the Route,
1194 to indicate whether the route has been accepted or rejected
1195 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
1196 if at least one of the Route's rules is implemented by the
1197 Gateway. \n There are a number of cases where the \"Accepted\"
1198 condition may not be set due to lack of controller visibility,
1199 that includes when: \n * The Route refers to a non-existent
1200 parent. * The Route is of a type that the controller does
1201 not support. * The Route is in a namespace the the controller
1202 does not have access to."
1203 items:
1204 description: "Condition contains details for one aspect of
1205 the current state of this API Resource. --- This struct
1206 is intended for direct use as an array at the field path
1207 .status.conditions. For example, type FooStatus struct{
1208 \ // Represents the observations of a foo's current state.
1209 \ // Known .status.conditions.type are: \"Available\",
1210 \"Progressing\", and \"Degraded\" // +patchMergeKey=type
1211 \ // +patchStrategy=merge // +listType=map //
1212 +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
1213 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
1214 \n // other fields }"
1215 properties:
1216 lastTransitionTime:
1217 description: lastTransitionTime is the last time the condition
1218 transitioned from one status to another. This should
1219 be when the underlying condition changed. If that is
1220 not known, then using the time when the API field changed
1221 is acceptable.
1222 format: date-time
1223 type: string
1224 message:
1225 description: message is a human readable message indicating
1226 details about the transition. This may be an empty string.
1227 maxLength: 32768
1228 type: string
1229 observedGeneration:
1230 description: observedGeneration represents the .metadata.generation
1231 that the condition was set based upon. For instance,
1232 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
1233 is 9, the condition is out of date with respect to the
1234 current state of the instance.
1235 format: int64
1236 minimum: 0
1237 type: integer
1238 reason:
1239 description: reason contains a programmatic identifier
1240 indicating the reason for the condition's last transition.
1241 Producers of specific condition types may define expected
1242 values and meanings for this field, and whether the
1243 values are considered a guaranteed API. The value should
1244 be a CamelCase string. This field may not be empty.
1245 maxLength: 1024
1246 minLength: 1
1247 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1248 type: string
1249 status:
1250 description: status of the condition, one of True, False,
1251 Unknown.
1252 enum:
1253 - "True"
1254 - "False"
1255 - Unknown
1256 type: string
1257 type:
1258 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1259 --- Many .condition.type values are consistent across
1260 resources like Available, but because arbitrary conditions
1261 can be useful (see .node.status.conditions), the ability
1262 to deconflict is important. The regex it matches is
1263 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1264 maxLength: 316
1265 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1266 type: string
1267 required:
1268 - lastTransitionTime
1269 - message
1270 - reason
1271 - status
1272 - type
1273 type: object
1274 maxItems: 8
1275 minItems: 1
1276 type: array
1277 x-kubernetes-list-map-keys:
1278 - type
1279 x-kubernetes-list-type: map
1280 controllerName:
1281 description: "ControllerName is a domain/path string that indicates
1282 the name of the controller that wrote this status. This corresponds
1283 with the controllerName field on GatewayClass. \n Example:
1284 \"example.net/gateway-controller\". \n The format of this
1285 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
1286 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
1287 \n Controllers MUST populate this field when writing status.
1288 Controllers should ensure that entries to status populated
1289 with their ControllerName are cleaned up when they are no
1290 longer necessary."
1291 maxLength: 253
1292 minLength: 1
1293 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
1294 type: string
1295 parentRef:
1296 description: ParentRef corresponds with a ParentRef in the spec
1297 that this RouteParentStatus struct describes the status of.
1298 properties:
1299 group:
1300 default: policy.linkerd.io
1301 description: "Group is the group of the referent. \n Support:
1302 Core"
1303 maxLength: 253
1304 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1305 type: string
1306 kind:
1307 default: Gateway
1308 description: "Kind is kind of the referent. \n Support:
1309 Core (Gateway) Support: Custom (Other Resources)"
1310 maxLength: 63
1311 minLength: 1
1312 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1313 type: string
1314 name:
1315 description: "Name is the name of the referent. \n Support:
1316 Core"
1317 maxLength: 253
1318 minLength: 1
1319 type: string
1320 namespace:
1321 description: "Namespace is the namespace of the referent.
1322 When unspecified (or empty string), this refers to the
1323 local namespace of the Route. \n Support: Core"
1324 maxLength: 63
1325 minLength: 1
1326 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1327 type: string
1328 port:
1329 description: "Port is the network port this Route targets.
1330 It can be interpreted differently based on the type of
1331 parent resource. \n When the parent resource is a Gateway,
1332 this targets all listeners listening on the specified
1333 port that also support this kind of Route(and select this
1334 Route). It's not recommended to set `Port` unless the
1335 networking behaviors specified in a Route must apply to
1336 a specific port as opposed to a listener(s) whose port(s)
1337 may be changed. When both Port and SectionName are specified,
1338 the name and port of the selected listener must match
1339 both specified values. \n Implementations MAY choose to
1340 support other parent resources. Implementations supporting
1341 other types of parent resources MUST clearly document
1342 how/if Port is interpreted. \n For the purpose of status,
1343 an attachment is considered successful as long as the
1344 parent resource accepts it partially. For example, Gateway
1345 listeners can restrict which Routes can attach to them
1346 by Route kind, namespace, or hostname. If 1 of 2 Gateway
1347 listeners accept attachment from the referencing Route,
1348 the Route MUST be considered successfully attached. If
1349 no Gateway listeners accept attachment from this Route,
1350 the Route MUST be considered detached from the Gateway.
1351 \n Support: Extended \n <gateway:experimental>"
1352 format: int32
1353 maximum: 65535
1354 minimum: 1
1355 type: integer
1356 sectionName:
1357 description: "SectionName is the name of a section within
1358 the target resource. In the following resources, SectionName
1359 is interpreted as the following: \n * Gateway: Listener
1360 Name. When both Port (experimental) and SectionName are
1361 specified, the name and port of the selected listener
1362 must match both specified values. \n Implementations MAY
1363 choose to support attaching Routes to other resources.
1364 If that is the case, they MUST clearly document how SectionName
1365 is interpreted. \n When unspecified (empty string), this
1366 will reference the entire resource. For the purpose of
1367 status, an attachment is considered successful if at least
1368 one section in the parent resource accepts it. For example,
1369 Gateway listeners can restrict which Routes can attach
1370 to them by Route kind, namespace, or hostname. If 1 of
1371 2 Gateway listeners accept attachment from the referencing
1372 Route, the Route MUST be considered successfully attached.
1373 If no Gateway listeners accept attachment from this Route,
1374 the Route MUST be considered detached from the Gateway.
1375 \n Support: Core"
1376 maxLength: 253
1377 minLength: 1
1378 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1379 type: string
1380 required:
1381 - name
1382 type: object
1383 required:
1384 - controllerName
1385 - parentRef
1386 type: object
1387 maxItems: 32
1388 type: array
1389 required:
1390 - parents
1391 type: object
1392 required:
1393 - spec
1394 type: object
1395 served: true
1396 storage: false
1397 subresources:
1398 status: {}
1399 - additionalPrinterColumns:
1400 - jsonPath: .spec.hostnames
1401 name: Hostnames
1402 type: string
1403 - jsonPath: .metadata.creationTimestamp
1404 name: Age
1405 type: date
1406 name: v1beta1
1407 schema:
1408 openAPIV3Schema:
1409 description: HTTPRoute provides a way to route HTTP requests. This includes
1410 the capability to match requests by hostname, path, header, or query param.
1411 Filters can be used to specify additional processing steps. Backends specify
1412 where matching requests should be routed.
1413 properties:
1414 apiVersion:
1415 description: 'APIVersion defines the versioned schema of this representation
1416 of an object. Servers should convert recognized schemas to the latest
1417 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1418 type: string
1419 kind:
1420 description: 'Kind is a string value representing the REST resource this
1421 object represents. Servers may infer this from the endpoint the client
1422 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1423 type: string
1424 metadata:
1425 type: object
1426 spec:
1427 description: Spec defines the desired state of HTTPRoute.
1428 properties:
1429 hostnames:
1430 description: "Hostnames defines a set of hostname that should match
1431 against the HTTP Host header to select a HTTPRoute to process the
1432 request. This matches the RFC 1123 definition of a hostname with
1433 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may
1434 be prefixed with a wildcard label (`*.`). The wildcard label
1435 must appear by itself as the first label. \n If a hostname is specified
1436 by both the Listener and HTTPRoute, there must be at least one intersecting
1437 hostname for the HTTPRoute to be attached to the Listener. For example:
1438 \n * A Listener with `test.example.com` as the hostname matches
1439 HTTPRoutes that have either not specified any hostnames, or have
1440 specified at least one of `test.example.com` or `*.example.com`.
1441 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
1442 \ that have either not specified any hostnames or have specified
1443 at least one hostname that matches the Listener hostname. For
1444 example, `*.example.com`, `test.example.com`, and `foo.test.example.com`
1445 would all match. On the other hand, `example.com` and `test.example.net`
1446 would not match. \n Hostnames that are prefixed with a wildcard
1447 label (`*.`) are interpreted as a suffix match. That means that
1448 a match for `*.example.com` would match both `test.example.com`,
1449 and `foo.test.example.com`, but not `example.com`. \n If both the
1450 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
1451 that do not match the Listener hostname MUST be ignored. For example,
1452 if a Listener specified `*.example.com`, and the HTTPRoute specified
1453 `test.example.com` and `test.example.net`, `test.example.net` must
1454 not be considered for a match. \n If both the Listener and HTTPRoute
1455 have specified hostnames, and none match with the criteria above,
1456 then the HTTPRoute is not accepted. The implementation must raise
1457 an 'Accepted' Condition with a status of `False` in the corresponding
1458 RouteParentStatus. \n Support: Core"
1459 items:
1460 description: "Hostname is the fully qualified domain name of a network
1461 host. This matches the RFC 1123 definition of a hostname with
1462 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
1463 may be prefixed with a wildcard label (`*.`). The wildcard label
1464 must appear by itself as the first label. \n Hostname can be \"precise\"
1465 which is a domain name without the terminating dot of a network
1466 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
1467 name prefixed with a single wildcard label (e.g. `*.example.com`).
1468 \n Note that as per RFC1035 and RFC1123, a *label* must consist
1469 of lower case alphanumeric characters or '-', and must start and
1470 end with an alphanumeric character. No other punctuation is allowed."
1471 maxLength: 253
1472 minLength: 1
1473 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1474 type: string
1475 maxItems: 16
1476 type: array
1477 parentRefs:
1478 description: "ParentRefs references the resources (usually Gateways)
1479 that a Route wants to be attached to. Note that the referenced parent
1480 resource needs to allow this for the attachment to be complete.
1481 For Gateways, that means the Gateway needs to allow attachment from
1482 Routes of this kind and namespace. \n The only kind of parent resource
1483 with \"Core\" support is Gateway. This API may be extended in the
1484 future to support additional kinds of parent resources such as one
1485 of the route kinds. \n It is invalid to reference an identical parent
1486 more than once. It is valid to reference multiple distinct sections
1487 within the same parent resource, such as 2 Listeners within a Gateway.
1488 \n It is possible to separately reference multiple distinct objects
1489 that may be collapsed by an implementation. For example, some implementations
1490 may choose to merge compatible Gateway Listeners together. If that
1491 is the case, the list of routes attached to those resources should
1492 also be merged."
1493 items:
1494 description: "ParentReference identifies an API object (usually
1495 a Gateway) that can be considered a parent of this resource (usually
1496 a route). The only kind of parent resource with \"Core\" support
1497 is Gateway. This API may be extended in the future to support
1498 additional kinds of parent resources, such as HTTPRoute. \n The
1499 API object must be valid in the cluster; the Group and Kind must
1500 be registered in the cluster for this reference to be valid."
1501 properties:
1502 group:
1503 default: policy.linkerd.io
1504 description: "Group is the group of the referent. \n Support:
1505 Core"
1506 maxLength: 253
1507 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1508 type: string
1509 kind:
1510 default: Gateway
1511 description: "Kind is kind of the referent. \n Support: Core
1512 (Gateway) Support: Custom (Other Resources)"
1513 maxLength: 63
1514 minLength: 1
1515 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1516 type: string
1517 name:
1518 description: "Name is the name of the referent. \n Support:
1519 Core"
1520 maxLength: 253
1521 minLength: 1
1522 type: string
1523 namespace:
1524 description: "Namespace is the namespace of the referent. When
1525 unspecified (or empty string), this refers to the local namespace
1526 of the Route. \n Support: Core"
1527 maxLength: 63
1528 minLength: 1
1529 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1530 type: string
1531 port:
1532 description: "port"
1533 type: integer
1534 sectionName:
1535 description: "SectionName is the name of a section within the
1536 target resource. In the following resources, SectionName is
1537 interpreted as the following: \n * Gateway: Listener Name.
1538 When both Port (experimental) and SectionName are specified,
1539 the name and port of the selected listener must match both
1540 specified values. \n Implementations MAY choose to support
1541 attaching Routes to other resources. If that is the case,
1542 they MUST clearly document how SectionName is interpreted.
1543 \n When unspecified (empty string), this will reference the
1544 entire resource. For the purpose of status, an attachment
1545 is considered successful if at least one section in the parent
1546 resource accepts it. For example, Gateway listeners can restrict
1547 which Routes can attach to them by Route kind, namespace,
1548 or hostname. If 1 of 2 Gateway listeners accept attachment
1549 from the referencing Route, the Route MUST be considered successfully
1550 attached. If no Gateway listeners accept attachment from this
1551 Route, the Route MUST be considered detached from the Gateway.
1552 \n Support: Core"
1553 maxLength: 253
1554 minLength: 1
1555 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1556 type: string
1557 required:
1558 - name
1559 type: object
1560 maxItems: 32
1561 type: array
1562 rules:
1563 default:
1564 - matches:
1565 - path:
1566 type: PathPrefix
1567 value: /
1568 description: Rules are a list of HTTP matchers, filters and actions.
1569 items:
1570 description: HTTPRouteRule defines semantics for matching an HTTP
1571 request based on conditions (matches) and processing it (filters).
1572 properties:
1573 backendRefs:
1574 type: array
1575 items:
1576 type: object
1577 properties:
1578 name:
1579 type: string
1580 port:
1581 type: integer
1582 namespace:
1583 type: string
1584 default: "default"
1585 filters:
1586 description: "Filters defined at this level should be
1587 executed if and only if the request is being forwarded
1588 to the backend defined here. \n Support: Implementation-specific
1589 (For broader support of filters, use the Filters field
1590 in HTTPRouteRule.)"
1591 items:
1592 description: HTTPRouteFilter defines processing steps
1593 that must be completed during the request or response
1594 lifecycle. HTTPRouteFilters are meant as an extension
1595 point to express processing that may be done in Gateway
1596 implementations. Some examples include request or
1597 response modification, implementing authentication
1598 strategies, rate-limiting, and traffic shaping. API
1599 guarantee/conformance is defined based on the type
1600 of the filter.
1601 properties:
1602 requestHeaderModifier:
1603 description: "RequestHeaderModifier defines a schema
1604 for a filter that modifies request headers. \n
1605 Support: Core"
1606 properties:
1607 add:
1608 description: "Add adds the given header(s) (name,
1609 value) to the request before the action. It
1610 appends to any existing values associated
1611 with the header name. \n Input: GET /foo HTTP/1.1
1612 my-header: foo \n Config: add: - name: \"my-header\"
1613 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
1614 my-header: foo,bar,baz"
1615 items:
1616 description: HTTPHeader represents an HTTP
1617 Header name and value as defined by RFC
1618 7230.
1619 properties:
1620 name:
1621 description: "Name is the name of the
1622 HTTP Header to be matched. Name matching
1623 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1624 \n If multiple entries specify equivalent
1625 header names, the first entry with an
1626 equivalent name MUST be considered for
1627 a match. Subsequent entries with an
1628 equivalent header name MUST be ignored.
1629 Due to the case-insensitivity of header
1630 names, \"foo\" and \"Foo\" are considered
1631 equivalent."
1632 maxLength: 256
1633 minLength: 1
1634 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1635 type: string
1636 value:
1637 description: Value is the value of HTTP
1638 Header to be matched.
1639 maxLength: 4096
1640 minLength: 1
1641 type: string
1642 required:
1643 - name
1644 - value
1645 type: object
1646 maxItems: 16
1647 type: array
1648 x-kubernetes-list-map-keys:
1649 - name
1650 x-kubernetes-list-type: map
1651 remove:
1652 description: "Remove the given header(s) from
1653 the HTTP request before the action. The value
1654 of Remove is a list of HTTP header names.
1655 Note that the header names are case-insensitive
1656 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1657 \n Input: GET /foo HTTP/1.1 my-header1: foo
1658 my-header2: bar my-header3: baz \n Config:
1659 remove: [\"my-header1\", \"my-header3\"] \n
1660 Output: GET /foo HTTP/1.1 my-header2: bar"
1661 items:
1662 type: string
1663 maxItems: 16
1664 type: array
1665 set:
1666 description: "Set overwrites the request with
1667 the given header (name, value) before the
1668 action. \n Input: GET /foo HTTP/1.1 my-header:
1669 foo \n Config: set: - name: \"my-header\"
1670 value: \"bar\" \n Output: GET /foo HTTP/1.1
1671 my-header: bar"
1672 items:
1673 description: HTTPHeader represents an HTTP
1674 Header name and value as defined by RFC
1675 7230.
1676 properties:
1677 name:
1678 description: "Name is the name of the
1679 HTTP Header to be matched. Name matching
1680 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1681 \n If multiple entries specify equivalent
1682 header names, the first entry with an
1683 equivalent name MUST be considered for
1684 a match. Subsequent entries with an
1685 equivalent header name MUST be ignored.
1686 Due to the case-insensitivity of header
1687 names, \"foo\" and \"Foo\" are considered
1688 equivalent."
1689 maxLength: 256
1690 minLength: 1
1691 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1692 type: string
1693 value:
1694 description: Value is the value of HTTP
1695 Header to be matched.
1696 maxLength: 4096
1697 minLength: 1
1698 type: string
1699 required:
1700 - name
1701 - value
1702 type: object
1703 maxItems: 16
1704 type: array
1705 x-kubernetes-list-map-keys:
1706 - name
1707 x-kubernetes-list-type: map
1708 type: object
1709 requestRedirect:
1710 description: "RequestRedirect defines a schema for
1711 a filter that responds to the request with an
1712 HTTP redirection. \n Support: Core"
1713 properties:
1714 hostname:
1715 description: "Hostname is the hostname to be
1716 used in the value of the `Location` header
1717 in the response. When empty, the hostname
1718 in the `Host` header of the request is used.
1719 \n Support: Core"
1720 maxLength: 253
1721 minLength: 1
1722 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1723 type: string
1724 path:
1725 description: "Path defines parameters used to
1726 modify the path of the incoming request. The
1727 modified path is then used to construct the
1728 `Location` header. When empty, the request
1729 path is used as-is. \n Support: Extended"
1730 properties:
1731 replaceFullPath:
1732 description: ReplaceFullPath specifies the
1733 value with which to replace the full path
1734 of a request during a rewrite or redirect.
1735 maxLength: 1024
1736 type: string
1737 replacePrefixMatch:
1738 description: "ReplacePrefixMatch specifies
1739 the value with which to replace the prefix
1740 match of a request during a rewrite or
1741 redirect. For example, a request to \"/foo/bar\"
1742 with a prefix match of \"/foo\" and a
1743 ReplacePrefixMatch of \"/xyz\" would be
1744 modified to \"/xyz/bar\". \n Note that
1745 this matches the behavior of the PathPrefix
1746 match type. This matches full path elements.
1747 A path element refers to the list of labels
1748 in the path split by the `/` separator.
1749 When specified, a trailing `/` is ignored.
1750 For example, the paths `/abc`, `/abc/`,
1751 and `/abc/def` would all match the prefix
1752 `/abc`, but the path `/abcd` would not.
1753 \n Request Path | Prefix Match | Replace
1754 Prefix | Modified Path -------------|--------------|----------------|----------
1755 /foo/bar | /foo | /xyz |
1756 /xyz/bar /foo/bar | /foo |
1757 /xyz/ | /xyz/bar /foo/bar |
1758 /foo/ | /xyz | /xyz/bar
1759 /foo/bar | /foo/ | /xyz/ |
1760 /xyz/bar /foo | /foo |
1761 /xyz | /xyz /foo/ | /foo
1762 \ | /xyz | /xyz/ /foo/bar
1763 \ | /foo | <empty string> |
1764 /bar /foo/ | /foo | <empty
1765 string> | / /foo | /foo |
1766 <empty string> | / /foo/ | /foo
1767 \ | / | / /foo |
1768 /foo | / | /"
1769 maxLength: 1024
1770 type: string
1771 type:
1772 description: "Type defines the type of path
1773 modifier. Additional types may be added
1774 in a future release of the API. \n Note
1775 that values may be added to this enum,
1776 implementations must ensure that unknown
1777 values will not cause a crash. \n Unknown
1778 values here must result in the implementation
1779 setting the Accepted Condition for the
1780 Route to `status: False`, with a Reason
1781 of `UnsupportedValue`."
1782 enum:
1783 - ReplaceFullPath
1784 - ReplacePrefixMatch
1785 type: string
1786 required:
1787 - type
1788 type: object
1789 port:
1790 description: "Port is the port to be used in
1791 the value of the `Location` header in the
1792 response. \n If no port is specified, the
1793 redirect port MUST be derived using the following
1794 rules: \n * If redirect scheme is not-empty,
1795 the redirect port MUST be the well-known port
1796 associated with the redirect scheme. Specifically
1797 \"http\" to port 80 and \"https\" to port
1798 443. If the redirect scheme does not have
1799 a well-known port, the listener port of the
1800 Gateway SHOULD be used. * If redirect scheme
1801 is empty, the redirect port MUST be the Gateway
1802 Listener port. \n Implementations SHOULD NOT
1803 add the port number in the 'Location' header
1804 in the following cases: \n * A Location header
1805 that will use HTTP (whether that is determined
1806 via the Listener protocol or the Scheme field)
1807 _and_ use port 80. * A Location header that
1808 will use HTTPS (whether that is determined
1809 via the Listener protocol or the Scheme field)
1810 _and_ use port 443. \n Support: Extended"
1811 format: int32
1812 maximum: 65535
1813 minimum: 1
1814 type: integer
1815 scheme:
1816 description: "Scheme is the scheme to be used
1817 in the value of the `Location` header in the
1818 response. When empty, the scheme of the request
1819 is used. \n Scheme redirects can affect the
1820 port of the redirect, for more information,
1821 refer to the documentation for the port field
1822 of this filter. \n Note that values may be
1823 added to this enum, implementations must ensure
1824 that unknown values will not cause a crash.
1825 \n Unknown values here must result in the
1826 implementation setting the Accepted Condition
1827 for the Route to `status: False`, with a Reason
1828 of `UnsupportedValue`. \n Support: Extended"
1829 enum:
1830 - http
1831 - https
1832 type: string
1833 statusCode:
1834 default: 302
1835 description: "StatusCode is the HTTP status
1836 code to be used in response. \n Note that
1837 values may be added to this enum, implementations
1838 must ensure that unknown values will not cause
1839 a crash. \n Unknown values here must result
1840 in the implementation setting the Accepted
1841 Condition for the Route to `status: False`,
1842 with a Reason of `UnsupportedValue`. \n Support:
1843 Core"
1844 enum:
1845 - 301
1846 - 302
1847 type: integer
1848 type: object
1849 responseHeaderModifier:
1850 description: "ResponseHeaderModifier defines a schema
1851 for a filter that modifies response headers. \n
1852 Support: Extended"
1853 properties:
1854 add:
1855 description: "Add adds the given header(s) (name,
1856 value) to the request before the action. It
1857 appends to any existing values associated
1858 with the header name. \n Input: GET /foo HTTP/1.1
1859 my-header: foo \n Config: add: - name: \"my-header\"
1860 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
1861 my-header: foo,bar,baz"
1862 items:
1863 description: HTTPHeader represents an HTTP
1864 Header name and value as defined by RFC
1865 7230.
1866 properties:
1867 name:
1868 description: "Name is the name of the
1869 HTTP Header to be matched. Name matching
1870 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1871 \n If multiple entries specify equivalent
1872 header names, the first entry with an
1873 equivalent name MUST be considered for
1874 a match. Subsequent entries with an
1875 equivalent header name MUST be ignored.
1876 Due to the case-insensitivity of header
1877 names, \"foo\" and \"Foo\" are considered
1878 equivalent."
1879 maxLength: 256
1880 minLength: 1
1881 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1882 type: string
1883 value:
1884 description: Value is the value of HTTP
1885 Header to be matched.
1886 maxLength: 4096
1887 minLength: 1
1888 type: string
1889 required:
1890 - name
1891 - value
1892 type: object
1893 maxItems: 16
1894 type: array
1895 x-kubernetes-list-map-keys:
1896 - name
1897 x-kubernetes-list-type: map
1898 remove:
1899 description: "Remove the given header(s) from
1900 the HTTP request before the action. The value
1901 of Remove is a list of HTTP header names.
1902 Note that the header names are case-insensitive
1903 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1904 \n Input: GET /foo HTTP/1.1 my-header1: foo
1905 my-header2: bar my-header3: baz \n Config:
1906 remove: [\"my-header1\", \"my-header3\"] \n
1907 Output: GET /foo HTTP/1.1 my-header2: bar"
1908 items:
1909 type: string
1910 maxItems: 16
1911 type: array
1912 set:
1913 description: "Set overwrites the request with
1914 the given header (name, value) before the
1915 action. \n Input: GET /foo HTTP/1.1 my-header:
1916 foo \n Config: set: - name: \"my-header\"
1917 value: \"bar\" \n Output: GET /foo HTTP/1.1
1918 my-header: bar"
1919 items:
1920 description: HTTPHeader represents an HTTP
1921 Header name and value as defined by RFC
1922 7230.
1923 properties:
1924 name:
1925 description: "Name is the name of the
1926 HTTP Header to be matched. Name matching
1927 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1928 \n If multiple entries specify equivalent
1929 header names, the first entry with an
1930 equivalent name MUST be considered for
1931 a match. Subsequent entries with an
1932 equivalent header name MUST be ignored.
1933 Due to the case-insensitivity of header
1934 names, \"foo\" and \"Foo\" are considered
1935 equivalent."
1936 maxLength: 256
1937 minLength: 1
1938 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1939 type: string
1940 value:
1941 description: Value is the value of HTTP
1942 Header to be matched.
1943 maxLength: 4096
1944 minLength: 1
1945 type: string
1946 required:
1947 - name
1948 - value
1949 type: object
1950 maxItems: 16
1951 type: array
1952 x-kubernetes-list-map-keys:
1953 - name
1954 x-kubernetes-list-type: map
1955 type: object
1956 type:
1957 description: "Type identifies the type of filter
1958 to apply. As with other API fields, types are
1959 classified into three conformance levels: \n -
1960 Core: Filter types and their corresponding configuration
1961 defined by \"Support: Core\" in this package,
1962 e.g. \"RequestHeaderModifier\". All implementations
1963 must support core filters. \n - Extended: Filter
1964 types and their corresponding configuration defined
1965 by \"Support: Extended\" in this package, e.g.
1966 \"RequestMirror\". Implementers are encouraged
1967 to support extended filters. \n - Implementation-specific:
1968 Filters that are defined and supported by specific
1969 vendors. In the future, filters showing convergence
1970 in behavior across multiple implementations will
1971 be considered for inclusion in extended or core
1972 conformance levels. Filter-specific configuration
1973 for such filters is specified using the ExtensionRef
1974 field. `Type` should be set to \"ExtensionRef\"
1975 for custom filters. \n Implementers are encouraged
1976 to define custom implementation types to extend
1977 the core API with implementation-specific behavior.
1978 \n If a reference to a custom filter type cannot
1979 be resolved, the filter MUST NOT be skipped. Instead,
1980 requests that would have been processed by that
1981 filter MUST receive a HTTP error response. \n
1982 Note that values may be added to this enum, implementations
1983 must ensure that unknown values will not cause
1984 a crash. \n Unknown values here must result in
1985 the implementation setting the Accepted Condition
1986 for the Route to `status: False`, with a Reason
1987 of `UnsupportedValue`."
1988 enum:
1989 - RequestHeaderModifier
1990 - ResponseHeaderModifier
1991 - RequestRedirect
1992 type: string
1993 required:
1994 - type
1995 type: object
1996 maxItems: 16
1997 type: array
1998 filters:
1999 description: "Filters define the filters that are applied to
2000 requests that match this rule. \n The effects of ordering
2001 of multiple behaviors are currently unspecified. This can
2002 change in the future based on feedback during the alpha stage.
2003 \n Conformance-levels at this level are defined based on the
2004 type of filter: \n - ALL core filters MUST be supported by
2005 all implementations. - Implementers are encouraged to support
2006 extended filters. - Implementation-specific custom filters
2007 have no API guarantees across implementations. \n Specifying
2008 a core filter multiple times has unspecified or custom conformance.
2009 \n All filters are expected to be compatible with each other
2010 except for the URLRewrite and RequestRedirect filters, which
2011 may not be combined. If an implementation can not support
2012 other combinations of filters, they must clearly document
2013 that limitation. In all cases where incompatible or unsupported
2014 filters are specified, implementations MUST add a warning
2015 condition to status. \n Support: Core"
2016 items:
2017 description: HTTPRouteFilter defines processing steps that
2018 must be completed during the request or response lifecycle.
2019 HTTPRouteFilters are meant as an extension point to express
2020 processing that may be done in Gateway implementations.
2021 Some examples include request or response modification,
2022 implementing authentication strategies, rate-limiting, and
2023 traffic shaping. API guarantee/conformance is defined based
2024 on the type of the filter.
2025 properties:
2026 requestHeaderModifier:
2027 description: "RequestHeaderModifier defines a schema for
2028 a filter that modifies request headers. \n Support:
2029 Core"
2030 properties:
2031 add:
2032 description: "Add adds the given header(s) (name,
2033 value) to the request before the action. It appends
2034 to any existing values associated with the header
2035 name. \n Input: GET /foo HTTP/1.1 my-header:
2036 foo \n Config: add: - name: \"my-header\" value:
2037 \"bar\" \n Output: GET /foo HTTP/1.1 my-header:
2038 foo my-header: bar"
2039 items:
2040 description: HTTPHeader represents an HTTP Header
2041 name and value as defined by RFC 7230.
2042 properties:
2043 name:
2044 description: "Name is the name of the HTTP Header
2045 to be matched. Name matching MUST be case
2046 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2047 \n If multiple entries specify equivalent
2048 header names, the first entry with an equivalent
2049 name MUST be considered for a match. Subsequent
2050 entries with an equivalent header name MUST
2051 be ignored. Due to the case-insensitivity
2052 of header names, \"foo\" and \"Foo\" are considered
2053 equivalent."
2054 maxLength: 256
2055 minLength: 1
2056 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2057 type: string
2058 value:
2059 description: Value is the value of HTTP Header
2060 to be matched.
2061 maxLength: 4096
2062 minLength: 1
2063 type: string
2064 required:
2065 - name
2066 - value
2067 type: object
2068 maxItems: 16
2069 type: array
2070 x-kubernetes-list-map-keys:
2071 - name
2072 x-kubernetes-list-type: map
2073 remove:
2074 description: "Remove the given header(s) from the
2075 HTTP request before the action. The value of Remove
2076 is a list of HTTP header names. Note that the header
2077 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
2078 \n Input: GET /foo HTTP/1.1 my-header1: foo
2079 \ my-header2: bar my-header3: baz \n Config:
2080 \ remove: [\"my-header1\", \"my-header3\"] \n Output:
2081 \ GET /foo HTTP/1.1 my-header2: bar"
2082 items:
2083 type: string
2084 maxItems: 16
2085 type: array
2086 set:
2087 description: "Set overwrites the request with the
2088 given header (name, value) before the action. \n
2089 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
2090 \ set: - name: \"my-header\" value: \"bar\"
2091 \n Output: GET /foo HTTP/1.1 my-header: bar"
2092 items:
2093 description: HTTPHeader represents an HTTP Header
2094 name and value as defined by RFC 7230.
2095 properties:
2096 name:
2097 description: "Name is the name of the HTTP Header
2098 to be matched. Name matching MUST be case
2099 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2100 \n If multiple entries specify equivalent
2101 header names, the first entry with an equivalent
2102 name MUST be considered for a match. Subsequent
2103 entries with an equivalent header name MUST
2104 be ignored. Due to the case-insensitivity
2105 of header names, \"foo\" and \"Foo\" are considered
2106 equivalent."
2107 maxLength: 256
2108 minLength: 1
2109 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2110 type: string
2111 value:
2112 description: Value is the value of HTTP Header
2113 to be matched.
2114 maxLength: 4096
2115 minLength: 1
2116 type: string
2117 required:
2118 - name
2119 - value
2120 type: object
2121 maxItems: 16
2122 type: array
2123 x-kubernetes-list-map-keys:
2124 - name
2125 x-kubernetes-list-type: map
2126 type: object
2127 requestRedirect:
2128 description: "RequestRedirect defines a schema for a filter
2129 that responds to the request with an HTTP redirection.
2130 \n Support: Core"
2131 properties:
2132 hostname:
2133 description: "Hostname is the hostname to be used
2134 in the value of the `Location` header in the response.
2135 When empty, the hostname of the request is used.
2136 \n Support: Core"
2137 maxLength: 253
2138 minLength: 1
2139 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2140 type: string
2141 path:
2142 description: "Path defines parameters used to
2143 modify the path of the incoming request. The
2144 modified path is then used to construct the
2145 `Location` header. When empty, the request
2146 path is used as-is. \n Support: Extended"
2147 properties:
2148 replaceFullPath:
2149 description: ReplaceFullPath specifies the
2150 value with which to replace the full path
2151 of a request during a rewrite or redirect.
2152 maxLength: 1024
2153 type: string
2154 replacePrefixMatch:
2155 description: "ReplacePrefixMatch specifies
2156 the value with which to replace the prefix
2157 match of a request during a rewrite or
2158 redirect. For example, a request to \"/foo/bar\"
2159 with a prefix match of \"/foo\" and a
2160 ReplacePrefixMatch of \"/xyz\" would be
2161 modified to \"/xyz/bar\". \n Note that
2162 this matches the behavior of the PathPrefix
2163 match type. This matches full path elements.
2164 A path element refers to the list of labels
2165 in the path split by the `/` separator.
2166 When specified, a trailing `/` is ignored.
2167 For example, the paths `/abc`, `/abc/`,
2168 and `/abc/def` would all match the prefix
2169 `/abc`, but the path `/abcd` would not.
2170 \n Request Path | Prefix Match | Replace
2171 Prefix | Modified Path -------------|--------------|----------------|----------
2172 /foo/bar | /foo | /xyz |
2173 /xyz/bar /foo/bar | /foo |
2174 /xyz/ | /xyz/bar /foo/bar |
2175 /foo/ | /xyz | /xyz/bar
2176 /foo/bar | /foo/ | /xyz/ |
2177 /xyz/bar /foo | /foo |
2178 /xyz | /xyz /foo/ | /foo
2179 \ | /xyz | /xyz/ /foo/bar
2180 \ | /foo | <empty string> |
2181 /bar /foo/ | /foo | <empty
2182 string> | / /foo | /foo |
2183 <empty string> | / /foo/ | /foo
2184 \ | / | / /foo |
2185 /foo | / | /"
2186 maxLength: 1024
2187 type: string
2188 type:
2189 description: "Type defines the type of path
2190 modifier. Additional types may be added
2191 in a future release of the API. \n Note
2192 that values may be added to this enum,
2193 implementations must ensure that unknown
2194 values will not cause a crash. \n Unknown
2195 values here must result in the implementation
2196 setting the Accepted Condition for the
2197 Route to `status: False`, with a Reason
2198 of `UnsupportedValue`."
2199 enum:
2200 - ReplaceFullPath
2201 - ReplacePrefixMatch
2202 type: string
2203 required:
2204 - type
2205 type: object
2206 port:
2207 description: "Port is the port to be used in the value
2208 of the `Location` header in the response. When empty,
2209 port (if specified) of the request is used. \n Support:
2210 Extended"
2211 format: int32
2212 maximum: 65535
2213 minimum: 1
2214 type: integer
2215 scheme:
2216 description: "Scheme is the scheme to be used in the
2217 value of the `Location` header in the response.
2218 When empty, the scheme of the request is used. \n
2219 Support: Extended"
2220 enum:
2221 - http
2222 - https
2223 type: string
2224 statusCode:
2225 default: 302
2226 description: "StatusCode is the HTTP status code to
2227 be used in response. \n Support: Core"
2228 enum:
2229 - 301
2230 - 302
2231 type: integer
2232 type: object
2233 type:
2234 description: "Type identifies the type of filter to apply.
2235 As with other API fields, types are classified into
2236 three conformance levels: \n - Core: Filter types and
2237 their corresponding configuration defined by \"Support:
2238 Core\" in this package, e.g. \"RequestHeaderModifier\"."
2239 enum:
2240 - RequestHeaderModifier
2241 - RequestRedirect
2242 type: string
2243 required:
2244 - type
2245 type: object
2246 maxItems: 16
2247 type: array
2248 matches:
2249 default:
2250 - path:
2251 type: PathPrefix
2252 value: /
2253 description: "Matches define conditions used for matching the
2254 rule against incoming HTTP requests. Each match is independent,
2255 i.e. this rule will be matched if **any** one of the matches
2256 is satisfied. \n For example, take the following matches configuration:
2257 \n ``` matches: - path: value: \"/foo\" headers: -
2258 name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"
2259 ``` \n For a request to match against this rule, a request
2260 must satisfy EITHER of the two conditions: \n - path prefixed
2261 with `/foo` AND contains the header `version: v2` - path prefix
2262 of `/v2/foo` \n See the documentation for HTTPRouteMatch on
2263 how to specify multiple match conditions that should be ANDed
2264 together. \n If no matches are specified, the default is a
2265 prefix path match on \"/\", which has the effect of matching
2266 every HTTP request. \n Proxy or Load Balancer routing configuration
2267 generated from HTTPRoutes MUST prioritize rules based on the
2268 following criteria, continuing on ties. Precedence must be
2269 given to the the Rule with the largest number of: \n * Characters
2270 in a matching non-wildcard hostname. * Characters in a matching
2271 hostname. * Characters in a matching path. * Header matches.
2272 * Query param matches. \n If ties still exist across multiple
2273 Routes, matching precedence MUST be determined in order of
2274 the following criteria, continuing on ties: \n * The oldest
2275 Route based on creation timestamp. * The Route appearing first
2276 in alphabetical order by \"{namespace}/{name}\". \n If ties
2277 still exist within the Route that has been given precedence,
2278 matching precedence MUST be granted to the first matching
2279 rule meeting the above criteria. \n When no rules matching
2280 a request have been successfully attached to the parent a
2281 request is coming from, a HTTP 404 status code MUST be returned."
2282 items:
2283 description: "HTTPRouteMatch defines the predicate used to
2284 match requests to a given action. Multiple match types are
2285 ANDed together, i.e. the match will evaluate to true only
2286 if all conditions are satisfied. \n For example, the match
2287 below will match a HTTP request only if its path starts
2288 with `/foo` AND it contains the `version: v1` header: \n
2289 ``` match: path: value: \"/foo\" headers: - name:
2290 \"version\" value \"v1\" ```"
2291 properties:
2292 headers:
2293 description: Headers specifies HTTP request header matchers.
2294 Multiple match values are ANDed together, meaning, a
2295 request must match all the specified headers to select
2296 the route.
2297 items:
2298 description: HTTPHeaderMatch describes how to select
2299 a HTTP route by matching HTTP request headers.
2300 properties:
2301 name:
2302 description: "Name is the name of the HTTP Header
2303 to be matched. Name matching MUST be case insensitive.
2304 (See https://tools.ietf.org/html/rfc7230#section-3.2).
2305 \n If multiple entries specify equivalent header
2306 names, only the first entry with an equivalent
2307 name MUST be considered for a match. Subsequent
2308 entries with an equivalent header name MUST be
2309 ignored. Due to the case-insensitivity of header
2310 names, \"foo\" and \"Foo\" are considered equivalent.
2311 \n When a header is repeated in an HTTP request,
2312 it is implementation-specific behavior as to how
2313 this is represented. Generally, proxies should
2314 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
2315 regarding processing a repeated header, with special
2316 handling for \"Set-Cookie\"."
2317 maxLength: 256
2318 minLength: 1
2319 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2320 type: string
2321 type:
2322 default: Exact
2323 description: "Type specifies how to match against
2324 the value of the header. \n Support: Core (Exact)
2325 \n Support: Custom (RegularExpression) \n Since
2326 RegularExpression HeaderMatchType has custom conformance,
2327 implementations can support POSIX, PCRE or any
2328 other dialects of regular expressions. Please
2329 read the implementation's documentation to determine
2330 the supported dialect."
2331 enum:
2332 - Exact
2333 - RegularExpression
2334 type: string
2335 value:
2336 description: Value is the value of HTTP Header to
2337 be matched.
2338 maxLength: 4096
2339 minLength: 1
2340 type: string
2341 required:
2342 - name
2343 - value
2344 type: object
2345 maxItems: 16
2346 type: array
2347 x-kubernetes-list-map-keys:
2348 - name
2349 x-kubernetes-list-type: map
2350 method:
2351 description: "Method specifies HTTP method matcher. When
2352 specified, this route will be matched only if the request
2353 has the specified method. \n Support: Extended"
2354 enum:
2355 - GET
2356 - HEAD
2357 - POST
2358 - PUT
2359 - DELETE
2360 - CONNECT
2361 - OPTIONS
2362 - TRACE
2363 - PATCH
2364 type: string
2365 path:
2366 default:
2367 type: PathPrefix
2368 value: /
2369 description: Path specifies a HTTP request path matcher.
2370 If this field is not specified, a default prefix match
2371 on the "/" path is provided.
2372 properties:
2373 type:
2374 default: PathPrefix
2375 description: "Type specifies how to match against
2376 the path Value. \n Support: Core (Exact, PathPrefix)
2377 \n Support: Custom (RegularExpression)"
2378 enum:
2379 - Exact
2380 - PathPrefix
2381 - RegularExpression
2382 type: string
2383 value:
2384 default: /
2385 description: Value of the HTTP path to match against.
2386 maxLength: 1024
2387 type: string
2388 type: object
2389 queryParams:
2390 description: QueryParams specifies HTTP query parameter
2391 matchers. Multiple match values are ANDed together,
2392 meaning, a request must match all the specified query
2393 parameters to select the route.
2394 items:
2395 description: HTTPQueryParamMatch describes how to select
2396 a HTTP route by matching HTTP query parameters.
2397 properties:
2398 name:
2399 description: Name is the name of the HTTP query
2400 param to be matched. This must be an exact string
2401 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
2402 maxLength: 256
2403 minLength: 1
2404 type: string
2405 type:
2406 default: Exact
2407 description: "Type specifies how to match against
2408 the value of the query parameter. \n Support:
2409 Extended (Exact) \n Support: Custom (RegularExpression)
2410 \n Since RegularExpression QueryParamMatchType
2411 has custom conformance, implementations can support
2412 POSIX, PCRE or any other dialects of regular expressions.
2413 Please read the implementation's documentation
2414 to determine the supported dialect."
2415 enum:
2416 - Exact
2417 - RegularExpression
2418 type: string
2419 value:
2420 description: Value is the value of HTTP query param
2421 to be matched.
2422 maxLength: 1024
2423 minLength: 1
2424 type: string
2425 required:
2426 - name
2427 - value
2428 type: object
2429 maxItems: 16
2430 type: array
2431 x-kubernetes-list-map-keys:
2432 - name
2433 x-kubernetes-list-type: map
2434 type: object
2435 maxItems: 8
2436 type: array
2437 type: object
2438 maxItems: 16
2439 type: array
2440 type: object
2441 status:
2442 description: Status defines the current state of HTTPRoute.
2443 properties:
2444 parents:
2445 description: "Parents is a list of parent resources (usually Gateways)
2446 that are associated with the route, and the status of the route
2447 with respect to each parent. When this route attaches to a parent,
2448 the controller that manages the parent must add an entry to this
2449 list when the controller first sees the route and should update
2450 the entry as appropriate when the route or gateway is modified.
2451 \n Note that parent references that cannot be resolved by an implementation
2452 of this API will not be added to this list. Implementations of this
2453 API can only populate Route status for the Gateways/parent resources
2454 they are responsible for. \n A maximum of 32 Gateways will be represented
2455 in this list. An empty list means the route has not been attached
2456 to any Gateway."
2457 items:
2458 description: RouteParentStatus describes the status of a route with
2459 respect to an associated Parent.
2460 properties:
2461 conditions:
2462 description: "Conditions describes the status of the route with
2463 respect to the Gateway. Note that the route's availability
2464 is also subject to the Gateway's own status conditions and
2465 listener status. \n If the Route's ParentRef specifies an
2466 existing Gateway that supports Routes of this kind AND that
2467 Gateway's controller has sufficient access, then that Gateway's
2468 controller MUST set the \"Accepted\" condition on the Route,
2469 to indicate whether the route has been accepted or rejected
2470 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
2471 if at least one of the Route's rules is implemented by the
2472 Gateway. \n There are a number of cases where the \"Accepted\"
2473 condition may not be set due to lack of controller visibility,
2474 that includes when: \n * The Route refers to a non-existent
2475 parent. * The Route is of a type that the controller does
2476 not support. * The Route is in a namespace the the controller
2477 does not have access to."
2478 items:
2479 description: "Condition contains details for one aspect of
2480 the current state of this API Resource. --- This struct
2481 is intended for direct use as an array at the field path
2482 .status.conditions. For example, type FooStatus struct{
2483 \ // Represents the observations of a foo's current state.
2484 \ // Known .status.conditions.type are: \"Available\",
2485 \"Progressing\", and \"Degraded\" // +patchMergeKey=type
2486 \ // +patchStrategy=merge // +listType=map //
2487 +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
2488 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
2489 \n // other fields }"
2490 properties:
2491 lastTransitionTime:
2492 description: lastTransitionTime is the last time the condition
2493 transitioned from one status to another. This should
2494 be when the underlying condition changed. If that is
2495 not known, then using the time when the API field changed
2496 is acceptable.
2497 format: date-time
2498 type: string
2499 message:
2500 description: message is a human readable message indicating
2501 details about the transition. This may be an empty string.
2502 maxLength: 32768
2503 type: string
2504 observedGeneration:
2505 description: observedGeneration represents the .metadata.generation
2506 that the condition was set based upon. For instance,
2507 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
2508 is 9, the condition is out of date with respect to the
2509 current state of the instance.
2510 format: int64
2511 minimum: 0
2512 type: integer
2513 reason:
2514 description: reason contains a programmatic identifier
2515 indicating the reason for the condition's last transition.
2516 Producers of specific condition types may define expected
2517 values and meanings for this field, and whether the
2518 values are considered a guaranteed API. The value should
2519 be a CamelCase string. This field may not be empty.
2520 maxLength: 1024
2521 minLength: 1
2522 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2523 type: string
2524 status:
2525 description: status of the condition, one of True, False,
2526 Unknown.
2527 enum:
2528 - "True"
2529 - "False"
2530 - Unknown
2531 type: string
2532 type:
2533 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2534 --- Many .condition.type values are consistent across
2535 resources like Available, but because arbitrary conditions
2536 can be useful (see .node.status.conditions), the ability
2537 to deconflict is important. The regex it matches is
2538 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2539 maxLength: 316
2540 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2541 type: string
2542 required:
2543 - lastTransitionTime
2544 - message
2545 - reason
2546 - status
2547 - type
2548 type: object
2549 maxItems: 8
2550 minItems: 1
2551 type: array
2552 x-kubernetes-list-map-keys:
2553 - type
2554 x-kubernetes-list-type: map
2555 controllerName:
2556 description: "ControllerName is a domain/path string that indicates
2557 the name of the controller that wrote this status. This corresponds
2558 with the controllerName field on GatewayClass. \n Example:
2559 \"example.net/gateway-controller\". \n The format of this
2560 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
2561 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
2562 \n Controllers MUST populate this field when writing status.
2563 Controllers should ensure that entries to status populated
2564 with their ControllerName are cleaned up when they are no
2565 longer necessary."
2566 maxLength: 253
2567 minLength: 1
2568 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
2569 type: string
2570 parentRef:
2571 description: ParentRef corresponds with a ParentRef in the spec
2572 that this RouteParentStatus struct describes the status of.
2573 properties:
2574 group:
2575 default: policy.linkerd.io
2576 description: "Group is the group of the referent. \n Support:
2577 Core"
2578 maxLength: 253
2579 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2580 type: string
2581 kind:
2582 default: Gateway
2583 description: "Kind is kind of the referent. \n Support:
2584 Core (Gateway) Support: Custom (Other Resources)"
2585 maxLength: 63
2586 minLength: 1
2587 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2588 type: string
2589 name:
2590 description: "Name is the name of the referent. \n Support:
2591 Core"
2592 maxLength: 253
2593 minLength: 1
2594 type: string
2595 namespace:
2596 description: "Namespace is the namespace of the referent.
2597 When unspecified (or empty string), this refers to the
2598 local namespace of the Route. \n Support: Core"
2599 maxLength: 63
2600 minLength: 1
2601 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2602 type: string
2603 port:
2604 description: "Port is the network port this Route targets.
2605 It can be interpreted differently based on the type of
2606 parent resource. \n When the parent resource is a Gateway,
2607 this targets all listeners listening on the specified
2608 port that also support this kind of Route(and select this
2609 Route). It's not recommended to set `Port` unless the
2610 networking behaviors specified in a Route must apply to
2611 a specific port as opposed to a listener(s) whose port(s)
2612 may be changed. When both Port and SectionName are specified,
2613 the name and port of the selected listener must match
2614 both specified values. \n Implementations MAY choose to
2615 support other parent resources. Implementations supporting
2616 other types of parent resources MUST clearly document
2617 how/if Port is interpreted. \n For the purpose of status,
2618 an attachment is considered successful as long as the
2619 parent resource accepts it partially. For example, Gateway
2620 listeners can restrict which Routes can attach to them
2621 by Route kind, namespace, or hostname. If 1 of 2 Gateway
2622 listeners accept attachment from the referencing Route,
2623 the Route MUST be considered successfully attached. If
2624 no Gateway listeners accept attachment from this Route,
2625 the Route MUST be considered detached from the Gateway.
2626 \n Support: Extended \n <gateway:experimental>"
2627 format: int32
2628 maximum: 65535
2629 minimum: 1
2630 type: integer
2631 sectionName:
2632 description: "SectionName is the name of a section within
2633 the target resource. In the following resources, SectionName
2634 is interpreted as the following: \n * Gateway: Listener
2635 Name. When both Port (experimental) and SectionName are
2636 specified, the name and port of the selected listener
2637 must match both specified values. \n Implementations MAY
2638 choose to support attaching Routes to other resources.
2639 If that is the case, they MUST clearly document how SectionName
2640 is interpreted. \n When unspecified (empty string), this
2641 will reference the entire resource. For the purpose of
2642 status, an attachment is considered successful if at least
2643 one section in the parent resource accepts it. For example,
2644 Gateway listeners can restrict which Routes can attach
2645 to them by Route kind, namespace, or hostname. If 1 of
2646 2 Gateway listeners accept attachment from the referencing
2647 Route, the Route MUST be considered successfully attached.
2648 If no Gateway listeners accept attachment from this Route,
2649 the Route MUST be considered detached from the Gateway.
2650 \n Support: Core"
2651 maxLength: 253
2652 minLength: 1
2653 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2654 type: string
2655 required:
2656 - name
2657 type: object
2658 required:
2659 - controllerName
2660 - parentRef
2661 type: object
2662 maxItems: 32
2663 type: array
2664 required:
2665 - parents
2666 type: object
2667 required:
2668 - spec
2669 type: object
2670 served: true
2671 storage: false
2672 subresources:
2673 status: {}
2674 - additionalPrinterColumns:
2675 - jsonPath: .spec.hostnames
2676 name: Hostnames
2677 type: string
2678 - jsonPath: .metadata.creationTimestamp
2679 name: Age
2680 type: date
2681 name: v1beta2
2682 schema:
2683 openAPIV3Schema:
2684 description: HTTPRoute provides a way to route HTTP requests. This includes
2685 the capability to match requests by hostname, path, header, or query param.
2686 Filters can be used to specify additional processing steps. Backends specify
2687 where matching requests should be routed.
2688 properties:
2689 apiVersion:
2690 description: 'APIVersion defines the versioned schema of this representation
2691 of an object. Servers should convert recognized schemas to the latest
2692 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2693 type: string
2694 kind:
2695 description: 'Kind is a string value representing the REST resource this
2696 object represents. Servers may infer this from the endpoint the client
2697 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2698 type: string
2699 metadata:
2700 type: object
2701 spec:
2702 description: Spec defines the desired state of HTTPRoute.
2703 properties:
2704 hostnames:
2705 description: "Hostnames defines a set of hostname that should match
2706 against the HTTP Host header to select a HTTPRoute to process the
2707 request. This matches the RFC 1123 definition of a hostname with
2708 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may
2709 be prefixed with a wildcard label (`*.`). The wildcard label
2710 must appear by itself as the first label. \n If a hostname is specified
2711 by both the Listener and HTTPRoute, there must be at least one intersecting
2712 hostname for the HTTPRoute to be attached to the Listener. For example:
2713 \n * A Listener with `test.example.com` as the hostname matches
2714 HTTPRoutes that have either not specified any hostnames, or have
2715 specified at least one of `test.example.com` or `*.example.com`.
2716 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
2717 \ that have either not specified any hostnames or have specified
2718 at least one hostname that matches the Listener hostname. For
2719 example, `*.example.com`, `test.example.com`, and `foo.test.example.com`
2720 would all match. On the other hand, `example.com` and `test.example.net`
2721 would not match. \n Hostnames that are prefixed with a wildcard
2722 label (`*.`) are interpreted as a suffix match. That means that
2723 a match for `*.example.com` would match both `test.example.com`,
2724 and `foo.test.example.com`, but not `example.com`. \n If both the
2725 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
2726 that do not match the Listener hostname MUST be ignored. For example,
2727 if a Listener specified `*.example.com`, and the HTTPRoute specified
2728 `test.example.com` and `test.example.net`, `test.example.net` must
2729 not be considered for a match. \n If both the Listener and HTTPRoute
2730 have specified hostnames, and none match with the criteria above,
2731 then the HTTPRoute is not accepted. The implementation must raise
2732 an 'Accepted' Condition with a status of `False` in the corresponding
2733 RouteParentStatus. \n Support: Core"
2734 items:
2735 description: "Hostname is the fully qualified domain name of a network
2736 host. This matches the RFC 1123 definition of a hostname with
2737 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
2738 may be prefixed with a wildcard label (`*.`). The wildcard label
2739 must appear by itself as the first label. \n Hostname can be \"precise\"
2740 which is a domain name without the terminating dot of a network
2741 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
2742 name prefixed with a single wildcard label (e.g. `*.example.com`).
2743 \n Note that as per RFC1035 and RFC1123, a *label* must consist
2744 of lower case alphanumeric characters or '-', and must start and
2745 end with an alphanumeric character. No other punctuation is allowed."
2746 maxLength: 253
2747 minLength: 1
2748 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2749 type: string
2750 maxItems: 16
2751 type: array
2752 parentRefs:
2753 description: "ParentRefs references the resources (usually Gateways)
2754 that a Route wants to be attached to. Note that the referenced parent
2755 resource needs to allow this for the attachment to be complete.
2756 For Gateways, that means the Gateway needs to allow attachment from
2757 Routes of this kind and namespace. \n The only kind of parent resource
2758 with \"Core\" support is Gateway. This API may be extended in the
2759 future to support additional kinds of parent resources such as one
2760 of the route kinds. \n It is invalid to reference an identical parent
2761 more than once. It is valid to reference multiple distinct sections
2762 within the same parent resource, such as 2 Listeners within a Gateway.
2763 \n It is possible to separately reference multiple distinct objects
2764 that may be collapsed by an implementation. For example, some implementations
2765 may choose to merge compatible Gateway Listeners together. If that
2766 is the case, the list of routes attached to those resources should
2767 also be merged."
2768 items:
2769 description: "ParentReference identifies an API object (usually
2770 a Gateway) that can be considered a parent of this resource (usually
2771 a route). The only kind of parent resource with \"Core\" support
2772 is Gateway. This API may be extended in the future to support
2773 additional kinds of parent resources, such as HTTPRoute. \n The
2774 API object must be valid in the cluster; the Group and Kind must
2775 be registered in the cluster for this reference to be valid."
2776 properties:
2777 group:
2778 default: policy.linkerd.io
2779 description: "Group is the group of the referent. \n Support:
2780 Core"
2781 maxLength: 253
2782 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2783 type: string
2784 kind:
2785 default: Gateway
2786 description: "Kind is kind of the referent. \n Support: Core
2787 (Gateway) Support: Custom (Other Resources)"
2788 maxLength: 63
2789 minLength: 1
2790 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2791 type: string
2792 name:
2793 description: "Name is the name of the referent. \n Support:
2794 Core"
2795 maxLength: 253
2796 minLength: 1
2797 type: string
2798 namespace:
2799 description: "Namespace is the namespace of the referent. When
2800 unspecified (or empty string), this refers to the local namespace
2801 of the Route. \n Support: Core"
2802 maxLength: 63
2803 minLength: 1
2804 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2805 type: string
2806 port:
2807 description: "Port specifies the destination
2808 port number to use for this resource.
2809 Port is required when the referent is
2810 a Kubernetes Service. In this case, the
2811 port number is the service port number,
2812 not the target port. For other resources,
2813 destination port might be derived from
2814 the referent resource or this field. \n Support: Extended"
2815 format: int32
2816 maximum: 65535
2817 minimum: 1
2818 type: integer
2819 sectionName:
2820 description: "SectionName is the name of a section within the
2821 target resource. In the following resources, SectionName is
2822 interpreted as the following: \n * Gateway: Listener Name.
2823 When both Port (experimental) and SectionName are specified,
2824 the name and port of the selected listener must match both
2825 specified values. \n Implementations MAY choose to support
2826 attaching Routes to other resources. If that is the case,
2827 they MUST clearly document how SectionName is interpreted.
2828 \n When unspecified (empty string), this will reference the
2829 entire resource. For the purpose of status, an attachment
2830 is considered successful if at least one section in the parent
2831 resource accepts it. For example, Gateway listeners can restrict
2832 which Routes can attach to them by Route kind, namespace,
2833 or hostname. If 1 of 2 Gateway listeners accept attachment
2834 from the referencing Route, the Route MUST be considered successfully
2835 attached. If no Gateway listeners accept attachment from this
2836 Route, the Route MUST be considered detached from the Gateway.
2837 \n Support: Core"
2838 maxLength: 253
2839 minLength: 1
2840 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2841 type: string
2842 required:
2843 - name
2844 type: object
2845 maxItems: 32
2846 type: array
2847 rules:
2848 default:
2849 - matches:
2850 - path:
2851 type: PathPrefix
2852 value: /
2853 description: Rules are a list of HTTP matchers, filters and actions.
2854 items:
2855 description: HTTPRouteRule defines semantics for matching an HTTP
2856 request based on conditions (matches) and processing it (filters).
2857 properties:
2858 backendRefs:
2859 description: "BackendRefs defines the backend(s) where matching
2860 requests should be sent. \n Failure behavior here depends
2861 on how many BackendRefs are specified and how many are invalid.
2862 \n If *all* entries in BackendRefs are invalid, and there
2863 are also no filters specified in this route rule, *all* traffic
2864 which matches this rule MUST receive a 500 status code. \n
2865 See the HTTPBackendRef definition for the rules about what
2866 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
2867 is invalid, 500 status codes MUST be returned for requests
2868 that would have otherwise been routed to an invalid backend.
2869 If multiple backends are specified, and some are invalid,
2870 the proportion of requests that would otherwise have been
2871 routed to an invalid backend MUST receive a 500 status code.
2872 \n For example, if two backends are specified with equal weights,
2873 and one is invalid, 50 percent of traffic must receive a 500.
2874 Implementations may choose how that 50 percent is determined.
2875 \n Support: Core for Kubernetes Service \n Support: Implementation-specific
2876 for any other resource \n Support for weight: Core"
2877 items:
2878 description: HTTPBackendRef defines how a HTTPRoute should
2879 forward an HTTP request.
2880 properties:
2881 group:
2882 default: ""
2883 description: Group is the group of the referent. For example,
2884 "gateway.networking.k8s.io". When unspecified or empty
2885 string, core API group is inferred.
2886 maxLength: 253
2887 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2888 type: string
2889 kind:
2890 default: Service
2891 description: Kind is kind of the referent. For example
2892 "HTTPRoute" or "Service". Defaults to "Service" when
2893 not specified.
2894 maxLength: 63
2895 minLength: 1
2896 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2897 type: string
2898 name:
2899 description: Name is the name of the referent.
2900 maxLength: 253
2901 minLength: 1
2902 type: string
2903 namespace:
2904 description: "Namespace is the namespace of the backend.
2905 When unspecified, the local namespace is inferred. \n
2906 Note that when a namespace is specified, a ReferenceGrant
2907 object is required in the referent namespace to allow
2908 that namespace's owner to accept the reference. See
2909 the ReferenceGrant documentation for details. \n Support:
2910 Core"
2911 maxLength: 63
2912 minLength: 1
2913 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2914 type: string
2915 port:
2916 description: Port specifies the destination port number
2917 to use for this resource. Port is required when the
2918 referent is a Kubernetes Service. In this case, the
2919 port number is the service port number, not the target
2920 port. For other resources, destination port might be
2921 derived from the referent resource or this field.
2922 format: int32
2923 maximum: 65535
2924 minimum: 1
2925 type: integer
2926 weight:
2927 default: 1
2928 description: "Weight specifies the proportion of requests
2929 forwarded to the referenced backend. This is computed
2930 as weight/(sum of all weights in this BackendRefs list).
2931 For non-zero values, there may be some epsilon from
2932 the exact proportion defined here depending on the precision
2933 an implementation supports. Weight is not a percentage
2934 and the sum of weights does not need to equal 100. \n
2935 If only one backend is specified and it has a weight
2936 greater than 0, 100% of the traffic is forwarded to
2937 that backend. If weight is set to 0, no traffic should
2938 be forwarded for this entry. If unspecified, weight
2939 defaults to 1. \n Support for this field varies based
2940 on the context where used."
2941 format: int32
2942 maximum: 1000000
2943 minimum: 0
2944 type: integer
2945 filters:
2946 description: "Filters defined at this level should be
2947 executed if and only if the request is being forwarded
2948 to the backend defined here. \n Support: Implementation-specific
2949 (For broader support of filters, use the Filters field
2950 in HTTPRouteRule.)"
2951 items:
2952 description: HTTPRouteFilter defines processing steps
2953 that must be completed during the request or response
2954 lifecycle. HTTPRouteFilters are meant as an extension
2955 point to express processing that may be done in Gateway
2956 implementations. Some examples include request or
2957 response modification, implementing authentication
2958 strategies, rate-limiting, and traffic shaping. API
2959 guarantee/conformance is defined based on the type
2960 of the filter.
2961 properties:
2962 requestHeaderModifier:
2963 description: "RequestHeaderModifier defines a schema
2964 for a filter that modifies request headers. \n
2965 Support: Core"
2966 properties:
2967 add:
2968 description: "Add adds the given header(s) (name,
2969 value) to the request before the action. It
2970 appends to any existing values associated
2971 with the header name. \n Input: GET /foo HTTP/1.1
2972 my-header: foo \n Config: add: - name: \"my-header\"
2973 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
2974 my-header: foo,bar,baz"
2975 items:
2976 description: HTTPHeader represents an HTTP
2977 Header name and value as defined by RFC
2978 7230.
2979 properties:
2980 name:
2981 description: "Name is the name of the
2982 HTTP Header to be matched. Name matching
2983 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2984 \n If multiple entries specify equivalent
2985 header names, the first entry with an
2986 equivalent name MUST be considered for
2987 a match. Subsequent entries with an
2988 equivalent header name MUST be ignored.
2989 Due to the case-insensitivity of header
2990 names, \"foo\" and \"Foo\" are considered
2991 equivalent."
2992 maxLength: 256
2993 minLength: 1
2994 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2995 type: string
2996 value:
2997 description: Value is the value of HTTP
2998 Header to be matched.
2999 maxLength: 4096
3000 minLength: 1
3001 type: string
3002 required:
3003 - name
3004 - value
3005 type: object
3006 maxItems: 16
3007 type: array
3008 x-kubernetes-list-map-keys:
3009 - name
3010 x-kubernetes-list-type: map
3011 remove:
3012 description: "Remove the given header(s) from
3013 the HTTP request before the action. The value
3014 of Remove is a list of HTTP header names.
3015 Note that the header names are case-insensitive
3016 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3017 \n Input: GET /foo HTTP/1.1 my-header1: foo
3018 my-header2: bar my-header3: baz \n Config:
3019 remove: [\"my-header1\", \"my-header3\"] \n
3020 Output: GET /foo HTTP/1.1 my-header2: bar"
3021 items:
3022 type: string
3023 maxItems: 16
3024 type: array
3025 set:
3026 description: "Set overwrites the request with
3027 the given header (name, value) before the
3028 action. \n Input: GET /foo HTTP/1.1 my-header:
3029 foo \n Config: set: - name: \"my-header\"
3030 value: \"bar\" \n Output: GET /foo HTTP/1.1
3031 my-header: bar"
3032 items:
3033 description: HTTPHeader represents an HTTP
3034 Header name and value as defined by RFC
3035 7230.
3036 properties:
3037 name:
3038 description: "Name is the name of the
3039 HTTP Header to be matched. Name matching
3040 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3041 \n If multiple entries specify equivalent
3042 header names, the first entry with an
3043 equivalent name MUST be considered for
3044 a match. Subsequent entries with an
3045 equivalent header name MUST be ignored.
3046 Due to the case-insensitivity of header
3047 names, \"foo\" and \"Foo\" are considered
3048 equivalent."
3049 maxLength: 256
3050 minLength: 1
3051 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3052 type: string
3053 value:
3054 description: Value is the value of HTTP
3055 Header to be matched.
3056 maxLength: 4096
3057 minLength: 1
3058 type: string
3059 required:
3060 - name
3061 - value
3062 type: object
3063 maxItems: 16
3064 type: array
3065 x-kubernetes-list-map-keys:
3066 - name
3067 x-kubernetes-list-type: map
3068 type: object
3069 requestRedirect:
3070 description: "RequestRedirect defines a schema for
3071 a filter that responds to the request with an
3072 HTTP redirection. \n Support: Core"
3073 properties:
3074 hostname:
3075 description: "Hostname is the hostname to be
3076 used in the value of the `Location` header
3077 in the response. When empty, the hostname
3078 in the `Host` header of the request is used.
3079 \n Support: Core"
3080 maxLength: 253
3081 minLength: 1
3082 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3083 type: string
3084 path:
3085 description: "Path defines parameters used to
3086 modify the path of the incoming request. The
3087 modified path is then used to construct the
3088 `Location` header. When empty, the request
3089 path is used as-is. \n Support: Extended"
3090 properties:
3091 replaceFullPath:
3092 description: ReplaceFullPath specifies the
3093 value with which to replace the full path
3094 of a request during a rewrite or redirect.
3095 maxLength: 1024
3096 type: string
3097 replacePrefixMatch:
3098 description: "ReplacePrefixMatch specifies
3099 the value with which to replace the prefix
3100 match of a request during a rewrite or
3101 redirect. For example, a request to \"/foo/bar\"
3102 with a prefix match of \"/foo\" and a
3103 ReplacePrefixMatch of \"/xyz\" would be
3104 modified to \"/xyz/bar\". \n Note that
3105 this matches the behavior of the PathPrefix
3106 match type. This matches full path elements.
3107 A path element refers to the list of labels
3108 in the path split by the `/` separator.
3109 When specified, a trailing `/` is ignored.
3110 For example, the paths `/abc`, `/abc/`,
3111 and `/abc/def` would all match the prefix
3112 `/abc`, but the path `/abcd` would not.
3113 \n Request Path | Prefix Match | Replace
3114 Prefix | Modified Path -------------|--------------|----------------|----------
3115 /foo/bar | /foo | /xyz |
3116 /xyz/bar /foo/bar | /foo |
3117 /xyz/ | /xyz/bar /foo/bar |
3118 /foo/ | /xyz | /xyz/bar
3119 /foo/bar | /foo/ | /xyz/ |
3120 /xyz/bar /foo | /foo |
3121 /xyz | /xyz /foo/ | /foo
3122 \ | /xyz | /xyz/ /foo/bar
3123 \ | /foo | <empty string> |
3124 /bar /foo/ | /foo | <empty
3125 string> | / /foo | /foo |
3126 <empty string> | / /foo/ | /foo
3127 \ | / | / /foo |
3128 /foo | / | /"
3129 maxLength: 1024
3130 type: string
3131 type:
3132 description: "Type defines the type of path
3133 modifier. Additional types may be added
3134 in a future release of the API. \n Note
3135 that values may be added to this enum,
3136 implementations must ensure that unknown
3137 values will not cause a crash. \n Unknown
3138 values here must result in the implementation
3139 setting the Accepted Condition for the
3140 Route to `status: False`, with a Reason
3141 of `UnsupportedValue`."
3142 enum:
3143 - ReplaceFullPath
3144 - ReplacePrefixMatch
3145 type: string
3146 required:
3147 - type
3148 type: object
3149 port:
3150 description: "Port is the port to be used in
3151 the value of the `Location` header in the
3152 response. \n If no port is specified, the
3153 redirect port MUST be derived using the following
3154 rules: \n * If redirect scheme is not-empty,
3155 the redirect port MUST be the well-known port
3156 associated with the redirect scheme. Specifically
3157 \"http\" to port 80 and \"https\" to port
3158 443. If the redirect scheme does not have
3159 a well-known port, the listener port of the
3160 Gateway SHOULD be used. * If redirect scheme
3161 is empty, the redirect port MUST be the Gateway
3162 Listener port. \n Implementations SHOULD NOT
3163 add the port number in the 'Location' header
3164 in the following cases: \n * A Location header
3165 that will use HTTP (whether that is determined
3166 via the Listener protocol or the Scheme field)
3167 _and_ use port 80. * A Location header that
3168 will use HTTPS (whether that is determined
3169 via the Listener protocol or the Scheme field)
3170 _and_ use port 443. \n Support: Extended"
3171 format: int32
3172 maximum: 65535
3173 minimum: 1
3174 type: integer
3175 scheme:
3176 description: "Scheme is the scheme to be used
3177 in the value of the `Location` header in the
3178 response. When empty, the scheme of the request
3179 is used. \n Scheme redirects can affect the
3180 port of the redirect, for more information,
3181 refer to the documentation for the port field
3182 of this filter. \n Note that values may be
3183 added to this enum, implementations must ensure
3184 that unknown values will not cause a crash.
3185 \n Unknown values here must result in the
3186 implementation setting the Accepted Condition
3187 for the Route to `status: False`, with a Reason
3188 of `UnsupportedValue`. \n Support: Extended"
3189 enum:
3190 - http
3191 - https
3192 type: string
3193 statusCode:
3194 default: 302
3195 description: "StatusCode is the HTTP status
3196 code to be used in response. \n Note that
3197 values may be added to this enum, implementations
3198 must ensure that unknown values will not cause
3199 a crash. \n Unknown values here must result
3200 in the implementation setting the Accepted
3201 Condition for the Route to `status: False`,
3202 with a Reason of `UnsupportedValue`. \n Support:
3203 Core"
3204 enum:
3205 - 301
3206 - 302
3207 type: integer
3208 type: object
3209 responseHeaderModifier:
3210 description: "ResponseHeaderModifier defines a schema
3211 for a filter that modifies response headers. \n
3212 Support: Extended"
3213 properties:
3214 add:
3215 description: "Add adds the given header(s) (name,
3216 value) to the request before the action. It
3217 appends to any existing values associated
3218 with the header name. \n Input: GET /foo HTTP/1.1
3219 my-header: foo \n Config: add: - name: \"my-header\"
3220 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
3221 my-header: foo,bar,baz"
3222 items:
3223 description: HTTPHeader represents an HTTP
3224 Header name and value as defined by RFC
3225 7230.
3226 properties:
3227 name:
3228 description: "Name is the name of the
3229 HTTP Header to be matched. Name matching
3230 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3231 \n If multiple entries specify equivalent
3232 header names, the first entry with an
3233 equivalent name MUST be considered for
3234 a match. Subsequent entries with an
3235 equivalent header name MUST be ignored.
3236 Due to the case-insensitivity of header
3237 names, \"foo\" and \"Foo\" are considered
3238 equivalent."
3239 maxLength: 256
3240 minLength: 1
3241 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3242 type: string
3243 value:
3244 description: Value is the value of HTTP
3245 Header to be matched.
3246 maxLength: 4096
3247 minLength: 1
3248 type: string
3249 required:
3250 - name
3251 - value
3252 type: object
3253 maxItems: 16
3254 type: array
3255 x-kubernetes-list-map-keys:
3256 - name
3257 x-kubernetes-list-type: map
3258 remove:
3259 description: "Remove the given header(s) from
3260 the HTTP request before the action. The value
3261 of Remove is a list of HTTP header names.
3262 Note that the header names are case-insensitive
3263 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3264 \n Input: GET /foo HTTP/1.1 my-header1: foo
3265 my-header2: bar my-header3: baz \n Config:
3266 remove: [\"my-header1\", \"my-header3\"] \n
3267 Output: GET /foo HTTP/1.1 my-header2: bar"
3268 items:
3269 type: string
3270 maxItems: 16
3271 type: array
3272 set:
3273 description: "Set overwrites the request with
3274 the given header (name, value) before the
3275 action. \n Input: GET /foo HTTP/1.1 my-header:
3276 foo \n Config: set: - name: \"my-header\"
3277 value: \"bar\" \n Output: GET /foo HTTP/1.1
3278 my-header: bar"
3279 items:
3280 description: HTTPHeader represents an HTTP
3281 Header name and value as defined by RFC
3282 7230.
3283 properties:
3284 name:
3285 description: "Name is the name of the
3286 HTTP Header to be matched. Name matching
3287 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3288 \n If multiple entries specify equivalent
3289 header names, the first entry with an
3290 equivalent name MUST be considered for
3291 a match. Subsequent entries with an
3292 equivalent header name MUST be ignored.
3293 Due to the case-insensitivity of header
3294 names, \"foo\" and \"Foo\" are considered
3295 equivalent."
3296 maxLength: 256
3297 minLength: 1
3298 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3299 type: string
3300 value:
3301 description: Value is the value of HTTP
3302 Header to be matched.
3303 maxLength: 4096
3304 minLength: 1
3305 type: string
3306 required:
3307 - name
3308 - value
3309 type: object
3310 maxItems: 16
3311 type: array
3312 x-kubernetes-list-map-keys:
3313 - name
3314 x-kubernetes-list-type: map
3315 type: object
3316 type:
3317 description: "Type identifies the type of filter
3318 to apply. As with other API fields, types are
3319 classified into three conformance levels: \n -
3320 Core: Filter types and their corresponding configuration
3321 defined by \"Support: Core\" in this package,
3322 e.g. \"RequestHeaderModifier\". All implementations
3323 must support core filters. \n - Extended: Filter
3324 types and their corresponding configuration defined
3325 by \"Support: Extended\" in this package, e.g.
3326 \"RequestMirror\". Implementers are encouraged
3327 to support extended filters. \n - Implementation-specific:
3328 Filters that are defined and supported by specific
3329 vendors. In the future, filters showing convergence
3330 in behavior across multiple implementations will
3331 be considered for inclusion in extended or core
3332 conformance levels. Filter-specific configuration
3333 for such filters is specified using the ExtensionRef
3334 field. `Type` should be set to \"ExtensionRef\"
3335 for custom filters. \n Implementers are encouraged
3336 to define custom implementation types to extend
3337 the core API with implementation-specific behavior.
3338 \n If a reference to a custom filter type cannot
3339 be resolved, the filter MUST NOT be skipped. Instead,
3340 requests that would have been processed by that
3341 filter MUST receive a HTTP error response. \n
3342 Note that values may be added to this enum, implementations
3343 must ensure that unknown values will not cause
3344 a crash. \n Unknown values here must result in
3345 the implementation setting the Accepted Condition
3346 for the Route to `status: False`, with a Reason
3347 of `UnsupportedValue`."
3348 enum:
3349 - RequestHeaderModifier
3350 - ResponseHeaderModifier
3351 - RequestRedirect
3352 type: string
3353 required:
3354 - type
3355 type: object
3356 maxItems: 16
3357 type: array
3358 required:
3359 - name
3360 type: object
3361 maxItems: 16
3362 type: array
3363 filters:
3364 description: "Filters define the filters that are applied to
3365 requests that match this rule. \n The effects of ordering
3366 of multiple behaviors are currently unspecified. This can
3367 change in the future based on feedback during the alpha stage.
3368 \n Conformance-levels at this level are defined based on the
3369 type of filter: \n - ALL core filters MUST be supported by
3370 all implementations. - Implementers are encouraged to support
3371 extended filters. - Implementation-specific custom filters
3372 have no API guarantees across implementations. \n Specifying
3373 a core filter multiple times has unspecified or custom conformance.
3374 \n All filters are expected to be compatible with each other
3375 except for the URLRewrite and RequestRedirect filters, which
3376 may not be combined. If an implementation can not support
3377 other combinations of filters, they must clearly document
3378 that limitation. In all cases where incompatible or unsupported
3379 filters are specified, implementations MUST add a warning
3380 condition to status. \n Support: Core"
3381 items:
3382 description: HTTPRouteFilter defines processing steps that
3383 must be completed during the request or response lifecycle.
3384 HTTPRouteFilters are meant as an extension point to express
3385 processing that may be done in Gateway implementations.
3386 Some examples include request or response modification,
3387 implementing authentication strategies, rate-limiting, and
3388 traffic shaping. API guarantee/conformance is defined based
3389 on the type of the filter.
3390 properties:
3391 requestHeaderModifier:
3392 description: "RequestHeaderModifier defines a schema for
3393 a filter that modifies request headers. \n Support:
3394 Core"
3395 properties:
3396 add:
3397 description: "Add adds the given header(s) (name,
3398 value) to the request before the action. It appends
3399 to any existing values associated with the header
3400 name. \n Input: GET /foo HTTP/1.1 my-header:
3401 foo \n Config: add: - name: \"my-header\" value:
3402 \"bar\" \n Output: GET /foo HTTP/1.1 my-header:
3403 foo my-header: bar"
3404 items:
3405 description: HTTPHeader represents an HTTP Header
3406 name and value as defined by RFC 7230.
3407 properties:
3408 name:
3409 description: "Name is the name of the HTTP Header
3410 to be matched. Name matching MUST be case
3411 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3412 \n If multiple entries specify equivalent
3413 header names, the first entry with an equivalent
3414 name MUST be considered for a match. Subsequent
3415 entries with an equivalent header name MUST
3416 be ignored. Due to the case-insensitivity
3417 of header names, \"foo\" and \"Foo\" are considered
3418 equivalent."
3419 maxLength: 256
3420 minLength: 1
3421 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3422 type: string
3423 value:
3424 description: Value is the value of HTTP Header
3425 to be matched.
3426 maxLength: 4096
3427 minLength: 1
3428 type: string
3429 required:
3430 - name
3431 - value
3432 type: object
3433 maxItems: 16
3434 type: array
3435 x-kubernetes-list-map-keys:
3436 - name
3437 x-kubernetes-list-type: map
3438 remove:
3439 description: "Remove the given header(s) from the
3440 HTTP request before the action. The value of Remove
3441 is a list of HTTP header names. Note that the header
3442 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3443 \n Input: GET /foo HTTP/1.1 my-header1: foo
3444 \ my-header2: bar my-header3: baz \n Config:
3445 \ remove: [\"my-header1\", \"my-header3\"] \n Output:
3446 \ GET /foo HTTP/1.1 my-header2: bar"
3447 items:
3448 type: string
3449 maxItems: 16
3450 type: array
3451 set:
3452 description: "Set overwrites the request with the
3453 given header (name, value) before the action. \n
3454 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
3455 \ set: - name: \"my-header\" value: \"bar\"
3456 \n Output: GET /foo HTTP/1.1 my-header: bar"
3457 items:
3458 description: HTTPHeader represents an HTTP Header
3459 name and value as defined by RFC 7230.
3460 properties:
3461 name:
3462 description: "Name is the name of the HTTP Header
3463 to be matched. Name matching MUST be case
3464 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3465 \n If multiple entries specify equivalent
3466 header names, the first entry with an equivalent
3467 name MUST be considered for a match. Subsequent
3468 entries with an equivalent header name MUST
3469 be ignored. Due to the case-insensitivity
3470 of header names, \"foo\" and \"Foo\" are considered
3471 equivalent."
3472 maxLength: 256
3473 minLength: 1
3474 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3475 type: string
3476 value:
3477 description: Value is the value of HTTP Header
3478 to be matched.
3479 maxLength: 4096
3480 minLength: 1
3481 type: string
3482 required:
3483 - name
3484 - value
3485 type: object
3486 maxItems: 16
3487 type: array
3488 x-kubernetes-list-map-keys:
3489 - name
3490 x-kubernetes-list-type: map
3491 type: object
3492 requestRedirect:
3493 description: "RequestRedirect defines a schema for a filter
3494 that responds to the request with an HTTP redirection.
3495 \n Support: Core"
3496 properties:
3497 hostname:
3498 description: "Hostname is the hostname to be used
3499 in the value of the `Location` header in the response.
3500 When empty, the hostname of the request is used.
3501 \n Support: Core"
3502 maxLength: 253
3503 minLength: 1
3504 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3505 type: string
3506 path:
3507 description: "Path defines parameters used to
3508 modify the path of the incoming request. The
3509 modified path is then used to construct the
3510 `Location` header. When empty, the request
3511 path is used as-is. \n Support: Extended"
3512 properties:
3513 replaceFullPath:
3514 description: ReplaceFullPath specifies the
3515 value with which to replace the full path
3516 of a request during a rewrite or redirect.
3517 maxLength: 1024
3518 type: string
3519 replacePrefixMatch:
3520 description: "ReplacePrefixMatch specifies
3521 the value with which to replace the prefix
3522 match of a request during a rewrite or
3523 redirect. For example, a request to \"/foo/bar\"
3524 with a prefix match of \"/foo\" and a
3525 ReplacePrefixMatch of \"/xyz\" would be
3526 modified to \"/xyz/bar\". \n Note that
3527 this matches the behavior of the PathPrefix
3528 match type. This matches full path elements.
3529 A path element refers to the list of labels
3530 in the path split by the `/` separator.
3531 When specified, a trailing `/` is ignored.
3532 For example, the paths `/abc`, `/abc/`,
3533 and `/abc/def` would all match the prefix
3534 `/abc`, but the path `/abcd` would not.
3535 \n Request Path | Prefix Match | Replace
3536 Prefix | Modified Path -------------|--------------|----------------|----------
3537 /foo/bar | /foo | /xyz |
3538 /xyz/bar /foo/bar | /foo |
3539 /xyz/ | /xyz/bar /foo/bar |
3540 /foo/ | /xyz | /xyz/bar
3541 /foo/bar | /foo/ | /xyz/ |
3542 /xyz/bar /foo | /foo |
3543 /xyz | /xyz /foo/ | /foo
3544 \ | /xyz | /xyz/ /foo/bar
3545 \ | /foo | <empty string> |
3546 /bar /foo/ | /foo | <empty
3547 string> | / /foo | /foo |
3548 <empty string> | / /foo/ | /foo
3549 \ | / | / /foo |
3550 /foo | / | /"
3551 maxLength: 1024
3552 type: string
3553 type:
3554 description: "Type defines the type of path
3555 modifier. Additional types may be added
3556 in a future release of the API. \n Note
3557 that values may be added to this enum,
3558 implementations must ensure that unknown
3559 values will not cause a crash. \n Unknown
3560 values here must result in the implementation
3561 setting the Accepted Condition for the
3562 Route to `status: False`, with a Reason
3563 of `UnsupportedValue`."
3564 enum:
3565 - ReplaceFullPath
3566 - ReplacePrefixMatch
3567 type: string
3568 required:
3569 - type
3570 type: object
3571 port:
3572 description: "Port is the port to be used in the value
3573 of the `Location` header in the response. When empty,
3574 port (if specified) of the request is used. \n Support:
3575 Extended"
3576 format: int32
3577 maximum: 65535
3578 minimum: 1
3579 type: integer
3580 scheme:
3581 description: "Scheme is the scheme to be used in the
3582 value of the `Location` header in the response.
3583 When empty, the scheme of the request is used. \n
3584 Support: Extended"
3585 enum:
3586 - http
3587 - https
3588 type: string
3589 statusCode:
3590 default: 302
3591 description: "StatusCode is the HTTP status code to
3592 be used in response. \n Support: Core"
3593 enum:
3594 - 301
3595 - 302
3596 type: integer
3597 type: object
3598 type:
3599 description: "Type identifies the type of filter to apply.
3600 As with other API fields, types are classified into
3601 three conformance levels: \n - Core: Filter types and
3602 their corresponding configuration defined by \"Support:
3603 Core\" in this package, e.g. \"RequestHeaderModifier\"."
3604 enum:
3605 - RequestHeaderModifier
3606 - RequestRedirect
3607 type: string
3608 required:
3609 - type
3610 type: object
3611 maxItems: 16
3612 type: array
3613 matches:
3614 default:
3615 - path:
3616 type: PathPrefix
3617 value: /
3618 description: "Matches define conditions used for matching the
3619 rule against incoming HTTP requests. Each match is independent,
3620 i.e. this rule will be matched if **any** one of the matches
3621 is satisfied. \n For example, take the following matches configuration:
3622 \n ``` matches: - path: value: \"/foo\" headers: -
3623 name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"
3624 ``` \n For a request to match against this rule, a request
3625 must satisfy EITHER of the two conditions: \n - path prefixed
3626 with `/foo` AND contains the header `version: v2` - path prefix
3627 of `/v2/foo` \n See the documentation for HTTPRouteMatch on
3628 how to specify multiple match conditions that should be ANDed
3629 together. \n If no matches are specified, the default is a
3630 prefix path match on \"/\", which has the effect of matching
3631 every HTTP request. \n Proxy or Load Balancer routing configuration
3632 generated from HTTPRoutes MUST prioritize rules based on the
3633 following criteria, continuing on ties. Precedence must be
3634 given to the the Rule with the largest number of: \n * Characters
3635 in a matching non-wildcard hostname. * Characters in a matching
3636 hostname. * Characters in a matching path. * Header matches.
3637 * Query param matches. \n If ties still exist across multiple
3638 Routes, matching precedence MUST be determined in order of
3639 the following criteria, continuing on ties: \n * The oldest
3640 Route based on creation timestamp. * The Route appearing first
3641 in alphabetical order by \"{namespace}/{name}\". \n If ties
3642 still exist within the Route that has been given precedence,
3643 matching precedence MUST be granted to the first matching
3644 rule meeting the above criteria. \n When no rules matching
3645 a request have been successfully attached to the parent a
3646 request is coming from, a HTTP 404 status code MUST be returned."
3647 items:
3648 description: "HTTPRouteMatch defines the predicate used to
3649 match requests to a given action. Multiple match types are
3650 ANDed together, i.e. the match will evaluate to true only
3651 if all conditions are satisfied. \n For example, the match
3652 below will match a HTTP request only if its path starts
3653 with `/foo` AND it contains the `version: v1` header: \n
3654 ``` match: path: value: \"/foo\" headers: - name:
3655 \"version\" value \"v1\" ```"
3656 properties:
3657 headers:
3658 description: Headers specifies HTTP request header matchers.
3659 Multiple match values are ANDed together, meaning, a
3660 request must match all the specified headers to select
3661 the route.
3662 items:
3663 description: HTTPHeaderMatch describes how to select
3664 a HTTP route by matching HTTP request headers.
3665 properties:
3666 name:
3667 description: "Name is the name of the HTTP Header
3668 to be matched. Name matching MUST be case insensitive.
3669 (See https://tools.ietf.org/html/rfc7230#section-3.2).
3670 \n If multiple entries specify equivalent header
3671 names, only the first entry with an equivalent
3672 name MUST be considered for a match. Subsequent
3673 entries with an equivalent header name MUST be
3674 ignored. Due to the case-insensitivity of header
3675 names, \"foo\" and \"Foo\" are considered equivalent.
3676 \n When a header is repeated in an HTTP request,
3677 it is implementation-specific behavior as to how
3678 this is represented. Generally, proxies should
3679 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
3680 regarding processing a repeated header, with special
3681 handling for \"Set-Cookie\"."
3682 maxLength: 256
3683 minLength: 1
3684 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3685 type: string
3686 type:
3687 default: Exact
3688 description: "Type specifies how to match against
3689 the value of the header. \n Support: Core (Exact)
3690 \n Support: Custom (RegularExpression) \n Since
3691 RegularExpression HeaderMatchType has custom conformance,
3692 implementations can support POSIX, PCRE or any
3693 other dialects of regular expressions. Please
3694 read the implementation's documentation to determine
3695 the supported dialect."
3696 enum:
3697 - Exact
3698 - RegularExpression
3699 type: string
3700 value:
3701 description: Value is the value of HTTP Header to
3702 be matched.
3703 maxLength: 4096
3704 minLength: 1
3705 type: string
3706 required:
3707 - name
3708 - value
3709 type: object
3710 maxItems: 16
3711 type: array
3712 x-kubernetes-list-map-keys:
3713 - name
3714 x-kubernetes-list-type: map
3715 method:
3716 description: "Method specifies HTTP method matcher. When
3717 specified, this route will be matched only if the request
3718 has the specified method. \n Support: Extended"
3719 enum:
3720 - GET
3721 - HEAD
3722 - POST
3723 - PUT
3724 - DELETE
3725 - CONNECT
3726 - OPTIONS
3727 - TRACE
3728 - PATCH
3729 type: string
3730 path:
3731 default:
3732 type: PathPrefix
3733 value: /
3734 description: Path specifies a HTTP request path matcher.
3735 If this field is not specified, a default prefix match
3736 on the "/" path is provided.
3737 properties:
3738 type:
3739 default: PathPrefix
3740 description: "Type specifies how to match against
3741 the path Value. \n Support: Core (Exact, PathPrefix)
3742 \n Support: Custom (RegularExpression)"
3743 enum:
3744 - Exact
3745 - PathPrefix
3746 - RegularExpression
3747 type: string
3748 value:
3749 default: /
3750 description: Value of the HTTP path to match against.
3751 maxLength: 1024
3752 type: string
3753 type: object
3754 queryParams:
3755 description: QueryParams specifies HTTP query parameter
3756 matchers. Multiple match values are ANDed together,
3757 meaning, a request must match all the specified query
3758 parameters to select the route.
3759 items:
3760 description: HTTPQueryParamMatch describes how to select
3761 a HTTP route by matching HTTP query parameters.
3762 properties:
3763 name:
3764 description: Name is the name of the HTTP query
3765 param to be matched. This must be an exact string
3766 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
3767 maxLength: 256
3768 minLength: 1
3769 type: string
3770 type:
3771 default: Exact
3772 description: "Type specifies how to match against
3773 the value of the query parameter. \n Support:
3774 Extended (Exact) \n Support: Custom (RegularExpression)
3775 \n Since RegularExpression QueryParamMatchType
3776 has custom conformance, implementations can support
3777 POSIX, PCRE or any other dialects of regular expressions.
3778 Please read the implementation's documentation
3779 to determine the supported dialect."
3780 enum:
3781 - Exact
3782 - RegularExpression
3783 type: string
3784 value:
3785 description: Value is the value of HTTP query param
3786 to be matched.
3787 maxLength: 1024
3788 minLength: 1
3789 type: string
3790 required:
3791 - name
3792 - value
3793 type: object
3794 maxItems: 16
3795 type: array
3796 x-kubernetes-list-map-keys:
3797 - name
3798 x-kubernetes-list-type: map
3799 type: object
3800 maxItems: 8
3801 type: array
3802 type: object
3803 maxItems: 16
3804 type: array
3805 type: object
3806 status:
3807 description: Status defines the current state of HTTPRoute.
3808 properties:
3809 parents:
3810 description: "Parents is a list of parent resources (usually Gateways)
3811 that are associated with the route, and the status of the route
3812 with respect to each parent. When this route attaches to a parent,
3813 the controller that manages the parent must add an entry to this
3814 list when the controller first sees the route and should update
3815 the entry as appropriate when the route or gateway is modified.
3816 \n Note that parent references that cannot be resolved by an implementation
3817 of this API will not be added to this list. Implementations of this
3818 API can only populate Route status for the Gateways/parent resources
3819 they are responsible for. \n A maximum of 32 Gateways will be represented
3820 in this list. An empty list means the route has not been attached
3821 to any Gateway."
3822 items:
3823 description: RouteParentStatus describes the status of a route with
3824 respect to an associated Parent.
3825 properties:
3826 conditions:
3827 description: "Conditions describes the status of the route with
3828 respect to the Gateway. Note that the route's availability
3829 is also subject to the Gateway's own status conditions and
3830 listener status. \n If the Route's ParentRef specifies an
3831 existing Gateway that supports Routes of this kind AND that
3832 Gateway's controller has sufficient access, then that Gateway's
3833 controller MUST set the \"Accepted\" condition on the Route,
3834 to indicate whether the route has been accepted or rejected
3835 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
3836 if at least one of the Route's rules is implemented by the
3837 Gateway. \n There are a number of cases where the \"Accepted\"
3838 condition may not be set due to lack of controller visibility,
3839 that includes when: \n * The Route refers to a non-existent
3840 parent. * The Route is of a type that the controller does
3841 not support. * The Route is in a namespace the the controller
3842 does not have access to."
3843 items:
3844 description: "Condition contains details for one aspect of
3845 the current state of this API Resource. --- This struct
3846 is intended for direct use as an array at the field path
3847 .status.conditions. For example, type FooStatus struct{
3848 \ // Represents the observations of a foo's current state.
3849 \ // Known .status.conditions.type are: \"Available\",
3850 \"Progressing\", and \"Degraded\" // +patchMergeKey=type
3851 \ // +patchStrategy=merge // +listType=map //
3852 +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
3853 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
3854 \n // other fields }"
3855 properties:
3856 lastTransitionTime:
3857 description: lastTransitionTime is the last time the condition
3858 transitioned from one status to another. This should
3859 be when the underlying condition changed. If that is
3860 not known, then using the time when the API field changed
3861 is acceptable.
3862 format: date-time
3863 type: string
3864 message:
3865 description: message is a human readable message indicating
3866 details about the transition. This may be an empty string.
3867 maxLength: 32768
3868 type: string
3869 observedGeneration:
3870 description: observedGeneration represents the .metadata.generation
3871 that the condition was set based upon. For instance,
3872 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
3873 is 9, the condition is out of date with respect to the
3874 current state of the instance.
3875 format: int64
3876 minimum: 0
3877 type: integer
3878 reason:
3879 description: reason contains a programmatic identifier
3880 indicating the reason for the condition's last transition.
3881 Producers of specific condition types may define expected
3882 values and meanings for this field, and whether the
3883 values are considered a guaranteed API. The value should
3884 be a CamelCase string. This field may not be empty.
3885 maxLength: 1024
3886 minLength: 1
3887 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
3888 type: string
3889 status:
3890 description: status of the condition, one of True, False,
3891 Unknown.
3892 enum:
3893 - "True"
3894 - "False"
3895 - Unknown
3896 type: string
3897 type:
3898 description: type of condition in CamelCase or in foo.example.com/CamelCase.
3899 --- Many .condition.type values are consistent across
3900 resources like Available, but because arbitrary conditions
3901 can be useful (see .node.status.conditions), the ability
3902 to deconflict is important. The regex it matches is
3903 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
3904 maxLength: 316
3905 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
3906 type: string
3907 required:
3908 - lastTransitionTime
3909 - message
3910 - reason
3911 - status
3912 - type
3913 type: object
3914 maxItems: 8
3915 minItems: 1
3916 type: array
3917 x-kubernetes-list-map-keys:
3918 - type
3919 x-kubernetes-list-type: map
3920 controllerName:
3921 description: "ControllerName is a domain/path string that indicates
3922 the name of the controller that wrote this status. This corresponds
3923 with the controllerName field on GatewayClass. \n Example:
3924 \"example.net/gateway-controller\". \n The format of this
3925 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
3926 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
3927 \n Controllers MUST populate this field when writing status.
3928 Controllers should ensure that entries to status populated
3929 with their ControllerName are cleaned up when they are no
3930 longer necessary."
3931 maxLength: 253
3932 minLength: 1
3933 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
3934 type: string
3935 parentRef:
3936 description: ParentRef corresponds with a ParentRef in the spec
3937 that this RouteParentStatus struct describes the status of.
3938 properties:
3939 group:
3940 default: policy.linkerd.io
3941 description: "Group is the group of the referent. \n Support:
3942 Core"
3943 maxLength: 253
3944 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3945 type: string
3946 kind:
3947 default: Gateway
3948 description: "Kind is kind of the referent. \n Support:
3949 Core (Gateway) Support: Custom (Other Resources)"
3950 maxLength: 63
3951 minLength: 1
3952 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3953 type: string
3954 name:
3955 description: "Name is the name of the referent. \n Support:
3956 Core"
3957 maxLength: 253
3958 minLength: 1
3959 type: string
3960 namespace:
3961 description: "Namespace is the namespace of the referent.
3962 When unspecified (or empty string), this refers to the
3963 local namespace of the Route. \n Support: Core"
3964 maxLength: 63
3965 minLength: 1
3966 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3967 type: string
3968 port:
3969 description: "Port is the network port this Route targets.
3970 It can be interpreted differently based on the type of
3971 parent resource. \n When the parent resource is a Gateway,
3972 this targets all listeners listening on the specified
3973 port that also support this kind of Route(and select this
3974 Route). It's not recommended to set `Port` unless the
3975 networking behaviors specified in a Route must apply to
3976 a specific port as opposed to a listener(s) whose port(s)
3977 may be changed. When both Port and SectionName are specified,
3978 the name and port of the selected listener must match
3979 both specified values. \n Implementations MAY choose to
3980 support other parent resources. Implementations supporting
3981 other types of parent resources MUST clearly document
3982 how/if Port is interpreted. \n For the purpose of status,
3983 an attachment is considered successful as long as the
3984 parent resource accepts it partially. For example, Gateway
3985 listeners can restrict which Routes can attach to them
3986 by Route kind, namespace, or hostname. If 1 of 2 Gateway
3987 listeners accept attachment from the referencing Route,
3988 the Route MUST be considered successfully attached. If
3989 no Gateway listeners accept attachment from this Route,
3990 the Route MUST be considered detached from the Gateway.
3991 \n Support: Extended \n <gateway:experimental>"
3992 format: int32
3993 maximum: 65535
3994 minimum: 1
3995 type: integer
3996 sectionName:
3997 description: "SectionName is the name of a section within
3998 the target resource. In the following resources, SectionName
3999 is interpreted as the following: \n * Gateway: Listener
4000 Name. When both Port (experimental) and SectionName are
4001 specified, the name and port of the selected listener
4002 must match both specified values. \n Implementations MAY
4003 choose to support attaching Routes to other resources.
4004 If that is the case, they MUST clearly document how SectionName
4005 is interpreted. \n When unspecified (empty string), this
4006 will reference the entire resource. For the purpose of
4007 status, an attachment is considered successful if at least
4008 one section in the parent resource accepts it. For example,
4009 Gateway listeners can restrict which Routes can attach
4010 to them by Route kind, namespace, or hostname. If 1 of
4011 2 Gateway listeners accept attachment from the referencing
4012 Route, the Route MUST be considered successfully attached.
4013 If no Gateway listeners accept attachment from this Route,
4014 the Route MUST be considered detached from the Gateway.
4015 \n Support: Core"
4016 maxLength: 253
4017 minLength: 1
4018 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4019 type: string
4020 required:
4021 - name
4022 type: object
4023 required:
4024 - controllerName
4025 - parentRef
4026 type: object
4027 maxItems: 32
4028 type: array
4029 required:
4030 - parents
4031 type: object
4032 required:
4033 - spec
4034 type: object
4035 served: true
4036 storage: false
4037 subresources:
4038 status: {}
4039 - additionalPrinterColumns:
4040 - jsonPath: .spec.hostnames
4041 name: Hostnames
4042 type: string
4043 - jsonPath: .metadata.creationTimestamp
4044 name: Age
4045 type: date
4046 name: v1beta3
4047 schema:
4048 openAPIV3Schema:
4049 description: HTTPRoute provides a way to route HTTP requests. This includes
4050 the capability to match requests by hostname, path, header, or query param.
4051 Filters can be used to specify additional processing steps. Backends specify
4052 where matching requests should be routed.
4053 properties:
4054 apiVersion:
4055 description: 'APIVersion defines the versioned schema of this representation
4056 of an object. Servers should convert recognized schemas to the latest
4057 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
4058 type: string
4059 kind:
4060 description: 'Kind is a string value representing the REST resource this
4061 object represents. Servers may infer this from the endpoint the client
4062 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
4063 type: string
4064 metadata:
4065 type: object
4066 spec:
4067 description: Spec defines the desired state of HTTPRoute.
4068 properties:
4069 hostnames:
4070 description: "Hostnames defines a set of hostname that should match
4071 against the HTTP Host header to select a HTTPRoute to process the
4072 request. This matches the RFC 1123 definition of a hostname with
4073 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may
4074 be prefixed with a wildcard label (`*.`). The wildcard label
4075 must appear by itself as the first label. \n If a hostname is specified
4076 by both the Listener and HTTPRoute, there must be at least one intersecting
4077 hostname for the HTTPRoute to be attached to the Listener. For example:
4078 \n * A Listener with `test.example.com` as the hostname matches
4079 HTTPRoutes that have either not specified any hostnames, or have
4080 specified at least one of `test.example.com` or `*.example.com`.
4081 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
4082 \ that have either not specified any hostnames or have specified
4083 at least one hostname that matches the Listener hostname. For
4084 example, `*.example.com`, `test.example.com`, and `foo.test.example.com`
4085 would all match. On the other hand, `example.com` and `test.example.net`
4086 would not match. \n Hostnames that are prefixed with a wildcard
4087 label (`*.`) are interpreted as a suffix match. That means that
4088 a match for `*.example.com` would match both `test.example.com`,
4089 and `foo.test.example.com`, but not `example.com`. \n If both the
4090 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
4091 that do not match the Listener hostname MUST be ignored. For example,
4092 if a Listener specified `*.example.com`, and the HTTPRoute specified
4093 `test.example.com` and `test.example.net`, `test.example.net` must
4094 not be considered for a match. \n If both the Listener and HTTPRoute
4095 have specified hostnames, and none match with the criteria above,
4096 then the HTTPRoute is not accepted. The implementation must raise
4097 an 'Accepted' Condition with a status of `False` in the corresponding
4098 RouteParentStatus. \n Support: Core"
4099 items:
4100 description: "Hostname is the fully qualified domain name of a network
4101 host. This matches the RFC 1123 definition of a hostname with
4102 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
4103 may be prefixed with a wildcard label (`*.`). The wildcard label
4104 must appear by itself as the first label. \n Hostname can be \"precise\"
4105 which is a domain name without the terminating dot of a network
4106 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
4107 name prefixed with a single wildcard label (e.g. `*.example.com`).
4108 \n Note that as per RFC1035 and RFC1123, a *label* must consist
4109 of lower case alphanumeric characters or '-', and must start and
4110 end with an alphanumeric character. No other punctuation is allowed."
4111 maxLength: 253
4112 minLength: 1
4113 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4114 type: string
4115 maxItems: 16
4116 type: array
4117 parentRefs:
4118 description: "ParentRefs references the resources (usually Gateways)
4119 that a Route wants to be attached to. Note that the referenced parent
4120 resource needs to allow this for the attachment to be complete.
4121 For Gateways, that means the Gateway needs to allow attachment from
4122 Routes of this kind and namespace. \n The only kind of parent resource
4123 with \"Core\" support is Gateway. This API may be extended in the
4124 future to support additional kinds of parent resources such as one
4125 of the route kinds. \n It is invalid to reference an identical parent
4126 more than once. It is valid to reference multiple distinct sections
4127 within the same parent resource, such as 2 Listeners within a Gateway.
4128 \n It is possible to separately reference multiple distinct objects
4129 that may be collapsed by an implementation. For example, some implementations
4130 may choose to merge compatible Gateway Listeners together. If that
4131 is the case, the list of routes attached to those resources should
4132 also be merged."
4133 items:
4134 description: "ParentReference identifies an API object (usually
4135 a Gateway) that can be considered a parent of this resource (usually
4136 a route). The only kind of parent resource with \"Core\" support
4137 is Gateway. This API may be extended in the future to support
4138 additional kinds of parent resources, such as HTTPRoute. \n The
4139 API object must be valid in the cluster; the Group and Kind must
4140 be registered in the cluster for this reference to be valid."
4141 properties:
4142 group:
4143 default: policy.linkerd.io
4144 description: "Group is the group of the referent. \n Support:
4145 Core"
4146 maxLength: 253
4147 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4148 type: string
4149 kind:
4150 default: Gateway
4151 description: "Kind is kind of the referent. \n Support: Core
4152 (Gateway) Support: Custom (Other Resources)"
4153 maxLength: 63
4154 minLength: 1
4155 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4156 type: string
4157 name:
4158 description: "Name is the name of the referent. \n Support:
4159 Core"
4160 maxLength: 253
4161 minLength: 1
4162 type: string
4163 namespace:
4164 description: "Namespace is the namespace of the referent. When
4165 unspecified (or empty string), this refers to the local namespace
4166 of the Route. \n Support: Core"
4167 maxLength: 63
4168 minLength: 1
4169 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4170 type: string
4171 port:
4172 description: "Port specifies the destination
4173 port number to use for this resource.
4174 Port is required when the referent is
4175 a Kubernetes Service. In this case, the
4176 port number is the service port number,
4177 not the target port. For other resources,
4178 destination port might be derived from
4179 the referent resource or this field. \n Support: Extended"
4180 format: int32
4181 maximum: 65535
4182 minimum: 1
4183 type: integer
4184 sectionName:
4185 description: "SectionName is the name of a section within the
4186 target resource. In the following resources, SectionName is
4187 interpreted as the following: \n * Gateway: Listener Name.
4188 When both Port (experimental) and SectionName are specified,
4189 the name and port of the selected listener must match both
4190 specified values. \n Implementations MAY choose to support
4191 attaching Routes to other resources. If that is the case,
4192 they MUST clearly document how SectionName is interpreted.
4193 \n When unspecified (empty string), this will reference the
4194 entire resource. For the purpose of status, an attachment
4195 is considered successful if at least one section in the parent
4196 resource accepts it. For example, Gateway listeners can restrict
4197 which Routes can attach to them by Route kind, namespace,
4198 or hostname. If 1 of 2 Gateway listeners accept attachment
4199 from the referencing Route, the Route MUST be considered successfully
4200 attached. If no Gateway listeners accept attachment from this
4201 Route, the Route MUST be considered detached from the Gateway.
4202 \n Support: Core"
4203 maxLength: 253
4204 minLength: 1
4205 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4206 type: string
4207 required:
4208 - name
4209 type: object
4210 maxItems: 32
4211 type: array
4212 rules:
4213 default:
4214 - matches:
4215 - path:
4216 type: PathPrefix
4217 value: /
4218 description: Rules are a list of HTTP matchers, filters and actions.
4219 items:
4220 description: HTTPRouteRule defines semantics for matching an HTTP
4221 request based on conditions (matches) and processing it (filters).
4222 properties:
4223 backendRefs:
4224 description: "BackendRefs defines the backend(s) where matching
4225 requests should be sent. \n Failure behavior here depends
4226 on how many BackendRefs are specified and how many are invalid.
4227 \n If *all* entries in BackendRefs are invalid, and there
4228 are also no filters specified in this route rule, *all* traffic
4229 which matches this rule MUST receive a 500 status code. \n
4230 See the HTTPBackendRef definition for the rules about what
4231 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
4232 is invalid, 500 status codes MUST be returned for requests
4233 that would have otherwise been routed to an invalid backend.
4234 If multiple backends are specified, and some are invalid,
4235 the proportion of requests that would otherwise have been
4236 routed to an invalid backend MUST receive a 500 status code.
4237 \n For example, if two backends are specified with equal weights,
4238 and one is invalid, 50 percent of traffic must receive a 500.
4239 Implementations may choose how that 50 percent is determined.
4240 \n Support: Core for Kubernetes Service \n Support: Implementation-specific
4241 for any other resource \n Support for weight: Core"
4242 items:
4243 description: HTTPBackendRef defines how a HTTPRoute should
4244 forward an HTTP request.
4245 properties:
4246 group:
4247 default: ""
4248 description: Group is the group of the referent. For example,
4249 "gateway.networking.k8s.io". When unspecified or empty
4250 string, core API group is inferred.
4251 maxLength: 253
4252 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4253 type: string
4254 kind:
4255 default: Service
4256 description: Kind is kind of the referent. For example
4257 "HTTPRoute" or "Service". Defaults to "Service" when
4258 not specified.
4259 maxLength: 63
4260 minLength: 1
4261 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4262 type: string
4263 name:
4264 description: Name is the name of the referent.
4265 maxLength: 253
4266 minLength: 1
4267 type: string
4268 namespace:
4269 description: "Namespace is the namespace of the backend.
4270 When unspecified, the local namespace is inferred. \n
4271 Note that when a namespace is specified, a ReferenceGrant
4272 object is required in the referent namespace to allow
4273 that namespace's owner to accept the reference. See
4274 the ReferenceGrant documentation for details. \n Support:
4275 Core"
4276 maxLength: 63
4277 minLength: 1
4278 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4279 type: string
4280 port:
4281 description: Port specifies the destination port number
4282 to use for this resource. Port is required when the
4283 referent is a Kubernetes Service. In this case, the
4284 port number is the service port number, not the target
4285 port. For other resources, destination port might be
4286 derived from the referent resource or this field.
4287 format: int32
4288 maximum: 65535
4289 minimum: 1
4290 type: integer
4291 weight:
4292 default: 1
4293 description: "Weight specifies the proportion of requests
4294 forwarded to the referenced backend. This is computed
4295 as weight/(sum of all weights in this BackendRefs list).
4296 For non-zero values, there may be some epsilon from
4297 the exact proportion defined here depending on the precision
4298 an implementation supports. Weight is not a percentage
4299 and the sum of weights does not need to equal 100. \n
4300 If only one backend is specified and it has a weight
4301 greater than 0, 100% of the traffic is forwarded to
4302 that backend. If weight is set to 0, no traffic should
4303 be forwarded for this entry. If unspecified, weight
4304 defaults to 1. \n Support for this field varies based
4305 on the context where used."
4306 format: int32
4307 maximum: 1000000
4308 minimum: 0
4309 type: integer
4310 filters:
4311 description: "Filters defined at this level should be
4312 executed if and only if the request is being forwarded
4313 to the backend defined here. \n Support: Implementation-specific
4314 (For broader support of filters, use the Filters field
4315 in HTTPRouteRule.)"
4316 items:
4317 description: HTTPRouteFilter defines processing steps
4318 that must be completed during the request or response
4319 lifecycle. HTTPRouteFilters are meant as an extension
4320 point to express processing that may be done in Gateway
4321 implementations. Some examples include request or
4322 response modification, implementing authentication
4323 strategies, rate-limiting, and traffic shaping. API
4324 guarantee/conformance is defined based on the type
4325 of the filter.
4326 properties:
4327 requestHeaderModifier:
4328 description: "RequestHeaderModifier defines a schema
4329 for a filter that modifies request headers. \n
4330 Support: Core"
4331 properties:
4332 add:
4333 description: "Add adds the given header(s) (name,
4334 value) to the request before the action. It
4335 appends to any existing values associated
4336 with the header name. \n Input: GET /foo HTTP/1.1
4337 my-header: foo \n Config: add: - name: \"my-header\"
4338 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
4339 my-header: foo,bar,baz"
4340 items:
4341 description: HTTPHeader represents an HTTP
4342 Header name and value as defined by RFC
4343 7230.
4344 properties:
4345 name:
4346 description: "Name is the name of the
4347 HTTP Header to be matched. Name matching
4348 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4349 \n If multiple entries specify equivalent
4350 header names, the first entry with an
4351 equivalent name MUST be considered for
4352 a match. Subsequent entries with an
4353 equivalent header name MUST be ignored.
4354 Due to the case-insensitivity of header
4355 names, \"foo\" and \"Foo\" are considered
4356 equivalent."
4357 maxLength: 256
4358 minLength: 1
4359 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4360 type: string
4361 value:
4362 description: Value is the value of HTTP
4363 Header to be matched.
4364 maxLength: 4096
4365 minLength: 1
4366 type: string
4367 required:
4368 - name
4369 - value
4370 type: object
4371 maxItems: 16
4372 type: array
4373 x-kubernetes-list-map-keys:
4374 - name
4375 x-kubernetes-list-type: map
4376 remove:
4377 description: "Remove the given header(s) from
4378 the HTTP request before the action. The value
4379 of Remove is a list of HTTP header names.
4380 Note that the header names are case-insensitive
4381 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
4382 \n Input: GET /foo HTTP/1.1 my-header1: foo
4383 my-header2: bar my-header3: baz \n Config:
4384 remove: [\"my-header1\", \"my-header3\"] \n
4385 Output: GET /foo HTTP/1.1 my-header2: bar"
4386 items:
4387 type: string
4388 maxItems: 16
4389 type: array
4390 set:
4391 description: "Set overwrites the request with
4392 the given header (name, value) before the
4393 action. \n Input: GET /foo HTTP/1.1 my-header:
4394 foo \n Config: set: - name: \"my-header\"
4395 value: \"bar\" \n Output: GET /foo HTTP/1.1
4396 my-header: bar"
4397 items:
4398 description: HTTPHeader represents an HTTP
4399 Header name and value as defined by RFC
4400 7230.
4401 properties:
4402 name:
4403 description: "Name is the name of the
4404 HTTP Header to be matched. Name matching
4405 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4406 \n If multiple entries specify equivalent
4407 header names, the first entry with an
4408 equivalent name MUST be considered for
4409 a match. Subsequent entries with an
4410 equivalent header name MUST be ignored.
4411 Due to the case-insensitivity of header
4412 names, \"foo\" and \"Foo\" are considered
4413 equivalent."
4414 maxLength: 256
4415 minLength: 1
4416 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4417 type: string
4418 value:
4419 description: Value is the value of HTTP
4420 Header to be matched.
4421 maxLength: 4096
4422 minLength: 1
4423 type: string
4424 required:
4425 - name
4426 - value
4427 type: object
4428 maxItems: 16
4429 type: array
4430 x-kubernetes-list-map-keys:
4431 - name
4432 x-kubernetes-list-type: map
4433 type: object
4434 requestRedirect:
4435 description: "RequestRedirect defines a schema for
4436 a filter that responds to the request with an
4437 HTTP redirection. \n Support: Core"
4438 properties:
4439 hostname:
4440 description: "Hostname is the hostname to be
4441 used in the value of the `Location` header
4442 in the response. When empty, the hostname
4443 in the `Host` header of the request is used.
4444 \n Support: Core"
4445 maxLength: 253
4446 minLength: 1
4447 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4448 type: string
4449 path:
4450 description: "Path defines parameters used to
4451 modify the path of the incoming request. The
4452 modified path is then used to construct the
4453 `Location` header. When empty, the request
4454 path is used as-is. \n Support: Extended"
4455 properties:
4456 replaceFullPath:
4457 description: ReplaceFullPath specifies the
4458 value with which to replace the full path
4459 of a request during a rewrite or redirect.
4460 maxLength: 1024
4461 type: string
4462 replacePrefixMatch:
4463 description: "ReplacePrefixMatch specifies
4464 the value with which to replace the prefix
4465 match of a request during a rewrite or
4466 redirect. For example, a request to \"/foo/bar\"
4467 with a prefix match of \"/foo\" and a
4468 ReplacePrefixMatch of \"/xyz\" would be
4469 modified to \"/xyz/bar\". \n Note that
4470 this matches the behavior of the PathPrefix
4471 match type. This matches full path elements.
4472 A path element refers to the list of labels
4473 in the path split by the `/` separator.
4474 When specified, a trailing `/` is ignored.
4475 For example, the paths `/abc`, `/abc/`,
4476 and `/abc/def` would all match the prefix
4477 `/abc`, but the path `/abcd` would not.
4478 \n Request Path | Prefix Match | Replace
4479 Prefix | Modified Path -------------|--------------|----------------|----------
4480 /foo/bar | /foo | /xyz |
4481 /xyz/bar /foo/bar | /foo |
4482 /xyz/ | /xyz/bar /foo/bar |
4483 /foo/ | /xyz | /xyz/bar
4484 /foo/bar | /foo/ | /xyz/ |
4485 /xyz/bar /foo | /foo |
4486 /xyz | /xyz /foo/ | /foo
4487 \ | /xyz | /xyz/ /foo/bar
4488 \ | /foo | <empty string> |
4489 /bar /foo/ | /foo | <empty
4490 string> | / /foo | /foo |
4491 <empty string> | / /foo/ | /foo
4492 \ | / | / /foo |
4493 /foo | / | /"
4494 maxLength: 1024
4495 type: string
4496 type:
4497 description: "Type defines the type of path
4498 modifier. Additional types may be added
4499 in a future release of the API. \n Note
4500 that values may be added to this enum,
4501 implementations must ensure that unknown
4502 values will not cause a crash. \n Unknown
4503 values here must result in the implementation
4504 setting the Accepted Condition for the
4505 Route to `status: False`, with a Reason
4506 of `UnsupportedValue`."
4507 enum:
4508 - ReplaceFullPath
4509 - ReplacePrefixMatch
4510 type: string
4511 required:
4512 - type
4513 type: object
4514 port:
4515 description: "Port is the port to be used in
4516 the value of the `Location` header in the
4517 response. \n If no port is specified, the
4518 redirect port MUST be derived using the following
4519 rules: \n * If redirect scheme is not-empty,
4520 the redirect port MUST be the well-known port
4521 associated with the redirect scheme. Specifically
4522 \"http\" to port 80 and \"https\" to port
4523 443. If the redirect scheme does not have
4524 a well-known port, the listener port of the
4525 Gateway SHOULD be used. * If redirect scheme
4526 is empty, the redirect port MUST be the Gateway
4527 Listener port. \n Implementations SHOULD NOT
4528 add the port number in the 'Location' header
4529 in the following cases: \n * A Location header
4530 that will use HTTP (whether that is determined
4531 via the Listener protocol or the Scheme field)
4532 _and_ use port 80. * A Location header that
4533 will use HTTPS (whether that is determined
4534 via the Listener protocol or the Scheme field)
4535 _and_ use port 443. \n Support: Extended"
4536 format: int32
4537 maximum: 65535
4538 minimum: 1
4539 type: integer
4540 scheme:
4541 description: "Scheme is the scheme to be used
4542 in the value of the `Location` header in the
4543 response. When empty, the scheme of the request
4544 is used. \n Scheme redirects can affect the
4545 port of the redirect, for more information,
4546 refer to the documentation for the port field
4547 of this filter. \n Note that values may be
4548 added to this enum, implementations must ensure
4549 that unknown values will not cause a crash.
4550 \n Unknown values here must result in the
4551 implementation setting the Accepted Condition
4552 for the Route to `status: False`, with a Reason
4553 of `UnsupportedValue`. \n Support: Extended"
4554 enum:
4555 - http
4556 - https
4557 type: string
4558 statusCode:
4559 default: 302
4560 description: "StatusCode is the HTTP status
4561 code to be used in response. \n Note that
4562 values may be added to this enum, implementations
4563 must ensure that unknown values will not cause
4564 a crash. \n Unknown values here must result
4565 in the implementation setting the Accepted
4566 Condition for the Route to `status: False`,
4567 with a Reason of `UnsupportedValue`. \n Support:
4568 Core"
4569 enum:
4570 - 301
4571 - 302
4572 type: integer
4573 type: object
4574 responseHeaderModifier:
4575 description: "ResponseHeaderModifier defines a schema
4576 for a filter that modifies response headers. \n
4577 Support: Extended"
4578 properties:
4579 add:
4580 description: "Add adds the given header(s) (name,
4581 value) to the request before the action. It
4582 appends to any existing values associated
4583 with the header name. \n Input: GET /foo HTTP/1.1
4584 my-header: foo \n Config: add: - name: \"my-header\"
4585 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
4586 my-header: foo,bar,baz"
4587 items:
4588 description: HTTPHeader represents an HTTP
4589 Header name and value as defined by RFC
4590 7230.
4591 properties:
4592 name:
4593 description: "Name is the name of the
4594 HTTP Header to be matched. Name matching
4595 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4596 \n If multiple entries specify equivalent
4597 header names, the first entry with an
4598 equivalent name MUST be considered for
4599 a match. Subsequent entries with an
4600 equivalent header name MUST be ignored.
4601 Due to the case-insensitivity of header
4602 names, \"foo\" and \"Foo\" are considered
4603 equivalent."
4604 maxLength: 256
4605 minLength: 1
4606 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4607 type: string
4608 value:
4609 description: Value is the value of HTTP
4610 Header to be matched.
4611 maxLength: 4096
4612 minLength: 1
4613 type: string
4614 required:
4615 - name
4616 - value
4617 type: object
4618 maxItems: 16
4619 type: array
4620 x-kubernetes-list-map-keys:
4621 - name
4622 x-kubernetes-list-type: map
4623 remove:
4624 description: "Remove the given header(s) from
4625 the HTTP request before the action. The value
4626 of Remove is a list of HTTP header names.
4627 Note that the header names are case-insensitive
4628 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
4629 \n Input: GET /foo HTTP/1.1 my-header1: foo
4630 my-header2: bar my-header3: baz \n Config:
4631 remove: [\"my-header1\", \"my-header3\"] \n
4632 Output: GET /foo HTTP/1.1 my-header2: bar"
4633 items:
4634 type: string
4635 maxItems: 16
4636 type: array
4637 set:
4638 description: "Set overwrites the request with
4639 the given header (name, value) before the
4640 action. \n Input: GET /foo HTTP/1.1 my-header:
4641 foo \n Config: set: - name: \"my-header\"
4642 value: \"bar\" \n Output: GET /foo HTTP/1.1
4643 my-header: bar"
4644 items:
4645 description: HTTPHeader represents an HTTP
4646 Header name and value as defined by RFC
4647 7230.
4648 properties:
4649 name:
4650 description: "Name is the name of the
4651 HTTP Header to be matched. Name matching
4652 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4653 \n If multiple entries specify equivalent
4654 header names, the first entry with an
4655 equivalent name MUST be considered for
4656 a match. Subsequent entries with an
4657 equivalent header name MUST be ignored.
4658 Due to the case-insensitivity of header
4659 names, \"foo\" and \"Foo\" are considered
4660 equivalent."
4661 maxLength: 256
4662 minLength: 1
4663 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4664 type: string
4665 value:
4666 description: Value is the value of HTTP
4667 Header to be matched.
4668 maxLength: 4096
4669 minLength: 1
4670 type: string
4671 required:
4672 - name
4673 - value
4674 type: object
4675 maxItems: 16
4676 type: array
4677 x-kubernetes-list-map-keys:
4678 - name
4679 x-kubernetes-list-type: map
4680 type: object
4681 type:
4682 description: "Type identifies the type of filter
4683 to apply. As with other API fields, types are
4684 classified into three conformance levels: \n -
4685 Core: Filter types and their corresponding configuration
4686 defined by \"Support: Core\" in this package,
4687 e.g. \"RequestHeaderModifier\". All implementations
4688 must support core filters. \n - Extended: Filter
4689 types and their corresponding configuration defined
4690 by \"Support: Extended\" in this package, e.g.
4691 \"RequestMirror\". Implementers are encouraged
4692 to support extended filters. \n - Implementation-specific:
4693 Filters that are defined and supported by specific
4694 vendors. In the future, filters showing convergence
4695 in behavior across multiple implementations will
4696 be considered for inclusion in extended or core
4697 conformance levels. Filter-specific configuration
4698 for such filters is specified using the ExtensionRef
4699 field. `Type` should be set to \"ExtensionRef\"
4700 for custom filters. \n Implementers are encouraged
4701 to define custom implementation types to extend
4702 the core API with implementation-specific behavior.
4703 \n If a reference to a custom filter type cannot
4704 be resolved, the filter MUST NOT be skipped. Instead,
4705 requests that would have been processed by that
4706 filter MUST receive a HTTP error response. \n
4707 Note that values may be added to this enum, implementations
4708 must ensure that unknown values will not cause
4709 a crash. \n Unknown values here must result in
4710 the implementation setting the Accepted Condition
4711 for the Route to `status: False`, with a Reason
4712 of `UnsupportedValue`."
4713 enum:
4714 - RequestHeaderModifier
4715 - ResponseHeaderModifier
4716 - RequestRedirect
4717 type: string
4718 required:
4719 - type
4720 type: object
4721 maxItems: 16
4722 type: array
4723 required:
4724 - name
4725 type: object
4726 maxItems: 16
4727 type: array
4728 filters:
4729 description: "Filters define the filters that are applied to
4730 requests that match this rule. \n The effects of ordering
4731 of multiple behaviors are currently unspecified. This can
4732 change in the future based on feedback during the alpha stage.
4733 \n Conformance-levels at this level are defined based on the
4734 type of filter: \n - ALL core filters MUST be supported by
4735 all implementations. - Implementers are encouraged to support
4736 extended filters. - Implementation-specific custom filters
4737 have no API guarantees across implementations. \n Specifying
4738 a core filter multiple times has unspecified or custom conformance.
4739 \n All filters are expected to be compatible with each other
4740 except for the URLRewrite and RequestRedirect filters, which
4741 may not be combined. If an implementation can not support
4742 other combinations of filters, they must clearly document
4743 that limitation. In all cases where incompatible or unsupported
4744 filters are specified, implementations MUST add a warning
4745 condition to status. \n Support: Core"
4746 items:
4747 description: HTTPRouteFilter defines processing steps that
4748 must be completed during the request or response lifecycle.
4749 HTTPRouteFilters are meant as an extension point to express
4750 processing that may be done in Gateway implementations.
4751 Some examples include request or response modification,
4752 implementing authentication strategies, rate-limiting, and
4753 traffic shaping. API guarantee/conformance is defined based
4754 on the type of the filter.
4755 properties:
4756 requestHeaderModifier:
4757 description: "RequestHeaderModifier defines a schema for
4758 a filter that modifies request headers. \n Support:
4759 Core"
4760 properties:
4761 add:
4762 description: "Add adds the given header(s) (name,
4763 value) to the request before the action. It appends
4764 to any existing values associated with the header
4765 name. \n Input: GET /foo HTTP/1.1 my-header:
4766 foo \n Config: add: - name: \"my-header\" value:
4767 \"bar\" \n Output: GET /foo HTTP/1.1 my-header:
4768 foo my-header: bar"
4769 items:
4770 description: HTTPHeader represents an HTTP Header
4771 name and value as defined by RFC 7230.
4772 properties:
4773 name:
4774 description: "Name is the name of the HTTP Header
4775 to be matched. Name matching MUST be case
4776 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4777 \n If multiple entries specify equivalent
4778 header names, the first entry with an equivalent
4779 name MUST be considered for a match. Subsequent
4780 entries with an equivalent header name MUST
4781 be ignored. Due to the case-insensitivity
4782 of header names, \"foo\" and \"Foo\" are considered
4783 equivalent."
4784 maxLength: 256
4785 minLength: 1
4786 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4787 type: string
4788 value:
4789 description: Value is the value of HTTP Header
4790 to be matched.
4791 maxLength: 4096
4792 minLength: 1
4793 type: string
4794 required:
4795 - name
4796 - value
4797 type: object
4798 maxItems: 16
4799 type: array
4800 x-kubernetes-list-map-keys:
4801 - name
4802 x-kubernetes-list-type: map
4803 remove:
4804 description: "Remove the given header(s) from the
4805 HTTP request before the action. The value of Remove
4806 is a list of HTTP header names. Note that the header
4807 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
4808 \n Input: GET /foo HTTP/1.1 my-header1: foo
4809 \ my-header2: bar my-header3: baz \n Config:
4810 \ remove: [\"my-header1\", \"my-header3\"] \n Output:
4811 \ GET /foo HTTP/1.1 my-header2: bar"
4812 items:
4813 type: string
4814 maxItems: 16
4815 type: array
4816 set:
4817 description: "Set overwrites the request with the
4818 given header (name, value) before the action. \n
4819 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
4820 \ set: - name: \"my-header\" value: \"bar\"
4821 \n Output: GET /foo HTTP/1.1 my-header: bar"
4822 items:
4823 description: HTTPHeader represents an HTTP Header
4824 name and value as defined by RFC 7230.
4825 properties:
4826 name:
4827 description: "Name is the name of the HTTP Header
4828 to be matched. Name matching MUST be case
4829 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4830 \n If multiple entries specify equivalent
4831 header names, the first entry with an equivalent
4832 name MUST be considered for a match. Subsequent
4833 entries with an equivalent header name MUST
4834 be ignored. Due to the case-insensitivity
4835 of header names, \"foo\" and \"Foo\" are considered
4836 equivalent."
4837 maxLength: 256
4838 minLength: 1
4839 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4840 type: string
4841 value:
4842 description: Value is the value of HTTP Header
4843 to be matched.
4844 maxLength: 4096
4845 minLength: 1
4846 type: string
4847 required:
4848 - name
4849 - value
4850 type: object
4851 maxItems: 16
4852 type: array
4853 x-kubernetes-list-map-keys:
4854 - name
4855 x-kubernetes-list-type: map
4856 type: object
4857 requestRedirect:
4858 description: "RequestRedirect defines a schema for a filter
4859 that responds to the request with an HTTP redirection.
4860 \n Support: Core"
4861 properties:
4862 hostname:
4863 description: "Hostname is the hostname to be used
4864 in the value of the `Location` header in the response.
4865 When empty, the hostname of the request is used.
4866 \n Support: Core"
4867 maxLength: 253
4868 minLength: 1
4869 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4870 type: string
4871 path:
4872 description: "Path defines parameters used to
4873 modify the path of the incoming request. The
4874 modified path is then used to construct the
4875 `Location` header. When empty, the request
4876 path is used as-is. \n Support: Extended"
4877 properties:
4878 replaceFullPath:
4879 description: ReplaceFullPath specifies the
4880 value with which to replace the full path
4881 of a request during a rewrite or redirect.
4882 maxLength: 1024
4883 type: string
4884 replacePrefixMatch:
4885 description: "ReplacePrefixMatch specifies
4886 the value with which to replace the prefix
4887 match of a request during a rewrite or
4888 redirect. For example, a request to \"/foo/bar\"
4889 with a prefix match of \"/foo\" and a
4890 ReplacePrefixMatch of \"/xyz\" would be
4891 modified to \"/xyz/bar\". \n Note that
4892 this matches the behavior of the PathPrefix
4893 match type. This matches full path elements.
4894 A path element refers to the list of labels
4895 in the path split by the `/` separator.
4896 When specified, a trailing `/` is ignored.
4897 For example, the paths `/abc`, `/abc/`,
4898 and `/abc/def` would all match the prefix
4899 `/abc`, but the path `/abcd` would not.
4900 \n Request Path | Prefix Match | Replace
4901 Prefix | Modified Path -------------|--------------|----------------|----------
4902 /foo/bar | /foo | /xyz |
4903 /xyz/bar /foo/bar | /foo |
4904 /xyz/ | /xyz/bar /foo/bar |
4905 /foo/ | /xyz | /xyz/bar
4906 /foo/bar | /foo/ | /xyz/ |
4907 /xyz/bar /foo | /foo |
4908 /xyz | /xyz /foo/ | /foo
4909 \ | /xyz | /xyz/ /foo/bar
4910 \ | /foo | <empty string> |
4911 /bar /foo/ | /foo | <empty
4912 string> | / /foo | /foo |
4913 <empty string> | / /foo/ | /foo
4914 \ | / | / /foo |
4915 /foo | / | /"
4916 maxLength: 1024
4917 type: string
4918 type:
4919 description: "Type defines the type of path
4920 modifier. Additional types may be added
4921 in a future release of the API. \n Note
4922 that values may be added to this enum,
4923 implementations must ensure that unknown
4924 values will not cause a crash. \n Unknown
4925 values here must result in the implementation
4926 setting the Accepted Condition for the
4927 Route to `status: False`, with a Reason
4928 of `UnsupportedValue`."
4929 enum:
4930 - ReplaceFullPath
4931 - ReplacePrefixMatch
4932 type: string
4933 required:
4934 - type
4935 type: object
4936 port:
4937 description: "Port is the port to be used in the value
4938 of the `Location` header in the response. When empty,
4939 port (if specified) of the request is used. \n Support:
4940 Extended"
4941 format: int32
4942 maximum: 65535
4943 minimum: 1
4944 type: integer
4945 scheme:
4946 description: "Scheme is the scheme to be used in the
4947 value of the `Location` header in the response.
4948 When empty, the scheme of the request is used. \n
4949 Support: Extended"
4950 enum:
4951 - http
4952 - https
4953 type: string
4954 statusCode:
4955 default: 302
4956 description: "StatusCode is the HTTP status code to
4957 be used in response. \n Support: Core"
4958 enum:
4959 - 301
4960 - 302
4961 type: integer
4962 type: object
4963 type:
4964 description: "Type identifies the type of filter to apply.
4965 As with other API fields, types are classified into
4966 three conformance levels: \n - Core: Filter types and
4967 their corresponding configuration defined by \"Support:
4968 Core\" in this package, e.g. \"RequestHeaderModifier\"."
4969 enum:
4970 - RequestHeaderModifier
4971 - RequestRedirect
4972 type: string
4973 required:
4974 - type
4975 type: object
4976 maxItems: 16
4977 type: array
4978 matches:
4979 default:
4980 - path:
4981 type: PathPrefix
4982 value: /
4983 description: "Matches define conditions used for matching the
4984 rule against incoming HTTP requests. Each match is independent,
4985 i.e. this rule will be matched if **any** one of the matches
4986 is satisfied. \n For example, take the following matches configuration:
4987 \n ``` matches: - path: value: \"/foo\" headers: -
4988 name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"
4989 ``` \n For a request to match against this rule, a request
4990 must satisfy EITHER of the two conditions: \n - path prefixed
4991 with `/foo` AND contains the header `version: v2` - path prefix
4992 of `/v2/foo` \n See the documentation for HTTPRouteMatch on
4993 how to specify multiple match conditions that should be ANDed
4994 together. \n If no matches are specified, the default is a
4995 prefix path match on \"/\", which has the effect of matching
4996 every HTTP request. \n Proxy or Load Balancer routing configuration
4997 generated from HTTPRoutes MUST prioritize rules based on the
4998 following criteria, continuing on ties. Precedence must be
4999 given to the the Rule with the largest number of: \n * Characters
5000 in a matching non-wildcard hostname. * Characters in a matching
5001 hostname. * Characters in a matching path. * Header matches.
5002 * Query param matches. \n If ties still exist across multiple
5003 Routes, matching precedence MUST be determined in order of
5004 the following criteria, continuing on ties: \n * The oldest
5005 Route based on creation timestamp. * The Route appearing first
5006 in alphabetical order by \"{namespace}/{name}\". \n If ties
5007 still exist within the Route that has been given precedence,
5008 matching precedence MUST be granted to the first matching
5009 rule meeting the above criteria. \n When no rules matching
5010 a request have been successfully attached to the parent a
5011 request is coming from, a HTTP 404 status code MUST be returned."
5012 items:
5013 description: "HTTPRouteMatch defines the predicate used to
5014 match requests to a given action. Multiple match types are
5015 ANDed together, i.e. the match will evaluate to true only
5016 if all conditions are satisfied. \n For example, the match
5017 below will match a HTTP request only if its path starts
5018 with `/foo` AND it contains the `version: v1` header: \n
5019 ``` match: path: value: \"/foo\" headers: - name:
5020 \"version\" value \"v1\" ```"
5021 properties:
5022 headers:
5023 description: Headers specifies HTTP request header matchers.
5024 Multiple match values are ANDed together, meaning, a
5025 request must match all the specified headers to select
5026 the route.
5027 items:
5028 description: HTTPHeaderMatch describes how to select
5029 a HTTP route by matching HTTP request headers.
5030 properties:
5031 name:
5032 description: "Name is the name of the HTTP Header
5033 to be matched. Name matching MUST be case insensitive.
5034 (See https://tools.ietf.org/html/rfc7230#section-3.2).
5035 \n If multiple entries specify equivalent header
5036 names, only the first entry with an equivalent
5037 name MUST be considered for a match. Subsequent
5038 entries with an equivalent header name MUST be
5039 ignored. Due to the case-insensitivity of header
5040 names, \"foo\" and \"Foo\" are considered equivalent.
5041 \n When a header is repeated in an HTTP request,
5042 it is implementation-specific behavior as to how
5043 this is represented. Generally, proxies should
5044 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
5045 regarding processing a repeated header, with special
5046 handling for \"Set-Cookie\"."
5047 maxLength: 256
5048 minLength: 1
5049 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5050 type: string
5051 type:
5052 default: Exact
5053 description: "Type specifies how to match against
5054 the value of the header. \n Support: Core (Exact)
5055 \n Support: Custom (RegularExpression) \n Since
5056 RegularExpression HeaderMatchType has custom conformance,
5057 implementations can support POSIX, PCRE or any
5058 other dialects of regular expressions. Please
5059 read the implementation's documentation to determine
5060 the supported dialect."
5061 enum:
5062 - Exact
5063 - RegularExpression
5064 type: string
5065 value:
5066 description: Value is the value of HTTP Header to
5067 be matched.
5068 maxLength: 4096
5069 minLength: 1
5070 type: string
5071 required:
5072 - name
5073 - value
5074 type: object
5075 maxItems: 16
5076 type: array
5077 x-kubernetes-list-map-keys:
5078 - name
5079 x-kubernetes-list-type: map
5080 method:
5081 description: "Method specifies HTTP method matcher. When
5082 specified, this route will be matched only if the request
5083 has the specified method. \n Support: Extended"
5084 enum:
5085 - GET
5086 - HEAD
5087 - POST
5088 - PUT
5089 - DELETE
5090 - CONNECT
5091 - OPTIONS
5092 - TRACE
5093 - PATCH
5094 type: string
5095 path:
5096 default:
5097 type: PathPrefix
5098 value: /
5099 description: Path specifies a HTTP request path matcher.
5100 If this field is not specified, a default prefix match
5101 on the "/" path is provided.
5102 properties:
5103 type:
5104 default: PathPrefix
5105 description: "Type specifies how to match against
5106 the path Value. \n Support: Core (Exact, PathPrefix)
5107 \n Support: Custom (RegularExpression)"
5108 enum:
5109 - Exact
5110 - PathPrefix
5111 - RegularExpression
5112 type: string
5113 value:
5114 default: /
5115 description: Value of the HTTP path to match against.
5116 maxLength: 1024
5117 type: string
5118 type: object
5119 queryParams:
5120 description: QueryParams specifies HTTP query parameter
5121 matchers. Multiple match values are ANDed together,
5122 meaning, a request must match all the specified query
5123 parameters to select the route.
5124 items:
5125 description: HTTPQueryParamMatch describes how to select
5126 a HTTP route by matching HTTP query parameters.
5127 properties:
5128 name:
5129 description: Name is the name of the HTTP query
5130 param to be matched. This must be an exact string
5131 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
5132 maxLength: 256
5133 minLength: 1
5134 type: string
5135 type:
5136 default: Exact
5137 description: "Type specifies how to match against
5138 the value of the query parameter. \n Support:
5139 Extended (Exact) \n Support: Custom (RegularExpression)
5140 \n Since RegularExpression QueryParamMatchType
5141 has custom conformance, implementations can support
5142 POSIX, PCRE or any other dialects of regular expressions.
5143 Please read the implementation's documentation
5144 to determine the supported dialect."
5145 enum:
5146 - Exact
5147 - RegularExpression
5148 type: string
5149 value:
5150 description: Value is the value of HTTP query param
5151 to be matched.
5152 maxLength: 1024
5153 minLength: 1
5154 type: string
5155 required:
5156 - name
5157 - value
5158 type: object
5159 maxItems: 16
5160 type: array
5161 x-kubernetes-list-map-keys:
5162 - name
5163 x-kubernetes-list-type: map
5164 type: object
5165 maxItems: 8
5166 type: array
5167 timeouts:
5168 description: "Timeouts defines the timeouts that can be configured
5169 for an HTTP request. \n Support: Core \n <gateway:experimental>"
5170 properties:
5171 backendRequest:
5172 description: "BackendRequest specifies a timeout for an
5173 individual request from the gateway to a backend service.
5174 Typically used in conjunction with automatic retries,
5175 if supported by an implementation. Default is the value
5176 of Request timeout. \n Support: Extended"
5177 format: duration
5178 type: string
5179 request:
5180 description: "Request specifies a timeout for responding
5181 to client HTTP requests, disabled by default. \n For example,
5182 the following rule will timeout if a client request is
5183 taking longer than 10 seconds to complete: \n ``` rules:
5184 - timeouts: request: 10s backendRefs: ... ``` \n Support:
5185 Core"
5186 format: duration
5187 type: string
5188 type: object
5189 type: object
5190 maxItems: 16
5191 type: array
5192 type: object
5193 status:
5194 description: Status defines the current state of HTTPRoute.
5195 properties:
5196 parents:
5197 description: "Parents is a list of parent resources (usually Gateways)
5198 that are associated with the route, and the status of the route
5199 with respect to each parent. When this route attaches to a parent,
5200 the controller that manages the parent must add an entry to this
5201 list when the controller first sees the route and should update
5202 the entry as appropriate when the route or gateway is modified.
5203 \n Note that parent references that cannot be resolved by an implementation
5204 of this API will not be added to this list. Implementations of this
5205 API can only populate Route status for the Gateways/parent resources
5206 they are responsible for. \n A maximum of 32 Gateways will be represented
5207 in this list. An empty list means the route has not been attached
5208 to any Gateway."
5209 items:
5210 description: RouteParentStatus describes the status of a route with
5211 respect to an associated Parent.
5212 properties:
5213 conditions:
5214 description: "Conditions describes the status of the route with
5215 respect to the Gateway. Note that the route's availability
5216 is also subject to the Gateway's own status conditions and
5217 listener status. \n If the Route's ParentRef specifies an
5218 existing Gateway that supports Routes of this kind AND that
5219 Gateway's controller has sufficient access, then that Gateway's
5220 controller MUST set the \"Accepted\" condition on the Route,
5221 to indicate whether the route has been accepted or rejected
5222 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
5223 if at least one of the Route's rules is implemented by the
5224 Gateway. \n There are a number of cases where the \"Accepted\"
5225 condition may not be set due to lack of controller visibility,
5226 that includes when: \n * The Route refers to a non-existent
5227 parent. * The Route is of a type that the controller does
5228 not support. * The Route is in a namespace the the controller
5229 does not have access to."
5230 items:
5231 description: "Condition contains details for one aspect of
5232 the current state of this API Resource. --- This struct
5233 is intended for direct use as an array at the field path
5234 .status.conditions. For example, type FooStatus struct{
5235 \ // Represents the observations of a foo's current state.
5236 \ // Known .status.conditions.type are: \"Available\",
5237 \"Progressing\", and \"Degraded\" // +patchMergeKey=type
5238 \ // +patchStrategy=merge // +listType=map //
5239 +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
5240 patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
5241 \n // other fields }"
5242 properties:
5243 lastTransitionTime:
5244 description: lastTransitionTime is the last time the condition
5245 transitioned from one status to another. This should
5246 be when the underlying condition changed. If that is
5247 not known, then using the time when the API field changed
5248 is acceptable.
5249 format: date-time
5250 type: string
5251 message:
5252 description: message is a human readable message indicating
5253 details about the transition. This may be an empty string.
5254 maxLength: 32768
5255 type: string
5256 observedGeneration:
5257 description: observedGeneration represents the .metadata.generation
5258 that the condition was set based upon. For instance,
5259 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
5260 is 9, the condition is out of date with respect to the
5261 current state of the instance.
5262 format: int64
5263 minimum: 0
5264 type: integer
5265 reason:
5266 description: reason contains a programmatic identifier
5267 indicating the reason for the condition's last transition.
5268 Producers of specific condition types may define expected
5269 values and meanings for this field, and whether the
5270 values are considered a guaranteed API. The value should
5271 be a CamelCase string. This field may not be empty.
5272 maxLength: 1024
5273 minLength: 1
5274 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
5275 type: string
5276 status:
5277 description: status of the condition, one of True, False,
5278 Unknown.
5279 enum:
5280 - "True"
5281 - "False"
5282 - Unknown
5283 type: string
5284 type:
5285 description: type of condition in CamelCase or in foo.example.com/CamelCase.
5286 --- Many .condition.type values are consistent across
5287 resources like Available, but because arbitrary conditions
5288 can be useful (see .node.status.conditions), the ability
5289 to deconflict is important. The regex it matches is
5290 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
5291 maxLength: 316
5292 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
5293 type: string
5294 required:
5295 - lastTransitionTime
5296 - message
5297 - reason
5298 - status
5299 - type
5300 type: object
5301 maxItems: 8
5302 minItems: 1
5303 type: array
5304 x-kubernetes-list-map-keys:
5305 - type
5306 x-kubernetes-list-type: map
5307 controllerName:
5308 description: "ControllerName is a domain/path string that indicates
5309 the name of the controller that wrote this status. This corresponds
5310 with the controllerName field on GatewayClass. \n Example:
5311 \"example.net/gateway-controller\". \n The format of this
5312 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
5313 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
5314 \n Controllers MUST populate this field when writing status.
5315 Controllers should ensure that entries to status populated
5316 with their ControllerName are cleaned up when they are no
5317 longer necessary."
5318 maxLength: 253
5319 minLength: 1
5320 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
5321 type: string
5322 parentRef:
5323 description: ParentRef corresponds with a ParentRef in the spec
5324 that this RouteParentStatus struct describes the status of.
5325 properties:
5326 group:
5327 default: policy.linkerd.io
5328 description: "Group is the group of the referent. \n Support:
5329 Core"
5330 maxLength: 253
5331 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5332 type: string
5333 kind:
5334 default: Gateway
5335 description: "Kind is kind of the referent. \n Support:
5336 Core (Gateway) Support: Custom (Other Resources)"
5337 maxLength: 63
5338 minLength: 1
5339 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5340 type: string
5341 name:
5342 description: "Name is the name of the referent. \n Support:
5343 Core"
5344 maxLength: 253
5345 minLength: 1
5346 type: string
5347 namespace:
5348 description: "Namespace is the namespace of the referent.
5349 When unspecified (or empty string), this refers to the
5350 local namespace of the Route. \n Support: Core"
5351 maxLength: 63
5352 minLength: 1
5353 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
5354 type: string
5355 port:
5356 description: "Port is the network port this Route targets.
5357 It can be interpreted differently based on the type of
5358 parent resource. \n When the parent resource is a Gateway,
5359 this targets all listeners listening on the specified
5360 port that also support this kind of Route(and select this
5361 Route). It's not recommended to set `Port` unless the
5362 networking behaviors specified in a Route must apply to
5363 a specific port as opposed to a listener(s) whose port(s)
5364 may be changed. When both Port and SectionName are specified,
5365 the name and port of the selected listener must match
5366 both specified values. \n Implementations MAY choose to
5367 support other parent resources. Implementations supporting
5368 other types of parent resources MUST clearly document
5369 how/if Port is interpreted. \n For the purpose of status,
5370 an attachment is considered successful as long as the
5371 parent resource accepts it partially. For example, Gateway
5372 listeners can restrict which Routes can attach to them
5373 by Route kind, namespace, or hostname. If 1 of 2 Gateway
5374 listeners accept attachment from the referencing Route,
5375 the Route MUST be considered successfully attached. If
5376 no Gateway listeners accept attachment from this Route,
5377 the Route MUST be considered detached from the Gateway.
5378 \n Support: Extended \n <gateway:experimental>"
5379 format: int32
5380 maximum: 65535
5381 minimum: 1
5382 type: integer
5383 sectionName:
5384 description: "SectionName is the name of a section within
5385 the target resource. In the following resources, SectionName
5386 is interpreted as the following: \n * Gateway: Listener
5387 Name. When both Port (experimental) and SectionName are
5388 specified, the name and port of the selected listener
5389 must match both specified values. \n Implementations MAY
5390 choose to support attaching Routes to other resources.
5391 If that is the case, they MUST clearly document how SectionName
5392 is interpreted. \n When unspecified (empty string), this
5393 will reference the entire resource. For the purpose of
5394 status, an attachment is considered successful if at least
5395 one section in the parent resource accepts it. For example,
5396 Gateway listeners can restrict which Routes can attach
5397 to them by Route kind, namespace, or hostname. If 1 of
5398 2 Gateway listeners accept attachment from the referencing
5399 Route, the Route MUST be considered successfully attached.
5400 If no Gateway listeners accept attachment from this Route,
5401 the Route MUST be considered detached from the Gateway.
5402 \n Support: Core"
5403 maxLength: 253
5404 minLength: 1
5405 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5406 type: string
5407 required:
5408 - name
5409 type: object
5410 required:
5411 - controllerName
5412 - parentRef
5413 type: object
5414 maxItems: 32
5415 type: array
5416 required:
5417 - parents
5418 type: object
5419 required:
5420 - spec
5421 type: object
5422 served: true
5423 storage: true
5424 subresources:
5425 status: {}
5426status:
5427 acceptedNames:
5428 kind: ""
5429 plural: ""
5430 conditions: []
5431 storedVersions: []
5432---
5433# Source: linkerd-crds/templates/policy/meshtls-authentication.yaml
5434---
5435apiVersion: apiextensions.k8s.io/v1
5436kind: CustomResourceDefinition
5437metadata:
5438 name: meshtlsauthentications.policy.linkerd.io
5439 annotations:
5440 linkerd.io/created-by: linkerd/helm linkerd-version
5441 labels:
5442 helm.sh/chart: linkerd-crds-
5443 linkerd.io/control-plane-ns: linkerd-dev
5444spec:
5445 group: policy.linkerd.io
5446 scope: Namespaced
5447 names:
5448 kind: MeshTLSAuthentication
5449 plural: meshtlsauthentications
5450 singular: meshtlsauthentication
5451 shortNames: [meshtlsauthn]
5452 versions:
5453 - name: v1alpha1
5454 served: true
5455 storage: true
5456 schema:
5457 openAPIV3Schema:
5458 type: object
5459 required: [spec]
5460 properties:
5461 spec:
5462 description: >-
5463 MeshTLSAuthentication defines a list of authenticated client IDs
5464 to be referenced by an `AuthorizationPolicy`. If a client
5465 connection has the mutually-authenticated identity that matches
5466 ANY of the of the provided identities, the connection is
5467 considered authenticated.
5468 type: object
5469 oneOf:
5470 - required: [identities]
5471 - required: [identityRefs]
5472 properties:
5473 identities:
5474 description: >-
5475 Authorizes clients with the provided proxy identity strings
5476 (as provided via MTLS)
5477
5478 The `*` prefix can be used to match all identities in
5479 a domain. An identity string of `*` indicates that
5480 all authentication clients are authorized.
5481 type: array
5482 minItems: 1
5483 items:
5484 type: string
5485 identityRefs:
5486 type: array
5487 minItems: 1
5488 items:
5489 type: object
5490 required:
5491 - kind
5492 properties:
5493 group:
5494 description: >-
5495 Group is the group of the referent. When empty, the
5496 Kubernetes core API group is inferred."
5497 maxLength: 253
5498 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5499 type: string
5500 kind:
5501 description: >-
5502 Kind is the kind of the referent.
5503 maxLength: 63
5504 minLength: 1
5505 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5506 type: string
5507 name:
5508 description: >-
5509 Name is the name of the referent. When unspecified,
5510 this refers to all resources of the specified Group
5511 and Kind in the specified namespace.
5512 maxLength: 253
5513 minLength: 1
5514 type: string
5515 namespace:
5516 description: >-
5517 Name is the name of the referent. When unspecified,
5518 this authentication refers to the local namespace.
5519 maxLength: 253
5520 type: string
5521---
5522# Source: linkerd-crds/templates/policy/network-authentication.yaml
5523---
5524apiVersion: apiextensions.k8s.io/v1
5525kind: CustomResourceDefinition
5526metadata:
5527 name: networkauthentications.policy.linkerd.io
5528 annotations:
5529 linkerd.io/created-by: linkerd/helm linkerd-version
5530 labels:
5531 helm.sh/chart: linkerd-crds-
5532 linkerd.io/control-plane-ns: linkerd-dev
5533spec:
5534 group: policy.linkerd.io
5535 scope: Namespaced
5536 names:
5537 kind: NetworkAuthentication
5538 plural: networkauthentications
5539 singular: networkauthentication
5540 shortNames: [netauthn, networkauthn]
5541 versions:
5542 - name: v1alpha1
5543 served: true
5544 storage: true
5545 schema:
5546 openAPIV3Schema:
5547 type: object
5548 required: [spec]
5549 properties:
5550 spec:
5551 description: >-
5552 NetworkAuthentication defines a list of authenticated client
5553 networks to be referenced by an `AuthorizationPolicy`. If a
5554 client connection originates from ANY of the of the provided
5555 networks, the connection is considered authenticated.
5556 type: object
5557 required: [networks]
5558 properties:
5559 networks:
5560 type: array
5561 items:
5562 type: object
5563 required: [cidr]
5564 properties:
5565 cidr:
5566 description: >-
5567 The CIDR of the network to be authorized.
5568 type: string
5569 except:
5570 description: >-
5571 A list of IP networks/addresses not to be included in
5572 the above `cidr`.
5573 type: array
5574 items:
5575 type: string
5576---
5577# Source: linkerd-crds/templates/policy/server-authorization.yaml
5578---
5579apiVersion: apiextensions.k8s.io/v1
5580kind: CustomResourceDefinition
5581metadata:
5582 name: serverauthorizations.policy.linkerd.io
5583 annotations:
5584 linkerd.io/created-by: linkerd/helm linkerd-version
5585 labels:
5586 helm.sh/chart: linkerd-crds-
5587 linkerd.io/control-plane-ns: linkerd-dev
5588spec:
5589 group: policy.linkerd.io
5590 scope: Namespaced
5591 names:
5592 kind: ServerAuthorization
5593 plural: serverauthorizations
5594 singular: serverauthorization
5595 shortNames: [saz, serverauthz, srvauthz]
5596 versions:
5597 - name: v1alpha1
5598 served: true
5599 storage: false
5600 deprecated: true
5601 deprecationWarning: "policy.linkerd.io/v1alpha1 ServerAuthorization is deprecated; use policy.linkerd.io/v1beta1 ServerAuthorization"
5602 schema:
5603 openAPIV3Schema:
5604 type: object
5605 required: [spec]
5606 properties:
5607 spec:
5608 description: >-
5609 Authorizes clients to communicate with Linkerd-proxied servers.
5610 type: object
5611 required: [server, client]
5612 properties:
5613 server:
5614 description: >-
5615 Identifies servers in the same namespace for which this
5616 authorization applies.
5617
5618 Only one of `name` or `selector` may be specified.
5619 type: object
5620 oneOf:
5621 - required: [name]
5622 - required: [selector]
5623 properties:
5624 name:
5625 description: References a `Server` instance by name
5626 type: string
5627 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5628 selector:
5629 description: >-
5630 A label query over servers on which this authorization applies.
5631 type: object
5632 properties:
5633 matchLabels:
5634 type: object
5635 x-kubernetes-preserve-unknown-fields: true
5636 matchExpressions:
5637 type: array
5638 items:
5639 type: object
5640 required: [key, operator]
5641 properties:
5642 key:
5643 type: string
5644 operator:
5645 type: string
5646 enum: [In, NotIn, Exists, DoesNotExist]
5647 values:
5648 type: array
5649 items:
5650 type: string
5651 client:
5652 description: Describes clients authorized to access a server.
5653 type: object
5654 properties:
5655 networks:
5656 description: >-
5657 Limits the client IP addresses to which this
5658 authorization applies. If unset, the server chooses a
5659 default (typically, all IPs or the cluster's pod
5660 network).
5661 type: array
5662 items:
5663 type: object
5664 required: [cidr]
5665 properties:
5666 cidr:
5667 type: string
5668 except:
5669 type: array
5670 items:
5671 type: string
5672 unauthenticated:
5673 description: >-
5674 Authorizes unauthenticated clients to access a server.
5675 type: boolean
5676 meshTLS:
5677 type: object
5678 properties:
5679 unauthenticatedTLS:
5680 type: boolean
5681 description: >-
5682 Indicates that no client identity is required for
5683 communication.
5684
5685 This is mostly important for the identity
5686 controller, which must terminate TLS connections
5687 from clients that do not yet have a certificate.
5688 identities:
5689 description: >-
5690 Authorizes clients with the provided proxy identity
5691 strings (as provided via MTLS)
5692
5693 The `*` prefix can be used to match all identities in
5694 a domain. An identity string of `*` indicates that
5695 all authentication clients are authorized.
5696 type: array
5697 items:
5698 type: string
5699 pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
5700 serviceAccounts:
5701 description: >-
5702 Authorizes clients with the provided proxy identity
5703 service accounts (as provided via MTLS)
5704 type: array
5705 items:
5706 type: object
5707 required: [name]
5708 properties:
5709 name:
5710 description: The ServiceAccount's name.
5711 type: string
5712 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5713 namespace:
5714 description: >-
5715 The ServiceAccount's namespace. If unset, the
5716 authorization's namespace is used.
5717 type: string
5718 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5719 - name: v1beta1
5720 served: true
5721 storage: true
5722 schema:
5723 openAPIV3Schema:
5724 type: object
5725 required: [spec]
5726 properties:
5727 spec:
5728 description: >-
5729 Authorizes clients to communicate with Linkerd-proxied servers.
5730 type: object
5731 required: [server, client]
5732 properties:
5733 server:
5734 description: >-
5735 Identifies servers in the same namespace for which this
5736 authorization applies.
5737
5738 Only one of `name` or `selector` may be specified.
5739 type: object
5740 oneOf:
5741 - required: [name]
5742 - required: [selector]
5743 properties:
5744 name:
5745 description: References a `Server` instance by name
5746 type: string
5747 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5748 selector:
5749 description: >-
5750 A label query over servers on which this authorization applies.
5751 type: object
5752 properties:
5753 matchLabels:
5754 type: object
5755 x-kubernetes-preserve-unknown-fields: true
5756 matchExpressions:
5757 type: array
5758 items:
5759 type: object
5760 required: [key, operator]
5761 properties:
5762 key:
5763 type: string
5764 operator:
5765 type: string
5766 enum: [In, NotIn, Exists, DoesNotExist]
5767 values:
5768 type: array
5769 items:
5770 type: string
5771 client:
5772 description: Describes clients authorized to access a server.
5773 type: object
5774 properties:
5775 networks:
5776 description: >-
5777 Limits the client IP addresses to which this
5778 authorization applies. If unset, the server chooses a
5779 default (typically, all IPs or the cluster's pod
5780 network).
5781 type: array
5782 items:
5783 type: object
5784 required: [cidr]
5785 properties:
5786 cidr:
5787 type: string
5788 except:
5789 type: array
5790 items:
5791 type: string
5792 unauthenticated:
5793 description: >-
5794 Authorizes unauthenticated clients to access a server.
5795 type: boolean
5796 meshTLS:
5797 type: object
5798 properties:
5799 unauthenticatedTLS:
5800 type: boolean
5801 description: >-
5802 Indicates that no client identity is required for
5803 communication.
5804
5805 This is mostly important for the identity
5806 controller, which must terminate TLS connections
5807 from clients that do not yet have a certificate.
5808 identities:
5809 description: >-
5810 Authorizes clients with the provided proxy identity
5811 strings (as provided via MTLS)
5812
5813 The `*` prefix can be used to match all identities in
5814 a domain. An identity string of `*` indicates that
5815 all authentication clients are authorized.
5816 type: array
5817 items:
5818 type: string
5819 pattern: '^(\*|[a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'
5820 serviceAccounts:
5821 description: >-
5822 Authorizes clients with the provided proxy identity
5823 service accounts (as provided via MTLS)
5824 type: array
5825 items:
5826 type: object
5827 required: [name]
5828 properties:
5829 name:
5830 description: The ServiceAccount's name.
5831 type: string
5832 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5833 namespace:
5834 description: >-
5835 The ServiceAccount's namespace. If unset, the
5836 authorization's namespace is used.
5837 type: string
5838 pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'
5839 additionalPrinterColumns:
5840 - name: Server
5841 type: string
5842 description: The server that this grants access to
5843 jsonPath: .spec.server.name
5844---
5845# Source: linkerd-crds/templates/policy/server.yaml
5846---
5847apiVersion: apiextensions.k8s.io/v1
5848kind: CustomResourceDefinition
5849metadata:
5850 name: servers.policy.linkerd.io
5851 annotations:
5852 linkerd.io/created-by: linkerd/helm linkerd-version
5853 labels:
5854 helm.sh/chart: linkerd-crds-
5855 linkerd.io/control-plane-ns: linkerd-dev
5856spec:
5857 group: policy.linkerd.io
5858 names:
5859 kind: Server
5860 plural: servers
5861 singular: server
5862 shortNames: [srv]
5863 scope: Namespaced
5864 versions:
5865 - name: v1alpha1
5866 served: true
5867 storage: false
5868 deprecated: true
5869 deprecationWarning: "policy.linkerd.io/v1alpha1 Server is deprecated; use policy.linkerd.io/v1beta1 Server"
5870 schema:
5871 openAPIV3Schema:
5872 type: object
5873 required: [spec]
5874 properties:
5875 spec:
5876 type: object
5877 required:
5878 - podSelector
5879 - port
5880 properties:
5881 podSelector:
5882 type: object
5883 description: >-
5884 Selects pods in the same namespace.
5885 oneOf:
5886 - required: [matchExpressions]
5887 - required: [matchLabels]
5888 properties:
5889 matchLabels:
5890 type: object
5891 x-kubernetes-preserve-unknown-fields: true
5892 matchExpressions:
5893 type: array
5894 items:
5895 type: object
5896 required: [key, operator]
5897 properties:
5898 key:
5899 type: string
5900 operator:
5901 type: string
5902 enum: [In, NotIn, Exists, DoesNotExist]
5903 values:
5904 type: array
5905 items:
5906 type: string
5907 port:
5908 description: >-
5909 A port name or number. Must exist in a pod spec.
5910 x-kubernetes-int-or-string: true
5911 proxyProtocol:
5912 description: >-
5913 Configures protocol discovery for inbound connections.
5914
5915 Supersedes the `config.linkerd.io/opaque-ports` annotation.
5916 type: string
5917 default: unknown
5918 - name: v1beta1
5919 served: true
5920 storage: false
5921 deprecated: true
5922 deprecationWarning: "policy.linkerd.io/v1alpha1 Server is deprecated; use policy.linkerd.io/v1beta2 Server"
5923 schema:
5924 openAPIV3Schema:
5925 type: object
5926 required: [spec]
5927 properties:
5928 spec:
5929 type: object
5930 required:
5931 - podSelector
5932 - port
5933 properties:
5934 podSelector:
5935 type: object
5936 description: >-
5937 Selects pods in the same namespace.
5938
5939 The result of matchLabels and matchExpressions are ANDed.
5940 Selects all if empty.
5941 properties:
5942 matchLabels:
5943 type: object
5944 x-kubernetes-preserve-unknown-fields: true
5945 matchExpressions:
5946 type: array
5947 items:
5948 type: object
5949 required: [key, operator]
5950 properties:
5951 key:
5952 type: string
5953 operator:
5954 type: string
5955 enum: [In, NotIn, Exists, DoesNotExist]
5956 values:
5957 type: array
5958 items:
5959 type: string
5960 port:
5961 description: >-
5962 A port name or number. Must exist in a pod spec.
5963 x-kubernetes-int-or-string: true
5964 proxyProtocol:
5965 description: >-
5966 Configures protocol discovery for inbound connections.
5967
5968 Supersedes the `config.linkerd.io/opaque-ports` annotation.
5969 type: string
5970 default: unknown
5971 additionalPrinterColumns:
5972 - name: Port
5973 type: string
5974 description: The port the server is listening on
5975 jsonPath: .spec.port
5976 - name: Protocol
5977 type: string
5978 description: The protocol of the server
5979 jsonPath: .spec.proxyProtocol
5980 - name: v1beta2
5981 served: true
5982 storage: true
5983 schema:
5984 openAPIV3Schema:
5985 type: object
5986 required: [spec]
5987 properties:
5988 spec:
5989 type: object
5990 required:
5991 - port
5992 oneOf:
5993 - required: [podSelector]
5994 - required: [externalWorkloadSelector]
5995 properties:
5996 podSelector:
5997 type: object
5998 description: >-
5999 Selects pods in the same namespace.
6000
6001 The result of matchLabels and matchExpressions are ANDed.
6002 Selects all if empty.
6003 properties:
6004 matchLabels:
6005 type: object
6006 x-kubernetes-preserve-unknown-fields: true
6007 matchExpressions:
6008 type: array
6009 items:
6010 type: object
6011 required: [key, operator]
6012 properties:
6013 key:
6014 type: string
6015 operator:
6016 type: string
6017 enum: [In, NotIn, Exists, DoesNotExist]
6018 values:
6019 type: array
6020 items:
6021 type: string
6022 externalWorkloadSelector:
6023 type: object
6024 description: >-
6025 Selects ExternalWorkloads in the same namespace.
6026
6027 The result of matchLabels and matchExpressions are ANDed.
6028 Selects all if empty.
6029 properties:
6030 matchLabels:
6031 type: object
6032 x-kubernetes-preserve-unknown-fields: true
6033 matchExpressions:
6034 type: array
6035 items:
6036 type: object
6037 required: [key, operator]
6038 properties:
6039 key:
6040 type: string
6041 operator:
6042 type: string
6043 enum: [In, NotIn, Exists, DoesNotExist]
6044 values:
6045 type: array
6046 items:
6047 type: string
6048 port:
6049 description: >-
6050 A port name or number. Must exist in a pod spec.
6051 x-kubernetes-int-or-string: true
6052 proxyProtocol:
6053 description: >-
6054 Configures protocol discovery for inbound connections.
6055
6056 Supersedes the `config.linkerd.io/opaque-ports` annotation.
6057 type: string
6058 default: unknown
6059 additionalPrinterColumns:
6060 - name: Port
6061 type: string
6062 description: The port the server is listening on
6063 jsonPath: .spec.port
6064 - name: Protocol
6065 type: string
6066 description: The protocol of the server
6067 jsonPath: .spec.proxyProtocol
6068---
6069# Source: linkerd-crds/templates/serviceprofile.yaml
6070---
6071###
6072### Service Profile CRD
6073###
6074apiVersion: apiextensions.k8s.io/v1
6075kind: CustomResourceDefinition
6076metadata:
6077 name: serviceprofiles.linkerd.io
6078 annotations:
6079 linkerd.io/created-by: linkerd/helm linkerd-version
6080 labels:
6081 helm.sh/chart: linkerd-crds-
6082 linkerd.io/control-plane-ns: linkerd-dev
6083spec:
6084 group: linkerd.io
6085 versions:
6086 - name: v1alpha1
6087 served: true
6088 storage: false
6089 schema:
6090 openAPIV3Schema:
6091 type: object
6092 properties:
6093 spec:
6094 type: object
6095 description: Spec is the custom resource spec
6096 required:
6097 - routes
6098 properties:
6099 dstOverrides:
6100 type: array
6101 required:
6102 - authority
6103 - weight
6104 items:
6105 type: object
6106 description: WeightedDst is a weighted alternate destination.
6107 properties:
6108 authority:
6109 type: string
6110 weight:
6111 x-kubernetes-int-or-string: true
6112 anyOf:
6113 - type: integer
6114 - type: string
6115 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6116 opaquePorts:
6117 type: array
6118 items:
6119 type: string
6120 retryBudget:
6121 type: object
6122 required:
6123 - minRetriesPerSecond
6124 - retryRatio
6125 - ttl
6126 description: RetryBudget describes the maximum number of retries that should be issued to this service.
6127 properties:
6128 minRetriesPerSecond:
6129 format: int32
6130 type: integer
6131 retryRatio:
6132 type: number
6133 format: float
6134 ttl:
6135 type: string
6136 routes:
6137 type: array
6138 items:
6139 type: object
6140 description: RouteSpec specifies a Route resource.
6141 required:
6142 - condition
6143 - name
6144 properties:
6145 condition:
6146 type: object
6147 description: RequestMatch describes the conditions under which to match a Route.
6148 properties:
6149 pathRegex:
6150 type: string
6151 method:
6152 type: string
6153 all:
6154 type: array
6155 items:
6156 type: object
6157 x-kubernetes-preserve-unknown-fields: true
6158 any:
6159 type: array
6160 items:
6161 type: object
6162 x-kubernetes-preserve-unknown-fields: true
6163 not:
6164 type: array
6165 items:
6166 type: object
6167 x-kubernetes-preserve-unknown-fields: true
6168 isRetryable:
6169 type: boolean
6170 name:
6171 type: string
6172 timeout:
6173 type: string
6174 responseClasses:
6175 type: array
6176 items:
6177 type: object
6178 required:
6179 - condition
6180 description: ResponseClass describes how to classify a response (e.g. success or failures).
6181 properties:
6182 condition:
6183 type: object
6184 description: ResponseMatch describes the conditions under
6185 which to classify a response.
6186 properties:
6187 all:
6188 type: array
6189 items:
6190 type: object
6191 x-kubernetes-preserve-unknown-fields: true
6192 any:
6193 type: array
6194 items:
6195 type: object
6196 x-kubernetes-preserve-unknown-fields: true
6197 not:
6198 type: object
6199 x-kubernetes-preserve-unknown-fields: true
6200 status:
6201 type: object
6202 description: Range describes a range of integers (e.g. status codes).
6203 properties:
6204 max:
6205 format: int32
6206 type: integer
6207 min:
6208 format: int32
6209 type: integer
6210 isFailure:
6211 type: boolean
6212 - name: v1alpha2
6213 served: true
6214 storage: true
6215 schema:
6216 openAPIV3Schema:
6217 type: object
6218 properties:
6219 spec:
6220 type: object
6221 description: Spec is the custom resource spec
6222 properties:
6223 dstOverrides:
6224 type: array
6225 required:
6226 - authority
6227 - weight
6228 items:
6229 type: object
6230 description: WeightedDst is a weighted alternate destination.
6231 properties:
6232 authority:
6233 type: string
6234 weight:
6235 x-kubernetes-int-or-string: true
6236 anyOf:
6237 - type: integer
6238 - type: string
6239 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
6240 opaquePorts:
6241 type: array
6242 items:
6243 type: string
6244 retryBudget:
6245 type: object
6246 required:
6247 - minRetriesPerSecond
6248 - retryRatio
6249 - ttl
6250 description: RetryBudget describes the maximum number of retries that should be issued to this service.
6251 properties:
6252 minRetriesPerSecond:
6253 format: int32
6254 type: integer
6255 retryRatio:
6256 type: number
6257 format: float
6258 ttl:
6259 type: string
6260 routes:
6261 type: array
6262 items:
6263 type: object
6264 description: RouteSpec specifies a Route resource.
6265 required:
6266 - condition
6267 - name
6268 properties:
6269 condition:
6270 type: object
6271 description: RequestMatch describes the conditions under which to match a Route.
6272 properties:
6273 pathRegex:
6274 type: string
6275 method:
6276 type: string
6277 all:
6278 type: array
6279 items:
6280 type: object
6281 x-kubernetes-preserve-unknown-fields: true
6282 any:
6283 type: array
6284 items:
6285 type: object
6286 x-kubernetes-preserve-unknown-fields: true
6287 not:
6288 type: array
6289 items:
6290 type: object
6291 x-kubernetes-preserve-unknown-fields: true
6292 isRetryable:
6293 type: boolean
6294 name:
6295 type: string
6296 timeout:
6297 type: string
6298 responseClasses:
6299 type: array
6300 items:
6301 type: object
6302 required:
6303 - condition
6304 description: ResponseClass describes how to classify a response (e.g. success or failures).
6305 properties:
6306 condition:
6307 type: object
6308 description: ResponseMatch describes the conditions under
6309 which to classify a response.
6310 properties:
6311 all:
6312 type: array
6313 items:
6314 type: object
6315 x-kubernetes-preserve-unknown-fields: true
6316 any:
6317 type: array
6318 items:
6319 type: object
6320 x-kubernetes-preserve-unknown-fields: true
6321 not:
6322 type: object
6323 x-kubernetes-preserve-unknown-fields: true
6324 status:
6325 type: object
6326 description: Range describes a range of integers (e.g. status codes).
6327 properties:
6328 max:
6329 format: int32
6330 type: integer
6331 min:
6332 format: int32
6333 type: integer
6334 isFailure:
6335 type: boolean
6336 scope: Namespaced
6337 preserveUnknownFields: false
6338 names:
6339 plural: serviceprofiles
6340 singular: serviceprofile
6341 kind: ServiceProfile
6342 shortNames:
6343 - sp
6344---
6345# Source: linkerd-crds/templates/gateway.networking.k8s.io_httproutes.yaml
6346
6347---
6348apiVersion: apiextensions.k8s.io/v1
6349kind: CustomResourceDefinition
6350metadata:
6351 annotations:
6352 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
6353 gateway.networking.k8s.io/bundle-version: v0.7.1
6354 gateway.networking.k8s.io/channel: experimental
6355 linkerd.io/created-by: linkerd/helm linkerd-version
6356 labels:
6357 helm.sh/chart: linkerd-crds-
6358 linkerd.io/control-plane-ns: linkerd-dev
6359 creationTimestamp: null
6360 name: httproutes.gateway.networking.k8s.io
6361spec:
6362 group: gateway.networking.k8s.io
6363 names:
6364 categories:
6365 - gateway-api
6366 kind: HTTPRoute
6367 listKind: HTTPRouteList
6368 plural: httproutes
6369 singular: httproute
6370 scope: Namespaced
6371 versions:
6372 - additionalPrinterColumns:
6373 - jsonPath: .spec.hostnames
6374 name: Hostnames
6375 type: string
6376 - jsonPath: .metadata.creationTimestamp
6377 name: Age
6378 type: date
6379 deprecated: true
6380 deprecationWarning: The v1alpha2 version of HTTPRoute has been deprecated and
6381 will be removed in a future release of the API. Please upgrade to v1beta1.
6382 name: v1alpha2
6383 schema:
6384 openAPIV3Schema:
6385 description: HTTPRoute provides a way to route HTTP requests. This includes
6386 the capability to match requests by hostname, path, header, or query param.
6387 Filters can be used to specify additional processing steps. Backends specify
6388 where matching requests should be routed.
6389 properties:
6390 apiVersion:
6391 description: 'APIVersion defines the versioned schema of this representation
6392 of an object. Servers should convert recognized schemas to the latest
6393 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
6394 type: string
6395 kind:
6396 description: 'Kind is a string value representing the REST resource this
6397 object represents. Servers may infer this from the endpoint the client
6398 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
6399 type: string
6400 metadata:
6401 type: object
6402 spec:
6403 description: Spec defines the desired state of HTTPRoute.
6404 properties:
6405 hostnames:
6406 description: "Hostnames defines a set of hostname that should match
6407 against the HTTP Host header to select a HTTPRoute used to process
6408 the request. Implementations MUST ignore any port value specified
6409 in the HTTP Host header while performing a match. \n Valid values
6410 for Hostnames are determined by RFC 1123 definition of a hostname
6411 with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
6412 may be prefixed with a wildcard label (`*.`). The wildcard label
6413 must appear by itself as the first label. \n If a hostname is specified
6414 by both the Listener and HTTPRoute, there must be at least one intersecting
6415 hostname for the HTTPRoute to be attached to the Listener. For example:
6416 \n * A Listener with `test.example.com` as the hostname matches
6417 HTTPRoutes that have either not specified any hostnames, or have
6418 specified at least one of `test.example.com` or `*.example.com`.
6419 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
6420 that have either not specified any hostnames or have specified at
6421 least one hostname that matches the Listener hostname. For example,
6422 `*.example.com`, `test.example.com`, and `foo.test.example.com`
6423 would all match. On the other hand, `example.com` and `test.example.net`
6424 would not match. \n Hostnames that are prefixed with a wildcard
6425 label (`*.`) are interpreted as a suffix match. That means that
6426 a match for `*.example.com` would match both `test.example.com`,
6427 and `foo.test.example.com`, but not `example.com`. \n If both the
6428 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
6429 that do not match the Listener hostname MUST be ignored. For example,
6430 if a Listener specified `*.example.com`, and the HTTPRoute specified
6431 `test.example.com` and `test.example.net`, `test.example.net` must
6432 not be considered for a match. \n If both the Listener and HTTPRoute
6433 have specified hostnames, and none match with the criteria above,
6434 then the HTTPRoute is not accepted. The implementation must raise
6435 an 'Accepted' Condition with a status of `False` in the corresponding
6436 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
6437 intersecting hostnames (e.g. overlapping wildcard matching and exact
6438 matching hostnames), precedence must be given to rules from the
6439 HTTPRoute with the largest number of: \n * Characters in a matching
6440 non-wildcard hostname. * Characters in a matching hostname. \n If
6441 ties exist across multiple Routes, the matching precedence rules
6442 for HTTPRouteMatches takes over. \n Support: Core"
6443 items:
6444 description: "Hostname is the fully qualified domain name of a network
6445 host. This matches the RFC 1123 definition of a hostname with
6446 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
6447 may be prefixed with a wildcard label (`*.`). The wildcard label
6448 must appear by itself as the first label. \n Hostname can be \"precise\"
6449 which is a domain name without the terminating dot of a network
6450 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
6451 name prefixed with a single wildcard label (e.g. `*.example.com`).
6452 \n Note that as per RFC1035 and RFC1123, a *label* must consist
6453 of lower case alphanumeric characters or '-', and must start and
6454 end with an alphanumeric character. No other punctuation is allowed."
6455 maxLength: 253
6456 minLength: 1
6457 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6458 type: string
6459 maxItems: 16
6460 type: array
6461 parentRefs:
6462 description: "ParentRefs references the resources (usually Gateways)
6463 that a Route wants to be attached to. Note that the referenced parent
6464 resource needs to allow this for the attachment to be complete.
6465 For Gateways, that means the Gateway needs to allow attachment from
6466 Routes of this kind and namespace. \n The only kind of parent resource
6467 with \"Core\" support is Gateway. This API may be extended in the
6468 future to support additional kinds of parent resources such as one
6469 of the route kinds. \n It is invalid to reference an identical parent
6470 more than once. It is valid to reference multiple distinct sections
6471 within the same parent resource, such as 2 Listeners within a Gateway.
6472 \n It is possible to separately reference multiple distinct objects
6473 that may be collapsed by an implementation. For example, some implementations
6474 may choose to merge compatible Gateway Listeners together. If that
6475 is the case, the list of routes attached to those resources should
6476 also be merged. \n Note that for ParentRefs that cross namespace
6477 boundaries, there are specific rules. Cross-namespace references
6478 are only valid if they are explicitly allowed by something in the
6479 namespace they are referring to. For example, Gateway has the AllowedRoutes
6480 field, and ReferenceGrant provides a generic way to enable any other
6481 kind of cross-namespace reference."
6482 items:
6483 description: "ParentReference identifies an API object (usually
6484 a Gateway) that can be considered a parent of this resource (usually
6485 a route). The only kind of parent resource with \"Core\" support
6486 is Gateway. This API may be extended in the future to support
6487 additional kinds of parent resources, such as HTTPRoute. \n The
6488 API object must be valid in the cluster; the Group and Kind must
6489 be registered in the cluster for this reference to be valid."
6490 properties:
6491 group:
6492 default: gateway.networking.k8s.io
6493 description: "Group is the group of the referent. When unspecified,
6494 \"gateway.networking.k8s.io\" is inferred. To set the core
6495 API group (such as for a \"Service\" kind referent), Group
6496 must be explicitly set to \"\" (empty string). \n Support:
6497 Core"
6498 maxLength: 253
6499 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6500 type: string
6501 kind:
6502 default: Gateway
6503 description: "Kind is kind of the referent. \n Support: Core
6504 (Gateway) \n Support: Implementation-specific (Other Resources)"
6505 maxLength: 63
6506 minLength: 1
6507 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
6508 type: string
6509 name:
6510 description: "Name is the name of the referent. \n Support:
6511 Core"
6512 maxLength: 253
6513 minLength: 1
6514 type: string
6515 namespace:
6516 description: "Namespace is the namespace of the referent. When
6517 unspecified, this refers to the local namespace of the Route.
6518 \n Note that there are specific rules for ParentRefs which
6519 cross namespace boundaries. Cross-namespace references are
6520 only valid if they are explicitly allowed by something in
6521 the namespace they are referring to. For example: Gateway
6522 has the AllowedRoutes field, and ReferenceGrant provides a
6523 generic way to enable any other kind of cross-namespace reference.
6524 \n Support: Core"
6525 maxLength: 63
6526 minLength: 1
6527 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
6528 type: string
6529 port:
6530 description: "Port is the network port this Route targets. It
6531 can be interpreted differently based on the type of parent
6532 resource. \n When the parent resource is a Gateway, this targets
6533 all listeners listening on the specified port that also support
6534 this kind of Route(and select this Route). It's not recommended
6535 to set `Port` unless the networking behaviors specified in
6536 a Route must apply to a specific port as opposed to a listener(s)
6537 whose port(s) may be changed. When both Port and SectionName
6538 are specified, the name and port of the selected listener
6539 must match both specified values. \n Implementations MAY choose
6540 to support other parent resources. Implementations supporting
6541 other types of parent resources MUST clearly document how/if
6542 Port is interpreted. \n For the purpose of status, an attachment
6543 is considered successful as long as the parent resource accepts
6544 it partially. For example, Gateway listeners can restrict
6545 which Routes can attach to them by Route kind, namespace,
6546 or hostname. If 1 of 2 Gateway listeners accept attachment
6547 from the referencing Route, the Route MUST be considered successfully
6548 attached. If no Gateway listeners accept attachment from this
6549 Route, the Route MUST be considered detached from the Gateway.
6550 \n Support: Extended \n <gateway:experimental>"
6551 format: int32
6552 maximum: 65535
6553 minimum: 1
6554 type: integer
6555 sectionName:
6556 description: "SectionName is the name of a section within the
6557 target resource. In the following resources, SectionName is
6558 interpreted as the following: \n * Gateway: Listener Name.
6559 When both Port (experimental) and SectionName are specified,
6560 the name and port of the selected listener must match both
6561 specified values. \n Implementations MAY choose to support
6562 attaching Routes to other resources. If that is the case,
6563 they MUST clearly document how SectionName is interpreted.
6564 \n When unspecified (empty string), this will reference the
6565 entire resource. For the purpose of status, an attachment
6566 is considered successful if at least one section in the parent
6567 resource accepts it. For example, Gateway listeners can restrict
6568 which Routes can attach to them by Route kind, namespace,
6569 or hostname. If 1 of 2 Gateway listeners accept attachment
6570 from the referencing Route, the Route MUST be considered successfully
6571 attached. If no Gateway listeners accept attachment from this
6572 Route, the Route MUST be considered detached from the Gateway.
6573 \n Support: Core"
6574 maxLength: 253
6575 minLength: 1
6576 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6577 type: string
6578 required:
6579 - name
6580 type: object
6581 maxItems: 32
6582 type: array
6583 rules:
6584 default:
6585 - matches:
6586 - path:
6587 type: PathPrefix
6588 value: /
6589 description: Rules are a list of HTTP matchers, filters and actions.
6590 items:
6591 description: HTTPRouteRule defines semantics for matching an HTTP
6592 request based on conditions (matches), processing it (filters),
6593 and forwarding the request to an API object (backendRefs).
6594 properties:
6595 backendRefs:
6596 description: "BackendRefs defines the backend(s) where matching
6597 requests should be sent. \n Failure behavior here depends
6598 on how many BackendRefs are specified and how many are invalid.
6599 \n If *all* entries in BackendRefs are invalid, and there
6600 are also no filters specified in this route rule, *all* traffic
6601 which matches this rule MUST receive a 500 status code. \n
6602 See the HTTPBackendRef definition for the rules about what
6603 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
6604 is invalid, 500 status codes MUST be returned for requests
6605 that would have otherwise been routed to an invalid backend.
6606 If multiple backends are specified, and some are invalid,
6607 the proportion of requests that would otherwise have been
6608 routed to an invalid backend MUST receive a 500 status code.
6609 \n For example, if two backends are specified with equal weights,
6610 and one is invalid, 50 percent of traffic must receive a 500.
6611 Implementations may choose how that 50 percent is determined.
6612 \n Support: Core for Kubernetes Service \n Support: Extended
6613 for Kubernetes ServiceImport \n Support: Implementation-specific
6614 for any other resource \n Support for weight: Core"
6615 items:
6616 description: HTTPBackendRef defines how a HTTPRoute should
6617 forward an HTTP request.
6618 properties:
6619 filters:
6620 description: "Filters defined at this level should be
6621 executed if and only if the request is being forwarded
6622 to the backend defined here. \n Support: Implementation-specific
6623 (For broader support of filters, use the Filters field
6624 in HTTPRouteRule.)"
6625 items:
6626 description: HTTPRouteFilter defines processing steps
6627 that must be completed during the request or response
6628 lifecycle. HTTPRouteFilters are meant as an extension
6629 point to express processing that may be done in Gateway
6630 implementations. Some examples include request or
6631 response modification, implementing authentication
6632 strategies, rate-limiting, and traffic shaping. API
6633 guarantee/conformance is defined based on the type
6634 of the filter.
6635 properties:
6636 extensionRef:
6637 description: "ExtensionRef is an optional, implementation-specific
6638 extension to the \"filter\" behavior. For example,
6639 resource \"myroutefilter\" in group \"networking.example.net\").
6640 ExtensionRef MUST NOT be used for core and extended
6641 filters. \n Support: Implementation-specific"
6642 properties:
6643 group:
6644 description: Group is the group of the referent.
6645 For example, "gateway.networking.k8s.io".
6646 When unspecified or empty string, core API
6647 group is inferred.
6648 maxLength: 253
6649 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6650 type: string
6651 kind:
6652 description: Kind is kind of the referent. For
6653 example "HTTPRoute" or "Service".
6654 maxLength: 63
6655 minLength: 1
6656 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
6657 type: string
6658 name:
6659 description: Name is the name of the referent.
6660 maxLength: 253
6661 minLength: 1
6662 type: string
6663 required:
6664 - group
6665 - kind
6666 - name
6667 type: object
6668 requestHeaderModifier:
6669 description: "RequestHeaderModifier defines a schema
6670 for a filter that modifies request headers. \n
6671 Support: Core"
6672 properties:
6673 add:
6674 description: "Add adds the given header(s) (name,
6675 value) to the request before the action. It
6676 appends to any existing values associated
6677 with the header name. \n Input: GET /foo HTTP/1.1
6678 my-header: foo \n Config: add: - name: \"my-header\"
6679 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
6680 my-header: foo,bar,baz"
6681 items:
6682 description: HTTPHeader represents an HTTP
6683 Header name and value as defined by RFC
6684 7230.
6685 properties:
6686 name:
6687 description: "Name is the name of the
6688 HTTP Header to be matched. Name matching
6689 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
6690 \n If multiple entries specify equivalent
6691 header names, the first entry with an
6692 equivalent name MUST be considered for
6693 a match. Subsequent entries with an
6694 equivalent header name MUST be ignored.
6695 Due to the case-insensitivity of header
6696 names, \"foo\" and \"Foo\" are considered
6697 equivalent."
6698 maxLength: 256
6699 minLength: 1
6700 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
6701 type: string
6702 value:
6703 description: Value is the value of HTTP
6704 Header to be matched.
6705 maxLength: 4096
6706 minLength: 1
6707 type: string
6708 required:
6709 - name
6710 - value
6711 type: object
6712 maxItems: 16
6713 type: array
6714 x-kubernetes-list-map-keys:
6715 - name
6716 x-kubernetes-list-type: map
6717 remove:
6718 description: "Remove the given header(s) from
6719 the HTTP request before the action. The value
6720 of Remove is a list of HTTP header names.
6721 Note that the header names are case-insensitive
6722 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
6723 \n Input: GET /foo HTTP/1.1 my-header1: foo
6724 my-header2: bar my-header3: baz \n Config:
6725 remove: [\"my-header1\", \"my-header3\"] \n
6726 Output: GET /foo HTTP/1.1 my-header2: bar"
6727 items:
6728 type: string
6729 maxItems: 16
6730 type: array
6731 set:
6732 description: "Set overwrites the request with
6733 the given header (name, value) before the
6734 action. \n Input: GET /foo HTTP/1.1 my-header:
6735 foo \n Config: set: - name: \"my-header\"
6736 value: \"bar\" \n Output: GET /foo HTTP/1.1
6737 my-header: bar"
6738 items:
6739 description: HTTPHeader represents an HTTP
6740 Header name and value as defined by RFC
6741 7230.
6742 properties:
6743 name:
6744 description: "Name is the name of the
6745 HTTP Header to be matched. Name matching
6746 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
6747 \n If multiple entries specify equivalent
6748 header names, the first entry with an
6749 equivalent name MUST be considered for
6750 a match. Subsequent entries with an
6751 equivalent header name MUST be ignored.
6752 Due to the case-insensitivity of header
6753 names, \"foo\" and \"Foo\" are considered
6754 equivalent."
6755 maxLength: 256
6756 minLength: 1
6757 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
6758 type: string
6759 value:
6760 description: Value is the value of HTTP
6761 Header to be matched.
6762 maxLength: 4096
6763 minLength: 1
6764 type: string
6765 required:
6766 - name
6767 - value
6768 type: object
6769 maxItems: 16
6770 type: array
6771 x-kubernetes-list-map-keys:
6772 - name
6773 x-kubernetes-list-type: map
6774 type: object
6775 requestMirror:
6776 description: "RequestMirror defines a schema for
6777 a filter that mirrors requests. Requests are sent
6778 to the specified destination, but responses from
6779 that destination are ignored. \n Support: Extended"
6780 properties:
6781 backendRef:
6782 description: "BackendRef references a resource
6783 where mirrored requests are sent. \n If the
6784 referent cannot be found, this BackendRef
6785 is invalid and must be dropped from the Gateway.
6786 The controller must ensure the \"ResolvedRefs\"
6787 condition on the Route status is set to `status:
6788 False` and not configure this backend in the
6789 underlying implementation. \n If there is
6790 a cross-namespace reference to an *existing*
6791 object that is not allowed by a ReferenceGrant,
6792 the controller must ensure the \"ResolvedRefs\"
6793 \ condition on the Route is set to `status:
6794 False`, with the \"RefNotPermitted\" reason
6795 and not configure this backend in the underlying
6796 implementation. \n In either error case, the
6797 Message of the `ResolvedRefs` Condition should
6798 be used to provide more detail about the problem.
6799 \n Support: Extended for Kubernetes Service
6800 \n Support: Implementation-specific for any
6801 other resource"
6802 properties:
6803 group:
6804 default: ""
6805 description: Group is the group of the referent.
6806 For example, "gateway.networking.k8s.io".
6807 When unspecified or empty string, core
6808 API group is inferred.
6809 maxLength: 253
6810 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6811 type: string
6812 kind:
6813 default: Service
6814 description: "Kind is the Kubernetes resource
6815 kind of the referent. For example \"Service\".
6816 \n Defaults to \"Service\" when not specified.
6817 \n ExternalName services can refer to
6818 CNAME DNS records that may live outside
6819 of the cluster and as such are difficult
6820 to reason about in terms of conformance.
6821 They also may not be safe to forward to
6822 (see CVE-2021-25740 for more information).
6823 Implementations SHOULD NOT support ExternalName
6824 Services. \n Support: Core (Services with
6825 a type other than ExternalName) \n Support:
6826 Implementation-specific (Services with
6827 type ExternalName)"
6828 maxLength: 63
6829 minLength: 1
6830 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
6831 type: string
6832 name:
6833 description: Name is the name of the referent.
6834 maxLength: 253
6835 minLength: 1
6836 type: string
6837 namespace:
6838 description: "Namespace is the namespace
6839 of the backend. When unspecified, the
6840 local namespace is inferred. \n Note that
6841 when a namespace different than the local
6842 namespace is specified, a ReferenceGrant
6843 object is required in the referent namespace
6844 to allow that namespace's owner to accept
6845 the reference. See the ReferenceGrant
6846 documentation for details. \n Support:
6847 Core"
6848 maxLength: 63
6849 minLength: 1
6850 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
6851 type: string
6852 port:
6853 description: Port specifies the destination
6854 port number to use for this resource.
6855 Port is required when the referent is
6856 a Kubernetes Service. In this case, the
6857 port number is the service port number,
6858 not the target port. For other resources,
6859 destination port might be derived from
6860 the referent resource or this field.
6861 format: int32
6862 maximum: 65535
6863 minimum: 1
6864 type: integer
6865 required:
6866 - name
6867 type: object
6868 required:
6869 - backendRef
6870 type: object
6871 requestRedirect:
6872 description: "RequestRedirect defines a schema for
6873 a filter that responds to the request with an
6874 HTTP redirection. \n Support: Core"
6875 properties:
6876 hostname:
6877 description: "Hostname is the hostname to be
6878 used in the value of the `Location` header
6879 in the response. When empty, the hostname
6880 in the `Host` header of the request is used.
6881 \n Support: Core"
6882 maxLength: 253
6883 minLength: 1
6884 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6885 type: string
6886 path:
6887 description: "Path defines parameters used to
6888 modify the path of the incoming request. The
6889 modified path is then used to construct the
6890 `Location` header. When empty, the request
6891 path is used as-is. \n Support: Extended"
6892 properties:
6893 replaceFullPath:
6894 description: ReplaceFullPath specifies the
6895 value with which to replace the full path
6896 of a request during a rewrite or redirect.
6897 maxLength: 1024
6898 type: string
6899 replacePrefixMatch:
6900 description: "ReplacePrefixMatch specifies
6901 the value with which to replace the prefix
6902 match of a request during a rewrite or
6903 redirect. For example, a request to \"/foo/bar\"
6904 with a prefix match of \"/foo\" would
6905 be modified to \"/bar\". \n Note that
6906 this matches the behavior of the PathPrefix
6907 match type. This matches full path elements.
6908 A path element refers to the list of labels
6909 in the path split by the `/` separator.
6910 When specified, a trailing `/` is ignored.
6911 For example, the paths `/abc`, `/abc/`,
6912 and `/abc/def` would all match the prefix
6913 `/abc`, but the path `/abcd` would not."
6914 maxLength: 1024
6915 type: string
6916 type:
6917 description: "Type defines the type of path
6918 modifier. Additional types may be added
6919 in a future release of the API. \n Note
6920 that values may be added to this enum,
6921 implementations must ensure that unknown
6922 values will not cause a crash. \n Unknown
6923 values here must result in the implementation
6924 setting the Accepted Condition for the
6925 Route to `status: False`, with a Reason
6926 of `UnsupportedValue`."
6927 enum:
6928 - ReplaceFullPath
6929 - ReplacePrefixMatch
6930 type: string
6931 required:
6932 - type
6933 type: object
6934 port:
6935 description: "Port is the port to be used in
6936 the value of the `Location` header in the
6937 response. \n If no port is specified, the
6938 redirect port MUST be derived using the following
6939 rules: \n * If redirect scheme is not-empty,
6940 the redirect port MUST be the well-known port
6941 associated with the redirect scheme. Specifically
6942 \"http\" to port 80 and \"https\" to port
6943 443. If the redirect scheme does not have
6944 a well-known port, the listener port of the
6945 Gateway SHOULD be used. * If redirect scheme
6946 is empty, the redirect port MUST be the Gateway
6947 Listener port. \n Implementations SHOULD NOT
6948 add the port number in the 'Location' header
6949 in the following cases: \n * A Location header
6950 that will use HTTP (whether that is determined
6951 via the Listener protocol or the Scheme field)
6952 _and_ use port 80. * A Location header that
6953 will use HTTPS (whether that is determined
6954 via the Listener protocol or the Scheme field)
6955 _and_ use port 443. \n Support: Extended"
6956 format: int32
6957 maximum: 65535
6958 minimum: 1
6959 type: integer
6960 scheme:
6961 description: "Scheme is the scheme to be used
6962 in the value of the `Location` header in the
6963 response. When empty, the scheme of the request
6964 is used. \n Scheme redirects can affect the
6965 port of the redirect, for more information,
6966 refer to the documentation for the port field
6967 of this filter. \n Note that values may be
6968 added to this enum, implementations must ensure
6969 that unknown values will not cause a crash.
6970 \n Unknown values here must result in the
6971 implementation setting the Accepted Condition
6972 for the Route to `status: False`, with a Reason
6973 of `UnsupportedValue`. \n Support: Extended"
6974 enum:
6975 - http
6976 - https
6977 type: string
6978 statusCode:
6979 default: 302
6980 description: "StatusCode is the HTTP status
6981 code to be used in response. \n Note that
6982 values may be added to this enum, implementations
6983 must ensure that unknown values will not cause
6984 a crash. \n Unknown values here must result
6985 in the implementation setting the Accepted
6986 Condition for the Route to `status: False`,
6987 with a Reason of `UnsupportedValue`. \n Support:
6988 Core"
6989 enum:
6990 - 301
6991 - 302
6992 type: integer
6993 type: object
6994 responseHeaderModifier:
6995 description: "ResponseHeaderModifier defines a schema
6996 for a filter that modifies response headers. \n
6997 Support: Extended"
6998 properties:
6999 add:
7000 description: "Add adds the given header(s) (name,
7001 value) to the request before the action. It
7002 appends to any existing values associated
7003 with the header name. \n Input: GET /foo HTTP/1.1
7004 my-header: foo \n Config: add: - name: \"my-header\"
7005 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
7006 my-header: foo,bar,baz"
7007 items:
7008 description: HTTPHeader represents an HTTP
7009 Header name and value as defined by RFC
7010 7230.
7011 properties:
7012 name:
7013 description: "Name is the name of the
7014 HTTP Header to be matched. Name matching
7015 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7016 \n If multiple entries specify equivalent
7017 header names, the first entry with an
7018 equivalent name MUST be considered for
7019 a match. Subsequent entries with an
7020 equivalent header name MUST be ignored.
7021 Due to the case-insensitivity of header
7022 names, \"foo\" and \"Foo\" are considered
7023 equivalent."
7024 maxLength: 256
7025 minLength: 1
7026 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7027 type: string
7028 value:
7029 description: Value is the value of HTTP
7030 Header to be matched.
7031 maxLength: 4096
7032 minLength: 1
7033 type: string
7034 required:
7035 - name
7036 - value
7037 type: object
7038 maxItems: 16
7039 type: array
7040 x-kubernetes-list-map-keys:
7041 - name
7042 x-kubernetes-list-type: map
7043 remove:
7044 description: "Remove the given header(s) from
7045 the HTTP request before the action. The value
7046 of Remove is a list of HTTP header names.
7047 Note that the header names are case-insensitive
7048 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
7049 \n Input: GET /foo HTTP/1.1 my-header1: foo
7050 my-header2: bar my-header3: baz \n Config:
7051 remove: [\"my-header1\", \"my-header3\"] \n
7052 Output: GET /foo HTTP/1.1 my-header2: bar"
7053 items:
7054 type: string
7055 maxItems: 16
7056 type: array
7057 set:
7058 description: "Set overwrites the request with
7059 the given header (name, value) before the
7060 action. \n Input: GET /foo HTTP/1.1 my-header:
7061 foo \n Config: set: - name: \"my-header\"
7062 value: \"bar\" \n Output: GET /foo HTTP/1.1
7063 my-header: bar"
7064 items:
7065 description: HTTPHeader represents an HTTP
7066 Header name and value as defined by RFC
7067 7230.
7068 properties:
7069 name:
7070 description: "Name is the name of the
7071 HTTP Header to be matched. Name matching
7072 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7073 \n If multiple entries specify equivalent
7074 header names, the first entry with an
7075 equivalent name MUST be considered for
7076 a match. Subsequent entries with an
7077 equivalent header name MUST be ignored.
7078 Due to the case-insensitivity of header
7079 names, \"foo\" and \"Foo\" are considered
7080 equivalent."
7081 maxLength: 256
7082 minLength: 1
7083 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7084 type: string
7085 value:
7086 description: Value is the value of HTTP
7087 Header to be matched.
7088 maxLength: 4096
7089 minLength: 1
7090 type: string
7091 required:
7092 - name
7093 - value
7094 type: object
7095 maxItems: 16
7096 type: array
7097 x-kubernetes-list-map-keys:
7098 - name
7099 x-kubernetes-list-type: map
7100 type: object
7101 type:
7102 description: "Type identifies the type of filter
7103 to apply. As with other API fields, types are
7104 classified into three conformance levels: \n -
7105 Core: Filter types and their corresponding configuration
7106 defined by \"Support: Core\" in this package,
7107 e.g. \"RequestHeaderModifier\". All implementations
7108 must support core filters. \n - Extended: Filter
7109 types and their corresponding configuration defined
7110 by \"Support: Extended\" in this package, e.g.
7111 \"RequestMirror\". Implementers are encouraged
7112 to support extended filters. \n - Implementation-specific:
7113 Filters that are defined and supported by specific
7114 vendors. In the future, filters showing convergence
7115 in behavior across multiple implementations will
7116 be considered for inclusion in extended or core
7117 conformance levels. Filter-specific configuration
7118 for such filters is specified using the ExtensionRef
7119 field. `Type` should be set to \"ExtensionRef\"
7120 for custom filters. \n Implementers are encouraged
7121 to define custom implementation types to extend
7122 the core API with implementation-specific behavior.
7123 \n If a reference to a custom filter type cannot
7124 be resolved, the filter MUST NOT be skipped. Instead,
7125 requests that would have been processed by that
7126 filter MUST receive a HTTP error response. \n
7127 Note that values may be added to this enum, implementations
7128 must ensure that unknown values will not cause
7129 a crash. \n Unknown values here must result in
7130 the implementation setting the Accepted Condition
7131 for the Route to `status: False`, with a Reason
7132 of `UnsupportedValue`."
7133 enum:
7134 - RequestHeaderModifier
7135 - ResponseHeaderModifier
7136 - RequestMirror
7137 - RequestRedirect
7138 - URLRewrite
7139 - ExtensionRef
7140 type: string
7141 urlRewrite:
7142 description: "URLRewrite defines a schema for a
7143 filter that modifies a request during forwarding.
7144 \n Support: Extended"
7145 properties:
7146 hostname:
7147 description: "Hostname is the value to be used
7148 to replace the Host header value during forwarding.
7149 \n Support: Extended"
7150 maxLength: 253
7151 minLength: 1
7152 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7153 type: string
7154 path:
7155 description: "Path defines a path rewrite. \n
7156 Support: Extended"
7157 properties:
7158 replaceFullPath:
7159 description: ReplaceFullPath specifies the
7160 value with which to replace the full path
7161 of a request during a rewrite or redirect.
7162 maxLength: 1024
7163 type: string
7164 replacePrefixMatch:
7165 description: "ReplacePrefixMatch specifies
7166 the value with which to replace the prefix
7167 match of a request during a rewrite or
7168 redirect. For example, a request to \"/foo/bar\"
7169 with a prefix match of \"/foo\" would
7170 be modified to \"/bar\". \n Note that
7171 this matches the behavior of the PathPrefix
7172 match type. This matches full path elements.
7173 A path element refers to the list of labels
7174 in the path split by the `/` separator.
7175 When specified, a trailing `/` is ignored.
7176 For example, the paths `/abc`, `/abc/`,
7177 and `/abc/def` would all match the prefix
7178 `/abc`, but the path `/abcd` would not."
7179 maxLength: 1024
7180 type: string
7181 type:
7182 description: "Type defines the type of path
7183 modifier. Additional types may be added
7184 in a future release of the API. \n Note
7185 that values may be added to this enum,
7186 implementations must ensure that unknown
7187 values will not cause a crash. \n Unknown
7188 values here must result in the implementation
7189 setting the Accepted Condition for the
7190 Route to `status: False`, with a Reason
7191 of `UnsupportedValue`."
7192 enum:
7193 - ReplaceFullPath
7194 - ReplacePrefixMatch
7195 type: string
7196 required:
7197 - type
7198 type: object
7199 type: object
7200 required:
7201 - type
7202 type: object
7203 maxItems: 16
7204 type: array
7205 group:
7206 default: ""
7207 description: Group is the group of the referent. For example,
7208 "gateway.networking.k8s.io". When unspecified or empty
7209 string, core API group is inferred.
7210 maxLength: 253
7211 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7212 type: string
7213 kind:
7214 default: Service
7215 description: "Kind is the Kubernetes resource kind of
7216 the referent. For example \"Service\". \n Defaults to
7217 \"Service\" when not specified. \n ExternalName services
7218 can refer to CNAME DNS records that may live outside
7219 of the cluster and as such are difficult to reason about
7220 in terms of conformance. They also may not be safe to
7221 forward to (see CVE-2021-25740 for more information).
7222 Implementations SHOULD NOT support ExternalName Services.
7223 \n Support: Core (Services with a type other than ExternalName)
7224 \n Support: Implementation-specific (Services with type
7225 ExternalName)"
7226 maxLength: 63
7227 minLength: 1
7228 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
7229 type: string
7230 name:
7231 description: Name is the name of the referent.
7232 maxLength: 253
7233 minLength: 1
7234 type: string
7235 namespace:
7236 description: "Namespace is the namespace of the backend.
7237 When unspecified, the local namespace is inferred. \n
7238 Note that when a namespace different than the local
7239 namespace is specified, a ReferenceGrant object is required
7240 in the referent namespace to allow that namespace's
7241 owner to accept the reference. See the ReferenceGrant
7242 documentation for details. \n Support: Core"
7243 maxLength: 63
7244 minLength: 1
7245 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
7246 type: string
7247 port:
7248 description: Port specifies the destination port number
7249 to use for this resource. Port is required when the
7250 referent is a Kubernetes Service. In this case, the
7251 port number is the service port number, not the target
7252 port. For other resources, destination port might be
7253 derived from the referent resource or this field.
7254 format: int32
7255 maximum: 65535
7256 minimum: 1
7257 type: integer
7258 weight:
7259 default: 1
7260 description: "Weight specifies the proportion of requests
7261 forwarded to the referenced backend. This is computed
7262 as weight/(sum of all weights in this BackendRefs list).
7263 For non-zero values, there may be some epsilon from
7264 the exact proportion defined here depending on the precision
7265 an implementation supports. Weight is not a percentage
7266 and the sum of weights does not need to equal 100. \n
7267 If only one backend is specified and it has a weight
7268 greater than 0, 100% of the traffic is forwarded to
7269 that backend. If weight is set to 0, no traffic should
7270 be forwarded for this entry. If unspecified, weight
7271 defaults to 1. \n Support for this field varies based
7272 on the context where used."
7273 format: int32
7274 maximum: 1000000
7275 minimum: 0
7276 type: integer
7277 required:
7278 - name
7279 type: object
7280 maxItems: 16
7281 type: array
7282 filters:
7283 description: "Filters define the filters that are applied to
7284 requests that match this rule. \n The effects of ordering
7285 of multiple behaviors are currently unspecified. This can
7286 change in the future based on feedback during the alpha stage.
7287 \n Conformance-levels at this level are defined based on the
7288 type of filter: \n - ALL core filters MUST be supported by
7289 all implementations. - Implementers are encouraged to support
7290 extended filters. - Implementation-specific custom filters
7291 have no API guarantees across implementations. \n Specifying
7292 a core filter multiple times has unspecified or implementation-specific
7293 conformance. \n All filters are expected to be compatible
7294 with each other except for the URLRewrite and RequestRedirect
7295 filters, which may not be combined. If an implementation can
7296 not support other combinations of filters, they must clearly
7297 document that limitation. In all cases where incompatible
7298 or unsupported filters are specified, implementations MUST
7299 add a warning condition to status. \n Support: Core"
7300 items:
7301 description: HTTPRouteFilter defines processing steps that
7302 must be completed during the request or response lifecycle.
7303 HTTPRouteFilters are meant as an extension point to express
7304 processing that may be done in Gateway implementations.
7305 Some examples include request or response modification,
7306 implementing authentication strategies, rate-limiting, and
7307 traffic shaping. API guarantee/conformance is defined based
7308 on the type of the filter.
7309 properties:
7310 extensionRef:
7311 description: "ExtensionRef is an optional, implementation-specific
7312 extension to the \"filter\" behavior. For example,
7313 resource \"myroutefilter\" in group \"networking.example.net\").
7314 ExtensionRef MUST NOT be used for core and extended
7315 filters. \n Support: Implementation-specific"
7316 properties:
7317 group:
7318 description: Group is the group of the referent. For
7319 example, "gateway.networking.k8s.io". When unspecified
7320 or empty string, core API group is inferred.
7321 maxLength: 253
7322 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7323 type: string
7324 kind:
7325 description: Kind is kind of the referent. For example
7326 "HTTPRoute" or "Service".
7327 maxLength: 63
7328 minLength: 1
7329 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
7330 type: string
7331 name:
7332 description: Name is the name of the referent.
7333 maxLength: 253
7334 minLength: 1
7335 type: string
7336 required:
7337 - group
7338 - kind
7339 - name
7340 type: object
7341 requestHeaderModifier:
7342 description: "RequestHeaderModifier defines a schema for
7343 a filter that modifies request headers. \n Support:
7344 Core"
7345 properties:
7346 add:
7347 description: "Add adds the given header(s) (name,
7348 value) to the request before the action. It appends
7349 to any existing values associated with the header
7350 name. \n Input: GET /foo HTTP/1.1 my-header: foo
7351 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
7352 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
7353 items:
7354 description: HTTPHeader represents an HTTP Header
7355 name and value as defined by RFC 7230.
7356 properties:
7357 name:
7358 description: "Name is the name of the HTTP Header
7359 to be matched. Name matching MUST be case
7360 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7361 \n If multiple entries specify equivalent
7362 header names, the first entry with an equivalent
7363 name MUST be considered for a match. Subsequent
7364 entries with an equivalent header name MUST
7365 be ignored. Due to the case-insensitivity
7366 of header names, \"foo\" and \"Foo\" are considered
7367 equivalent."
7368 maxLength: 256
7369 minLength: 1
7370 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7371 type: string
7372 value:
7373 description: Value is the value of HTTP Header
7374 to be matched.
7375 maxLength: 4096
7376 minLength: 1
7377 type: string
7378 required:
7379 - name
7380 - value
7381 type: object
7382 maxItems: 16
7383 type: array
7384 x-kubernetes-list-map-keys:
7385 - name
7386 x-kubernetes-list-type: map
7387 remove:
7388 description: "Remove the given header(s) from the
7389 HTTP request before the action. The value of Remove
7390 is a list of HTTP header names. Note that the header
7391 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
7392 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
7393 bar my-header3: baz \n Config: remove: [\"my-header1\",
7394 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
7395 bar"
7396 items:
7397 type: string
7398 maxItems: 16
7399 type: array
7400 set:
7401 description: "Set overwrites the request with the
7402 given header (name, value) before the action. \n
7403 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
7404 set: - name: \"my-header\" value: \"bar\" \n Output:
7405 GET /foo HTTP/1.1 my-header: bar"
7406 items:
7407 description: HTTPHeader represents an HTTP Header
7408 name and value as defined by RFC 7230.
7409 properties:
7410 name:
7411 description: "Name is the name of the HTTP Header
7412 to be matched. Name matching MUST be case
7413 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7414 \n If multiple entries specify equivalent
7415 header names, the first entry with an equivalent
7416 name MUST be considered for a match. Subsequent
7417 entries with an equivalent header name MUST
7418 be ignored. Due to the case-insensitivity
7419 of header names, \"foo\" and \"Foo\" are considered
7420 equivalent."
7421 maxLength: 256
7422 minLength: 1
7423 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7424 type: string
7425 value:
7426 description: Value is the value of HTTP Header
7427 to be matched.
7428 maxLength: 4096
7429 minLength: 1
7430 type: string
7431 required:
7432 - name
7433 - value
7434 type: object
7435 maxItems: 16
7436 type: array
7437 x-kubernetes-list-map-keys:
7438 - name
7439 x-kubernetes-list-type: map
7440 type: object
7441 requestMirror:
7442 description: "RequestMirror defines a schema for a filter
7443 that mirrors requests. Requests are sent to the specified
7444 destination, but responses from that destination are
7445 ignored. \n Support: Extended"
7446 properties:
7447 backendRef:
7448 description: "BackendRef references a resource where
7449 mirrored requests are sent. \n If the referent cannot
7450 be found, this BackendRef is invalid and must be
7451 dropped from the Gateway. The controller must ensure
7452 the \"ResolvedRefs\" condition on the Route status
7453 is set to `status: False` and not configure this
7454 backend in the underlying implementation. \n If
7455 there is a cross-namespace reference to an *existing*
7456 object that is not allowed by a ReferenceGrant,
7457 the controller must ensure the \"ResolvedRefs\"
7458 \ condition on the Route is set to `status: False`,
7459 with the \"RefNotPermitted\" reason and not configure
7460 this backend in the underlying implementation. \n
7461 In either error case, the Message of the `ResolvedRefs`
7462 Condition should be used to provide more detail
7463 about the problem. \n Support: Extended for Kubernetes
7464 Service \n Support: Implementation-specific for
7465 any other resource"
7466 properties:
7467 group:
7468 default: ""
7469 description: Group is the group of the referent.
7470 For example, "gateway.networking.k8s.io". When
7471 unspecified or empty string, core API group
7472 is inferred.
7473 maxLength: 253
7474 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7475 type: string
7476 kind:
7477 default: Service
7478 description: "Kind is the Kubernetes resource
7479 kind of the referent. For example \"Service\".
7480 \n Defaults to \"Service\" when not specified.
7481 \n ExternalName services can refer to CNAME
7482 DNS records that may live outside of the cluster
7483 and as such are difficult to reason about in
7484 terms of conformance. They also may not be safe
7485 to forward to (see CVE-2021-25740 for more information).
7486 Implementations SHOULD NOT support ExternalName
7487 Services. \n Support: Core (Services with a
7488 type other than ExternalName) \n Support: Implementation-specific
7489 (Services with type ExternalName)"
7490 maxLength: 63
7491 minLength: 1
7492 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
7493 type: string
7494 name:
7495 description: Name is the name of the referent.
7496 maxLength: 253
7497 minLength: 1
7498 type: string
7499 namespace:
7500 description: "Namespace is the namespace of the
7501 backend. When unspecified, the local namespace
7502 is inferred. \n Note that when a namespace different
7503 than the local namespace is specified, a ReferenceGrant
7504 object is required in the referent namespace
7505 to allow that namespace's owner to accept the
7506 reference. See the ReferenceGrant documentation
7507 for details. \n Support: Core"
7508 maxLength: 63
7509 minLength: 1
7510 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
7511 type: string
7512 port:
7513 description: Port specifies the destination port
7514 number to use for this resource. Port is required
7515 when the referent is a Kubernetes Service. In
7516 this case, the port number is the service port
7517 number, not the target port. For other resources,
7518 destination port might be derived from the referent
7519 resource or this field.
7520 format: int32
7521 maximum: 65535
7522 minimum: 1
7523 type: integer
7524 required:
7525 - name
7526 type: object
7527 required:
7528 - backendRef
7529 type: object
7530 requestRedirect:
7531 description: "RequestRedirect defines a schema for a filter
7532 that responds to the request with an HTTP redirection.
7533 \n Support: Core"
7534 properties:
7535 hostname:
7536 description: "Hostname is the hostname to be used
7537 in the value of the `Location` header in the response.
7538 When empty, the hostname in the `Host` header of
7539 the request is used. \n Support: Core"
7540 maxLength: 253
7541 minLength: 1
7542 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7543 type: string
7544 path:
7545 description: "Path defines parameters used to modify
7546 the path of the incoming request. The modified path
7547 is then used to construct the `Location` header.
7548 When empty, the request path is used as-is. \n Support:
7549 Extended"
7550 properties:
7551 replaceFullPath:
7552 description: ReplaceFullPath specifies the value
7553 with which to replace the full path of a request
7554 during a rewrite or redirect.
7555 maxLength: 1024
7556 type: string
7557 replacePrefixMatch:
7558 description: "ReplacePrefixMatch specifies the
7559 value with which to replace the prefix match
7560 of a request during a rewrite or redirect. For
7561 example, a request to \"/foo/bar\" with a prefix
7562 match of \"/foo\" would be modified to \"/bar\".
7563 \n Note that this matches the behavior of the
7564 PathPrefix match type. This matches full path
7565 elements. A path element refers to the list
7566 of labels in the path split by the `/` separator.
7567 When specified, a trailing `/` is ignored. For
7568 example, the paths `/abc`, `/abc/`, and `/abc/def`
7569 would all match the prefix `/abc`, but the path
7570 `/abcd` would not."
7571 maxLength: 1024
7572 type: string
7573 type:
7574 description: "Type defines the type of path modifier.
7575 Additional types may be added in a future release
7576 of the API. \n Note that values may be added
7577 to this enum, implementations must ensure that
7578 unknown values will not cause a crash. \n Unknown
7579 values here must result in the implementation
7580 setting the Accepted Condition for the Route
7581 to `status: False`, with a Reason of `UnsupportedValue`."
7582 enum:
7583 - ReplaceFullPath
7584 - ReplacePrefixMatch
7585 type: string
7586 required:
7587 - type
7588 type: object
7589 port:
7590 description: "Port is the port to be used in the value
7591 of the `Location` header in the response. \n If
7592 no port is specified, the redirect port MUST be
7593 derived using the following rules: \n * If redirect
7594 scheme is not-empty, the redirect port MUST be the
7595 well-known port associated with the redirect scheme.
7596 Specifically \"http\" to port 80 and \"https\" to
7597 port 443. If the redirect scheme does not have a
7598 well-known port, the listener port of the Gateway
7599 SHOULD be used. * If redirect scheme is empty, the
7600 redirect port MUST be the Gateway Listener port.
7601 \n Implementations SHOULD NOT add the port number
7602 in the 'Location' header in the following cases:
7603 \n * A Location header that will use HTTP (whether
7604 that is determined via the Listener protocol or
7605 the Scheme field) _and_ use port 80. * A Location
7606 header that will use HTTPS (whether that is determined
7607 via the Listener protocol or the Scheme field) _and_
7608 use port 443. \n Support: Extended"
7609 format: int32
7610 maximum: 65535
7611 minimum: 1
7612 type: integer
7613 scheme:
7614 description: "Scheme is the scheme to be used in the
7615 value of the `Location` header in the response.
7616 When empty, the scheme of the request is used. \n
7617 Scheme redirects can affect the port of the redirect,
7618 for more information, refer to the documentation
7619 for the port field of this filter. \n Note that
7620 values may be added to this enum, implementations
7621 must ensure that unknown values will not cause a
7622 crash. \n Unknown values here must result in the
7623 implementation setting the Accepted Condition for
7624 the Route to `status: False`, with a Reason of `UnsupportedValue`.
7625 \n Support: Extended"
7626 enum:
7627 - http
7628 - https
7629 type: string
7630 statusCode:
7631 default: 302
7632 description: "StatusCode is the HTTP status code to
7633 be used in response. \n Note that values may be
7634 added to this enum, implementations must ensure
7635 that unknown values will not cause a crash. \n Unknown
7636 values here must result in the implementation setting
7637 the Accepted Condition for the Route to `status:
7638 False`, with a Reason of `UnsupportedValue`. \n
7639 Support: Core"
7640 enum:
7641 - 301
7642 - 302
7643 type: integer
7644 type: object
7645 responseHeaderModifier:
7646 description: "ResponseHeaderModifier defines a schema
7647 for a filter that modifies response headers. \n Support:
7648 Extended"
7649 properties:
7650 add:
7651 description: "Add adds the given header(s) (name,
7652 value) to the request before the action. It appends
7653 to any existing values associated with the header
7654 name. \n Input: GET /foo HTTP/1.1 my-header: foo
7655 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
7656 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
7657 items:
7658 description: HTTPHeader represents an HTTP Header
7659 name and value as defined by RFC 7230.
7660 properties:
7661 name:
7662 description: "Name is the name of the HTTP Header
7663 to be matched. Name matching MUST be case
7664 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7665 \n If multiple entries specify equivalent
7666 header names, the first entry with an equivalent
7667 name MUST be considered for a match. Subsequent
7668 entries with an equivalent header name MUST
7669 be ignored. Due to the case-insensitivity
7670 of header names, \"foo\" and \"Foo\" are considered
7671 equivalent."
7672 maxLength: 256
7673 minLength: 1
7674 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7675 type: string
7676 value:
7677 description: Value is the value of HTTP Header
7678 to be matched.
7679 maxLength: 4096
7680 minLength: 1
7681 type: string
7682 required:
7683 - name
7684 - value
7685 type: object
7686 maxItems: 16
7687 type: array
7688 x-kubernetes-list-map-keys:
7689 - name
7690 x-kubernetes-list-type: map
7691 remove:
7692 description: "Remove the given header(s) from the
7693 HTTP request before the action. The value of Remove
7694 is a list of HTTP header names. Note that the header
7695 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
7696 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
7697 bar my-header3: baz \n Config: remove: [\"my-header1\",
7698 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
7699 bar"
7700 items:
7701 type: string
7702 maxItems: 16
7703 type: array
7704 set:
7705 description: "Set overwrites the request with the
7706 given header (name, value) before the action. \n
7707 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
7708 set: - name: \"my-header\" value: \"bar\" \n Output:
7709 GET /foo HTTP/1.1 my-header: bar"
7710 items:
7711 description: HTTPHeader represents an HTTP Header
7712 name and value as defined by RFC 7230.
7713 properties:
7714 name:
7715 description: "Name is the name of the HTTP Header
7716 to be matched. Name matching MUST be case
7717 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
7718 \n If multiple entries specify equivalent
7719 header names, the first entry with an equivalent
7720 name MUST be considered for a match. Subsequent
7721 entries with an equivalent header name MUST
7722 be ignored. Due to the case-insensitivity
7723 of header names, \"foo\" and \"Foo\" are considered
7724 equivalent."
7725 maxLength: 256
7726 minLength: 1
7727 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7728 type: string
7729 value:
7730 description: Value is the value of HTTP Header
7731 to be matched.
7732 maxLength: 4096
7733 minLength: 1
7734 type: string
7735 required:
7736 - name
7737 - value
7738 type: object
7739 maxItems: 16
7740 type: array
7741 x-kubernetes-list-map-keys:
7742 - name
7743 x-kubernetes-list-type: map
7744 type: object
7745 type:
7746 description: "Type identifies the type of filter to apply.
7747 As with other API fields, types are classified into
7748 three conformance levels: \n - Core: Filter types and
7749 their corresponding configuration defined by \"Support:
7750 Core\" in this package, e.g. \"RequestHeaderModifier\".
7751 All implementations must support core filters. \n -
7752 Extended: Filter types and their corresponding configuration
7753 defined by \"Support: Extended\" in this package, e.g.
7754 \"RequestMirror\". Implementers are encouraged to support
7755 extended filters. \n - Implementation-specific: Filters
7756 that are defined and supported by specific vendors.
7757 In the future, filters showing convergence in behavior
7758 across multiple implementations will be considered for
7759 inclusion in extended or core conformance levels. Filter-specific
7760 configuration for such filters is specified using the
7761 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
7762 for custom filters. \n Implementers are encouraged to
7763 define custom implementation types to extend the core
7764 API with implementation-specific behavior. \n If a reference
7765 to a custom filter type cannot be resolved, the filter
7766 MUST NOT be skipped. Instead, requests that would have
7767 been processed by that filter MUST receive a HTTP error
7768 response. \n Note that values may be added to this enum,
7769 implementations must ensure that unknown values will
7770 not cause a crash. \n Unknown values here must result
7771 in the implementation setting the Accepted Condition
7772 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
7773 enum:
7774 - RequestHeaderModifier
7775 - ResponseHeaderModifier
7776 - RequestMirror
7777 - RequestRedirect
7778 - URLRewrite
7779 - ExtensionRef
7780 type: string
7781 urlRewrite:
7782 description: "URLRewrite defines a schema for a filter
7783 that modifies a request during forwarding. \n Support:
7784 Extended"
7785 properties:
7786 hostname:
7787 description: "Hostname is the value to be used to
7788 replace the Host header value during forwarding.
7789 \n Support: Extended"
7790 maxLength: 253
7791 minLength: 1
7792 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7793 type: string
7794 path:
7795 description: "Path defines a path rewrite. \n Support:
7796 Extended"
7797 properties:
7798 replaceFullPath:
7799 description: ReplaceFullPath specifies the value
7800 with which to replace the full path of a request
7801 during a rewrite or redirect.
7802 maxLength: 1024
7803 type: string
7804 replacePrefixMatch:
7805 description: "ReplacePrefixMatch specifies the
7806 value with which to replace the prefix match
7807 of a request during a rewrite or redirect. For
7808 example, a request to \"/foo/bar\" with a prefix
7809 match of \"/foo\" would be modified to \"/bar\".
7810 \n Note that this matches the behavior of the
7811 PathPrefix match type. This matches full path
7812 elements. A path element refers to the list
7813 of labels in the path split by the `/` separator.
7814 When specified, a trailing `/` is ignored. For
7815 example, the paths `/abc`, `/abc/`, and `/abc/def`
7816 would all match the prefix `/abc`, but the path
7817 `/abcd` would not."
7818 maxLength: 1024
7819 type: string
7820 type:
7821 description: "Type defines the type of path modifier.
7822 Additional types may be added in a future release
7823 of the API. \n Note that values may be added
7824 to this enum, implementations must ensure that
7825 unknown values will not cause a crash. \n Unknown
7826 values here must result in the implementation
7827 setting the Accepted Condition for the Route
7828 to `status: False`, with a Reason of `UnsupportedValue`."
7829 enum:
7830 - ReplaceFullPath
7831 - ReplacePrefixMatch
7832 type: string
7833 required:
7834 - type
7835 type: object
7836 type: object
7837 required:
7838 - type
7839 type: object
7840 maxItems: 16
7841 type: array
7842 matches:
7843 default:
7844 - path:
7845 type: PathPrefix
7846 value: /
7847 description: "Matches define conditions used for matching the
7848 rule against incoming HTTP requests. Each match is independent,
7849 i.e. this rule will be matched if **any** one of the matches
7850 is satisfied. \n For example, take the following matches configuration:
7851 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
7852 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
7853 to match against this rule, a request must satisfy EITHER
7854 of the two conditions: \n - path prefixed with `/foo` AND
7855 contains the header `version: v2` - path prefix of `/v2/foo`
7856 \n See the documentation for HTTPRouteMatch on how to specify
7857 multiple match conditions that should be ANDed together. \n
7858 If no matches are specified, the default is a prefix path
7859 match on \"/\", which has the effect of matching every HTTP
7860 request. \n Proxy or Load Balancer routing configuration generated
7861 from HTTPRoutes MUST prioritize matches based on the following
7862 criteria, continuing on ties. Across all rules specified on
7863 applicable Routes, precedence must be given to the match having:
7864 \n * \"Exact\" path match. * \"Prefix\" path match with largest
7865 number of characters. * Method match. * Largest number of
7866 header matches. * Largest number of query param matches. \n
7867 Note: The precedence of RegularExpression path matches are
7868 implementation-specific. \n If ties still exist across multiple
7869 Routes, matching precedence MUST be determined in order of
7870 the following criteria, continuing on ties: \n * The oldest
7871 Route based on creation timestamp. * The Route appearing first
7872 in alphabetical order by \"{namespace}/{name}\". \n If ties
7873 still exist within an HTTPRoute, matching precedence MUST
7874 be granted to the FIRST matching rule (in list order) with
7875 a match meeting the above criteria. \n When no rules matching
7876 a request have been successfully attached to the parent a
7877 request is coming from, a HTTP 404 status code MUST be returned."
7878 items:
7879 description: "HTTPRouteMatch defines the predicate used to
7880 match requests to a given action. Multiple match types are
7881 ANDed together, i.e. the match will evaluate to true only
7882 if all conditions are satisfied. \n For example, the match
7883 below will match a HTTP request only if its path starts
7884 with `/foo` AND it contains the `version: v1` header: \n
7885 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
7886 value \"v1\" \n ```"
7887 properties:
7888 headers:
7889 description: Headers specifies HTTP request header matchers.
7890 Multiple match values are ANDed together, meaning, a
7891 request must match all the specified headers to select
7892 the route.
7893 items:
7894 description: HTTPHeaderMatch describes how to select
7895 a HTTP route by matching HTTP request headers.
7896 properties:
7897 name:
7898 description: "Name is the name of the HTTP Header
7899 to be matched. Name matching MUST be case insensitive.
7900 (See https://tools.ietf.org/html/rfc7230#section-3.2).
7901 \n If multiple entries specify equivalent header
7902 names, only the first entry with an equivalent
7903 name MUST be considered for a match. Subsequent
7904 entries with an equivalent header name MUST be
7905 ignored. Due to the case-insensitivity of header
7906 names, \"foo\" and \"Foo\" are considered equivalent.
7907 \n When a header is repeated in an HTTP request,
7908 it is implementation-specific behavior as to how
7909 this is represented. Generally, proxies should
7910 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
7911 regarding processing a repeated header, with special
7912 handling for \"Set-Cookie\"."
7913 maxLength: 256
7914 minLength: 1
7915 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
7916 type: string
7917 type:
7918 default: Exact
7919 description: "Type specifies how to match against
7920 the value of the header. \n Support: Core (Exact)
7921 \n Support: Implementation-specific (RegularExpression)
7922 \n Since RegularExpression HeaderMatchType has
7923 implementation-specific conformance, implementations
7924 can support POSIX, PCRE or any other dialects
7925 of regular expressions. Please read the implementation's
7926 documentation to determine the supported dialect."
7927 enum:
7928 - Exact
7929 - RegularExpression
7930 type: string
7931 value:
7932 description: Value is the value of HTTP Header to
7933 be matched.
7934 maxLength: 4096
7935 minLength: 1
7936 type: string
7937 required:
7938 - name
7939 - value
7940 type: object
7941 maxItems: 16
7942 type: array
7943 x-kubernetes-list-map-keys:
7944 - name
7945 x-kubernetes-list-type: map
7946 method:
7947 description: "Method specifies HTTP method matcher. When
7948 specified, this route will be matched only if the request
7949 has the specified method. \n Support: Extended"
7950 enum:
7951 - GET
7952 - HEAD
7953 - POST
7954 - PUT
7955 - DELETE
7956 - CONNECT
7957 - OPTIONS
7958 - TRACE
7959 - PATCH
7960 type: string
7961 path:
7962 default:
7963 type: PathPrefix
7964 value: /
7965 description: Path specifies a HTTP request path matcher.
7966 If this field is not specified, a default prefix match
7967 on the "/" path is provided.
7968 properties:
7969 type:
7970 default: PathPrefix
7971 description: "Type specifies how to match against
7972 the path Value. \n Support: Core (Exact, PathPrefix)
7973 \n Support: Implementation-specific (RegularExpression)"
7974 enum:
7975 - Exact
7976 - PathPrefix
7977 - RegularExpression
7978 type: string
7979 value:
7980 default: /
7981 description: Value of the HTTP path to match against.
7982 maxLength: 1024
7983 type: string
7984 type: object
7985 queryParams:
7986 description: "QueryParams specifies HTTP query parameter
7987 matchers. Multiple match values are ANDed together,
7988 meaning, a request must match all the specified query
7989 parameters to select the route. \n Support: Extended"
7990 items:
7991 description: HTTPQueryParamMatch describes how to select
7992 a HTTP route by matching HTTP query parameters.
7993 properties:
7994 name:
7995 description: "Name is the name of the HTTP query
7996 param to be matched. This must be an exact string
7997 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
7998 \n If multiple entries specify equivalent query
7999 param names, only the first entry with an equivalent
8000 name MUST be considered for a match. Subsequent
8001 entries with an equivalent query param name MUST
8002 be ignored. \n If a query param is repeated in
8003 an HTTP request, the behavior is purposely left
8004 undefined, since different data planes have different
8005 capabilities. However, it is *recommended* that
8006 implementations should match against the first
8007 value of the param if the data plane supports
8008 it, as this behavior is expected in other load
8009 balancing contexts outside of the Gateway API.
8010 \n Users SHOULD NOT route traffic based on repeated
8011 query params to guard themselves against potential
8012 differences in the implementations."
8013 maxLength: 256
8014 minLength: 1
8015 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
8016 type: string
8017 type:
8018 default: Exact
8019 description: "Type specifies how to match against
8020 the value of the query parameter. \n Support:
8021 Extended (Exact) \n Support: Implementation-specific
8022 (RegularExpression) \n Since RegularExpression
8023 QueryParamMatchType has Implementation-specific
8024 conformance, implementations can support POSIX,
8025 PCRE or any other dialects of regular expressions.
8026 Please read the implementation's documentation
8027 to determine the supported dialect."
8028 enum:
8029 - Exact
8030 - RegularExpression
8031 type: string
8032 value:
8033 description: Value is the value of HTTP query param
8034 to be matched.
8035 maxLength: 1024
8036 minLength: 1
8037 type: string
8038 required:
8039 - name
8040 - value
8041 type: object
8042 maxItems: 16
8043 type: array
8044 x-kubernetes-list-map-keys:
8045 - name
8046 x-kubernetes-list-type: map
8047 type: object
8048 maxItems: 8
8049 type: array
8050 type: object
8051 maxItems: 16
8052 type: array
8053 type: object
8054 status:
8055 description: Status defines the current state of HTTPRoute.
8056 properties:
8057 parents:
8058 description: "Parents is a list of parent resources (usually Gateways)
8059 that are associated with the route, and the status of the route
8060 with respect to each parent. When this route attaches to a parent,
8061 the controller that manages the parent must add an entry to this
8062 list when the controller first sees the route and should update
8063 the entry as appropriate when the route or gateway is modified.
8064 \n Note that parent references that cannot be resolved by an implementation
8065 of this API will not be added to this list. Implementations of this
8066 API can only populate Route status for the Gateways/parent resources
8067 they are responsible for. \n A maximum of 32 Gateways will be represented
8068 in this list. An empty list means the route has not been attached
8069 to any Gateway."
8070 items:
8071 description: RouteParentStatus describes the status of a route with
8072 respect to an associated Parent.
8073 properties:
8074 conditions:
8075 description: "Conditions describes the status of the route with
8076 respect to the Gateway. Note that the route's availability
8077 is also subject to the Gateway's own status conditions and
8078 listener status. \n If the Route's ParentRef specifies an
8079 existing Gateway that supports Routes of this kind AND that
8080 Gateway's controller has sufficient access, then that Gateway's
8081 controller MUST set the \"Accepted\" condition on the Route,
8082 to indicate whether the route has been accepted or rejected
8083 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
8084 if at least one of the Route's rules is implemented by the
8085 Gateway. \n There are a number of cases where the \"Accepted\"
8086 condition may not be set due to lack of controller visibility,
8087 that includes when: \n * The Route refers to a non-existent
8088 parent. * The Route is of a type that the controller does
8089 not support. * The Route is in a namespace the controller
8090 does not have access to."
8091 items:
8092 description: "Condition contains details for one aspect of
8093 the current state of this API Resource. --- This struct
8094 is intended for direct use as an array at the field path
8095 .status.conditions. For example, \n type FooStatus struct{
8096 // Represents the observations of a foo's current state.
8097 // Known .status.conditions.type are: \"Available\", \"Progressing\",
8098 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
8099 // +listType=map // +listMapKey=type Conditions []metav1.Condition
8100 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
8101 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
8102 }"
8103 properties:
8104 lastTransitionTime:
8105 description: lastTransitionTime is the last time the condition
8106 transitioned from one status to another. This should
8107 be when the underlying condition changed. If that is
8108 not known, then using the time when the API field changed
8109 is acceptable.
8110 format: date-time
8111 type: string
8112 message:
8113 description: message is a human readable message indicating
8114 details about the transition. This may be an empty string.
8115 maxLength: 32768
8116 type: string
8117 observedGeneration:
8118 description: observedGeneration represents the .metadata.generation
8119 that the condition was set based upon. For instance,
8120 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
8121 is 9, the condition is out of date with respect to the
8122 current state of the instance.
8123 format: int64
8124 minimum: 0
8125 type: integer
8126 reason:
8127 description: reason contains a programmatic identifier
8128 indicating the reason for the condition's last transition.
8129 Producers of specific condition types may define expected
8130 values and meanings for this field, and whether the
8131 values are considered a guaranteed API. The value should
8132 be a CamelCase string. This field may not be empty.
8133 maxLength: 1024
8134 minLength: 1
8135 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
8136 type: string
8137 status:
8138 description: status of the condition, one of True, False,
8139 Unknown.
8140 enum:
8141 - "True"
8142 - "False"
8143 - Unknown
8144 type: string
8145 type:
8146 description: type of condition in CamelCase or in foo.example.com/CamelCase.
8147 --- Many .condition.type values are consistent across
8148 resources like Available, but because arbitrary conditions
8149 can be useful (see .node.status.conditions), the ability
8150 to deconflict is important. The regex it matches is
8151 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
8152 maxLength: 316
8153 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
8154 type: string
8155 required:
8156 - lastTransitionTime
8157 - message
8158 - reason
8159 - status
8160 - type
8161 type: object
8162 maxItems: 8
8163 minItems: 1
8164 type: array
8165 x-kubernetes-list-map-keys:
8166 - type
8167 x-kubernetes-list-type: map
8168 controllerName:
8169 description: "ControllerName is a domain/path string that indicates
8170 the name of the controller that wrote this status. This corresponds
8171 with the controllerName field on GatewayClass. \n Example:
8172 \"example.net/gateway-controller\". \n The format of this
8173 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
8174 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
8175 \n Controllers MUST populate this field when writing status.
8176 Controllers should ensure that entries to status populated
8177 with their ControllerName are cleaned up when they are no
8178 longer necessary."
8179 maxLength: 253
8180 minLength: 1
8181 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
8182 type: string
8183 parentRef:
8184 description: ParentRef corresponds with a ParentRef in the spec
8185 that this RouteParentStatus struct describes the status of.
8186 properties:
8187 group:
8188 default: gateway.networking.k8s.io
8189 description: "Group is the group of the referent. When unspecified,
8190 \"gateway.networking.k8s.io\" is inferred. To set the
8191 core API group (such as for a \"Service\" kind referent),
8192 Group must be explicitly set to \"\" (empty string). \n
8193 Support: Core"
8194 maxLength: 253
8195 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8196 type: string
8197 kind:
8198 default: Gateway
8199 description: "Kind is kind of the referent. \n Support:
8200 Core (Gateway) \n Support: Implementation-specific (Other
8201 Resources)"
8202 maxLength: 63
8203 minLength: 1
8204 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
8205 type: string
8206 name:
8207 description: "Name is the name of the referent. \n Support:
8208 Core"
8209 maxLength: 253
8210 minLength: 1
8211 type: string
8212 namespace:
8213 description: "Namespace is the namespace of the referent.
8214 When unspecified, this refers to the local namespace of
8215 the Route. \n Note that there are specific rules for ParentRefs
8216 which cross namespace boundaries. Cross-namespace references
8217 are only valid if they are explicitly allowed by something
8218 in the namespace they are referring to. For example: Gateway
8219 has the AllowedRoutes field, and ReferenceGrant provides
8220 a generic way to enable any other kind of cross-namespace
8221 reference. \n Support: Core"
8222 maxLength: 63
8223 minLength: 1
8224 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
8225 type: string
8226 port:
8227 description: "Port is the network port this Route targets.
8228 It can be interpreted differently based on the type of
8229 parent resource. \n When the parent resource is a Gateway,
8230 this targets all listeners listening on the specified
8231 port that also support this kind of Route(and select this
8232 Route). It's not recommended to set `Port` unless the
8233 networking behaviors specified in a Route must apply to
8234 a specific port as opposed to a listener(s) whose port(s)
8235 may be changed. When both Port and SectionName are specified,
8236 the name and port of the selected listener must match
8237 both specified values. \n Implementations MAY choose to
8238 support other parent resources. Implementations supporting
8239 other types of parent resources MUST clearly document
8240 how/if Port is interpreted. \n For the purpose of status,
8241 an attachment is considered successful as long as the
8242 parent resource accepts it partially. For example, Gateway
8243 listeners can restrict which Routes can attach to them
8244 by Route kind, namespace, or hostname. If 1 of 2 Gateway
8245 listeners accept attachment from the referencing Route,
8246 the Route MUST be considered successfully attached. If
8247 no Gateway listeners accept attachment from this Route,
8248 the Route MUST be considered detached from the Gateway.
8249 \n Support: Extended \n <gateway:experimental>"
8250 format: int32
8251 maximum: 65535
8252 minimum: 1
8253 type: integer
8254 sectionName:
8255 description: "SectionName is the name of a section within
8256 the target resource. In the following resources, SectionName
8257 is interpreted as the following: \n * Gateway: Listener
8258 Name. When both Port (experimental) and SectionName are
8259 specified, the name and port of the selected listener
8260 must match both specified values. \n Implementations MAY
8261 choose to support attaching Routes to other resources.
8262 If that is the case, they MUST clearly document how SectionName
8263 is interpreted. \n When unspecified (empty string), this
8264 will reference the entire resource. For the purpose of
8265 status, an attachment is considered successful if at least
8266 one section in the parent resource accepts it. For example,
8267 Gateway listeners can restrict which Routes can attach
8268 to them by Route kind, namespace, or hostname. If 1 of
8269 2 Gateway listeners accept attachment from the referencing
8270 Route, the Route MUST be considered successfully attached.
8271 If no Gateway listeners accept attachment from this Route,
8272 the Route MUST be considered detached from the Gateway.
8273 \n Support: Core"
8274 maxLength: 253
8275 minLength: 1
8276 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8277 type: string
8278 required:
8279 - name
8280 type: object
8281 required:
8282 - controllerName
8283 - parentRef
8284 type: object
8285 maxItems: 32
8286 type: array
8287 required:
8288 - parents
8289 type: object
8290 required:
8291 - spec
8292 type: object
8293 served: true
8294 storage: false
8295 subresources:
8296 status: {}
8297 - additionalPrinterColumns:
8298 - jsonPath: .spec.hostnames
8299 name: Hostnames
8300 type: string
8301 - jsonPath: .metadata.creationTimestamp
8302 name: Age
8303 type: date
8304 name: v1beta1
8305 schema:
8306 openAPIV3Schema:
8307 description: HTTPRoute provides a way to route HTTP requests. This includes
8308 the capability to match requests by hostname, path, header, or query param.
8309 Filters can be used to specify additional processing steps. Backends specify
8310 where matching requests should be routed.
8311 properties:
8312 apiVersion:
8313 description: 'APIVersion defines the versioned schema of this representation
8314 of an object. Servers should convert recognized schemas to the latest
8315 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
8316 type: string
8317 kind:
8318 description: 'Kind is a string value representing the REST resource this
8319 object represents. Servers may infer this from the endpoint the client
8320 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
8321 type: string
8322 metadata:
8323 type: object
8324 spec:
8325 description: Spec defines the desired state of HTTPRoute.
8326 properties:
8327 hostnames:
8328 description: "Hostnames defines a set of hostname that should match
8329 against the HTTP Host header to select a HTTPRoute used to process
8330 the request. Implementations MUST ignore any port value specified
8331 in the HTTP Host header while performing a match. \n Valid values
8332 for Hostnames are determined by RFC 1123 definition of a hostname
8333 with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
8334 may be prefixed with a wildcard label (`*.`). The wildcard label
8335 must appear by itself as the first label. \n If a hostname is specified
8336 by both the Listener and HTTPRoute, there must be at least one intersecting
8337 hostname for the HTTPRoute to be attached to the Listener. For example:
8338 \n * A Listener with `test.example.com` as the hostname matches
8339 HTTPRoutes that have either not specified any hostnames, or have
8340 specified at least one of `test.example.com` or `*.example.com`.
8341 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
8342 that have either not specified any hostnames or have specified at
8343 least one hostname that matches the Listener hostname. For example,
8344 `*.example.com`, `test.example.com`, and `foo.test.example.com`
8345 would all match. On the other hand, `example.com` and `test.example.net`
8346 would not match. \n Hostnames that are prefixed with a wildcard
8347 label (`*.`) are interpreted as a suffix match. That means that
8348 a match for `*.example.com` would match both `test.example.com`,
8349 and `foo.test.example.com`, but not `example.com`. \n If both the
8350 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
8351 that do not match the Listener hostname MUST be ignored. For example,
8352 if a Listener specified `*.example.com`, and the HTTPRoute specified
8353 `test.example.com` and `test.example.net`, `test.example.net` must
8354 not be considered for a match. \n If both the Listener and HTTPRoute
8355 have specified hostnames, and none match with the criteria above,
8356 then the HTTPRoute is not accepted. The implementation must raise
8357 an 'Accepted' Condition with a status of `False` in the corresponding
8358 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
8359 intersecting hostnames (e.g. overlapping wildcard matching and exact
8360 matching hostnames), precedence must be given to rules from the
8361 HTTPRoute with the largest number of: \n * Characters in a matching
8362 non-wildcard hostname. * Characters in a matching hostname. \n If
8363 ties exist across multiple Routes, the matching precedence rules
8364 for HTTPRouteMatches takes over. \n Support: Core"
8365 items:
8366 description: "Hostname is the fully qualified domain name of a network
8367 host. This matches the RFC 1123 definition of a hostname with
8368 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
8369 may be prefixed with a wildcard label (`*.`). The wildcard label
8370 must appear by itself as the first label. \n Hostname can be \"precise\"
8371 which is a domain name without the terminating dot of a network
8372 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
8373 name prefixed with a single wildcard label (e.g. `*.example.com`).
8374 \n Note that as per RFC1035 and RFC1123, a *label* must consist
8375 of lower case alphanumeric characters or '-', and must start and
8376 end with an alphanumeric character. No other punctuation is allowed."
8377 maxLength: 253
8378 minLength: 1
8379 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8380 type: string
8381 maxItems: 16
8382 type: array
8383 parentRefs:
8384 description: "ParentRefs references the resources (usually Gateways)
8385 that a Route wants to be attached to. Note that the referenced parent
8386 resource needs to allow this for the attachment to be complete.
8387 For Gateways, that means the Gateway needs to allow attachment from
8388 Routes of this kind and namespace. \n The only kind of parent resource
8389 with \"Core\" support is Gateway. This API may be extended in the
8390 future to support additional kinds of parent resources such as one
8391 of the route kinds. \n It is invalid to reference an identical parent
8392 more than once. It is valid to reference multiple distinct sections
8393 within the same parent resource, such as 2 Listeners within a Gateway.
8394 \n It is possible to separately reference multiple distinct objects
8395 that may be collapsed by an implementation. For example, some implementations
8396 may choose to merge compatible Gateway Listeners together. If that
8397 is the case, the list of routes attached to those resources should
8398 also be merged. \n Note that for ParentRefs that cross namespace
8399 boundaries, there are specific rules. Cross-namespace references
8400 are only valid if they are explicitly allowed by something in the
8401 namespace they are referring to. For example, Gateway has the AllowedRoutes
8402 field, and ReferenceGrant provides a generic way to enable any other
8403 kind of cross-namespace reference."
8404 items:
8405 description: "ParentReference identifies an API object (usually
8406 a Gateway) that can be considered a parent of this resource (usually
8407 a route). The only kind of parent resource with \"Core\" support
8408 is Gateway. This API may be extended in the future to support
8409 additional kinds of parent resources, such as HTTPRoute. \n The
8410 API object must be valid in the cluster; the Group and Kind must
8411 be registered in the cluster for this reference to be valid."
8412 properties:
8413 group:
8414 default: gateway.networking.k8s.io
8415 description: "Group is the group of the referent. When unspecified,
8416 \"gateway.networking.k8s.io\" is inferred. To set the core
8417 API group (such as for a \"Service\" kind referent), Group
8418 must be explicitly set to \"\" (empty string). \n Support:
8419 Core"
8420 maxLength: 253
8421 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8422 type: string
8423 kind:
8424 default: Gateway
8425 description: "Kind is kind of the referent. \n Support: Core
8426 (Gateway) \n Support: Implementation-specific (Other Resources)"
8427 maxLength: 63
8428 minLength: 1
8429 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
8430 type: string
8431 name:
8432 description: "Name is the name of the referent. \n Support:
8433 Core"
8434 maxLength: 253
8435 minLength: 1
8436 type: string
8437 namespace:
8438 description: "Namespace is the namespace of the referent. When
8439 unspecified, this refers to the local namespace of the Route.
8440 \n Note that there are specific rules for ParentRefs which
8441 cross namespace boundaries. Cross-namespace references are
8442 only valid if they are explicitly allowed by something in
8443 the namespace they are referring to. For example: Gateway
8444 has the AllowedRoutes field, and ReferenceGrant provides a
8445 generic way to enable any other kind of cross-namespace reference.
8446 \n Support: Core"
8447 maxLength: 63
8448 minLength: 1
8449 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
8450 type: string
8451 port:
8452 description: "Port is the network port this Route targets. It
8453 can be interpreted differently based on the type of parent
8454 resource. \n When the parent resource is a Gateway, this targets
8455 all listeners listening on the specified port that also support
8456 this kind of Route(and select this Route). It's not recommended
8457 to set `Port` unless the networking behaviors specified in
8458 a Route must apply to a specific port as opposed to a listener(s)
8459 whose port(s) may be changed. When both Port and SectionName
8460 are specified, the name and port of the selected listener
8461 must match both specified values. \n Implementations MAY choose
8462 to support other parent resources. Implementations supporting
8463 other types of parent resources MUST clearly document how/if
8464 Port is interpreted. \n For the purpose of status, an attachment
8465 is considered successful as long as the parent resource accepts
8466 it partially. For example, Gateway listeners can restrict
8467 which Routes can attach to them by Route kind, namespace,
8468 or hostname. If 1 of 2 Gateway listeners accept attachment
8469 from the referencing Route, the Route MUST be considered successfully
8470 attached. If no Gateway listeners accept attachment from this
8471 Route, the Route MUST be considered detached from the Gateway.
8472 \n Support: Extended \n <gateway:experimental>"
8473 format: int32
8474 maximum: 65535
8475 minimum: 1
8476 type: integer
8477 sectionName:
8478 description: "SectionName is the name of a section within the
8479 target resource. In the following resources, SectionName is
8480 interpreted as the following: \n * Gateway: Listener Name.
8481 When both Port (experimental) and SectionName are specified,
8482 the name and port of the selected listener must match both
8483 specified values. \n Implementations MAY choose to support
8484 attaching Routes to other resources. If that is the case,
8485 they MUST clearly document how SectionName is interpreted.
8486 \n When unspecified (empty string), this will reference the
8487 entire resource. For the purpose of status, an attachment
8488 is considered successful if at least one section in the parent
8489 resource accepts it. For example, Gateway listeners can restrict
8490 which Routes can attach to them by Route kind, namespace,
8491 or hostname. If 1 of 2 Gateway listeners accept attachment
8492 from the referencing Route, the Route MUST be considered successfully
8493 attached. If no Gateway listeners accept attachment from this
8494 Route, the Route MUST be considered detached from the Gateway.
8495 \n Support: Core"
8496 maxLength: 253
8497 minLength: 1
8498 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8499 type: string
8500 required:
8501 - name
8502 type: object
8503 maxItems: 32
8504 type: array
8505 rules:
8506 default:
8507 - matches:
8508 - path:
8509 type: PathPrefix
8510 value: /
8511 description: Rules are a list of HTTP matchers, filters and actions.
8512 items:
8513 description: HTTPRouteRule defines semantics for matching an HTTP
8514 request based on conditions (matches), processing it (filters),
8515 and forwarding the request to an API object (backendRefs).
8516 properties:
8517 backendRefs:
8518 description: "BackendRefs defines the backend(s) where matching
8519 requests should be sent. \n Failure behavior here depends
8520 on how many BackendRefs are specified and how many are invalid.
8521 \n If *all* entries in BackendRefs are invalid, and there
8522 are also no filters specified in this route rule, *all* traffic
8523 which matches this rule MUST receive a 500 status code. \n
8524 See the HTTPBackendRef definition for the rules about what
8525 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
8526 is invalid, 500 status codes MUST be returned for requests
8527 that would have otherwise been routed to an invalid backend.
8528 If multiple backends are specified, and some are invalid,
8529 the proportion of requests that would otherwise have been
8530 routed to an invalid backend MUST receive a 500 status code.
8531 \n For example, if two backends are specified with equal weights,
8532 and one is invalid, 50 percent of traffic must receive a 500.
8533 Implementations may choose how that 50 percent is determined.
8534 \n Support: Core for Kubernetes Service \n Support: Extended
8535 for Kubernetes ServiceImport \n Support: Implementation-specific
8536 for any other resource \n Support for weight: Core"
8537 items:
8538 description: HTTPBackendRef defines how a HTTPRoute should
8539 forward an HTTP request.
8540 properties:
8541 filters:
8542 description: "Filters defined at this level should be
8543 executed if and only if the request is being forwarded
8544 to the backend defined here. \n Support: Implementation-specific
8545 (For broader support of filters, use the Filters field
8546 in HTTPRouteRule.)"
8547 items:
8548 description: HTTPRouteFilter defines processing steps
8549 that must be completed during the request or response
8550 lifecycle. HTTPRouteFilters are meant as an extension
8551 point to express processing that may be done in Gateway
8552 implementations. Some examples include request or
8553 response modification, implementing authentication
8554 strategies, rate-limiting, and traffic shaping. API
8555 guarantee/conformance is defined based on the type
8556 of the filter.
8557 properties:
8558 extensionRef:
8559 description: "ExtensionRef is an optional, implementation-specific
8560 extension to the \"filter\" behavior. For example,
8561 resource \"myroutefilter\" in group \"networking.example.net\").
8562 ExtensionRef MUST NOT be used for core and extended
8563 filters. \n Support: Implementation-specific"
8564 properties:
8565 group:
8566 description: Group is the group of the referent.
8567 For example, "gateway.networking.k8s.io".
8568 When unspecified or empty string, core API
8569 group is inferred.
8570 maxLength: 253
8571 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8572 type: string
8573 kind:
8574 description: Kind is kind of the referent. For
8575 example "HTTPRoute" or "Service".
8576 maxLength: 63
8577 minLength: 1
8578 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
8579 type: string
8580 name:
8581 description: Name is the name of the referent.
8582 maxLength: 253
8583 minLength: 1
8584 type: string
8585 required:
8586 - group
8587 - kind
8588 - name
8589 type: object
8590 requestHeaderModifier:
8591 description: "RequestHeaderModifier defines a schema
8592 for a filter that modifies request headers. \n
8593 Support: Core"
8594 properties:
8595 add:
8596 description: "Add adds the given header(s) (name,
8597 value) to the request before the action. It
8598 appends to any existing values associated
8599 with the header name. \n Input: GET /foo HTTP/1.1
8600 my-header: foo \n Config: add: - name: \"my-header\"
8601 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
8602 my-header: foo,bar,baz"
8603 items:
8604 description: HTTPHeader represents an HTTP
8605 Header name and value as defined by RFC
8606 7230.
8607 properties:
8608 name:
8609 description: "Name is the name of the
8610 HTTP Header to be matched. Name matching
8611 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
8612 \n If multiple entries specify equivalent
8613 header names, the first entry with an
8614 equivalent name MUST be considered for
8615 a match. Subsequent entries with an
8616 equivalent header name MUST be ignored.
8617 Due to the case-insensitivity of header
8618 names, \"foo\" and \"Foo\" are considered
8619 equivalent."
8620 maxLength: 256
8621 minLength: 1
8622 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
8623 type: string
8624 value:
8625 description: Value is the value of HTTP
8626 Header to be matched.
8627 maxLength: 4096
8628 minLength: 1
8629 type: string
8630 required:
8631 - name
8632 - value
8633 type: object
8634 maxItems: 16
8635 type: array
8636 x-kubernetes-list-map-keys:
8637 - name
8638 x-kubernetes-list-type: map
8639 remove:
8640 description: "Remove the given header(s) from
8641 the HTTP request before the action. The value
8642 of Remove is a list of HTTP header names.
8643 Note that the header names are case-insensitive
8644 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
8645 \n Input: GET /foo HTTP/1.1 my-header1: foo
8646 my-header2: bar my-header3: baz \n Config:
8647 remove: [\"my-header1\", \"my-header3\"] \n
8648 Output: GET /foo HTTP/1.1 my-header2: bar"
8649 items:
8650 type: string
8651 maxItems: 16
8652 type: array
8653 set:
8654 description: "Set overwrites the request with
8655 the given header (name, value) before the
8656 action. \n Input: GET /foo HTTP/1.1 my-header:
8657 foo \n Config: set: - name: \"my-header\"
8658 value: \"bar\" \n Output: GET /foo HTTP/1.1
8659 my-header: bar"
8660 items:
8661 description: HTTPHeader represents an HTTP
8662 Header name and value as defined by RFC
8663 7230.
8664 properties:
8665 name:
8666 description: "Name is the name of the
8667 HTTP Header to be matched. Name matching
8668 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
8669 \n If multiple entries specify equivalent
8670 header names, the first entry with an
8671 equivalent name MUST be considered for
8672 a match. Subsequent entries with an
8673 equivalent header name MUST be ignored.
8674 Due to the case-insensitivity of header
8675 names, \"foo\" and \"Foo\" are considered
8676 equivalent."
8677 maxLength: 256
8678 minLength: 1
8679 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
8680 type: string
8681 value:
8682 description: Value is the value of HTTP
8683 Header to be matched.
8684 maxLength: 4096
8685 minLength: 1
8686 type: string
8687 required:
8688 - name
8689 - value
8690 type: object
8691 maxItems: 16
8692 type: array
8693 x-kubernetes-list-map-keys:
8694 - name
8695 x-kubernetes-list-type: map
8696 type: object
8697 requestMirror:
8698 description: "RequestMirror defines a schema for
8699 a filter that mirrors requests. Requests are sent
8700 to the specified destination, but responses from
8701 that destination are ignored. \n Support: Extended"
8702 properties:
8703 backendRef:
8704 description: "BackendRef references a resource
8705 where mirrored requests are sent. \n If the
8706 referent cannot be found, this BackendRef
8707 is invalid and must be dropped from the Gateway.
8708 The controller must ensure the \"ResolvedRefs\"
8709 condition on the Route status is set to `status:
8710 False` and not configure this backend in the
8711 underlying implementation. \n If there is
8712 a cross-namespace reference to an *existing*
8713 object that is not allowed by a ReferenceGrant,
8714 the controller must ensure the \"ResolvedRefs\"
8715 \ condition on the Route is set to `status:
8716 False`, with the \"RefNotPermitted\" reason
8717 and not configure this backend in the underlying
8718 implementation. \n In either error case, the
8719 Message of the `ResolvedRefs` Condition should
8720 be used to provide more detail about the problem.
8721 \n Support: Extended for Kubernetes Service
8722 \n Support: Implementation-specific for any
8723 other resource"
8724 properties:
8725 group:
8726 default: ""
8727 description: Group is the group of the referent.
8728 For example, "gateway.networking.k8s.io".
8729 When unspecified or empty string, core
8730 API group is inferred.
8731 maxLength: 253
8732 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8733 type: string
8734 kind:
8735 default: Service
8736 description: "Kind is the Kubernetes resource
8737 kind of the referent. For example \"Service\".
8738 \n Defaults to \"Service\" when not specified.
8739 \n ExternalName services can refer to
8740 CNAME DNS records that may live outside
8741 of the cluster and as such are difficult
8742 to reason about in terms of conformance.
8743 They also may not be safe to forward to
8744 (see CVE-2021-25740 for more information).
8745 Implementations SHOULD NOT support ExternalName
8746 Services. \n Support: Core (Services with
8747 a type other than ExternalName) \n Support:
8748 Implementation-specific (Services with
8749 type ExternalName)"
8750 maxLength: 63
8751 minLength: 1
8752 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
8753 type: string
8754 name:
8755 description: Name is the name of the referent.
8756 maxLength: 253
8757 minLength: 1
8758 type: string
8759 namespace:
8760 description: "Namespace is the namespace
8761 of the backend. When unspecified, the
8762 local namespace is inferred. \n Note that
8763 when a namespace different than the local
8764 namespace is specified, a ReferenceGrant
8765 object is required in the referent namespace
8766 to allow that namespace's owner to accept
8767 the reference. See the ReferenceGrant
8768 documentation for details. \n Support:
8769 Core"
8770 maxLength: 63
8771 minLength: 1
8772 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
8773 type: string
8774 port:
8775 description: Port specifies the destination
8776 port number to use for this resource.
8777 Port is required when the referent is
8778 a Kubernetes Service. In this case, the
8779 port number is the service port number,
8780 not the target port. For other resources,
8781 destination port might be derived from
8782 the referent resource or this field.
8783 format: int32
8784 maximum: 65535
8785 minimum: 1
8786 type: integer
8787 required:
8788 - name
8789 type: object
8790 required:
8791 - backendRef
8792 type: object
8793 requestRedirect:
8794 description: "RequestRedirect defines a schema for
8795 a filter that responds to the request with an
8796 HTTP redirection. \n Support: Core"
8797 properties:
8798 hostname:
8799 description: "Hostname is the hostname to be
8800 used in the value of the `Location` header
8801 in the response. When empty, the hostname
8802 in the `Host` header of the request is used.
8803 \n Support: Core"
8804 maxLength: 253
8805 minLength: 1
8806 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
8807 type: string
8808 path:
8809 description: "Path defines parameters used to
8810 modify the path of the incoming request. The
8811 modified path is then used to construct the
8812 `Location` header. When empty, the request
8813 path is used as-is. \n Support: Extended"
8814 properties:
8815 replaceFullPath:
8816 description: ReplaceFullPath specifies the
8817 value with which to replace the full path
8818 of a request during a rewrite or redirect.
8819 maxLength: 1024
8820 type: string
8821 replacePrefixMatch:
8822 description: "ReplacePrefixMatch specifies
8823 the value with which to replace the prefix
8824 match of a request during a rewrite or
8825 redirect. For example, a request to \"/foo/bar\"
8826 with a prefix match of \"/foo\" would
8827 be modified to \"/bar\". \n Note that
8828 this matches the behavior of the PathPrefix
8829 match type. This matches full path elements.
8830 A path element refers to the list of labels
8831 in the path split by the `/` separator.
8832 When specified, a trailing `/` is ignored.
8833 For example, the paths `/abc`, `/abc/`,
8834 and `/abc/def` would all match the prefix
8835 `/abc`, but the path `/abcd` would not."
8836 maxLength: 1024
8837 type: string
8838 type:
8839 description: "Type defines the type of path
8840 modifier. Additional types may be added
8841 in a future release of the API. \n Note
8842 that values may be added to this enum,
8843 implementations must ensure that unknown
8844 values will not cause a crash. \n Unknown
8845 values here must result in the implementation
8846 setting the Accepted Condition for the
8847 Route to `status: False`, with a Reason
8848 of `UnsupportedValue`."
8849 enum:
8850 - ReplaceFullPath
8851 - ReplacePrefixMatch
8852 type: string
8853 required:
8854 - type
8855 type: object
8856 port:
8857 description: "Port is the port to be used in
8858 the value of the `Location` header in the
8859 response. \n If no port is specified, the
8860 redirect port MUST be derived using the following
8861 rules: \n * If redirect scheme is not-empty,
8862 the redirect port MUST be the well-known port
8863 associated with the redirect scheme. Specifically
8864 \"http\" to port 80 and \"https\" to port
8865 443. If the redirect scheme does not have
8866 a well-known port, the listener port of the
8867 Gateway SHOULD be used. * If redirect scheme
8868 is empty, the redirect port MUST be the Gateway
8869 Listener port. \n Implementations SHOULD NOT
8870 add the port number in the 'Location' header
8871 in the following cases: \n * A Location header
8872 that will use HTTP (whether that is determined
8873 via the Listener protocol or the Scheme field)
8874 _and_ use port 80. * A Location header that
8875 will use HTTPS (whether that is determined
8876 via the Listener protocol or the Scheme field)
8877 _and_ use port 443. \n Support: Extended"
8878 format: int32
8879 maximum: 65535
8880 minimum: 1
8881 type: integer
8882 scheme:
8883 description: "Scheme is the scheme to be used
8884 in the value of the `Location` header in the
8885 response. When empty, the scheme of the request
8886 is used. \n Scheme redirects can affect the
8887 port of the redirect, for more information,
8888 refer to the documentation for the port field
8889 of this filter. \n Note that values may be
8890 added to this enum, implementations must ensure
8891 that unknown values will not cause a crash.
8892 \n Unknown values here must result in the
8893 implementation setting the Accepted Condition
8894 for the Route to `status: False`, with a Reason
8895 of `UnsupportedValue`. \n Support: Extended"
8896 enum:
8897 - http
8898 - https
8899 type: string
8900 statusCode:
8901 default: 302
8902 description: "StatusCode is the HTTP status
8903 code to be used in response. \n Note that
8904 values may be added to this enum, implementations
8905 must ensure that unknown values will not cause
8906 a crash. \n Unknown values here must result
8907 in the implementation setting the Accepted
8908 Condition for the Route to `status: False`,
8909 with a Reason of `UnsupportedValue`. \n Support:
8910 Core"
8911 enum:
8912 - 301
8913 - 302
8914 type: integer
8915 type: object
8916 responseHeaderModifier:
8917 description: "ResponseHeaderModifier defines a schema
8918 for a filter that modifies response headers. \n
8919 Support: Extended"
8920 properties:
8921 add:
8922 description: "Add adds the given header(s) (name,
8923 value) to the request before the action. It
8924 appends to any existing values associated
8925 with the header name. \n Input: GET /foo HTTP/1.1
8926 my-header: foo \n Config: add: - name: \"my-header\"
8927 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
8928 my-header: foo,bar,baz"
8929 items:
8930 description: HTTPHeader represents an HTTP
8931 Header name and value as defined by RFC
8932 7230.
8933 properties:
8934 name:
8935 description: "Name is the name of the
8936 HTTP Header to be matched. Name matching
8937 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
8938 \n If multiple entries specify equivalent
8939 header names, the first entry with an
8940 equivalent name MUST be considered for
8941 a match. Subsequent entries with an
8942 equivalent header name MUST be ignored.
8943 Due to the case-insensitivity of header
8944 names, \"foo\" and \"Foo\" are considered
8945 equivalent."
8946 maxLength: 256
8947 minLength: 1
8948 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
8949 type: string
8950 value:
8951 description: Value is the value of HTTP
8952 Header to be matched.
8953 maxLength: 4096
8954 minLength: 1
8955 type: string
8956 required:
8957 - name
8958 - value
8959 type: object
8960 maxItems: 16
8961 type: array
8962 x-kubernetes-list-map-keys:
8963 - name
8964 x-kubernetes-list-type: map
8965 remove:
8966 description: "Remove the given header(s) from
8967 the HTTP request before the action. The value
8968 of Remove is a list of HTTP header names.
8969 Note that the header names are case-insensitive
8970 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
8971 \n Input: GET /foo HTTP/1.1 my-header1: foo
8972 my-header2: bar my-header3: baz \n Config:
8973 remove: [\"my-header1\", \"my-header3\"] \n
8974 Output: GET /foo HTTP/1.1 my-header2: bar"
8975 items:
8976 type: string
8977 maxItems: 16
8978 type: array
8979 set:
8980 description: "Set overwrites the request with
8981 the given header (name, value) before the
8982 action. \n Input: GET /foo HTTP/1.1 my-header:
8983 foo \n Config: set: - name: \"my-header\"
8984 value: \"bar\" \n Output: GET /foo HTTP/1.1
8985 my-header: bar"
8986 items:
8987 description: HTTPHeader represents an HTTP
8988 Header name and value as defined by RFC
8989 7230.
8990 properties:
8991 name:
8992 description: "Name is the name of the
8993 HTTP Header to be matched. Name matching
8994 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
8995 \n If multiple entries specify equivalent
8996 header names, the first entry with an
8997 equivalent name MUST be considered for
8998 a match. Subsequent entries with an
8999 equivalent header name MUST be ignored.
9000 Due to the case-insensitivity of header
9001 names, \"foo\" and \"Foo\" are considered
9002 equivalent."
9003 maxLength: 256
9004 minLength: 1
9005 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9006 type: string
9007 value:
9008 description: Value is the value of HTTP
9009 Header to be matched.
9010 maxLength: 4096
9011 minLength: 1
9012 type: string
9013 required:
9014 - name
9015 - value
9016 type: object
9017 maxItems: 16
9018 type: array
9019 x-kubernetes-list-map-keys:
9020 - name
9021 x-kubernetes-list-type: map
9022 type: object
9023 type:
9024 description: "Type identifies the type of filter
9025 to apply. As with other API fields, types are
9026 classified into three conformance levels: \n -
9027 Core: Filter types and their corresponding configuration
9028 defined by \"Support: Core\" in this package,
9029 e.g. \"RequestHeaderModifier\". All implementations
9030 must support core filters. \n - Extended: Filter
9031 types and their corresponding configuration defined
9032 by \"Support: Extended\" in this package, e.g.
9033 \"RequestMirror\". Implementers are encouraged
9034 to support extended filters. \n - Implementation-specific:
9035 Filters that are defined and supported by specific
9036 vendors. In the future, filters showing convergence
9037 in behavior across multiple implementations will
9038 be considered for inclusion in extended or core
9039 conformance levels. Filter-specific configuration
9040 for such filters is specified using the ExtensionRef
9041 field. `Type` should be set to \"ExtensionRef\"
9042 for custom filters. \n Implementers are encouraged
9043 to define custom implementation types to extend
9044 the core API with implementation-specific behavior.
9045 \n If a reference to a custom filter type cannot
9046 be resolved, the filter MUST NOT be skipped. Instead,
9047 requests that would have been processed by that
9048 filter MUST receive a HTTP error response. \n
9049 Note that values may be added to this enum, implementations
9050 must ensure that unknown values will not cause
9051 a crash. \n Unknown values here must result in
9052 the implementation setting the Accepted Condition
9053 for the Route to `status: False`, with a Reason
9054 of `UnsupportedValue`."
9055 enum:
9056 - RequestHeaderModifier
9057 - ResponseHeaderModifier
9058 - RequestMirror
9059 - RequestRedirect
9060 - URLRewrite
9061 - ExtensionRef
9062 type: string
9063 urlRewrite:
9064 description: "URLRewrite defines a schema for a
9065 filter that modifies a request during forwarding.
9066 \n Support: Extended"
9067 properties:
9068 hostname:
9069 description: "Hostname is the value to be used
9070 to replace the Host header value during forwarding.
9071 \n Support: Extended"
9072 maxLength: 253
9073 minLength: 1
9074 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9075 type: string
9076 path:
9077 description: "Path defines a path rewrite. \n
9078 Support: Extended"
9079 properties:
9080 replaceFullPath:
9081 description: ReplaceFullPath specifies the
9082 value with which to replace the full path
9083 of a request during a rewrite or redirect.
9084 maxLength: 1024
9085 type: string
9086 replacePrefixMatch:
9087 description: "ReplacePrefixMatch specifies
9088 the value with which to replace the prefix
9089 match of a request during a rewrite or
9090 redirect. For example, a request to \"/foo/bar\"
9091 with a prefix match of \"/foo\" would
9092 be modified to \"/bar\". \n Note that
9093 this matches the behavior of the PathPrefix
9094 match type. This matches full path elements.
9095 A path element refers to the list of labels
9096 in the path split by the `/` separator.
9097 When specified, a trailing `/` is ignored.
9098 For example, the paths `/abc`, `/abc/`,
9099 and `/abc/def` would all match the prefix
9100 `/abc`, but the path `/abcd` would not."
9101 maxLength: 1024
9102 type: string
9103 type:
9104 description: "Type defines the type of path
9105 modifier. Additional types may be added
9106 in a future release of the API. \n Note
9107 that values may be added to this enum,
9108 implementations must ensure that unknown
9109 values will not cause a crash. \n Unknown
9110 values here must result in the implementation
9111 setting the Accepted Condition for the
9112 Route to `status: False`, with a Reason
9113 of `UnsupportedValue`."
9114 enum:
9115 - ReplaceFullPath
9116 - ReplacePrefixMatch
9117 type: string
9118 required:
9119 - type
9120 type: object
9121 type: object
9122 required:
9123 - type
9124 type: object
9125 maxItems: 16
9126 type: array
9127 group:
9128 default: ""
9129 description: Group is the group of the referent. For example,
9130 "gateway.networking.k8s.io". When unspecified or empty
9131 string, core API group is inferred.
9132 maxLength: 253
9133 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9134 type: string
9135 kind:
9136 default: Service
9137 description: "Kind is the Kubernetes resource kind of
9138 the referent. For example \"Service\". \n Defaults to
9139 \"Service\" when not specified. \n ExternalName services
9140 can refer to CNAME DNS records that may live outside
9141 of the cluster and as such are difficult to reason about
9142 in terms of conformance. They also may not be safe to
9143 forward to (see CVE-2021-25740 for more information).
9144 Implementations SHOULD NOT support ExternalName Services.
9145 \n Support: Core (Services with a type other than ExternalName)
9146 \n Support: Implementation-specific (Services with type
9147 ExternalName)"
9148 maxLength: 63
9149 minLength: 1
9150 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
9151 type: string
9152 name:
9153 description: Name is the name of the referent.
9154 maxLength: 253
9155 minLength: 1
9156 type: string
9157 namespace:
9158 description: "Namespace is the namespace of the backend.
9159 When unspecified, the local namespace is inferred. \n
9160 Note that when a namespace different than the local
9161 namespace is specified, a ReferenceGrant object is required
9162 in the referent namespace to allow that namespace's
9163 owner to accept the reference. See the ReferenceGrant
9164 documentation for details. \n Support: Core"
9165 maxLength: 63
9166 minLength: 1
9167 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
9168 type: string
9169 port:
9170 description: Port specifies the destination port number
9171 to use for this resource. Port is required when the
9172 referent is a Kubernetes Service. In this case, the
9173 port number is the service port number, not the target
9174 port. For other resources, destination port might be
9175 derived from the referent resource or this field.
9176 format: int32
9177 maximum: 65535
9178 minimum: 1
9179 type: integer
9180 weight:
9181 default: 1
9182 description: "Weight specifies the proportion of requests
9183 forwarded to the referenced backend. This is computed
9184 as weight/(sum of all weights in this BackendRefs list).
9185 For non-zero values, there may be some epsilon from
9186 the exact proportion defined here depending on the precision
9187 an implementation supports. Weight is not a percentage
9188 and the sum of weights does not need to equal 100. \n
9189 If only one backend is specified and it has a weight
9190 greater than 0, 100% of the traffic is forwarded to
9191 that backend. If weight is set to 0, no traffic should
9192 be forwarded for this entry. If unspecified, weight
9193 defaults to 1. \n Support for this field varies based
9194 on the context where used."
9195 format: int32
9196 maximum: 1000000
9197 minimum: 0
9198 type: integer
9199 required:
9200 - name
9201 type: object
9202 maxItems: 16
9203 type: array
9204 filters:
9205 description: "Filters define the filters that are applied to
9206 requests that match this rule. \n The effects of ordering
9207 of multiple behaviors are currently unspecified. This can
9208 change in the future based on feedback during the alpha stage.
9209 \n Conformance-levels at this level are defined based on the
9210 type of filter: \n - ALL core filters MUST be supported by
9211 all implementations. - Implementers are encouraged to support
9212 extended filters. - Implementation-specific custom filters
9213 have no API guarantees across implementations. \n Specifying
9214 a core filter multiple times has unspecified or implementation-specific
9215 conformance. \n All filters are expected to be compatible
9216 with each other except for the URLRewrite and RequestRedirect
9217 filters, which may not be combined. If an implementation can
9218 not support other combinations of filters, they must clearly
9219 document that limitation. In all cases where incompatible
9220 or unsupported filters are specified, implementations MUST
9221 add a warning condition to status. \n Support: Core"
9222 items:
9223 description: HTTPRouteFilter defines processing steps that
9224 must be completed during the request or response lifecycle.
9225 HTTPRouteFilters are meant as an extension point to express
9226 processing that may be done in Gateway implementations.
9227 Some examples include request or response modification,
9228 implementing authentication strategies, rate-limiting, and
9229 traffic shaping. API guarantee/conformance is defined based
9230 on the type of the filter.
9231 properties:
9232 extensionRef:
9233 description: "ExtensionRef is an optional, implementation-specific
9234 extension to the \"filter\" behavior. For example,
9235 resource \"myroutefilter\" in group \"networking.example.net\").
9236 ExtensionRef MUST NOT be used for core and extended
9237 filters. \n Support: Implementation-specific"
9238 properties:
9239 group:
9240 description: Group is the group of the referent. For
9241 example, "gateway.networking.k8s.io". When unspecified
9242 or empty string, core API group is inferred.
9243 maxLength: 253
9244 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9245 type: string
9246 kind:
9247 description: Kind is kind of the referent. For example
9248 "HTTPRoute" or "Service".
9249 maxLength: 63
9250 minLength: 1
9251 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
9252 type: string
9253 name:
9254 description: Name is the name of the referent.
9255 maxLength: 253
9256 minLength: 1
9257 type: string
9258 required:
9259 - group
9260 - kind
9261 - name
9262 type: object
9263 requestHeaderModifier:
9264 description: "RequestHeaderModifier defines a schema for
9265 a filter that modifies request headers. \n Support:
9266 Core"
9267 properties:
9268 add:
9269 description: "Add adds the given header(s) (name,
9270 value) to the request before the action. It appends
9271 to any existing values associated with the header
9272 name. \n Input: GET /foo HTTP/1.1 my-header: foo
9273 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
9274 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
9275 items:
9276 description: HTTPHeader represents an HTTP Header
9277 name and value as defined by RFC 7230.
9278 properties:
9279 name:
9280 description: "Name is the name of the HTTP Header
9281 to be matched. Name matching MUST be case
9282 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
9283 \n If multiple entries specify equivalent
9284 header names, the first entry with an equivalent
9285 name MUST be considered for a match. Subsequent
9286 entries with an equivalent header name MUST
9287 be ignored. Due to the case-insensitivity
9288 of header names, \"foo\" and \"Foo\" are considered
9289 equivalent."
9290 maxLength: 256
9291 minLength: 1
9292 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9293 type: string
9294 value:
9295 description: Value is the value of HTTP Header
9296 to be matched.
9297 maxLength: 4096
9298 minLength: 1
9299 type: string
9300 required:
9301 - name
9302 - value
9303 type: object
9304 maxItems: 16
9305 type: array
9306 x-kubernetes-list-map-keys:
9307 - name
9308 x-kubernetes-list-type: map
9309 remove:
9310 description: "Remove the given header(s) from the
9311 HTTP request before the action. The value of Remove
9312 is a list of HTTP header names. Note that the header
9313 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
9314 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
9315 bar my-header3: baz \n Config: remove: [\"my-header1\",
9316 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
9317 bar"
9318 items:
9319 type: string
9320 maxItems: 16
9321 type: array
9322 set:
9323 description: "Set overwrites the request with the
9324 given header (name, value) before the action. \n
9325 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
9326 set: - name: \"my-header\" value: \"bar\" \n Output:
9327 GET /foo HTTP/1.1 my-header: bar"
9328 items:
9329 description: HTTPHeader represents an HTTP Header
9330 name and value as defined by RFC 7230.
9331 properties:
9332 name:
9333 description: "Name is the name of the HTTP Header
9334 to be matched. Name matching MUST be case
9335 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
9336 \n If multiple entries specify equivalent
9337 header names, the first entry with an equivalent
9338 name MUST be considered for a match. Subsequent
9339 entries with an equivalent header name MUST
9340 be ignored. Due to the case-insensitivity
9341 of header names, \"foo\" and \"Foo\" are considered
9342 equivalent."
9343 maxLength: 256
9344 minLength: 1
9345 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9346 type: string
9347 value:
9348 description: Value is the value of HTTP Header
9349 to be matched.
9350 maxLength: 4096
9351 minLength: 1
9352 type: string
9353 required:
9354 - name
9355 - value
9356 type: object
9357 maxItems: 16
9358 type: array
9359 x-kubernetes-list-map-keys:
9360 - name
9361 x-kubernetes-list-type: map
9362 type: object
9363 requestMirror:
9364 description: "RequestMirror defines a schema for a filter
9365 that mirrors requests. Requests are sent to the specified
9366 destination, but responses from that destination are
9367 ignored. \n Support: Extended"
9368 properties:
9369 backendRef:
9370 description: "BackendRef references a resource where
9371 mirrored requests are sent. \n If the referent cannot
9372 be found, this BackendRef is invalid and must be
9373 dropped from the Gateway. The controller must ensure
9374 the \"ResolvedRefs\" condition on the Route status
9375 is set to `status: False` and not configure this
9376 backend in the underlying implementation. \n If
9377 there is a cross-namespace reference to an *existing*
9378 object that is not allowed by a ReferenceGrant,
9379 the controller must ensure the \"ResolvedRefs\"
9380 \ condition on the Route is set to `status: False`,
9381 with the \"RefNotPermitted\" reason and not configure
9382 this backend in the underlying implementation. \n
9383 In either error case, the Message of the `ResolvedRefs`
9384 Condition should be used to provide more detail
9385 about the problem. \n Support: Extended for Kubernetes
9386 Service \n Support: Implementation-specific for
9387 any other resource"
9388 properties:
9389 group:
9390 default: ""
9391 description: Group is the group of the referent.
9392 For example, "gateway.networking.k8s.io". When
9393 unspecified or empty string, core API group
9394 is inferred.
9395 maxLength: 253
9396 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9397 type: string
9398 kind:
9399 default: Service
9400 description: "Kind is the Kubernetes resource
9401 kind of the referent. For example \"Service\".
9402 \n Defaults to \"Service\" when not specified.
9403 \n ExternalName services can refer to CNAME
9404 DNS records that may live outside of the cluster
9405 and as such are difficult to reason about in
9406 terms of conformance. They also may not be safe
9407 to forward to (see CVE-2021-25740 for more information).
9408 Implementations SHOULD NOT support ExternalName
9409 Services. \n Support: Core (Services with a
9410 type other than ExternalName) \n Support: Implementation-specific
9411 (Services with type ExternalName)"
9412 maxLength: 63
9413 minLength: 1
9414 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
9415 type: string
9416 name:
9417 description: Name is the name of the referent.
9418 maxLength: 253
9419 minLength: 1
9420 type: string
9421 namespace:
9422 description: "Namespace is the namespace of the
9423 backend. When unspecified, the local namespace
9424 is inferred. \n Note that when a namespace different
9425 than the local namespace is specified, a ReferenceGrant
9426 object is required in the referent namespace
9427 to allow that namespace's owner to accept the
9428 reference. See the ReferenceGrant documentation
9429 for details. \n Support: Core"
9430 maxLength: 63
9431 minLength: 1
9432 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
9433 type: string
9434 port:
9435 description: Port specifies the destination port
9436 number to use for this resource. Port is required
9437 when the referent is a Kubernetes Service. In
9438 this case, the port number is the service port
9439 number, not the target port. For other resources,
9440 destination port might be derived from the referent
9441 resource or this field.
9442 format: int32
9443 maximum: 65535
9444 minimum: 1
9445 type: integer
9446 required:
9447 - name
9448 type: object
9449 required:
9450 - backendRef
9451 type: object
9452 requestRedirect:
9453 description: "RequestRedirect defines a schema for a filter
9454 that responds to the request with an HTTP redirection.
9455 \n Support: Core"
9456 properties:
9457 hostname:
9458 description: "Hostname is the hostname to be used
9459 in the value of the `Location` header in the response.
9460 When empty, the hostname in the `Host` header of
9461 the request is used. \n Support: Core"
9462 maxLength: 253
9463 minLength: 1
9464 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9465 type: string
9466 path:
9467 description: "Path defines parameters used to modify
9468 the path of the incoming request. The modified path
9469 is then used to construct the `Location` header.
9470 When empty, the request path is used as-is. \n Support:
9471 Extended"
9472 properties:
9473 replaceFullPath:
9474 description: ReplaceFullPath specifies the value
9475 with which to replace the full path of a request
9476 during a rewrite or redirect.
9477 maxLength: 1024
9478 type: string
9479 replacePrefixMatch:
9480 description: "ReplacePrefixMatch specifies the
9481 value with which to replace the prefix match
9482 of a request during a rewrite or redirect. For
9483 example, a request to \"/foo/bar\" with a prefix
9484 match of \"/foo\" would be modified to \"/bar\".
9485 \n Note that this matches the behavior of the
9486 PathPrefix match type. This matches full path
9487 elements. A path element refers to the list
9488 of labels in the path split by the `/` separator.
9489 When specified, a trailing `/` is ignored. For
9490 example, the paths `/abc`, `/abc/`, and `/abc/def`
9491 would all match the prefix `/abc`, but the path
9492 `/abcd` would not."
9493 maxLength: 1024
9494 type: string
9495 type:
9496 description: "Type defines the type of path modifier.
9497 Additional types may be added in a future release
9498 of the API. \n Note that values may be added
9499 to this enum, implementations must ensure that
9500 unknown values will not cause a crash. \n Unknown
9501 values here must result in the implementation
9502 setting the Accepted Condition for the Route
9503 to `status: False`, with a Reason of `UnsupportedValue`."
9504 enum:
9505 - ReplaceFullPath
9506 - ReplacePrefixMatch
9507 type: string
9508 required:
9509 - type
9510 type: object
9511 port:
9512 description: "Port is the port to be used in the value
9513 of the `Location` header in the response. \n If
9514 no port is specified, the redirect port MUST be
9515 derived using the following rules: \n * If redirect
9516 scheme is not-empty, the redirect port MUST be the
9517 well-known port associated with the redirect scheme.
9518 Specifically \"http\" to port 80 and \"https\" to
9519 port 443. If the redirect scheme does not have a
9520 well-known port, the listener port of the Gateway
9521 SHOULD be used. * If redirect scheme is empty, the
9522 redirect port MUST be the Gateway Listener port.
9523 \n Implementations SHOULD NOT add the port number
9524 in the 'Location' header in the following cases:
9525 \n * A Location header that will use HTTP (whether
9526 that is determined via the Listener protocol or
9527 the Scheme field) _and_ use port 80. * A Location
9528 header that will use HTTPS (whether that is determined
9529 via the Listener protocol or the Scheme field) _and_
9530 use port 443. \n Support: Extended"
9531 format: int32
9532 maximum: 65535
9533 minimum: 1
9534 type: integer
9535 scheme:
9536 description: "Scheme is the scheme to be used in the
9537 value of the `Location` header in the response.
9538 When empty, the scheme of the request is used. \n
9539 Scheme redirects can affect the port of the redirect,
9540 for more information, refer to the documentation
9541 for the port field of this filter. \n Note that
9542 values may be added to this enum, implementations
9543 must ensure that unknown values will not cause a
9544 crash. \n Unknown values here must result in the
9545 implementation setting the Accepted Condition for
9546 the Route to `status: False`, with a Reason of `UnsupportedValue`.
9547 \n Support: Extended"
9548 enum:
9549 - http
9550 - https
9551 type: string
9552 statusCode:
9553 default: 302
9554 description: "StatusCode is the HTTP status code to
9555 be used in response. \n Note that values may be
9556 added to this enum, implementations must ensure
9557 that unknown values will not cause a crash. \n Unknown
9558 values here must result in the implementation setting
9559 the Accepted Condition for the Route to `status:
9560 False`, with a Reason of `UnsupportedValue`. \n
9561 Support: Core"
9562 enum:
9563 - 301
9564 - 302
9565 type: integer
9566 type: object
9567 responseHeaderModifier:
9568 description: "ResponseHeaderModifier defines a schema
9569 for a filter that modifies response headers. \n Support:
9570 Extended"
9571 properties:
9572 add:
9573 description: "Add adds the given header(s) (name,
9574 value) to the request before the action. It appends
9575 to any existing values associated with the header
9576 name. \n Input: GET /foo HTTP/1.1 my-header: foo
9577 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
9578 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
9579 items:
9580 description: HTTPHeader represents an HTTP Header
9581 name and value as defined by RFC 7230.
9582 properties:
9583 name:
9584 description: "Name is the name of the HTTP Header
9585 to be matched. Name matching MUST be case
9586 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
9587 \n If multiple entries specify equivalent
9588 header names, the first entry with an equivalent
9589 name MUST be considered for a match. Subsequent
9590 entries with an equivalent header name MUST
9591 be ignored. Due to the case-insensitivity
9592 of header names, \"foo\" and \"Foo\" are considered
9593 equivalent."
9594 maxLength: 256
9595 minLength: 1
9596 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9597 type: string
9598 value:
9599 description: Value is the value of HTTP Header
9600 to be matched.
9601 maxLength: 4096
9602 minLength: 1
9603 type: string
9604 required:
9605 - name
9606 - value
9607 type: object
9608 maxItems: 16
9609 type: array
9610 x-kubernetes-list-map-keys:
9611 - name
9612 x-kubernetes-list-type: map
9613 remove:
9614 description: "Remove the given header(s) from the
9615 HTTP request before the action. The value of Remove
9616 is a list of HTTP header names. Note that the header
9617 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
9618 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
9619 bar my-header3: baz \n Config: remove: [\"my-header1\",
9620 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
9621 bar"
9622 items:
9623 type: string
9624 maxItems: 16
9625 type: array
9626 set:
9627 description: "Set overwrites the request with the
9628 given header (name, value) before the action. \n
9629 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
9630 set: - name: \"my-header\" value: \"bar\" \n Output:
9631 GET /foo HTTP/1.1 my-header: bar"
9632 items:
9633 description: HTTPHeader represents an HTTP Header
9634 name and value as defined by RFC 7230.
9635 properties:
9636 name:
9637 description: "Name is the name of the HTTP Header
9638 to be matched. Name matching MUST be case
9639 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
9640 \n If multiple entries specify equivalent
9641 header names, the first entry with an equivalent
9642 name MUST be considered for a match. Subsequent
9643 entries with an equivalent header name MUST
9644 be ignored. Due to the case-insensitivity
9645 of header names, \"foo\" and \"Foo\" are considered
9646 equivalent."
9647 maxLength: 256
9648 minLength: 1
9649 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9650 type: string
9651 value:
9652 description: Value is the value of HTTP Header
9653 to be matched.
9654 maxLength: 4096
9655 minLength: 1
9656 type: string
9657 required:
9658 - name
9659 - value
9660 type: object
9661 maxItems: 16
9662 type: array
9663 x-kubernetes-list-map-keys:
9664 - name
9665 x-kubernetes-list-type: map
9666 type: object
9667 type:
9668 description: "Type identifies the type of filter to apply.
9669 As with other API fields, types are classified into
9670 three conformance levels: \n - Core: Filter types and
9671 their corresponding configuration defined by \"Support:
9672 Core\" in this package, e.g. \"RequestHeaderModifier\".
9673 All implementations must support core filters. \n -
9674 Extended: Filter types and their corresponding configuration
9675 defined by \"Support: Extended\" in this package, e.g.
9676 \"RequestMirror\". Implementers are encouraged to support
9677 extended filters. \n - Implementation-specific: Filters
9678 that are defined and supported by specific vendors.
9679 In the future, filters showing convergence in behavior
9680 across multiple implementations will be considered for
9681 inclusion in extended or core conformance levels. Filter-specific
9682 configuration for such filters is specified using the
9683 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
9684 for custom filters. \n Implementers are encouraged to
9685 define custom implementation types to extend the core
9686 API with implementation-specific behavior. \n If a reference
9687 to a custom filter type cannot be resolved, the filter
9688 MUST NOT be skipped. Instead, requests that would have
9689 been processed by that filter MUST receive a HTTP error
9690 response. \n Note that values may be added to this enum,
9691 implementations must ensure that unknown values will
9692 not cause a crash. \n Unknown values here must result
9693 in the implementation setting the Accepted Condition
9694 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
9695 enum:
9696 - RequestHeaderModifier
9697 - ResponseHeaderModifier
9698 - RequestMirror
9699 - RequestRedirect
9700 - URLRewrite
9701 - ExtensionRef
9702 type: string
9703 urlRewrite:
9704 description: "URLRewrite defines a schema for a filter
9705 that modifies a request during forwarding. \n Support:
9706 Extended"
9707 properties:
9708 hostname:
9709 description: "Hostname is the value to be used to
9710 replace the Host header value during forwarding.
9711 \n Support: Extended"
9712 maxLength: 253
9713 minLength: 1
9714 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
9715 type: string
9716 path:
9717 description: "Path defines a path rewrite. \n Support:
9718 Extended"
9719 properties:
9720 replaceFullPath:
9721 description: ReplaceFullPath specifies the value
9722 with which to replace the full path of a request
9723 during a rewrite or redirect.
9724 maxLength: 1024
9725 type: string
9726 replacePrefixMatch:
9727 description: "ReplacePrefixMatch specifies the
9728 value with which to replace the prefix match
9729 of a request during a rewrite or redirect. For
9730 example, a request to \"/foo/bar\" with a prefix
9731 match of \"/foo\" would be modified to \"/bar\".
9732 \n Note that this matches the behavior of the
9733 PathPrefix match type. This matches full path
9734 elements. A path element refers to the list
9735 of labels in the path split by the `/` separator.
9736 When specified, a trailing `/` is ignored. For
9737 example, the paths `/abc`, `/abc/`, and `/abc/def`
9738 would all match the prefix `/abc`, but the path
9739 `/abcd` would not."
9740 maxLength: 1024
9741 type: string
9742 type:
9743 description: "Type defines the type of path modifier.
9744 Additional types may be added in a future release
9745 of the API. \n Note that values may be added
9746 to this enum, implementations must ensure that
9747 unknown values will not cause a crash. \n Unknown
9748 values here must result in the implementation
9749 setting the Accepted Condition for the Route
9750 to `status: False`, with a Reason of `UnsupportedValue`."
9751 enum:
9752 - ReplaceFullPath
9753 - ReplacePrefixMatch
9754 type: string
9755 required:
9756 - type
9757 type: object
9758 type: object
9759 required:
9760 - type
9761 type: object
9762 maxItems: 16
9763 type: array
9764 matches:
9765 default:
9766 - path:
9767 type: PathPrefix
9768 value: /
9769 description: "Matches define conditions used for matching the
9770 rule against incoming HTTP requests. Each match is independent,
9771 i.e. this rule will be matched if **any** one of the matches
9772 is satisfied. \n For example, take the following matches configuration:
9773 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
9774 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
9775 to match against this rule, a request must satisfy EITHER
9776 of the two conditions: \n - path prefixed with `/foo` AND
9777 contains the header `version: v2` - path prefix of `/v2/foo`
9778 \n See the documentation for HTTPRouteMatch on how to specify
9779 multiple match conditions that should be ANDed together. \n
9780 If no matches are specified, the default is a prefix path
9781 match on \"/\", which has the effect of matching every HTTP
9782 request. \n Proxy or Load Balancer routing configuration generated
9783 from HTTPRoutes MUST prioritize matches based on the following
9784 criteria, continuing on ties. Across all rules specified on
9785 applicable Routes, precedence must be given to the match having:
9786 \n * \"Exact\" path match. * \"Prefix\" path match with largest
9787 number of characters. * Method match. * Largest number of
9788 header matches. * Largest number of query param matches. \n
9789 Note: The precedence of RegularExpression path matches are
9790 implementation-specific. \n If ties still exist across multiple
9791 Routes, matching precedence MUST be determined in order of
9792 the following criteria, continuing on ties: \n * The oldest
9793 Route based on creation timestamp. * The Route appearing first
9794 in alphabetical order by \"{namespace}/{name}\". \n If ties
9795 still exist within an HTTPRoute, matching precedence MUST
9796 be granted to the FIRST matching rule (in list order) with
9797 a match meeting the above criteria. \n When no rules matching
9798 a request have been successfully attached to the parent a
9799 request is coming from, a HTTP 404 status code MUST be returned."
9800 items:
9801 description: "HTTPRouteMatch defines the predicate used to
9802 match requests to a given action. Multiple match types are
9803 ANDed together, i.e. the match will evaluate to true only
9804 if all conditions are satisfied. \n For example, the match
9805 below will match a HTTP request only if its path starts
9806 with `/foo` AND it contains the `version: v1` header: \n
9807 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
9808 value \"v1\" \n ```"
9809 properties:
9810 headers:
9811 description: Headers specifies HTTP request header matchers.
9812 Multiple match values are ANDed together, meaning, a
9813 request must match all the specified headers to select
9814 the route.
9815 items:
9816 description: HTTPHeaderMatch describes how to select
9817 a HTTP route by matching HTTP request headers.
9818 properties:
9819 name:
9820 description: "Name is the name of the HTTP Header
9821 to be matched. Name matching MUST be case insensitive.
9822 (See https://tools.ietf.org/html/rfc7230#section-3.2).
9823 \n If multiple entries specify equivalent header
9824 names, only the first entry with an equivalent
9825 name MUST be considered for a match. Subsequent
9826 entries with an equivalent header name MUST be
9827 ignored. Due to the case-insensitivity of header
9828 names, \"foo\" and \"Foo\" are considered equivalent.
9829 \n When a header is repeated in an HTTP request,
9830 it is implementation-specific behavior as to how
9831 this is represented. Generally, proxies should
9832 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
9833 regarding processing a repeated header, with special
9834 handling for \"Set-Cookie\"."
9835 maxLength: 256
9836 minLength: 1
9837 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9838 type: string
9839 type:
9840 default: Exact
9841 description: "Type specifies how to match against
9842 the value of the header. \n Support: Core (Exact)
9843 \n Support: Implementation-specific (RegularExpression)
9844 \n Since RegularExpression HeaderMatchType has
9845 implementation-specific conformance, implementations
9846 can support POSIX, PCRE or any other dialects
9847 of regular expressions. Please read the implementation's
9848 documentation to determine the supported dialect."
9849 enum:
9850 - Exact
9851 - RegularExpression
9852 type: string
9853 value:
9854 description: Value is the value of HTTP Header to
9855 be matched.
9856 maxLength: 4096
9857 minLength: 1
9858 type: string
9859 required:
9860 - name
9861 - value
9862 type: object
9863 maxItems: 16
9864 type: array
9865 x-kubernetes-list-map-keys:
9866 - name
9867 x-kubernetes-list-type: map
9868 method:
9869 description: "Method specifies HTTP method matcher. When
9870 specified, this route will be matched only if the request
9871 has the specified method. \n Support: Extended"
9872 enum:
9873 - GET
9874 - HEAD
9875 - POST
9876 - PUT
9877 - DELETE
9878 - CONNECT
9879 - OPTIONS
9880 - TRACE
9881 - PATCH
9882 type: string
9883 path:
9884 default:
9885 type: PathPrefix
9886 value: /
9887 description: Path specifies a HTTP request path matcher.
9888 If this field is not specified, a default prefix match
9889 on the "/" path is provided.
9890 properties:
9891 type:
9892 default: PathPrefix
9893 description: "Type specifies how to match against
9894 the path Value. \n Support: Core (Exact, PathPrefix)
9895 \n Support: Implementation-specific (RegularExpression)"
9896 enum:
9897 - Exact
9898 - PathPrefix
9899 - RegularExpression
9900 type: string
9901 value:
9902 default: /
9903 description: Value of the HTTP path to match against.
9904 maxLength: 1024
9905 type: string
9906 type: object
9907 queryParams:
9908 description: "QueryParams specifies HTTP query parameter
9909 matchers. Multiple match values are ANDed together,
9910 meaning, a request must match all the specified query
9911 parameters to select the route. \n Support: Extended"
9912 items:
9913 description: HTTPQueryParamMatch describes how to select
9914 a HTTP route by matching HTTP query parameters.
9915 properties:
9916 name:
9917 description: "Name is the name of the HTTP query
9918 param to be matched. This must be an exact string
9919 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
9920 \n If multiple entries specify equivalent query
9921 param names, only the first entry with an equivalent
9922 name MUST be considered for a match. Subsequent
9923 entries with an equivalent query param name MUST
9924 be ignored. \n If a query param is repeated in
9925 an HTTP request, the behavior is purposely left
9926 undefined, since different data planes have different
9927 capabilities. However, it is *recommended* that
9928 implementations should match against the first
9929 value of the param if the data plane supports
9930 it, as this behavior is expected in other load
9931 balancing contexts outside of the Gateway API.
9932 \n Users SHOULD NOT route traffic based on repeated
9933 query params to guard themselves against potential
9934 differences in the implementations."
9935 maxLength: 256
9936 minLength: 1
9937 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
9938 type: string
9939 type:
9940 default: Exact
9941 description: "Type specifies how to match against
9942 the value of the query parameter. \n Support:
9943 Extended (Exact) \n Support: Implementation-specific
9944 (RegularExpression) \n Since RegularExpression
9945 QueryParamMatchType has Implementation-specific
9946 conformance, implementations can support POSIX,
9947 PCRE or any other dialects of regular expressions.
9948 Please read the implementation's documentation
9949 to determine the supported dialect."
9950 enum:
9951 - Exact
9952 - RegularExpression
9953 type: string
9954 value:
9955 description: Value is the value of HTTP query param
9956 to be matched.
9957 maxLength: 1024
9958 minLength: 1
9959 type: string
9960 required:
9961 - name
9962 - value
9963 type: object
9964 maxItems: 16
9965 type: array
9966 x-kubernetes-list-map-keys:
9967 - name
9968 x-kubernetes-list-type: map
9969 type: object
9970 maxItems: 8
9971 type: array
9972 type: object
9973 maxItems: 16
9974 type: array
9975 type: object
9976 status:
9977 description: Status defines the current state of HTTPRoute.
9978 properties:
9979 parents:
9980 description: "Parents is a list of parent resources (usually Gateways)
9981 that are associated with the route, and the status of the route
9982 with respect to each parent. When this route attaches to a parent,
9983 the controller that manages the parent must add an entry to this
9984 list when the controller first sees the route and should update
9985 the entry as appropriate when the route or gateway is modified.
9986 \n Note that parent references that cannot be resolved by an implementation
9987 of this API will not be added to this list. Implementations of this
9988 API can only populate Route status for the Gateways/parent resources
9989 they are responsible for. \n A maximum of 32 Gateways will be represented
9990 in this list. An empty list means the route has not been attached
9991 to any Gateway."
9992 items:
9993 description: RouteParentStatus describes the status of a route with
9994 respect to an associated Parent.
9995 properties:
9996 conditions:
9997 description: "Conditions describes the status of the route with
9998 respect to the Gateway. Note that the route's availability
9999 is also subject to the Gateway's own status conditions and
10000 listener status. \n If the Route's ParentRef specifies an
10001 existing Gateway that supports Routes of this kind AND that
10002 Gateway's controller has sufficient access, then that Gateway's
10003 controller MUST set the \"Accepted\" condition on the Route,
10004 to indicate whether the route has been accepted or rejected
10005 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
10006 if at least one of the Route's rules is implemented by the
10007 Gateway. \n There are a number of cases where the \"Accepted\"
10008 condition may not be set due to lack of controller visibility,
10009 that includes when: \n * The Route refers to a non-existent
10010 parent. * The Route is of a type that the controller does
10011 not support. * The Route is in a namespace the controller
10012 does not have access to."
10013 items:
10014 description: "Condition contains details for one aspect of
10015 the current state of this API Resource. --- This struct
10016 is intended for direct use as an array at the field path
10017 .status.conditions. For example, \n type FooStatus struct{
10018 // Represents the observations of a foo's current state.
10019 // Known .status.conditions.type are: \"Available\", \"Progressing\",
10020 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
10021 // +listType=map // +listMapKey=type Conditions []metav1.Condition
10022 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
10023 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
10024 }"
10025 properties:
10026 lastTransitionTime:
10027 description: lastTransitionTime is the last time the condition
10028 transitioned from one status to another. This should
10029 be when the underlying condition changed. If that is
10030 not known, then using the time when the API field changed
10031 is acceptable.
10032 format: date-time
10033 type: string
10034 message:
10035 description: message is a human readable message indicating
10036 details about the transition. This may be an empty string.
10037 maxLength: 32768
10038 type: string
10039 observedGeneration:
10040 description: observedGeneration represents the .metadata.generation
10041 that the condition was set based upon. For instance,
10042 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
10043 is 9, the condition is out of date with respect to the
10044 current state of the instance.
10045 format: int64
10046 minimum: 0
10047 type: integer
10048 reason:
10049 description: reason contains a programmatic identifier
10050 indicating the reason for the condition's last transition.
10051 Producers of specific condition types may define expected
10052 values and meanings for this field, and whether the
10053 values are considered a guaranteed API. The value should
10054 be a CamelCase string. This field may not be empty.
10055 maxLength: 1024
10056 minLength: 1
10057 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
10058 type: string
10059 status:
10060 description: status of the condition, one of True, False,
10061 Unknown.
10062 enum:
10063 - "True"
10064 - "False"
10065 - Unknown
10066 type: string
10067 type:
10068 description: type of condition in CamelCase or in foo.example.com/CamelCase.
10069 --- Many .condition.type values are consistent across
10070 resources like Available, but because arbitrary conditions
10071 can be useful (see .node.status.conditions), the ability
10072 to deconflict is important. The regex it matches is
10073 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
10074 maxLength: 316
10075 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
10076 type: string
10077 required:
10078 - lastTransitionTime
10079 - message
10080 - reason
10081 - status
10082 - type
10083 type: object
10084 maxItems: 8
10085 minItems: 1
10086 type: array
10087 x-kubernetes-list-map-keys:
10088 - type
10089 x-kubernetes-list-type: map
10090 controllerName:
10091 description: "ControllerName is a domain/path string that indicates
10092 the name of the controller that wrote this status. This corresponds
10093 with the controllerName field on GatewayClass. \n Example:
10094 \"example.net/gateway-controller\". \n The format of this
10095 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
10096 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
10097 \n Controllers MUST populate this field when writing status.
10098 Controllers should ensure that entries to status populated
10099 with their ControllerName are cleaned up when they are no
10100 longer necessary."
10101 maxLength: 253
10102 minLength: 1
10103 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
10104 type: string
10105 parentRef:
10106 description: ParentRef corresponds with a ParentRef in the spec
10107 that this RouteParentStatus struct describes the status of.
10108 properties:
10109 group:
10110 default: gateway.networking.k8s.io
10111 description: "Group is the group of the referent. When unspecified,
10112 \"gateway.networking.k8s.io\" is inferred. To set the
10113 core API group (such as for a \"Service\" kind referent),
10114 Group must be explicitly set to \"\" (empty string). \n
10115 Support: Core"
10116 maxLength: 253
10117 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10118 type: string
10119 kind:
10120 default: Gateway
10121 description: "Kind is kind of the referent. \n Support:
10122 Core (Gateway) \n Support: Implementation-specific (Other
10123 Resources)"
10124 maxLength: 63
10125 minLength: 1
10126 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10127 type: string
10128 name:
10129 description: "Name is the name of the referent. \n Support:
10130 Core"
10131 maxLength: 253
10132 minLength: 1
10133 type: string
10134 namespace:
10135 description: "Namespace is the namespace of the referent.
10136 When unspecified, this refers to the local namespace of
10137 the Route. \n Note that there are specific rules for ParentRefs
10138 which cross namespace boundaries. Cross-namespace references
10139 are only valid if they are explicitly allowed by something
10140 in the namespace they are referring to. For example: Gateway
10141 has the AllowedRoutes field, and ReferenceGrant provides
10142 a generic way to enable any other kind of cross-namespace
10143 reference. \n Support: Core"
10144 maxLength: 63
10145 minLength: 1
10146 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
10147 type: string
10148 port:
10149 description: "Port is the network port this Route targets.
10150 It can be interpreted differently based on the type of
10151 parent resource. \n When the parent resource is a Gateway,
10152 this targets all listeners listening on the specified
10153 port that also support this kind of Route(and select this
10154 Route). It's not recommended to set `Port` unless the
10155 networking behaviors specified in a Route must apply to
10156 a specific port as opposed to a listener(s) whose port(s)
10157 may be changed. When both Port and SectionName are specified,
10158 the name and port of the selected listener must match
10159 both specified values. \n Implementations MAY choose to
10160 support other parent resources. Implementations supporting
10161 other types of parent resources MUST clearly document
10162 how/if Port is interpreted. \n For the purpose of status,
10163 an attachment is considered successful as long as the
10164 parent resource accepts it partially. For example, Gateway
10165 listeners can restrict which Routes can attach to them
10166 by Route kind, namespace, or hostname. If 1 of 2 Gateway
10167 listeners accept attachment from the referencing Route,
10168 the Route MUST be considered successfully attached. If
10169 no Gateway listeners accept attachment from this Route,
10170 the Route MUST be considered detached from the Gateway.
10171 \n Support: Extended \n <gateway:experimental>"
10172 format: int32
10173 maximum: 65535
10174 minimum: 1
10175 type: integer
10176 sectionName:
10177 description: "SectionName is the name of a section within
10178 the target resource. In the following resources, SectionName
10179 is interpreted as the following: \n * Gateway: Listener
10180 Name. When both Port (experimental) and SectionName are
10181 specified, the name and port of the selected listener
10182 must match both specified values. \n Implementations MAY
10183 choose to support attaching Routes to other resources.
10184 If that is the case, they MUST clearly document how SectionName
10185 is interpreted. \n When unspecified (empty string), this
10186 will reference the entire resource. For the purpose of
10187 status, an attachment is considered successful if at least
10188 one section in the parent resource accepts it. For example,
10189 Gateway listeners can restrict which Routes can attach
10190 to them by Route kind, namespace, or hostname. If 1 of
10191 2 Gateway listeners accept attachment from the referencing
10192 Route, the Route MUST be considered successfully attached.
10193 If no Gateway listeners accept attachment from this Route,
10194 the Route MUST be considered detached from the Gateway.
10195 \n Support: Core"
10196 maxLength: 253
10197 minLength: 1
10198 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10199 type: string
10200 required:
10201 - name
10202 type: object
10203 required:
10204 - controllerName
10205 - parentRef
10206 type: object
10207 maxItems: 32
10208 type: array
10209 required:
10210 - parents
10211 type: object
10212 required:
10213 - spec
10214 type: object
10215 served: true
10216 storage: true
10217 subresources:
10218 status: {}
10219status:
10220 acceptedNames:
10221 kind: ""
10222 plural: ""
10223 conditions: null
10224 storedVersions: null
10225
10226---
10227# Source: linkerd-crds/templates/gateway.networking.k8s.io_grpcroutes.yaml
10228
10229---
10230apiVersion: apiextensions.k8s.io/v1
10231kind: CustomResourceDefinition
10232metadata:
10233 annotations:
10234 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
10235 gateway.networking.k8s.io/bundle-version: v0.7.1
10236 gateway.networking.k8s.io/channel: experimental
10237 linkerd.io/created-by: linkerd/helm linkerd-version
10238 labels:
10239 helm.sh/chart: linkerd-crds-
10240 linkerd.io/control-plane-ns: linkerd-dev
10241 creationTimestamp: null
10242 name: grpcroutes.gateway.networking.k8s.io
10243spec:
10244 group: gateway.networking.k8s.io
10245 names:
10246 categories:
10247 - gateway-api
10248 kind: GRPCRoute
10249 listKind: GRPCRouteList
10250 plural: grpcroutes
10251 singular: grpcroute
10252 scope: Namespaced
10253 versions:
10254 - additionalPrinterColumns:
10255 - jsonPath: .spec.hostnames
10256 name: Hostnames
10257 type: string
10258 - jsonPath: .metadata.creationTimestamp
10259 name: Age
10260 type: date
10261 name: v1alpha2
10262 schema:
10263 openAPIV3Schema:
10264 description: "GRPCRoute provides a way to route gRPC requests. This includes
10265 the capability to match requests by hostname, gRPC service, gRPC method,
10266 or HTTP/2 header. Filters can be used to specify additional processing steps.
10267 Backends specify where matching requests will be routed. \n GRPCRoute falls
10268 under extended support within the Gateway API. Within the following specification,
10269 the word \"MUST\" indicates that an implementation supporting GRPCRoute
10270 must conform to the indicated requirement, but an implementation not supporting
10271 this route type need not follow the requirement unless explicitly indicated.
10272 \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType`
10273 MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1,
10274 i.e. via ALPN. If the implementation does not support this, then it MUST
10275 set the \"Accepted\" condition to \"False\" for the affected listener with
10276 a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2
10277 connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute`
10278 with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c,
10279 https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade
10280 from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4).
10281 If the implementation does not support this, then it MUST set the \"Accepted\"
10282 condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\".
10283 Implementations MAY also accept HTTP/2 connections with an upgrade from
10284 HTTP/1, i.e. without prior knowledge. \n Support: Extended"
10285 properties:
10286 apiVersion:
10287 description: 'APIVersion defines the versioned schema of this representation
10288 of an object. Servers should convert recognized schemas to the latest
10289 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
10290 type: string
10291 kind:
10292 description: 'Kind is a string value representing the REST resource this
10293 object represents. Servers may infer this from the endpoint the client
10294 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
10295 type: string
10296 metadata:
10297 type: object
10298 spec:
10299 description: Spec defines the desired state of GRPCRoute.
10300 properties:
10301 hostnames:
10302 description: "Hostnames defines a set of hostnames to match against
10303 the GRPC Host header to select a GRPCRoute to process the request.
10304 This matches the RFC 1123 definition of a hostname with 2 notable
10305 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
10306 with a wildcard label (`*.`). The wildcard label MUST appear by
10307 itself as the first label. \n If a hostname is specified by both
10308 the Listener and GRPCRoute, there MUST be at least one intersecting
10309 hostname for the GRPCRoute to be attached to the Listener. For example:
10310 \n * A Listener with `test.example.com` as the hostname matches
10311 GRPCRoutes that have either not specified any hostnames, or have
10312 specified at least one of `test.example.com` or `*.example.com`.
10313 * A Listener with `*.example.com` as the hostname matches GRPCRoutes
10314 that have either not specified any hostnames or have specified at
10315 least one hostname that matches the Listener hostname. For example,
10316 `test.example.com` and `*.example.com` would both match. On the
10317 other hand, `example.com` and `test.example.net` would not match.
10318 \n Hostnames that are prefixed with a wildcard label (`*.`) are
10319 interpreted as a suffix match. That means that a match for `*.example.com`
10320 would match both `test.example.com`, and `foo.test.example.com`,
10321 but not `example.com`. \n If both the Listener and GRPCRoute have
10322 specified hostnames, any GRPCRoute hostnames that do not match the
10323 Listener hostname MUST be ignored. For example, if a Listener specified
10324 `*.example.com`, and the GRPCRoute specified `test.example.com`
10325 and `test.example.net`, `test.example.net` MUST NOT be considered
10326 for a match. \n If both the Listener and GRPCRoute have specified
10327 hostnames, and none match with the criteria above, then the GRPCRoute
10328 MUST NOT be accepted by the implementation. The implementation MUST
10329 raise an 'Accepted' Condition with a status of `False` in the corresponding
10330 RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute
10331 is attached to a Listener and that listener already has another
10332 Route (B) of the other type attached and the intersection of the
10333 hostnames of A and B is non-empty, then the implementation MUST
10334 accept exactly one of these two routes, determined by the following
10335 criteria, in order: \n * The oldest Route based on creation timestamp.
10336 * The Route appearing first in alphabetical order by \"{namespace}/{name}\".
10337 \n The rejected Route MUST raise an 'Accepted' condition with a
10338 status of 'False' in the corresponding RouteParentStatus. \n Support:
10339 Core"
10340 items:
10341 description: "Hostname is the fully qualified domain name of a network
10342 host. This matches the RFC 1123 definition of a hostname with
10343 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
10344 may be prefixed with a wildcard label (`*.`). The wildcard label
10345 must appear by itself as the first label. \n Hostname can be \"precise\"
10346 which is a domain name without the terminating dot of a network
10347 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
10348 name prefixed with a single wildcard label (e.g. `*.example.com`).
10349 \n Note that as per RFC1035 and RFC1123, a *label* must consist
10350 of lower case alphanumeric characters or '-', and must start and
10351 end with an alphanumeric character. No other punctuation is allowed."
10352 maxLength: 253
10353 minLength: 1
10354 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10355 type: string
10356 maxItems: 16
10357 type: array
10358 parentRefs:
10359 description: "ParentRefs references the resources (usually Gateways)
10360 that a Route wants to be attached to. Note that the referenced parent
10361 resource needs to allow this for the attachment to be complete.
10362 For Gateways, that means the Gateway needs to allow attachment from
10363 Routes of this kind and namespace. \n The only kind of parent resource
10364 with \"Core\" support is Gateway. This API may be extended in the
10365 future to support additional kinds of parent resources such as one
10366 of the route kinds. \n It is invalid to reference an identical parent
10367 more than once. It is valid to reference multiple distinct sections
10368 within the same parent resource, such as 2 Listeners within a Gateway.
10369 \n It is possible to separately reference multiple distinct objects
10370 that may be collapsed by an implementation. For example, some implementations
10371 may choose to merge compatible Gateway Listeners together. If that
10372 is the case, the list of routes attached to those resources should
10373 also be merged. \n Note that for ParentRefs that cross namespace
10374 boundaries, there are specific rules. Cross-namespace references
10375 are only valid if they are explicitly allowed by something in the
10376 namespace they are referring to. For example, Gateway has the AllowedRoutes
10377 field, and ReferenceGrant provides a generic way to enable any other
10378 kind of cross-namespace reference."
10379 items:
10380 description: "ParentReference identifies an API object (usually
10381 a Gateway) that can be considered a parent of this resource (usually
10382 a route). The only kind of parent resource with \"Core\" support
10383 is Gateway. This API may be extended in the future to support
10384 additional kinds of parent resources, such as HTTPRoute. \n The
10385 API object must be valid in the cluster; the Group and Kind must
10386 be registered in the cluster for this reference to be valid."
10387 properties:
10388 group:
10389 default: gateway.networking.k8s.io
10390 description: "Group is the group of the referent. When unspecified,
10391 \"gateway.networking.k8s.io\" is inferred. To set the core
10392 API group (such as for a \"Service\" kind referent), Group
10393 must be explicitly set to \"\" (empty string). \n Support:
10394 Core"
10395 maxLength: 253
10396 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10397 type: string
10398 kind:
10399 default: Gateway
10400 description: "Kind is kind of the referent. \n Support: Core
10401 (Gateway) \n Support: Implementation-specific (Other Resources)"
10402 maxLength: 63
10403 minLength: 1
10404 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10405 type: string
10406 name:
10407 description: "Name is the name of the referent. \n Support:
10408 Core"
10409 maxLength: 253
10410 minLength: 1
10411 type: string
10412 namespace:
10413 description: "Namespace is the namespace of the referent. When
10414 unspecified, this refers to the local namespace of the Route.
10415 \n Note that there are specific rules for ParentRefs which
10416 cross namespace boundaries. Cross-namespace references are
10417 only valid if they are explicitly allowed by something in
10418 the namespace they are referring to. For example: Gateway
10419 has the AllowedRoutes field, and ReferenceGrant provides a
10420 generic way to enable any other kind of cross-namespace reference.
10421 \n Support: Core"
10422 maxLength: 63
10423 minLength: 1
10424 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
10425 type: string
10426 port:
10427 description: "Port is the network port this Route targets. It
10428 can be interpreted differently based on the type of parent
10429 resource. \n When the parent resource is a Gateway, this targets
10430 all listeners listening on the specified port that also support
10431 this kind of Route(and select this Route). It's not recommended
10432 to set `Port` unless the networking behaviors specified in
10433 a Route must apply to a specific port as opposed to a listener(s)
10434 whose port(s) may be changed. When both Port and SectionName
10435 are specified, the name and port of the selected listener
10436 must match both specified values. \n Implementations MAY choose
10437 to support other parent resources. Implementations supporting
10438 other types of parent resources MUST clearly document how/if
10439 Port is interpreted. \n For the purpose of status, an attachment
10440 is considered successful as long as the parent resource accepts
10441 it partially. For example, Gateway listeners can restrict
10442 which Routes can attach to them by Route kind, namespace,
10443 or hostname. If 1 of 2 Gateway listeners accept attachment
10444 from the referencing Route, the Route MUST be considered successfully
10445 attached. If no Gateway listeners accept attachment from this
10446 Route, the Route MUST be considered detached from the Gateway.
10447 \n Support: Extended \n <gateway:experimental>"
10448 format: int32
10449 maximum: 65535
10450 minimum: 1
10451 type: integer
10452 sectionName:
10453 description: "SectionName is the name of a section within the
10454 target resource. In the following resources, SectionName is
10455 interpreted as the following: \n * Gateway: Listener Name.
10456 When both Port (experimental) and SectionName are specified,
10457 the name and port of the selected listener must match both
10458 specified values. \n Implementations MAY choose to support
10459 attaching Routes to other resources. If that is the case,
10460 they MUST clearly document how SectionName is interpreted.
10461 \n When unspecified (empty string), this will reference the
10462 entire resource. For the purpose of status, an attachment
10463 is considered successful if at least one section in the parent
10464 resource accepts it. For example, Gateway listeners can restrict
10465 which Routes can attach to them by Route kind, namespace,
10466 or hostname. If 1 of 2 Gateway listeners accept attachment
10467 from the referencing Route, the Route MUST be considered successfully
10468 attached. If no Gateway listeners accept attachment from this
10469 Route, the Route MUST be considered detached from the Gateway.
10470 \n Support: Core"
10471 maxLength: 253
10472 minLength: 1
10473 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10474 type: string
10475 required:
10476 - name
10477 type: object
10478 maxItems: 32
10479 type: array
10480 rules:
10481 default:
10482 - matches:
10483 - method:
10484 type: Exact
10485 description: Rules are a list of GRPC matchers, filters and actions.
10486 items:
10487 description: GRPCRouteRule defines the semantics for matching a
10488 gRPC request based on conditions (matches), processing it (filters),
10489 and forwarding the request to an API object (backendRefs).
10490 properties:
10491 backendRefs:
10492 description: "BackendRefs defines the backend(s) where matching
10493 requests should be sent. \n Failure behavior here depends
10494 on how many BackendRefs are specified and how many are invalid.
10495 \n If *all* entries in BackendRefs are invalid, and there
10496 are also no filters specified in this route rule, *all* traffic
10497 which matches this rule MUST receive an `UNAVAILABLE` status.
10498 \n See the GRPCBackendRef definition for the rules about what
10499 makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef
10500 is invalid, `UNAVAILABLE` statuses MUST be returned for requests
10501 that would have otherwise been routed to an invalid backend.
10502 If multiple backends are specified, and some are invalid,
10503 the proportion of requests that would otherwise have been
10504 routed to an invalid backend MUST receive an `UNAVAILABLE`
10505 status. \n For example, if two backends are specified with
10506 equal weights, and one is invalid, 50 percent of traffic MUST
10507 receive an `UNAVAILABLE` status. Implementations may choose
10508 how that 50 percent is determined. \n Support: Core for Kubernetes
10509 Service \n Support: Implementation-specific for any other
10510 resource \n Support for weight: Core"
10511 items:
10512 description: GRPCBackendRef defines how a GRPCRoute forwards
10513 a gRPC request.
10514 properties:
10515 filters:
10516 description: "Filters defined at this level MUST be executed
10517 if and only if the request is being forwarded to the
10518 backend defined here. \n Support: Implementation-specific
10519 (For broader support of filters, use the Filters field
10520 in GRPCRouteRule.)"
10521 items:
10522 description: GRPCRouteFilter defines processing steps
10523 that must be completed during the request or response
10524 lifecycle. GRPCRouteFilters are meant as an extension
10525 point to express processing that may be done in Gateway
10526 implementations. Some examples include request or
10527 response modification, implementing authentication
10528 strategies, rate-limiting, and traffic shaping. API
10529 guarantee/conformance is defined based on the type
10530 of the filter.
10531 properties:
10532 extensionRef:
10533 description: "ExtensionRef is an optional, implementation-specific
10534 extension to the \"filter\" behavior. For example,
10535 resource \"myroutefilter\" in group \"networking.example.net\").
10536 ExtensionRef MUST NOT be used for core and extended
10537 filters. \n Support: Implementation-specific"
10538 properties:
10539 group:
10540 description: Group is the group of the referent.
10541 For example, "gateway.networking.k8s.io".
10542 When unspecified or empty string, core API
10543 group is inferred.
10544 maxLength: 253
10545 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10546 type: string
10547 kind:
10548 description: Kind is kind of the referent. For
10549 example "HTTPRoute" or "Service".
10550 maxLength: 63
10551 minLength: 1
10552 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10553 type: string
10554 name:
10555 description: Name is the name of the referent.
10556 maxLength: 253
10557 minLength: 1
10558 type: string
10559 required:
10560 - group
10561 - kind
10562 - name
10563 type: object
10564 requestHeaderModifier:
10565 description: "RequestHeaderModifier defines a schema
10566 for a filter that modifies request headers. \n
10567 Support: Core"
10568 properties:
10569 add:
10570 description: "Add adds the given header(s) (name,
10571 value) to the request before the action. It
10572 appends to any existing values associated
10573 with the header name. \n Input: GET /foo HTTP/1.1
10574 my-header: foo \n Config: add: - name: \"my-header\"
10575 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
10576 my-header: foo,bar,baz"
10577 items:
10578 description: HTTPHeader represents an HTTP
10579 Header name and value as defined by RFC
10580 7230.
10581 properties:
10582 name:
10583 description: "Name is the name of the
10584 HTTP Header to be matched. Name matching
10585 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
10586 \n If multiple entries specify equivalent
10587 header names, the first entry with an
10588 equivalent name MUST be considered for
10589 a match. Subsequent entries with an
10590 equivalent header name MUST be ignored.
10591 Due to the case-insensitivity of header
10592 names, \"foo\" and \"Foo\" are considered
10593 equivalent."
10594 maxLength: 256
10595 minLength: 1
10596 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
10597 type: string
10598 value:
10599 description: Value is the value of HTTP
10600 Header to be matched.
10601 maxLength: 4096
10602 minLength: 1
10603 type: string
10604 required:
10605 - name
10606 - value
10607 type: object
10608 maxItems: 16
10609 type: array
10610 x-kubernetes-list-map-keys:
10611 - name
10612 x-kubernetes-list-type: map
10613 remove:
10614 description: "Remove the given header(s) from
10615 the HTTP request before the action. The value
10616 of Remove is a list of HTTP header names.
10617 Note that the header names are case-insensitive
10618 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
10619 \n Input: GET /foo HTTP/1.1 my-header1: foo
10620 my-header2: bar my-header3: baz \n Config:
10621 remove: [\"my-header1\", \"my-header3\"] \n
10622 Output: GET /foo HTTP/1.1 my-header2: bar"
10623 items:
10624 type: string
10625 maxItems: 16
10626 type: array
10627 set:
10628 description: "Set overwrites the request with
10629 the given header (name, value) before the
10630 action. \n Input: GET /foo HTTP/1.1 my-header:
10631 foo \n Config: set: - name: \"my-header\"
10632 value: \"bar\" \n Output: GET /foo HTTP/1.1
10633 my-header: bar"
10634 items:
10635 description: HTTPHeader represents an HTTP
10636 Header name and value as defined by RFC
10637 7230.
10638 properties:
10639 name:
10640 description: "Name is the name of the
10641 HTTP Header to be matched. Name matching
10642 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
10643 \n If multiple entries specify equivalent
10644 header names, the first entry with an
10645 equivalent name MUST be considered for
10646 a match. Subsequent entries with an
10647 equivalent header name MUST be ignored.
10648 Due to the case-insensitivity of header
10649 names, \"foo\" and \"Foo\" are considered
10650 equivalent."
10651 maxLength: 256
10652 minLength: 1
10653 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
10654 type: string
10655 value:
10656 description: Value is the value of HTTP
10657 Header to be matched.
10658 maxLength: 4096
10659 minLength: 1
10660 type: string
10661 required:
10662 - name
10663 - value
10664 type: object
10665 maxItems: 16
10666 type: array
10667 x-kubernetes-list-map-keys:
10668 - name
10669 x-kubernetes-list-type: map
10670 type: object
10671 requestMirror:
10672 description: "RequestMirror defines a schema for
10673 a filter that mirrors requests. Requests are sent
10674 to the specified destination, but responses from
10675 that destination are ignored. \n Support: Extended"
10676 properties:
10677 backendRef:
10678 description: "BackendRef references a resource
10679 where mirrored requests are sent. \n If the
10680 referent cannot be found, this BackendRef
10681 is invalid and must be dropped from the Gateway.
10682 The controller must ensure the \"ResolvedRefs\"
10683 condition on the Route status is set to `status:
10684 False` and not configure this backend in the
10685 underlying implementation. \n If there is
10686 a cross-namespace reference to an *existing*
10687 object that is not allowed by a ReferenceGrant,
10688 the controller must ensure the \"ResolvedRefs\"
10689 \ condition on the Route is set to `status:
10690 False`, with the \"RefNotPermitted\" reason
10691 and not configure this backend in the underlying
10692 implementation. \n In either error case, the
10693 Message of the `ResolvedRefs` Condition should
10694 be used to provide more detail about the problem.
10695 \n Support: Extended for Kubernetes Service
10696 \n Support: Implementation-specific for any
10697 other resource"
10698 properties:
10699 group:
10700 default: ""
10701 description: Group is the group of the referent.
10702 For example, "gateway.networking.k8s.io".
10703 When unspecified or empty string, core
10704 API group is inferred.
10705 maxLength: 253
10706 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10707 type: string
10708 kind:
10709 default: Service
10710 description: "Kind is the Kubernetes resource
10711 kind of the referent. For example \"Service\".
10712 \n Defaults to \"Service\" when not specified.
10713 \n ExternalName services can refer to
10714 CNAME DNS records that may live outside
10715 of the cluster and as such are difficult
10716 to reason about in terms of conformance.
10717 They also may not be safe to forward to
10718 (see CVE-2021-25740 for more information).
10719 Implementations SHOULD NOT support ExternalName
10720 Services. \n Support: Core (Services with
10721 a type other than ExternalName) \n Support:
10722 Implementation-specific (Services with
10723 type ExternalName)"
10724 maxLength: 63
10725 minLength: 1
10726 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10727 type: string
10728 name:
10729 description: Name is the name of the referent.
10730 maxLength: 253
10731 minLength: 1
10732 type: string
10733 namespace:
10734 description: "Namespace is the namespace
10735 of the backend. When unspecified, the
10736 local namespace is inferred. \n Note that
10737 when a namespace different than the local
10738 namespace is specified, a ReferenceGrant
10739 object is required in the referent namespace
10740 to allow that namespace's owner to accept
10741 the reference. See the ReferenceGrant
10742 documentation for details. \n Support:
10743 Core"
10744 maxLength: 63
10745 minLength: 1
10746 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
10747 type: string
10748 port:
10749 description: Port specifies the destination
10750 port number to use for this resource.
10751 Port is required when the referent is
10752 a Kubernetes Service. In this case, the
10753 port number is the service port number,
10754 not the target port. For other resources,
10755 destination port might be derived from
10756 the referent resource or this field.
10757 format: int32
10758 maximum: 65535
10759 minimum: 1
10760 type: integer
10761 required:
10762 - name
10763 type: object
10764 required:
10765 - backendRef
10766 type: object
10767 responseHeaderModifier:
10768 description: "ResponseHeaderModifier defines a schema
10769 for a filter that modifies response headers. \n
10770 Support: Extended"
10771 properties:
10772 add:
10773 description: "Add adds the given header(s) (name,
10774 value) to the request before the action. It
10775 appends to any existing values associated
10776 with the header name. \n Input: GET /foo HTTP/1.1
10777 my-header: foo \n Config: add: - name: \"my-header\"
10778 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
10779 my-header: foo,bar,baz"
10780 items:
10781 description: HTTPHeader represents an HTTP
10782 Header name and value as defined by RFC
10783 7230.
10784 properties:
10785 name:
10786 description: "Name is the name of the
10787 HTTP Header to be matched. Name matching
10788 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
10789 \n If multiple entries specify equivalent
10790 header names, the first entry with an
10791 equivalent name MUST be considered for
10792 a match. Subsequent entries with an
10793 equivalent header name MUST be ignored.
10794 Due to the case-insensitivity of header
10795 names, \"foo\" and \"Foo\" are considered
10796 equivalent."
10797 maxLength: 256
10798 minLength: 1
10799 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
10800 type: string
10801 value:
10802 description: Value is the value of HTTP
10803 Header to be matched.
10804 maxLength: 4096
10805 minLength: 1
10806 type: string
10807 required:
10808 - name
10809 - value
10810 type: object
10811 maxItems: 16
10812 type: array
10813 x-kubernetes-list-map-keys:
10814 - name
10815 x-kubernetes-list-type: map
10816 remove:
10817 description: "Remove the given header(s) from
10818 the HTTP request before the action. The value
10819 of Remove is a list of HTTP header names.
10820 Note that the header names are case-insensitive
10821 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
10822 \n Input: GET /foo HTTP/1.1 my-header1: foo
10823 my-header2: bar my-header3: baz \n Config:
10824 remove: [\"my-header1\", \"my-header3\"] \n
10825 Output: GET /foo HTTP/1.1 my-header2: bar"
10826 items:
10827 type: string
10828 maxItems: 16
10829 type: array
10830 set:
10831 description: "Set overwrites the request with
10832 the given header (name, value) before the
10833 action. \n Input: GET /foo HTTP/1.1 my-header:
10834 foo \n Config: set: - name: \"my-header\"
10835 value: \"bar\" \n Output: GET /foo HTTP/1.1
10836 my-header: bar"
10837 items:
10838 description: HTTPHeader represents an HTTP
10839 Header name and value as defined by RFC
10840 7230.
10841 properties:
10842 name:
10843 description: "Name is the name of the
10844 HTTP Header to be matched. Name matching
10845 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
10846 \n If multiple entries specify equivalent
10847 header names, the first entry with an
10848 equivalent name MUST be considered for
10849 a match. Subsequent entries with an
10850 equivalent header name MUST be ignored.
10851 Due to the case-insensitivity of header
10852 names, \"foo\" and \"Foo\" are considered
10853 equivalent."
10854 maxLength: 256
10855 minLength: 1
10856 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
10857 type: string
10858 value:
10859 description: Value is the value of HTTP
10860 Header to be matched.
10861 maxLength: 4096
10862 minLength: 1
10863 type: string
10864 required:
10865 - name
10866 - value
10867 type: object
10868 maxItems: 16
10869 type: array
10870 x-kubernetes-list-map-keys:
10871 - name
10872 x-kubernetes-list-type: map
10873 type: object
10874 type:
10875 description: "Type identifies the type of filter
10876 to apply. As with other API fields, types are
10877 classified into three conformance levels: \n -
10878 Core: Filter types and their corresponding configuration
10879 defined by \"Support: Core\" in this package,
10880 e.g. \"RequestHeaderModifier\". All implementations
10881 supporting GRPCRoute MUST support core filters.
10882 \n - Extended: Filter types and their corresponding
10883 configuration defined by \"Support: Extended\"
10884 in this package, e.g. \"RequestMirror\". Implementers
10885 are encouraged to support extended filters. \n
10886 - Implementation-specific: Filters that are defined
10887 and supported by specific vendors. In the future,
10888 filters showing convergence in behavior across
10889 multiple implementations will be considered for
10890 inclusion in extended or core conformance levels.
10891 Filter-specific configuration for such filters
10892 is specified using the ExtensionRef field. `Type`
10893 MUST be set to \"ExtensionRef\" for custom filters.
10894 \n Implementers are encouraged to define custom
10895 implementation types to extend the core API with
10896 implementation-specific behavior. \n If a reference
10897 to a custom filter type cannot be resolved, the
10898 filter MUST NOT be skipped. Instead, requests
10899 that would have been processed by that filter
10900 MUST receive a HTTP error response. \n "
10901 enum:
10902 - ResponseHeaderModifier
10903 - RequestHeaderModifier
10904 - RequestMirror
10905 - ExtensionRef
10906 type: string
10907 required:
10908 - type
10909 type: object
10910 maxItems: 16
10911 type: array
10912 group:
10913 default: ""
10914 description: Group is the group of the referent. For example,
10915 "gateway.networking.k8s.io". When unspecified or empty
10916 string, core API group is inferred.
10917 maxLength: 253
10918 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
10919 type: string
10920 kind:
10921 default: Service
10922 description: "Kind is the Kubernetes resource kind of
10923 the referent. For example \"Service\". \n Defaults to
10924 \"Service\" when not specified. \n ExternalName services
10925 can refer to CNAME DNS records that may live outside
10926 of the cluster and as such are difficult to reason about
10927 in terms of conformance. They also may not be safe to
10928 forward to (see CVE-2021-25740 for more information).
10929 Implementations SHOULD NOT support ExternalName Services.
10930 \n Support: Core (Services with a type other than ExternalName)
10931 \n Support: Implementation-specific (Services with type
10932 ExternalName)"
10933 maxLength: 63
10934 minLength: 1
10935 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
10936 type: string
10937 name:
10938 description: Name is the name of the referent.
10939 maxLength: 253
10940 minLength: 1
10941 type: string
10942 namespace:
10943 description: "Namespace is the namespace of the backend.
10944 When unspecified, the local namespace is inferred. \n
10945 Note that when a namespace different than the local
10946 namespace is specified, a ReferenceGrant object is required
10947 in the referent namespace to allow that namespace's
10948 owner to accept the reference. See the ReferenceGrant
10949 documentation for details. \n Support: Core"
10950 maxLength: 63
10951 minLength: 1
10952 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
10953 type: string
10954 port:
10955 description: Port specifies the destination port number
10956 to use for this resource. Port is required when the
10957 referent is a Kubernetes Service. In this case, the
10958 port number is the service port number, not the target
10959 port. For other resources, destination port might be
10960 derived from the referent resource or this field.
10961 format: int32
10962 maximum: 65535
10963 minimum: 1
10964 type: integer
10965 weight:
10966 default: 1
10967 description: "Weight specifies the proportion of requests
10968 forwarded to the referenced backend. This is computed
10969 as weight/(sum of all weights in this BackendRefs list).
10970 For non-zero values, there may be some epsilon from
10971 the exact proportion defined here depending on the precision
10972 an implementation supports. Weight is not a percentage
10973 and the sum of weights does not need to equal 100. \n
10974 If only one backend is specified and it has a weight
10975 greater than 0, 100% of the traffic is forwarded to
10976 that backend. If weight is set to 0, no traffic should
10977 be forwarded for this entry. If unspecified, weight
10978 defaults to 1. \n Support for this field varies based
10979 on the context where used."
10980 format: int32
10981 maximum: 1000000
10982 minimum: 0
10983 type: integer
10984 required:
10985 - name
10986 type: object
10987 maxItems: 16
10988 type: array
10989 filters:
10990 description: "Filters define the filters that are applied to
10991 requests that match this rule. \n The effects of ordering
10992 of multiple behaviors are currently unspecified. This can
10993 change in the future based on feedback during the alpha stage.
10994 \n Conformance-levels at this level are defined based on the
10995 type of filter: \n - ALL core filters MUST be supported by
10996 all implementations that support GRPCRoute. - Implementers
10997 are encouraged to support extended filters. - Implementation-specific
10998 custom filters have no API guarantees across implementations.
10999 \n Specifying a core filter multiple times has unspecified
11000 or implementation-specific conformance. Support: Core"
11001 items:
11002 description: GRPCRouteFilter defines processing steps that
11003 must be completed during the request or response lifecycle.
11004 GRPCRouteFilters are meant as an extension point to express
11005 processing that may be done in Gateway implementations.
11006 Some examples include request or response modification,
11007 implementing authentication strategies, rate-limiting, and
11008 traffic shaping. API guarantee/conformance is defined based
11009 on the type of the filter.
11010 properties:
11011 extensionRef:
11012 description: "ExtensionRef is an optional, implementation-specific
11013 extension to the \"filter\" behavior. For example,
11014 resource \"myroutefilter\" in group \"networking.example.net\").
11015 ExtensionRef MUST NOT be used for core and extended
11016 filters. \n Support: Implementation-specific"
11017 properties:
11018 group:
11019 description: Group is the group of the referent. For
11020 example, "gateway.networking.k8s.io". When unspecified
11021 or empty string, core API group is inferred.
11022 maxLength: 253
11023 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
11024 type: string
11025 kind:
11026 description: Kind is kind of the referent. For example
11027 "HTTPRoute" or "Service".
11028 maxLength: 63
11029 minLength: 1
11030 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
11031 type: string
11032 name:
11033 description: Name is the name of the referent.
11034 maxLength: 253
11035 minLength: 1
11036 type: string
11037 required:
11038 - group
11039 - kind
11040 - name
11041 type: object
11042 requestHeaderModifier:
11043 description: "RequestHeaderModifier defines a schema for
11044 a filter that modifies request headers. \n Support:
11045 Core"
11046 properties:
11047 add:
11048 description: "Add adds the given header(s) (name,
11049 value) to the request before the action. It appends
11050 to any existing values associated with the header
11051 name. \n Input: GET /foo HTTP/1.1 my-header: foo
11052 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
11053 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
11054 items:
11055 description: HTTPHeader represents an HTTP Header
11056 name and value as defined by RFC 7230.
11057 properties:
11058 name:
11059 description: "Name is the name of the HTTP Header
11060 to be matched. Name matching MUST be case
11061 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
11062 \n If multiple entries specify equivalent
11063 header names, the first entry with an equivalent
11064 name MUST be considered for a match. Subsequent
11065 entries with an equivalent header name MUST
11066 be ignored. Due to the case-insensitivity
11067 of header names, \"foo\" and \"Foo\" are considered
11068 equivalent."
11069 maxLength: 256
11070 minLength: 1
11071 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11072 type: string
11073 value:
11074 description: Value is the value of HTTP Header
11075 to be matched.
11076 maxLength: 4096
11077 minLength: 1
11078 type: string
11079 required:
11080 - name
11081 - value
11082 type: object
11083 maxItems: 16
11084 type: array
11085 x-kubernetes-list-map-keys:
11086 - name
11087 x-kubernetes-list-type: map
11088 remove:
11089 description: "Remove the given header(s) from the
11090 HTTP request before the action. The value of Remove
11091 is a list of HTTP header names. Note that the header
11092 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
11093 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
11094 bar my-header3: baz \n Config: remove: [\"my-header1\",
11095 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
11096 bar"
11097 items:
11098 type: string
11099 maxItems: 16
11100 type: array
11101 set:
11102 description: "Set overwrites the request with the
11103 given header (name, value) before the action. \n
11104 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
11105 set: - name: \"my-header\" value: \"bar\" \n Output:
11106 GET /foo HTTP/1.1 my-header: bar"
11107 items:
11108 description: HTTPHeader represents an HTTP Header
11109 name and value as defined by RFC 7230.
11110 properties:
11111 name:
11112 description: "Name is the name of the HTTP Header
11113 to be matched. Name matching MUST be case
11114 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
11115 \n If multiple entries specify equivalent
11116 header names, the first entry with an equivalent
11117 name MUST be considered for a match. Subsequent
11118 entries with an equivalent header name MUST
11119 be ignored. Due to the case-insensitivity
11120 of header names, \"foo\" and \"Foo\" are considered
11121 equivalent."
11122 maxLength: 256
11123 minLength: 1
11124 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11125 type: string
11126 value:
11127 description: Value is the value of HTTP Header
11128 to be matched.
11129 maxLength: 4096
11130 minLength: 1
11131 type: string
11132 required:
11133 - name
11134 - value
11135 type: object
11136 maxItems: 16
11137 type: array
11138 x-kubernetes-list-map-keys:
11139 - name
11140 x-kubernetes-list-type: map
11141 type: object
11142 requestMirror:
11143 description: "RequestMirror defines a schema for a filter
11144 that mirrors requests. Requests are sent to the specified
11145 destination, but responses from that destination are
11146 ignored. \n Support: Extended"
11147 properties:
11148 backendRef:
11149 description: "BackendRef references a resource where
11150 mirrored requests are sent. \n If the referent cannot
11151 be found, this BackendRef is invalid and must be
11152 dropped from the Gateway. The controller must ensure
11153 the \"ResolvedRefs\" condition on the Route status
11154 is set to `status: False` and not configure this
11155 backend in the underlying implementation. \n If
11156 there is a cross-namespace reference to an *existing*
11157 object that is not allowed by a ReferenceGrant,
11158 the controller must ensure the \"ResolvedRefs\"
11159 \ condition on the Route is set to `status: False`,
11160 with the \"RefNotPermitted\" reason and not configure
11161 this backend in the underlying implementation. \n
11162 In either error case, the Message of the `ResolvedRefs`
11163 Condition should be used to provide more detail
11164 about the problem. \n Support: Extended for Kubernetes
11165 Service \n Support: Implementation-specific for
11166 any other resource"
11167 properties:
11168 group:
11169 default: ""
11170 description: Group is the group of the referent.
11171 For example, "gateway.networking.k8s.io". When
11172 unspecified or empty string, core API group
11173 is inferred.
11174 maxLength: 253
11175 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
11176 type: string
11177 kind:
11178 default: Service
11179 description: "Kind is the Kubernetes resource
11180 kind of the referent. For example \"Service\".
11181 \n Defaults to \"Service\" when not specified.
11182 \n ExternalName services can refer to CNAME
11183 DNS records that may live outside of the cluster
11184 and as such are difficult to reason about in
11185 terms of conformance. They also may not be safe
11186 to forward to (see CVE-2021-25740 for more information).
11187 Implementations SHOULD NOT support ExternalName
11188 Services. \n Support: Core (Services with a
11189 type other than ExternalName) \n Support: Implementation-specific
11190 (Services with type ExternalName)"
11191 maxLength: 63
11192 minLength: 1
11193 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
11194 type: string
11195 name:
11196 description: Name is the name of the referent.
11197 maxLength: 253
11198 minLength: 1
11199 type: string
11200 namespace:
11201 description: "Namespace is the namespace of the
11202 backend. When unspecified, the local namespace
11203 is inferred. \n Note that when a namespace different
11204 than the local namespace is specified, a ReferenceGrant
11205 object is required in the referent namespace
11206 to allow that namespace's owner to accept the
11207 reference. See the ReferenceGrant documentation
11208 for details. \n Support: Core"
11209 maxLength: 63
11210 minLength: 1
11211 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
11212 type: string
11213 port:
11214 description: Port specifies the destination port
11215 number to use for this resource. Port is required
11216 when the referent is a Kubernetes Service. In
11217 this case, the port number is the service port
11218 number, not the target port. For other resources,
11219 destination port might be derived from the referent
11220 resource or this field.
11221 format: int32
11222 maximum: 65535
11223 minimum: 1
11224 type: integer
11225 required:
11226 - name
11227 type: object
11228 required:
11229 - backendRef
11230 type: object
11231 responseHeaderModifier:
11232 description: "ResponseHeaderModifier defines a schema
11233 for a filter that modifies response headers. \n Support:
11234 Extended"
11235 properties:
11236 add:
11237 description: "Add adds the given header(s) (name,
11238 value) to the request before the action. It appends
11239 to any existing values associated with the header
11240 name. \n Input: GET /foo HTTP/1.1 my-header: foo
11241 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
11242 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
11243 items:
11244 description: HTTPHeader represents an HTTP Header
11245 name and value as defined by RFC 7230.
11246 properties:
11247 name:
11248 description: "Name is the name of the HTTP Header
11249 to be matched. Name matching MUST be case
11250 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
11251 \n If multiple entries specify equivalent
11252 header names, the first entry with an equivalent
11253 name MUST be considered for a match. Subsequent
11254 entries with an equivalent header name MUST
11255 be ignored. Due to the case-insensitivity
11256 of header names, \"foo\" and \"Foo\" are considered
11257 equivalent."
11258 maxLength: 256
11259 minLength: 1
11260 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11261 type: string
11262 value:
11263 description: Value is the value of HTTP Header
11264 to be matched.
11265 maxLength: 4096
11266 minLength: 1
11267 type: string
11268 required:
11269 - name
11270 - value
11271 type: object
11272 maxItems: 16
11273 type: array
11274 x-kubernetes-list-map-keys:
11275 - name
11276 x-kubernetes-list-type: map
11277 remove:
11278 description: "Remove the given header(s) from the
11279 HTTP request before the action. The value of Remove
11280 is a list of HTTP header names. Note that the header
11281 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
11282 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
11283 bar my-header3: baz \n Config: remove: [\"my-header1\",
11284 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
11285 bar"
11286 items:
11287 type: string
11288 maxItems: 16
11289 type: array
11290 set:
11291 description: "Set overwrites the request with the
11292 given header (name, value) before the action. \n
11293 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
11294 set: - name: \"my-header\" value: \"bar\" \n Output:
11295 GET /foo HTTP/1.1 my-header: bar"
11296 items:
11297 description: HTTPHeader represents an HTTP Header
11298 name and value as defined by RFC 7230.
11299 properties:
11300 name:
11301 description: "Name is the name of the HTTP Header
11302 to be matched. Name matching MUST be case
11303 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
11304 \n If multiple entries specify equivalent
11305 header names, the first entry with an equivalent
11306 name MUST be considered for a match. Subsequent
11307 entries with an equivalent header name MUST
11308 be ignored. Due to the case-insensitivity
11309 of header names, \"foo\" and \"Foo\" are considered
11310 equivalent."
11311 maxLength: 256
11312 minLength: 1
11313 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11314 type: string
11315 value:
11316 description: Value is the value of HTTP Header
11317 to be matched.
11318 maxLength: 4096
11319 minLength: 1
11320 type: string
11321 required:
11322 - name
11323 - value
11324 type: object
11325 maxItems: 16
11326 type: array
11327 x-kubernetes-list-map-keys:
11328 - name
11329 x-kubernetes-list-type: map
11330 type: object
11331 type:
11332 description: "Type identifies the type of filter to apply.
11333 As with other API fields, types are classified into
11334 three conformance levels: \n - Core: Filter types and
11335 their corresponding configuration defined by \"Support:
11336 Core\" in this package, e.g. \"RequestHeaderModifier\".
11337 All implementations supporting GRPCRoute MUST support
11338 core filters. \n - Extended: Filter types and their
11339 corresponding configuration defined by \"Support: Extended\"
11340 in this package, e.g. \"RequestMirror\". Implementers
11341 are encouraged to support extended filters. \n - Implementation-specific:
11342 Filters that are defined and supported by specific vendors.
11343 In the future, filters showing convergence in behavior
11344 across multiple implementations will be considered for
11345 inclusion in extended or core conformance levels. Filter-specific
11346 configuration for such filters is specified using the
11347 ExtensionRef field. `Type` MUST be set to \"ExtensionRef\"
11348 for custom filters. \n Implementers are encouraged to
11349 define custom implementation types to extend the core
11350 API with implementation-specific behavior. \n If a reference
11351 to a custom filter type cannot be resolved, the filter
11352 MUST NOT be skipped. Instead, requests that would have
11353 been processed by that filter MUST receive a HTTP error
11354 response. \n "
11355 enum:
11356 - ResponseHeaderModifier
11357 - RequestHeaderModifier
11358 - RequestMirror
11359 - ExtensionRef
11360 type: string
11361 required:
11362 - type
11363 type: object
11364 maxItems: 16
11365 type: array
11366 matches:
11367 description: "Matches define conditions used for matching the
11368 rule against incoming gRPC requests. Each match is independent,
11369 i.e. this rule will be matched if **any** one of the matches
11370 is satisfied. \n For example, take the following matches configuration:
11371 \n ``` matches: - method: service: foo.bar headers: values:
11372 version: 2 - method: service: foo.bar.v2 ``` \n For a request
11373 to match against this rule, it MUST satisfy EITHER of the
11374 two conditions: \n - service of foo.bar AND contains the header
11375 `version: 2` - service of foo.bar.v2 \n See the documentation
11376 for GRPCRouteMatch on how to specify multiple match conditions
11377 to be ANDed together. \n If no matches are specified, the
11378 implementation MUST match every gRPC request. \n Proxy or
11379 Load Balancer routing configuration generated from GRPCRoutes
11380 MUST prioritize rules based on the following criteria, continuing
11381 on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.
11382 Precedence MUST be given to the rule with the largest number
11383 of: \n * Characters in a matching non-wildcard hostname. *
11384 Characters in a matching hostname. * Characters in a matching
11385 service. * Characters in a matching method. * Header matches.
11386 \n If ties still exist across multiple Routes, matching precedence
11387 MUST be determined in order of the following criteria, continuing
11388 on ties: \n * The oldest Route based on creation timestamp.
11389 * The Route appearing first in alphabetical order by \"{namespace}/{name}\".
11390 \n If ties still exist within the Route that has been given
11391 precedence, matching precedence MUST be granted to the first
11392 matching rule meeting the above criteria."
11393 items:
11394 description: "GRPCRouteMatch defines the predicate used to
11395 match requests to a given action. Multiple match types are
11396 ANDed together, i.e. the match will evaluate to true only
11397 if all conditions are satisfied. \n For example, the match
11398 below will match a gRPC request only if its service is `foo`
11399 AND it contains the `version: v1` header: \n ``` matches:
11400 - method: type: Exact service: \"foo\" headers: - name:
11401 \"version\" value \"v1\" \n ```"
11402 properties:
11403 headers:
11404 description: Headers specifies gRPC request header matchers.
11405 Multiple match values are ANDed together, meaning, a
11406 request MUST match all the specified headers to select
11407 the route.
11408 items:
11409 description: GRPCHeaderMatch describes how to select
11410 a gRPC route by matching gRPC request headers.
11411 properties:
11412 name:
11413 description: "Name is the name of the gRPC Header
11414 to be matched. \n If multiple entries specify
11415 equivalent header names, only the first entry
11416 with an equivalent name MUST be considered for
11417 a match. Subsequent entries with an equivalent
11418 header name MUST be ignored. Due to the case-insensitivity
11419 of header names, \"foo\" and \"Foo\" are considered
11420 equivalent."
11421 maxLength: 256
11422 minLength: 1
11423 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
11424 type: string
11425 type:
11426 default: Exact
11427 description: Type specifies how to match against
11428 the value of the header.
11429 enum:
11430 - Exact
11431 - RegularExpression
11432 type: string
11433 value:
11434 description: Value is the value of the gRPC Header
11435 to be matched.
11436 maxLength: 4096
11437 minLength: 1
11438 type: string
11439 required:
11440 - name
11441 - value
11442 type: object
11443 maxItems: 16
11444 type: array
11445 x-kubernetes-list-map-keys:
11446 - name
11447 x-kubernetes-list-type: map
11448 method:
11449 description: Method specifies a gRPC request service/method
11450 matcher. If this field is not specified, all services
11451 and methods will match.
11452 properties:
11453 method:
11454 description: "Value of the method to match against.
11455 If left empty or omitted, will match all services.
11456 \n At least one of Service and Method MUST be a
11457 non-empty string."
11458 maxLength: 1024
11459 type: string
11460 service:
11461 description: "Value of the service to match against.
11462 If left empty or omitted, will match any service.
11463 \n At least one of Service and Method MUST be a
11464 non-empty string."
11465 maxLength: 1024
11466 type: string
11467 type:
11468 default: Exact
11469 description: "Type specifies how to match against
11470 the service and/or method. Support: Core (Exact
11471 with service and method specified) \n Support: Implementation-specific
11472 (Exact with method specified but no service specified)
11473 \n Support: Implementation-specific (RegularExpression)"
11474 enum:
11475 - Exact
11476 - RegularExpression
11477 type: string
11478 type: object
11479 type: object
11480 maxItems: 8
11481 type: array
11482 type: object
11483 maxItems: 16
11484 type: array
11485 type: object
11486 status:
11487 description: Status defines the current state of GRPCRoute.
11488 properties:
11489 parents:
11490 description: "Parents is a list of parent resources (usually Gateways)
11491 that are associated with the route, and the status of the route
11492 with respect to each parent. When this route attaches to a parent,
11493 the controller that manages the parent must add an entry to this
11494 list when the controller first sees the route and should update
11495 the entry as appropriate when the route or gateway is modified.
11496 \n Note that parent references that cannot be resolved by an implementation
11497 of this API will not be added to this list. Implementations of this
11498 API can only populate Route status for the Gateways/parent resources
11499 they are responsible for. \n A maximum of 32 Gateways will be represented
11500 in this list. An empty list means the route has not been attached
11501 to any Gateway."
11502 items:
11503 description: RouteParentStatus describes the status of a route with
11504 respect to an associated Parent.
11505 properties:
11506 conditions:
11507 description: "Conditions describes the status of the route with
11508 respect to the Gateway. Note that the route's availability
11509 is also subject to the Gateway's own status conditions and
11510 listener status. \n If the Route's ParentRef specifies an
11511 existing Gateway that supports Routes of this kind AND that
11512 Gateway's controller has sufficient access, then that Gateway's
11513 controller MUST set the \"Accepted\" condition on the Route,
11514 to indicate whether the route has been accepted or rejected
11515 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
11516 if at least one of the Route's rules is implemented by the
11517 Gateway. \n There are a number of cases where the \"Accepted\"
11518 condition may not be set due to lack of controller visibility,
11519 that includes when: \n * The Route refers to a non-existent
11520 parent. * The Route is of a type that the controller does
11521 not support. * The Route is in a namespace the controller
11522 does not have access to."
11523 items:
11524 description: "Condition contains details for one aspect of
11525 the current state of this API Resource. --- This struct
11526 is intended for direct use as an array at the field path
11527 .status.conditions. For example, \n type FooStatus struct{
11528 // Represents the observations of a foo's current state.
11529 // Known .status.conditions.type are: \"Available\", \"Progressing\",
11530 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
11531 // +listType=map // +listMapKey=type Conditions []metav1.Condition
11532 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
11533 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
11534 }"
11535 properties:
11536 lastTransitionTime:
11537 description: lastTransitionTime is the last time the condition
11538 transitioned from one status to another. This should
11539 be when the underlying condition changed. If that is
11540 not known, then using the time when the API field changed
11541 is acceptable.
11542 format: date-time
11543 type: string
11544 message:
11545 description: message is a human readable message indicating
11546 details about the transition. This may be an empty string.
11547 maxLength: 32768
11548 type: string
11549 observedGeneration:
11550 description: observedGeneration represents the .metadata.generation
11551 that the condition was set based upon. For instance,
11552 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
11553 is 9, the condition is out of date with respect to the
11554 current state of the instance.
11555 format: int64
11556 minimum: 0
11557 type: integer
11558 reason:
11559 description: reason contains a programmatic identifier
11560 indicating the reason for the condition's last transition.
11561 Producers of specific condition types may define expected
11562 values and meanings for this field, and whether the
11563 values are considered a guaranteed API. The value should
11564 be a CamelCase string. This field may not be empty.
11565 maxLength: 1024
11566 minLength: 1
11567 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
11568 type: string
11569 status:
11570 description: status of the condition, one of True, False,
11571 Unknown.
11572 enum:
11573 - "True"
11574 - "False"
11575 - Unknown
11576 type: string
11577 type:
11578 description: type of condition in CamelCase or in foo.example.com/CamelCase.
11579 --- Many .condition.type values are consistent across
11580 resources like Available, but because arbitrary conditions
11581 can be useful (see .node.status.conditions), the ability
11582 to deconflict is important. The regex it matches is
11583 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
11584 maxLength: 316
11585 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
11586 type: string
11587 required:
11588 - lastTransitionTime
11589 - message
11590 - reason
11591 - status
11592 - type
11593 type: object
11594 maxItems: 8
11595 minItems: 1
11596 type: array
11597 x-kubernetes-list-map-keys:
11598 - type
11599 x-kubernetes-list-type: map
11600 controllerName:
11601 description: "ControllerName is a domain/path string that indicates
11602 the name of the controller that wrote this status. This corresponds
11603 with the controllerName field on GatewayClass. \n Example:
11604 \"example.net/gateway-controller\". \n The format of this
11605 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
11606 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
11607 \n Controllers MUST populate this field when writing status.
11608 Controllers should ensure that entries to status populated
11609 with their ControllerName are cleaned up when they are no
11610 longer necessary."
11611 maxLength: 253
11612 minLength: 1
11613 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
11614 type: string
11615 parentRef:
11616 description: ParentRef corresponds with a ParentRef in the spec
11617 that this RouteParentStatus struct describes the status of.
11618 properties:
11619 group:
11620 default: gateway.networking.k8s.io
11621 description: "Group is the group of the referent. When unspecified,
11622 \"gateway.networking.k8s.io\" is inferred. To set the
11623 core API group (such as for a \"Service\" kind referent),
11624 Group must be explicitly set to \"\" (empty string). \n
11625 Support: Core"
11626 maxLength: 253
11627 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
11628 type: string
11629 kind:
11630 default: Gateway
11631 description: "Kind is kind of the referent. \n Support:
11632 Core (Gateway) \n Support: Implementation-specific (Other
11633 Resources)"
11634 maxLength: 63
11635 minLength: 1
11636 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
11637 type: string
11638 name:
11639 description: "Name is the name of the referent. \n Support:
11640 Core"
11641 maxLength: 253
11642 minLength: 1
11643 type: string
11644 namespace:
11645 description: "Namespace is the namespace of the referent.
11646 When unspecified, this refers to the local namespace of
11647 the Route. \n Note that there are specific rules for ParentRefs
11648 which cross namespace boundaries. Cross-namespace references
11649 are only valid if they are explicitly allowed by something
11650 in the namespace they are referring to. For example: Gateway
11651 has the AllowedRoutes field, and ReferenceGrant provides
11652 a generic way to enable any other kind of cross-namespace
11653 reference. \n Support: Core"
11654 maxLength: 63
11655 minLength: 1
11656 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
11657 type: string
11658 port:
11659 description: "Port is the network port this Route targets.
11660 It can be interpreted differently based on the type of
11661 parent resource. \n When the parent resource is a Gateway,
11662 this targets all listeners listening on the specified
11663 port that also support this kind of Route(and select this
11664 Route). It's not recommended to set `Port` unless the
11665 networking behaviors specified in a Route must apply to
11666 a specific port as opposed to a listener(s) whose port(s)
11667 may be changed. When both Port and SectionName are specified,
11668 the name and port of the selected listener must match
11669 both specified values. \n Implementations MAY choose to
11670 support other parent resources. Implementations supporting
11671 other types of parent resources MUST clearly document
11672 how/if Port is interpreted. \n For the purpose of status,
11673 an attachment is considered successful as long as the
11674 parent resource accepts it partially. For example, Gateway
11675 listeners can restrict which Routes can attach to them
11676 by Route kind, namespace, or hostname. If 1 of 2 Gateway
11677 listeners accept attachment from the referencing Route,
11678 the Route MUST be considered successfully attached. If
11679 no Gateway listeners accept attachment from this Route,
11680 the Route MUST be considered detached from the Gateway.
11681 \n Support: Extended \n <gateway:experimental>"
11682 format: int32
11683 maximum: 65535
11684 minimum: 1
11685 type: integer
11686 sectionName:
11687 description: "SectionName is the name of a section within
11688 the target resource. In the following resources, SectionName
11689 is interpreted as the following: \n * Gateway: Listener
11690 Name. When both Port (experimental) and SectionName are
11691 specified, the name and port of the selected listener
11692 must match both specified values. \n Implementations MAY
11693 choose to support attaching Routes to other resources.
11694 If that is the case, they MUST clearly document how SectionName
11695 is interpreted. \n When unspecified (empty string), this
11696 will reference the entire resource. For the purpose of
11697 status, an attachment is considered successful if at least
11698 one section in the parent resource accepts it. For example,
11699 Gateway listeners can restrict which Routes can attach
11700 to them by Route kind, namespace, or hostname. If 1 of
11701 2 Gateway listeners accept attachment from the referencing
11702 Route, the Route MUST be considered successfully attached.
11703 If no Gateway listeners accept attachment from this Route,
11704 the Route MUST be considered detached from the Gateway.
11705 \n Support: Core"
11706 maxLength: 253
11707 minLength: 1
11708 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
11709 type: string
11710 required:
11711 - name
11712 type: object
11713 required:
11714 - controllerName
11715 - parentRef
11716 type: object
11717 maxItems: 32
11718 type: array
11719 required:
11720 - parents
11721 type: object
11722 type: object
11723 served: true
11724 storage: true
11725 subresources:
11726 status: {}
11727status:
11728 acceptedNames:
11729 kind: ""
11730 plural: ""
11731 conditions: null
11732 storedVersions: null
11733
11734---
11735# Source: linkerd-crds/templates/workload/external-workload.yaml
11736---
11737apiVersion: apiextensions.k8s.io/v1
11738kind: CustomResourceDefinition
11739metadata:
11740 name: externalworkloads.workload.linkerd.io
11741 annotations:
11742 linkerd.io/created-by: linkerd/helm linkerd-version
11743 labels:
11744 helm.sh/chart: linkerd-crds-
11745 linkerd.io/control-plane-ns: linkerd-dev
11746spec:
11747 group: workload.linkerd.io
11748 names:
11749 categories:
11750 - external
11751 kind: ExternalWorkload
11752 listKind: ExternalWorkloadList
11753 plural: externalworkloads
11754 singular: externalworkload
11755 shortNames: []
11756 scope: Namespaced
11757 versions:
11758 - name: v1alpha1
11759 served: true
11760 storage: false
11761 schema:
11762 openAPIV3Schema:
11763 description: >-
11764 An ExternalWorkload describes a single workload (i.e. a deployable unit) external
11765 to the cluster that should be enrolled in the mesh.
11766 type: object
11767 required: [spec]
11768 properties:
11769 apiVerson:
11770 type: string
11771 kind:
11772 type: string
11773 metadata:
11774 type: object
11775 spec:
11776 properties:
11777 meshTls:
11778 description: meshTls describes TLS settings associated with an
11779 external workload.
11780 properties:
11781 identity:
11782 type: string
11783 description: identity of the workload. Corresponds to the
11784 identity used in the workload's certificate. It is used
11785 by peers to perform verification in the mTLS handshake.
11786 minLength: 1
11787 maxLength: 253
11788 serverName:
11789 type: string
11790 description: serverName is the name of the workload in DNS
11791 format. It is used by the workload to terminate TLS using
11792 SNI.
11793 minLength: 1
11794 maxLength: 253
11795 type: object
11796 required:
11797 - identity
11798 - serverName
11799 ports:
11800 type: array
11801 description: ports describes a list of ports exposed by the
11802 workload
11803 items:
11804 properties:
11805 name:
11806 type: string
11807 description: name must be an IANA_SVC_NAME and unique
11808 within the ports set. Each named port can be referred
11809 to by services.
11810 port:
11811 format: int32
11812 maximum: 65535
11813 minimum: 1
11814 type: integer
11815 protocol:
11816 description: protocol exposed by the port. Must be UDP or
11817 TCP. Defaults to TCP.
11818 type: string
11819 default: "TCP"
11820 type: object
11821 required:
11822 - port
11823 workloadIPs:
11824 type: array
11825 description: workloadIPs contains a list of IP addresses that
11826 can be used to send traffic to the workload.
11827 items:
11828 type: object
11829 properties:
11830 ip:
11831 type: string
11832 # TODO: relax this in the future when ipv6 is supported
11833 # an external workload (like a pod) should only
11834 # support 2 interfaces
11835 maxItems: 1
11836 type: object
11837 required:
11838 - meshTls
11839 status:
11840 type: object
11841 properties:
11842 conditions:
11843 type: array
11844 items:
11845 type: object
11846 properties:
11847 lastProbeTime:
11848 description: lastProbeTime is the last time the
11849 healthcheck endpoint was probed.
11850 format: date-time
11851 type: string
11852 lastTransitionTime:
11853 description: lastTransitionTime is the last time the
11854 condition transitioned from one status to another.
11855 format: date-time
11856 type: string
11857 status:
11858 description: status of the condition (one of True, False, Unknown)
11859 enum:
11860 - "True"
11861 - "False"
11862 - Unknown
11863 type: string
11864 type:
11865 description: type of the condition in CamelCase or in
11866 foo.example.com/CamelCase.
11867 maxLength: 316
11868 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
11869 type: string
11870 reason:
11871 description: reason contains a programmatic identifier
11872 indicating the reason for the condition's last
11873 transition. Producers of specific condition types may
11874 define expected values and meanings for this field, and
11875 whether the values are considered a guaranteed API. The
11876 value should be a CamelCase string. This field may not
11877 be empty.
11878 maxLength: 1024
11879 minLength: 1
11880 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
11881 type: string
11882 message:
11883 description: message is a human readable message
11884 indicating details about the transition. This may be an
11885 empty string.
11886 maxLength: 32768
11887 type: string
11888 required:
11889 - status
11890 - type
11891 additionalPrinterColumns:
11892 - jsonPath: .spec.meshTls.identity
11893 name: Identity
11894 type: string
11895 - jsonPath: .metadata.creationTimestamp
11896 name: Age
11897 type: date
11898 - name: v1beta1
11899 served: true
11900 storage: true
11901 subresources:
11902 status: {}
11903 schema:
11904 openAPIV3Schema:
11905 description: >-
11906 An ExternalWorkload describes a single workload (i.e. a deployable unit) external
11907 to the cluster that should be enrolled in the mesh.
11908 type: object
11909 required: [spec]
11910 properties:
11911 apiVerson:
11912 type: string
11913 kind:
11914 type: string
11915 metadata:
11916 type: object
11917 spec:
11918 properties:
11919 meshTLS:
11920 description: meshTLS describes TLS settings associated with an
11921 external workload.
11922 properties:
11923 identity:
11924 type: string
11925 description: identity of the workload. Corresponds to the
11926 identity used in the workload's certificate. It is used
11927 by peers to perform verification in the mTLS handshake.
11928 minLength: 1
11929 maxLength: 253
11930 serverName:
11931 type: string
11932 description: serverName is the name of the workload in DNS
11933 format. It is used by the workload to terminate TLS using
11934 SNI.
11935 minLength: 1
11936 maxLength: 253
11937 type: object
11938 required:
11939 - identity
11940 - serverName
11941 ports:
11942 type: array
11943 description: ports describes a list of ports exposed by the
11944 workload
11945 items:
11946 properties:
11947 name:
11948 type: string
11949 description: name must be an IANA_SVC_NAME and unique
11950 within the ports set. Each named port can be referred
11951 to by services.
11952 port:
11953 format: int32
11954 maximum: 65535
11955 minimum: 1
11956 type: integer
11957 protocol:
11958 description: protocol exposed by the port. Must be UDP or
11959 TCP. Defaults to TCP.
11960 type: string
11961 default: "TCP"
11962 type: object
11963 required:
11964 - port
11965 workloadIPs:
11966 type: array
11967 description: workloadIPs contains a list of IP addresses that
11968 can be used to send traffic to the workload.
11969 items:
11970 type: object
11971 properties:
11972 ip:
11973 type: string
11974 # TODO: relax this in the future when ipv6 is supported
11975 # an external workload (like a pod) should only
11976 # support 2 interfaces
11977 maxItems: 1
11978 type: object
11979 required:
11980 - meshTLS
11981 status:
11982 type: object
11983 properties:
11984 conditions:
11985 type: array
11986 items:
11987 type: object
11988 properties:
11989 lastProbeTime:
11990 description: lastProbeTime is the last time the
11991 healthcheck endpoint was probed.
11992 format: date-time
11993 type: string
11994 lastTransitionTime:
11995 description: lastTransitionTime is the last time the
11996 condition transitioned from one status to another.
11997 format: date-time
11998 type: string
11999 status:
12000 description: status of the condition (one of True, False, Unknown)
12001 enum:
12002 - "True"
12003 - "False"
12004 - Unknown
12005 type: string
12006 type:
12007 description: type of the condition in CamelCase or in
12008 foo.example.com/CamelCase.
12009 maxLength: 316
12010 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
12011 type: string
12012 reason:
12013 description: reason contains a programmatic identifier
12014 indicating the reason for the condition's last
12015 transition. Producers of specific condition types may
12016 define expected values and meanings for this field, and
12017 whether the values are considered a guaranteed API. The
12018 value should be a CamelCase string. This field may not
12019 be empty.
12020 maxLength: 1024
12021 minLength: 1
12022 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
12023 type: string
12024 message:
12025 description: message is a human readable message
12026 indicating details about the transition. This may be an
12027 empty string.
12028 maxLength: 32768
12029 type: string
12030 required:
12031 - status
12032 - type
12033 additionalPrinterColumns:
12034 - jsonPath: .spec.meshTLS.identity
12035 name: Identity
12036 type: string
12037 - jsonPath: .metadata.creationTimestamp
12038 name: Age
12039 type: date
View as plain text