1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.openshift.io: https://github.com/openshift/api/pull/1228
6 name: routes.route.openshift.io
7spec:
8 group: route.openshift.io
9 names:
10 kind: Route
11 plural: routes
12 singular: route
13 scope: Namespaced
14 versions:
15 - additionalPrinterColumns:
16 - jsonPath: .status.ingress[0].host
17 name: Host
18 type: string
19 - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status
20 name: Admitted
21 type: string
22 - jsonPath: .spec.to.name
23 name: Service
24 type: string
25 - jsonPath: .spec.tls.type
26 name: TLS
27 type: string
28 name: v1
29 schema:
30 openAPIV3Schema:
31 description: "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints. \n Once a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts. \n Routers are subject to additional customization and may support additional controls via the annotations field. \n Because administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
32 properties:
33 apiVersion:
34 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
35 type: string
36 kind:
37 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
38 type: string
39 metadata:
40 type: object
41 spec:
42 allOf:
43 - anyOf:
44 - properties:
45 path:
46 maxLength: 0
47 - properties:
48 tls:
49 enum:
50 - null
51 - not:
52 properties:
53 tls:
54 properties:
55 termination:
56 enum:
57 - passthrough
58 - anyOf:
59 - not:
60 properties:
61 host:
62 maxLength: 0
63 - not:
64 properties:
65 wildcardPolicy:
66 enum:
67 - Subdomain
68 description: spec is the desired state of the route
69 properties:
70 alternateBackends:
71 description: alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference.
72 items:
73 description: RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others.
74 properties:
75 kind:
76 default: Service
77 description: The kind of target that the route is referring to. Currently, only 'Service' is allowed
78 enum:
79 - Service
80 - ""
81 type: string
82 name:
83 description: name of the service/target that is being referred to. e.g. name of the service
84 minLength: 1
85 type: string
86 weight:
87 default: 100
88 description: weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend.
89 format: int32
90 maximum: 256
91 minimum: 0
92 type: integer
93 required:
94 - kind
95 - name
96 type: object
97 maxItems: 3
98 type: array
99 host:
100 description: host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.
101 maxLength: 253
102 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
103 type: string
104 path:
105 description: path that the router watches for, to route traffic for to the service. Optional
106 pattern: ^/
107 type: string
108 port:
109 description: If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.
110 properties:
111 targetPort:
112 allOf:
113 - not:
114 enum:
115 - 0
116 - not:
117 enum:
118 - ""
119 x-kubernetes-int-or-string: true
120 required:
121 - targetPort
122 type: object
123 subdomain:
124 description: "subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission. \n Example: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`."
125 maxLength: 253
126 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
127 type: string
128 tls:
129 allOf:
130 - anyOf:
131 - properties:
132 caCertificate:
133 maxLength: 0
134 certificate:
135 maxLength: 0
136 destinationCACertificate:
137 maxLength: 0
138 key:
139 maxLength: 0
140 - not:
141 properties:
142 termination:
143 enum:
144 - passthrough
145 - anyOf:
146 - properties:
147 destinationCACertificate:
148 maxLength: 0
149 - not:
150 properties:
151 termination:
152 enum:
153 - edge
154 - anyOf:
155 - properties:
156 insecureEdgeTerminationPolicy:
157 enum:
158 - ""
159 - None
160 - Allow
161 - Redirect
162 - not:
163 properties:
164 termination:
165 enum:
166 - edge
167 - reencrypt
168 - anyOf:
169 - properties:
170 insecureEdgeTerminationPolicy:
171 enum:
172 - ""
173 - None
174 - Redirect
175 - not:
176 properties:
177 termination:
178 enum:
179 - passthrough
180 description: The tls field provides the ability to configure certificates and termination for the route.
181 properties:
182 caCertificate:
183 description: caCertificate provides the cert authority certificate contents
184 type: string
185 certificate:
186 description: certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.
187 type: string
188 destinationCACertificate:
189 description: destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.
190 type: string
191 insecureEdgeTerminationPolicy:
192 description: "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80. \n * Allow - traffic is sent to the server on the insecure port (default) * Disable - no traffic is allowed on the insecure port. * Redirect - clients are redirected to the secure port."
193 type: string
194 key:
195 description: key provides key file contents
196 type: string
197 termination:
198 description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend"
199 enum:
200 - edge
201 - reencrypt
202 - passthrough
203 type: string
204 required:
205 - termination
206 type: object
207 to:
208 description: to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.
209 properties:
210 kind:
211 default: Service
212 description: The kind of target that the route is referring to. Currently, only 'Service' is allowed
213 enum:
214 - Service
215 - ""
216 type: string
217 name:
218 description: name of the service/target that is being referred to. e.g. name of the service
219 minLength: 1
220 type: string
221 weight:
222 default: 100
223 description: weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend.
224 format: int32
225 maximum: 256
226 minimum: 0
227 type: integer
228 required:
229 - kind
230 - name
231 type: object
232 wildcardPolicy:
233 default: None
234 description: Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.
235 enum:
236 - None
237 - Subdomain
238 - ""
239 type: string
240 required:
241 - to
242 type: object
243 status:
244 description: status is the current state of the route
245 properties:
246 ingress:
247 description: ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are `Ready`
248 items:
249 description: RouteIngress holds information about the places where a route is exposed.
250 properties:
251 conditions:
252 description: Conditions is the state of the route, may be empty.
253 items:
254 description: RouteIngressCondition contains details for the current condition of this route on a particular router.
255 properties:
256 lastTransitionTime:
257 description: RFC 3339 date and time when this condition last transitioned
258 format: date-time
259 type: string
260 message:
261 description: Human readable message indicating details about last transition.
262 type: string
263 reason:
264 description: (brief) reason for the condition's last transition, and is usually a machine and human readable constant
265 type: string
266 status:
267 description: Status is the status of the condition. Can be True, False, Unknown.
268 type: string
269 type:
270 description: Type is the type of the condition. Currently only Admitted.
271 type: string
272 required:
273 - status
274 - type
275 type: object
276 type: array
277 host:
278 description: Host is the host string under which the route is exposed; this value is required
279 type: string
280 routerCanonicalHostname:
281 description: CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.
282 type: string
283 routerName:
284 description: Name is a name chosen by the router to identify itself; this value is required
285 type: string
286 wildcardPolicy:
287 description: Wildcard policy is the wildcard policy that was allowed where this route is exposed.
288 type: string
289 type: object
290 type: array
291 type: object
292 required:
293 - spec
294 type: object
295 served: true
296 storage: true
297 subresources:
298 status: {}
View as plain text