1# Copyright 2023 The Kubernetes Authors.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15#
16# Gateway API Standard channel install
17#
18---
19#
20# config/crd/standard/gateway.networking.k8s.io_gatewayclasses.yaml
21#
22apiVersion: apiextensions.k8s.io/v1
23kind: CustomResourceDefinition
24metadata:
25 annotations:
26 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
27 gateway.networking.k8s.io/bundle-version: v1.0.0-rc1
28 gateway.networking.k8s.io/channel: standard
29 creationTimestamp: null
30 name: gatewayclasses.gateway.networking.k8s.io
31spec:
32 group: gateway.networking.k8s.io
33 names:
34 categories:
35 - gateway-api
36 kind: GatewayClass
37 listKind: GatewayClassList
38 plural: gatewayclasses
39 shortNames:
40 - gc
41 singular: gatewayclass
42 scope: Cluster
43 versions:
44 - additionalPrinterColumns:
45 - jsonPath: .spec.controllerName
46 name: Controller
47 type: string
48 - jsonPath: .status.conditions[?(@.type=="Accepted")].status
49 name: Accepted
50 type: string
51 - jsonPath: .metadata.creationTimestamp
52 name: Age
53 type: date
54 - jsonPath: .spec.description
55 name: Description
56 priority: 1
57 type: string
58 name: v1
59 schema:
60 openAPIV3Schema:
61 description: "GatewayClass describes a class of Gateways available to the
62 user for creating Gateway resources. \n It is recommended that this resource
63 be used as a template for Gateways. This means that a Gateway is based on
64 the state of the GatewayClass at the time it was created and changes to
65 the GatewayClass or associated parameters are not propagated down to existing
66 Gateways. This recommendation is intended to limit the blast radius of changes
67 to GatewayClass or associated parameters. If implementations choose to propagate
68 GatewayClass changes to existing Gateways, that MUST be clearly documented
69 by the implementation. \n Whenever one or more Gateways are using a GatewayClass,
70 implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io`
71 finalizer on the associated GatewayClass. This ensures that a GatewayClass
72 associated with a Gateway is not deleted while in use. \n GatewayClass is
73 a Cluster level resource."
74 properties:
75 apiVersion:
76 description: 'APIVersion defines the versioned schema of this representation
77 of an object. Servers should convert recognized schemas to the latest
78 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
79 type: string
80 kind:
81 description: 'Kind is a string value representing the REST resource this
82 object represents. Servers may infer this from the endpoint the client
83 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
84 type: string
85 metadata:
86 type: object
87 spec:
88 description: Spec defines the desired state of GatewayClass.
89 properties:
90 controllerName:
91 description: "ControllerName is the name of the controller that is
92 managing Gateways of this class. The value of this field MUST be
93 a domain prefixed path. \n Example: \"example.net/gateway-controller\".
94 \n This field is not mutable and cannot be empty. \n Support: Core"
95 maxLength: 253
96 minLength: 1
97 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
98 type: string
99 x-kubernetes-validations:
100 - message: Value is immutable
101 rule: self == oldSelf
102 description:
103 description: Description helps describe a GatewayClass with more details.
104 maxLength: 64
105 type: string
106 parametersRef:
107 description: "ParametersRef is a reference to a resource that contains
108 the configuration parameters corresponding to the GatewayClass.
109 This is optional if the controller does not require any additional
110 configuration. \n ParametersRef can reference a standard Kubernetes
111 resource, i.e. ConfigMap, or an implementation-specific custom resource.
112 The resource can be cluster-scoped or namespace-scoped. \n If the
113 referent cannot be found, the GatewayClass's \"InvalidParameters\"
114 status condition will be true. \n Support: Implementation-specific"
115 properties:
116 group:
117 description: Group is the group of the referent.
118 maxLength: 253
119 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
120 type: string
121 kind:
122 description: Kind is kind of the referent.
123 maxLength: 63
124 minLength: 1
125 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
126 type: string
127 name:
128 description: Name is the name of the referent.
129 maxLength: 253
130 minLength: 1
131 type: string
132 namespace:
133 description: Namespace is the namespace of the referent. This
134 field is required when referring to a Namespace-scoped resource
135 and MUST be unset when referring to a Cluster-scoped resource.
136 maxLength: 63
137 minLength: 1
138 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
139 type: string
140 required:
141 - group
142 - kind
143 - name
144 type: object
145 required:
146 - controllerName
147 type: object
148 status:
149 default:
150 conditions:
151 - lastTransitionTime: "1970-01-01T00:00:00Z"
152 message: Waiting for controller
153 reason: Waiting
154 status: Unknown
155 type: Accepted
156 description: "Status defines the current state of GatewayClass. \n Implementations
157 MUST populate status on all GatewayClass resources which specify their
158 controller name."
159 properties:
160 conditions:
161 default:
162 - lastTransitionTime: "1970-01-01T00:00:00Z"
163 message: Waiting for controller
164 reason: Pending
165 status: Unknown
166 type: Accepted
167 description: "Conditions is the current status from the controller
168 for this GatewayClass. \n Controllers should prefer to publish conditions
169 using values of GatewayClassConditionType for the type of each Condition."
170 items:
171 description: "Condition contains details for one aspect of the current
172 state of this API Resource. --- This struct is intended for direct
173 use as an array at the field path .status.conditions. For example,
174 \n type FooStatus struct{ // Represents the observations of a
175 foo's current state. // Known .status.conditions.type are: \"Available\",
176 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
177 // +listType=map // +listMapKey=type Conditions []metav1.Condition
178 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
179 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
180 properties:
181 lastTransitionTime:
182 description: lastTransitionTime is the last time the condition
183 transitioned from one status to another. This should be when
184 the underlying condition changed. If that is not known, then
185 using the time when the API field changed is acceptable.
186 format: date-time
187 type: string
188 message:
189 description: message is a human readable message indicating
190 details about the transition. This may be an empty string.
191 maxLength: 32768
192 type: string
193 observedGeneration:
194 description: observedGeneration represents the .metadata.generation
195 that the condition was set based upon. For instance, if .metadata.generation
196 is currently 12, but the .status.conditions[x].observedGeneration
197 is 9, the condition is out of date with respect to the current
198 state of the instance.
199 format: int64
200 minimum: 0
201 type: integer
202 reason:
203 description: reason contains a programmatic identifier indicating
204 the reason for the condition's last transition. Producers
205 of specific condition types may define expected values and
206 meanings for this field, and whether the values are considered
207 a guaranteed API. The value should be a CamelCase string.
208 This field may not be empty.
209 maxLength: 1024
210 minLength: 1
211 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
212 type: string
213 status:
214 description: status of the condition, one of True, False, Unknown.
215 enum:
216 - "True"
217 - "False"
218 - Unknown
219 type: string
220 type:
221 description: type of condition in CamelCase or in foo.example.com/CamelCase.
222 --- Many .condition.type values are consistent across resources
223 like Available, but because arbitrary conditions can be useful
224 (see .node.status.conditions), the ability to deconflict is
225 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
226 maxLength: 316
227 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
228 type: string
229 required:
230 - lastTransitionTime
231 - message
232 - reason
233 - status
234 - type
235 type: object
236 maxItems: 8
237 type: array
238 x-kubernetes-list-map-keys:
239 - type
240 x-kubernetes-list-type: map
241 type: object
242 required:
243 - spec
244 type: object
245 served: true
246 storage: false
247 subresources:
248 status: {}
249 - additionalPrinterColumns:
250 - jsonPath: .spec.controllerName
251 name: Controller
252 type: string
253 - jsonPath: .status.conditions[?(@.type=="Accepted")].status
254 name: Accepted
255 type: string
256 - jsonPath: .metadata.creationTimestamp
257 name: Age
258 type: date
259 - jsonPath: .spec.description
260 name: Description
261 priority: 1
262 type: string
263 name: v1beta1
264 schema:
265 openAPIV3Schema:
266 description: "GatewayClass describes a class of Gateways available to the
267 user for creating Gateway resources. \n It is recommended that this resource
268 be used as a template for Gateways. This means that a Gateway is based on
269 the state of the GatewayClass at the time it was created and changes to
270 the GatewayClass or associated parameters are not propagated down to existing
271 Gateways. This recommendation is intended to limit the blast radius of changes
272 to GatewayClass or associated parameters. If implementations choose to propagate
273 GatewayClass changes to existing Gateways, that MUST be clearly documented
274 by the implementation. \n Whenever one or more Gateways are using a GatewayClass,
275 implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io`
276 finalizer on the associated GatewayClass. This ensures that a GatewayClass
277 associated with a Gateway is not deleted while in use. \n GatewayClass is
278 a Cluster level resource."
279 properties:
280 apiVersion:
281 description: 'APIVersion defines the versioned schema of this representation
282 of an object. Servers should convert recognized schemas to the latest
283 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
284 type: string
285 kind:
286 description: 'Kind is a string value representing the REST resource this
287 object represents. Servers may infer this from the endpoint the client
288 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
289 type: string
290 metadata:
291 type: object
292 spec:
293 description: Spec defines the desired state of GatewayClass.
294 properties:
295 controllerName:
296 description: "ControllerName is the name of the controller that is
297 managing Gateways of this class. The value of this field MUST be
298 a domain prefixed path. \n Example: \"example.net/gateway-controller\".
299 \n This field is not mutable and cannot be empty. \n Support: Core"
300 maxLength: 253
301 minLength: 1
302 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
303 type: string
304 x-kubernetes-validations:
305 - message: Value is immutable
306 rule: self == oldSelf
307 description:
308 description: Description helps describe a GatewayClass with more details.
309 maxLength: 64
310 type: string
311 parametersRef:
312 description: "ParametersRef is a reference to a resource that contains
313 the configuration parameters corresponding to the GatewayClass.
314 This is optional if the controller does not require any additional
315 configuration. \n ParametersRef can reference a standard Kubernetes
316 resource, i.e. ConfigMap, or an implementation-specific custom resource.
317 The resource can be cluster-scoped or namespace-scoped. \n If the
318 referent cannot be found, the GatewayClass's \"InvalidParameters\"
319 status condition will be true. \n Support: Implementation-specific"
320 properties:
321 group:
322 description: Group is the group of the referent.
323 maxLength: 253
324 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
325 type: string
326 kind:
327 description: Kind is kind of the referent.
328 maxLength: 63
329 minLength: 1
330 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
331 type: string
332 name:
333 description: Name is the name of the referent.
334 maxLength: 253
335 minLength: 1
336 type: string
337 namespace:
338 description: Namespace is the namespace of the referent. This
339 field is required when referring to a Namespace-scoped resource
340 and MUST be unset when referring to a Cluster-scoped resource.
341 maxLength: 63
342 minLength: 1
343 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
344 type: string
345 required:
346 - group
347 - kind
348 - name
349 type: object
350 required:
351 - controllerName
352 type: object
353 status:
354 default:
355 conditions:
356 - lastTransitionTime: "1970-01-01T00:00:00Z"
357 message: Waiting for controller
358 reason: Waiting
359 status: Unknown
360 type: Accepted
361 description: "Status defines the current state of GatewayClass. \n Implementations
362 MUST populate status on all GatewayClass resources which specify their
363 controller name."
364 properties:
365 conditions:
366 default:
367 - lastTransitionTime: "1970-01-01T00:00:00Z"
368 message: Waiting for controller
369 reason: Pending
370 status: Unknown
371 type: Accepted
372 description: "Conditions is the current status from the controller
373 for this GatewayClass. \n Controllers should prefer to publish conditions
374 using values of GatewayClassConditionType for the type of each Condition."
375 items:
376 description: "Condition contains details for one aspect of the current
377 state of this API Resource. --- This struct is intended for direct
378 use as an array at the field path .status.conditions. For example,
379 \n type FooStatus struct{ // Represents the observations of a
380 foo's current state. // Known .status.conditions.type are: \"Available\",
381 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
382 // +listType=map // +listMapKey=type Conditions []metav1.Condition
383 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
384 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
385 properties:
386 lastTransitionTime:
387 description: lastTransitionTime is the last time the condition
388 transitioned from one status to another. This should be when
389 the underlying condition changed. If that is not known, then
390 using the time when the API field changed is acceptable.
391 format: date-time
392 type: string
393 message:
394 description: message is a human readable message indicating
395 details about the transition. This may be an empty string.
396 maxLength: 32768
397 type: string
398 observedGeneration:
399 description: observedGeneration represents the .metadata.generation
400 that the condition was set based upon. For instance, if .metadata.generation
401 is currently 12, but the .status.conditions[x].observedGeneration
402 is 9, the condition is out of date with respect to the current
403 state of the instance.
404 format: int64
405 minimum: 0
406 type: integer
407 reason:
408 description: reason contains a programmatic identifier indicating
409 the reason for the condition's last transition. Producers
410 of specific condition types may define expected values and
411 meanings for this field, and whether the values are considered
412 a guaranteed API. The value should be a CamelCase string.
413 This field may not be empty.
414 maxLength: 1024
415 minLength: 1
416 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
417 type: string
418 status:
419 description: status of the condition, one of True, False, Unknown.
420 enum:
421 - "True"
422 - "False"
423 - Unknown
424 type: string
425 type:
426 description: type of condition in CamelCase or in foo.example.com/CamelCase.
427 --- Many .condition.type values are consistent across resources
428 like Available, but because arbitrary conditions can be useful
429 (see .node.status.conditions), the ability to deconflict is
430 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
431 maxLength: 316
432 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
433 type: string
434 required:
435 - lastTransitionTime
436 - message
437 - reason
438 - status
439 - type
440 type: object
441 maxItems: 8
442 type: array
443 x-kubernetes-list-map-keys:
444 - type
445 x-kubernetes-list-type: map
446 type: object
447 required:
448 - spec
449 type: object
450 served: true
451 storage: true
452 subresources:
453 status: {}
454status:
455 acceptedNames:
456 kind: ""
457 plural: ""
458 conditions: null
459 storedVersions: null
460---
461#
462# config/crd/standard/gateway.networking.k8s.io_gateways.yaml
463#
464apiVersion: apiextensions.k8s.io/v1
465kind: CustomResourceDefinition
466metadata:
467 annotations:
468 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
469 gateway.networking.k8s.io/bundle-version: v1.0.0-rc1
470 gateway.networking.k8s.io/channel: standard
471 creationTimestamp: null
472 name: gateways.gateway.networking.k8s.io
473spec:
474 group: gateway.networking.k8s.io
475 names:
476 categories:
477 - gateway-api
478 kind: Gateway
479 listKind: GatewayList
480 plural: gateways
481 shortNames:
482 - gtw
483 singular: gateway
484 scope: Namespaced
485 versions:
486 - additionalPrinterColumns:
487 - jsonPath: .spec.gatewayClassName
488 name: Class
489 type: string
490 - jsonPath: .status.addresses[*].value
491 name: Address
492 type: string
493 - jsonPath: .status.conditions[?(@.type=="Programmed")].status
494 name: Programmed
495 type: string
496 - jsonPath: .metadata.creationTimestamp
497 name: Age
498 type: date
499 name: v1
500 schema:
501 openAPIV3Schema:
502 description: Gateway represents an instance of a service-traffic handling
503 infrastructure by binding Listeners to a set of IP addresses.
504 properties:
505 apiVersion:
506 description: 'APIVersion defines the versioned schema of this representation
507 of an object. Servers should convert recognized schemas to the latest
508 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
509 type: string
510 kind:
511 description: 'Kind is a string value representing the REST resource this
512 object represents. Servers may infer this from the endpoint the client
513 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
514 type: string
515 metadata:
516 type: object
517 spec:
518 description: Spec defines the desired state of Gateway.
519 properties:
520 addresses:
521 description: "Addresses requested for this Gateway. This is optional
522 and behavior can depend on the implementation. If a value is set
523 in the spec and the requested address is invalid or unavailable,
524 the implementation MUST indicate this in the associated entry in
525 GatewayStatus.Addresses. \n The Addresses field represents a request
526 for the address(es) on the \"outside of the Gateway\", that traffic
527 bound for this Gateway will use. This could be the IP address or
528 hostname of an external load balancer or other networking infrastructure,
529 or some other address that traffic will be sent to. \n If no Addresses
530 are specified, the implementation MAY schedule the Gateway in an
531 implementation-specific manner, assigning an appropriate set of
532 Addresses. \n The implementation MUST bind all Listeners to every
533 GatewayAddress that it assigns to the Gateway and add a corresponding
534 entry in GatewayStatus.Addresses. \n Support: Extended \n "
535 items:
536 description: GatewayAddress describes an address that can be bound
537 to a Gateway.
538 oneOf:
539 - properties:
540 type:
541 enum:
542 - IPAddress
543 value:
544 anyOf:
545 - format: ipv4
546 - format: ipv6
547 - properties:
548 type:
549 not:
550 enum:
551 - IPAddress
552 properties:
553 type:
554 default: IPAddress
555 description: Type of the address.
556 maxLength: 253
557 minLength: 1
558 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
559 type: string
560 value:
561 description: "Value of the address. The validity of the values
562 will depend on the type and support by the controller. \n
563 Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
564 maxLength: 253
565 minLength: 1
566 type: string
567 required:
568 - value
569 type: object
570 x-kubernetes-validations:
571 - message: Hostname value must only contain valid characters (matching
572 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
573 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
574 true'
575 maxItems: 16
576 type: array
577 x-kubernetes-validations:
578 - message: IPAddress values must be unique
579 rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2,
580 a2.type == a1.type && a2.value == a1.value) : true )'
581 - message: Hostname values must be unique
582 rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2,
583 a2.type == a1.type && a2.value == a1.value) : true )'
584 gatewayClassName:
585 description: GatewayClassName used for this Gateway. This is the name
586 of a GatewayClass resource.
587 maxLength: 253
588 minLength: 1
589 type: string
590 listeners:
591 description: "Listeners associated with this Gateway. Listeners define
592 logical endpoints that are bound on this Gateway's addresses. At
593 least one Listener MUST be specified. \n Each Listener in a set
594 of Listeners (for example, in a single Gateway) MUST be _distinct_,
595 in that a traffic flow MUST be able to be assigned to exactly one
596 listener. (This section uses \"set of Listeners\" rather than \"Listeners
597 in a single Gateway\" because implementations MAY merge configuration
598 from multiple Gateways onto a single data plane, and these rules
599 _also_ apply in that case). \n Practically, this means that each
600 listener in a set MUST have a unique combination of Port, Protocol,
601 and, if supported by the protocol, Hostname. \n Some combinations
602 of port, protocol, and TLS settings are considered Core support
603 and MUST be supported by implementations based on their targeted
604 conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80,
605 Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode:
606 Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port:
607 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners
608 have the following property: \n The implementation can match inbound
609 requests to a single distinct Listener. When multiple Listeners
610 share values for fields (for example, two Listeners with the same
611 Port value), the implementation can match requests to only one of
612 the Listeners using other Listener fields. \n For example, the following
613 Listener scenarios are distinct: \n 1. Multiple Listeners with the
614 same Port that all use the \"HTTP\" Protocol that all have unique
615 Hostname values. 2. Multiple Listeners with the same Port that use
616 either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname
617 values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners,
618 where no Listener with the same Protocol has the same Port value.
619 \n Some fields in the Listener struct have possible values that
620 affect whether the Listener is distinct. Hostname is particularly
621 relevant for HTTP or HTTPS protocols. \n When using the Hostname
622 value to select between same-Port, same-Protocol Listeners, the
623 Hostname value must be different on each Listener for the Listener
624 to be distinct. \n When the Listeners are distinct based on Hostname,
625 inbound request hostnames MUST match from the most specific to least
626 specific Hostname values to choose the correct Listener and its
627 associated set of Routes. \n Exact matches must be processed before
628 wildcard matches, and wildcard matches must be processed before
629 fallback (empty Hostname value) matches. For example, `\"foo.example.com\"`
630 takes precedence over `\"*.example.com\"`, and `\"*.example.com\"`
631 takes precedence over `\"\"`. \n Additionally, if there are multiple
632 wildcard entries, more specific wildcard entries must be processed
633 before less specific wildcard entries. For example, `\"*.foo.example.com\"`
634 takes precedence over `\"*.example.com\"`. The precise definition
635 here is that the higher the number of dots in the hostname to the
636 right of the wildcard character, the higher the precedence. \n The
637 wildcard character will match any number of characters _and dots_
638 to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"`
639 _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners
640 that are not distinct, then those Listeners are Conflicted, and
641 the implementation MUST set the \"Conflicted\" condition in the
642 Listener Status to \"True\". \n Implementations MAY choose to accept
643 a Gateway with some Conflicted Listeners only if they only accept
644 the partial Listener set that contains no Conflicted Listeners.
645 To put this another way, implementations may accept a partial Listener
646 set only if they throw out *all* the conflicting Listeners. No picking
647 one of the conflicting listeners as the winner. This also means
648 that the Gateway must have at least one non-conflicting Listener
649 in this case, otherwise it violates the requirement that at least
650 one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\"
651 condition on the Gateway Status when the Gateway contains Conflicted
652 Listeners whether or not they accept the Gateway. That Condition
653 SHOULD clearly indicate in the Message which Listeners are conflicted,
654 and which are Accepted. Additionally, the Listener status for those
655 listeners SHOULD indicate which Listeners are conflicted and not
656 Accepted. \n A Gateway's Listeners are considered \"compatible\"
657 if: \n 1. They are distinct. 2. The implementation can serve them
658 in compliance with the Addresses requirement that all Listeners
659 are available on all assigned addresses. \n Compatible combinations
660 in Extended support are expected to vary across implementations.
661 A combination that is compatible for one implementation may not
662 be compatible for another. \n For example, an implementation that
663 cannot serve both TCP and UDP listeners on the same address, or
664 cannot mix HTTPS and generic TLS listens on the same port would
665 not consider those cases compatible, even though they are distinct.
666 \n Note that requests SHOULD match at most one Listener. For example,
667 if Listeners are defined for \"foo.example.com\" and \"*.example.com\",
668 a request to \"foo.example.com\" SHOULD only be routed using routes
669 attached to the \"foo.example.com\" Listener (and not the \"*.example.com\"
670 Listener). This concept is known as \"Listener Isolation\". Implementations
671 that do not support Listener Isolation MUST clearly document this.
672 \n Implementations MAY merge separate Gateways onto a single set
673 of Addresses if all Listeners across all Gateways are compatible.
674 \n Support: Core"
675 items:
676 description: Listener embodies the concept of a logical endpoint
677 where a Gateway accepts network connections.
678 properties:
679 allowedRoutes:
680 default:
681 namespaces:
682 from: Same
683 description: "AllowedRoutes defines the types of routes that
684 MAY be attached to a Listener and the trusted namespaces where
685 those Route resources MAY be present. \n Although a client
686 request may match multiple route rules, only one rule may
687 ultimately receive the request. Matching precedence MUST be
688 determined in order of the following criteria: \n * The most
689 specific match as defined by the Route type. * The oldest
690 Route based on creation timestamp. For example, a Route with
691 a creation timestamp of \"2020-09-08 01:02:03\" is given precedence
692 over a Route with a creation timestamp of \"2020-09-08 01:02:04\".
693 * If everything else is equivalent, the Route appearing first
694 in alphabetical order (namespace/name) should be given precedence.
695 For example, foo/bar is given precedence over foo/baz. \n
696 All valid rules within a Route attached to this Listener should
697 be implemented. Invalid Route rules can be ignored (sometimes
698 that will mean the full Route). If a Route rule transitions
699 from valid to invalid, support for that Route rule should
700 be dropped to ensure consistency. For example, even if a filter
701 specified by a Route rule is invalid, the rest of the rules
702 within that Route should still be supported. \n Support: Core"
703 properties:
704 kinds:
705 description: "Kinds specifies the groups and kinds of Routes
706 that are allowed to bind to this Gateway Listener. When
707 unspecified or empty, the kinds of Routes selected are
708 determined using the Listener protocol. \n A RouteGroupKind
709 MUST correspond to kinds of Routes that are compatible
710 with the application protocol specified in the Listener's
711 Protocol field. If an implementation does not support
712 or recognize this resource type, it MUST set the \"ResolvedRefs\"
713 condition to False for this Listener with the \"InvalidRouteKinds\"
714 reason. \n Support: Core"
715 items:
716 description: RouteGroupKind indicates the group and kind
717 of a Route resource.
718 properties:
719 group:
720 default: gateway.networking.k8s.io
721 description: Group is the group of the Route.
722 maxLength: 253
723 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
724 type: string
725 kind:
726 description: Kind is the kind of the Route.
727 maxLength: 63
728 minLength: 1
729 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
730 type: string
731 required:
732 - kind
733 type: object
734 maxItems: 8
735 type: array
736 namespaces:
737 default:
738 from: Same
739 description: "Namespaces indicates namespaces from which
740 Routes may be attached to this Listener. This is restricted
741 to the namespace of this Gateway by default. \n Support:
742 Core"
743 properties:
744 from:
745 default: Same
746 description: "From indicates where Routes will be selected
747 for this Gateway. Possible values are: \n * All: Routes
748 in all namespaces may be used by this Gateway. * Selector:
749 Routes in namespaces selected by the selector may
750 be used by this Gateway. * Same: Only Routes in the
751 same namespace may be used by this Gateway. \n Support:
752 Core"
753 enum:
754 - All
755 - Selector
756 - Same
757 type: string
758 selector:
759 description: "Selector must be specified when From is
760 set to \"Selector\". In that case, only Routes in
761 Namespaces matching this Selector will be selected
762 by this Gateway. This field is ignored for other values
763 of \"From\". \n Support: Core"
764 properties:
765 matchExpressions:
766 description: matchExpressions is a list of label
767 selector requirements. The requirements are ANDed.
768 items:
769 description: A label selector requirement is a
770 selector that contains values, a key, and an
771 operator that relates the key and values.
772 properties:
773 key:
774 description: key is the label key that the
775 selector applies to.
776 type: string
777 operator:
778 description: operator represents a key's relationship
779 to a set of values. Valid operators are
780 In, NotIn, Exists and DoesNotExist.
781 type: string
782 values:
783 description: values is an array of string
784 values. If the operator is In or NotIn,
785 the values array must be non-empty. If the
786 operator is Exists or DoesNotExist, the
787 values array must be empty. This array is
788 replaced during a strategic merge patch.
789 items:
790 type: string
791 type: array
792 required:
793 - key
794 - operator
795 type: object
796 type: array
797 matchLabels:
798 additionalProperties:
799 type: string
800 description: matchLabels is a map of {key,value}
801 pairs. A single {key,value} in the matchLabels
802 map is equivalent to an element of matchExpressions,
803 whose key field is "key", the operator is "In",
804 and the values array contains only "value". The
805 requirements are ANDed.
806 type: object
807 type: object
808 x-kubernetes-map-type: atomic
809 type: object
810 type: object
811 hostname:
812 description: "Hostname specifies the virtual hostname to match
813 for protocol types that define this concept. When unspecified,
814 all hostnames are matched. This field is ignored for protocols
815 that don't require hostname based matching. \n Implementations
816 MUST apply Hostname matching appropriately for each of the
817 following protocols: \n * TLS: The Listener Hostname MUST
818 match the SNI. * HTTP: The Listener Hostname MUST match the
819 Host header of the request. * HTTPS: The Listener Hostname
820 SHOULD match at both the TLS and HTTP protocol layers as described
821 above. If an implementation does not ensure that both the
822 SNI and Host header match the Listener hostname, it MUST clearly
823 document that. \n For HTTPRoute and TLSRoute resources, there
824 is an interaction with the `spec.hostnames` array. When both
825 listener and route specify hostnames, there MUST be an intersection
826 between the values for a Route to be accepted. For more information,
827 refer to the Route specific Hostnames documentation. \n Hostnames
828 that are prefixed with a wildcard label (`*.`) are interpreted
829 as a suffix match. That means that a match for `*.example.com`
830 would match both `test.example.com`, and `foo.test.example.com`,
831 but not `example.com`. \n Support: Core"
832 maxLength: 253
833 minLength: 1
834 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
835 type: string
836 name:
837 description: "Name is the name of the Listener. This name MUST
838 be unique within a Gateway. \n Support: Core"
839 maxLength: 253
840 minLength: 1
841 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
842 type: string
843 port:
844 description: "Port is the network port. Multiple listeners may
845 use the same port, subject to the Listener compatibility rules.
846 \n Support: Core"
847 format: int32
848 maximum: 65535
849 minimum: 1
850 type: integer
851 protocol:
852 description: "Protocol specifies the network protocol this listener
853 expects to receive. \n Support: Core"
854 maxLength: 255
855 minLength: 1
856 pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
857 type: string
858 tls:
859 description: "TLS is the TLS configuration for the Listener.
860 This field is required if the Protocol field is \"HTTPS\"
861 or \"TLS\". It is invalid to set this field if the Protocol
862 field is \"HTTP\", \"TCP\", or \"UDP\". \n The association
863 of SNIs to Certificate defined in GatewayTLSConfig is defined
864 based on the Hostname field for this listener. \n The GatewayClass
865 MUST use the longest matching SNI out of all available certificates
866 for any TLS handshake. \n Support: Core"
867 properties:
868 certificateRefs:
869 description: "CertificateRefs contains a series of references
870 to Kubernetes objects that contains TLS certificates and
871 private keys. These certificates are used to establish
872 a TLS handshake for requests that match the hostname of
873 the associated listener. \n A single CertificateRef to
874 a Kubernetes Secret has \"Core\" support. Implementations
875 MAY choose to support attaching multiple certificates
876 to a Listener, but this behavior is implementation-specific.
877 \n References to a resource in different namespace are
878 invalid UNLESS there is a ReferenceGrant in the target
879 namespace that allows the certificate to be attached.
880 If a ReferenceGrant does not allow this reference, the
881 \"ResolvedRefs\" condition MUST be set to False for this
882 listener with the \"RefNotPermitted\" reason. \n This
883 field is required to have at least one element when the
884 mode is set to \"Terminate\" (default) and is optional
885 otherwise. \n CertificateRefs can reference to standard
886 Kubernetes resources, i.e. Secret, or implementation-specific
887 custom resources. \n Support: Core - A single reference
888 to a Kubernetes Secret of type kubernetes.io/tls \n Support:
889 Implementation-specific (More than one reference or other
890 resource types)"
891 items:
892 description: "SecretObjectReference identifies an API
893 object including its namespace, defaulting to Secret.
894 \n The API object must be valid in the cluster; the
895 Group and Kind must be registered in the cluster for
896 this reference to be valid. \n References to objects
897 with invalid Group and Kind are not valid, and must
898 be rejected by the implementation, with appropriate
899 Conditions set on the containing object."
900 properties:
901 group:
902 default: ""
903 description: Group is the group of the referent. For
904 example, "gateway.networking.k8s.io". When unspecified
905 or empty string, core API group is inferred.
906 maxLength: 253
907 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
908 type: string
909 kind:
910 default: Secret
911 description: Kind is kind of the referent. For example
912 "Secret".
913 maxLength: 63
914 minLength: 1
915 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
916 type: string
917 name:
918 description: Name is the name of the referent.
919 maxLength: 253
920 minLength: 1
921 type: string
922 namespace:
923 description: "Namespace is the namespace of the referenced
924 object. When unspecified, the local namespace is
925 inferred. \n Note that when a namespace different
926 than the local namespace is specified, a ReferenceGrant
927 object is required in the referent namespace to
928 allow that namespace's owner to accept the reference.
929 See the ReferenceGrant documentation for details.
930 \n Support: Core"
931 maxLength: 63
932 minLength: 1
933 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
934 type: string
935 required:
936 - name
937 type: object
938 maxItems: 64
939 type: array
940 mode:
941 default: Terminate
942 description: "Mode defines the TLS behavior for the TLS
943 session initiated by the client. There are two possible
944 modes: \n - Terminate: The TLS session between the downstream
945 client and the Gateway is terminated at the Gateway. This
946 mode requires certificateRefs to be set and contain at
947 least one element. - Passthrough: The TLS session is NOT
948 terminated by the Gateway. This implies that the Gateway
949 can't decipher the TLS stream except for the ClientHello
950 message of the TLS protocol. CertificateRefs field is
951 ignored in this mode. \n Support: Core"
952 enum:
953 - Terminate
954 - Passthrough
955 type: string
956 options:
957 additionalProperties:
958 description: AnnotationValue is the value of an annotation
959 in Gateway API. This is used for validation of maps
960 such as TLS options. This roughly matches Kubernetes
961 annotation validation, although the length validation
962 in that case is based on the entire size of the annotations
963 struct.
964 maxLength: 4096
965 minLength: 0
966 type: string
967 description: "Options are a list of key/value pairs to enable
968 extended TLS configuration for each implementation. For
969 example, configuring the minimum TLS version or supported
970 cipher suites. \n A set of common keys MAY be defined
971 by the API in the future. To avoid any ambiguity, implementation-specific
972 definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`.
973 Un-prefixed names are reserved for key names defined by
974 Gateway API. \n Support: Implementation-specific"
975 maxProperties: 16
976 type: object
977 type: object
978 x-kubernetes-validations:
979 - message: certificateRefs must be specified when TLSModeType
980 is Terminate
981 rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs)
982 > 0 : true'
983 required:
984 - name
985 - port
986 - protocol
987 type: object
988 maxItems: 64
989 minItems: 1
990 type: array
991 x-kubernetes-list-map-keys:
992 - name
993 x-kubernetes-list-type: map
994 x-kubernetes-validations:
995 - message: tls must be specified for protocols ['HTTPS', 'TLS']
996 rule: 'self.all(l, l.protocol in [''HTTPS'', ''TLS''] ? has(l.tls)
997 : true)'
998 - message: tls must not be specified for protocols ['HTTP', 'TCP',
999 'UDP']
1000 rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ?
1001 !has(l.tls) : true)'
1002 - message: hostname must not be specified for protocols ['TCP', 'UDP']
1003 rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname)
1004 || l.hostname == '''') : true)'
1005 - message: Listener name must be unique within the Gateway
1006 rule: self.all(l1, self.exists_one(l2, l1.name == l2.name))
1007 - message: Combination of port, protocol and hostname must be unique
1008 for each listener
1009 rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol
1010 == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname
1011 == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))'
1012 required:
1013 - gatewayClassName
1014 - listeners
1015 type: object
1016 status:
1017 default:
1018 conditions:
1019 - lastTransitionTime: "1970-01-01T00:00:00Z"
1020 message: Waiting for controller
1021 reason: Pending
1022 status: Unknown
1023 type: Accepted
1024 - lastTransitionTime: "1970-01-01T00:00:00Z"
1025 message: Waiting for controller
1026 reason: Pending
1027 status: Unknown
1028 type: Programmed
1029 description: Status defines the current state of Gateway.
1030 properties:
1031 addresses:
1032 description: "Addresses lists the network addresses that have been
1033 bound to the Gateway. \n This list may differ from the addresses
1034 provided in the spec under some conditions: \n * no addresses are
1035 specified, all addresses are dynamically assigned * a combination
1036 of specified and dynamic addresses are assigned * a specified address
1037 was unusable (e.g. already in use) \n "
1038 items:
1039 description: GatewayStatusAddress describes a network address that
1040 is bound to a Gateway.
1041 oneOf:
1042 - properties:
1043 type:
1044 enum:
1045 - IPAddress
1046 value:
1047 anyOf:
1048 - format: ipv4
1049 - format: ipv6
1050 - properties:
1051 type:
1052 not:
1053 enum:
1054 - IPAddress
1055 properties:
1056 type:
1057 default: IPAddress
1058 description: Type of the address.
1059 maxLength: 253
1060 minLength: 1
1061 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
1062 type: string
1063 value:
1064 description: "Value of the address. The validity of the values
1065 will depend on the type and support by the controller. \n
1066 Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
1067 maxLength: 253
1068 minLength: 1
1069 type: string
1070 required:
1071 - value
1072 type: object
1073 x-kubernetes-validations:
1074 - message: Hostname value must only contain valid characters (matching
1075 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
1076 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
1077 true'
1078 maxItems: 16
1079 type: array
1080 conditions:
1081 default:
1082 - lastTransitionTime: "1970-01-01T00:00:00Z"
1083 message: Waiting for controller
1084 reason: Pending
1085 status: Unknown
1086 type: Accepted
1087 - lastTransitionTime: "1970-01-01T00:00:00Z"
1088 message: Waiting for controller
1089 reason: Pending
1090 status: Unknown
1091 type: Programmed
1092 description: "Conditions describe the current conditions of the Gateway.
1093 \n Implementations should prefer to express Gateway conditions using
1094 the `GatewayConditionType` and `GatewayConditionReason` constants
1095 so that operators and tools can converge on a common vocabulary
1096 to describe Gateway state. \n Known condition types are: \n * \"Accepted\"
1097 * \"Programmed\" * \"Ready\""
1098 items:
1099 description: "Condition contains details for one aspect of the current
1100 state of this API Resource. --- This struct is intended for direct
1101 use as an array at the field path .status.conditions. For example,
1102 \n type FooStatus struct{ // Represents the observations of a
1103 foo's current state. // Known .status.conditions.type are: \"Available\",
1104 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1105 // +listType=map // +listMapKey=type Conditions []metav1.Condition
1106 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1107 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
1108 properties:
1109 lastTransitionTime:
1110 description: lastTransitionTime is the last time the condition
1111 transitioned from one status to another. This should be when
1112 the underlying condition changed. If that is not known, then
1113 using the time when the API field changed is acceptable.
1114 format: date-time
1115 type: string
1116 message:
1117 description: message is a human readable message indicating
1118 details about the transition. This may be an empty string.
1119 maxLength: 32768
1120 type: string
1121 observedGeneration:
1122 description: observedGeneration represents the .metadata.generation
1123 that the condition was set based upon. For instance, if .metadata.generation
1124 is currently 12, but the .status.conditions[x].observedGeneration
1125 is 9, the condition is out of date with respect to the current
1126 state of the instance.
1127 format: int64
1128 minimum: 0
1129 type: integer
1130 reason:
1131 description: reason contains a programmatic identifier indicating
1132 the reason for the condition's last transition. Producers
1133 of specific condition types may define expected values and
1134 meanings for this field, and whether the values are considered
1135 a guaranteed API. The value should be a CamelCase string.
1136 This field may not be empty.
1137 maxLength: 1024
1138 minLength: 1
1139 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1140 type: string
1141 status:
1142 description: status of the condition, one of True, False, Unknown.
1143 enum:
1144 - "True"
1145 - "False"
1146 - Unknown
1147 type: string
1148 type:
1149 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1150 --- Many .condition.type values are consistent across resources
1151 like Available, but because arbitrary conditions can be useful
1152 (see .node.status.conditions), the ability to deconflict is
1153 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1154 maxLength: 316
1155 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1156 type: string
1157 required:
1158 - lastTransitionTime
1159 - message
1160 - reason
1161 - status
1162 - type
1163 type: object
1164 maxItems: 8
1165 type: array
1166 x-kubernetes-list-map-keys:
1167 - type
1168 x-kubernetes-list-type: map
1169 listeners:
1170 description: Listeners provide status for each unique listener port
1171 defined in the Spec.
1172 items:
1173 description: ListenerStatus is the status associated with a Listener.
1174 properties:
1175 attachedRoutes:
1176 description: "AttachedRoutes represents the total number of
1177 Routes that have been successfully attached to this Listener.
1178 \n Successful attachment of a Route to a Listener is based
1179 solely on the combination of the AllowedRoutes field on the
1180 corresponding Listener and the Route's ParentRefs field. A
1181 Route is successfully attached to a Listener when it is selected
1182 by the Listener's AllowedRoutes field AND the Route has a
1183 valid ParentRef selecting the whole Gateway resource or a
1184 specific Listener as a parent resource (more detail on attachment
1185 semantics can be found in the documentation on the various
1186 Route kinds ParentRefs fields). Listener or Route status does
1187 not impact successful attachment, i.e. the AttachedRoutes
1188 field count MUST be set for Listeners with condition Accepted:
1189 false and MUST count successfully attached Routes that may
1190 themselves have Accepted: false conditions. \n Uses for this
1191 field include troubleshooting Route attachment and measuring
1192 blast radius/impact of changes to a Listener."
1193 format: int32
1194 type: integer
1195 conditions:
1196 description: Conditions describe the current condition of this
1197 listener.
1198 items:
1199 description: "Condition contains details for one aspect of
1200 the current state of this API Resource. --- This struct
1201 is intended for direct use as an array at the field path
1202 .status.conditions. For example, \n type FooStatus struct{
1203 // Represents the observations of a foo's current state.
1204 // Known .status.conditions.type are: \"Available\", \"Progressing\",
1205 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1206 // +listType=map // +listMapKey=type Conditions []metav1.Condition
1207 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1208 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
1209 }"
1210 properties:
1211 lastTransitionTime:
1212 description: lastTransitionTime is the last time the condition
1213 transitioned from one status to another. This should
1214 be when the underlying condition changed. If that is
1215 not known, then using the time when the API field changed
1216 is acceptable.
1217 format: date-time
1218 type: string
1219 message:
1220 description: message is a human readable message indicating
1221 details about the transition. This may be an empty string.
1222 maxLength: 32768
1223 type: string
1224 observedGeneration:
1225 description: observedGeneration represents the .metadata.generation
1226 that the condition was set based upon. For instance,
1227 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
1228 is 9, the condition is out of date with respect to the
1229 current state of the instance.
1230 format: int64
1231 minimum: 0
1232 type: integer
1233 reason:
1234 description: reason contains a programmatic identifier
1235 indicating the reason for the condition's last transition.
1236 Producers of specific condition types may define expected
1237 values and meanings for this field, and whether the
1238 values are considered a guaranteed API. The value should
1239 be a CamelCase string. This field may not be empty.
1240 maxLength: 1024
1241 minLength: 1
1242 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1243 type: string
1244 status:
1245 description: status of the condition, one of True, False,
1246 Unknown.
1247 enum:
1248 - "True"
1249 - "False"
1250 - Unknown
1251 type: string
1252 type:
1253 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1254 --- Many .condition.type values are consistent across
1255 resources like Available, but because arbitrary conditions
1256 can be useful (see .node.status.conditions), the ability
1257 to deconflict is important. The regex it matches is
1258 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1259 maxLength: 316
1260 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1261 type: string
1262 required:
1263 - lastTransitionTime
1264 - message
1265 - reason
1266 - status
1267 - type
1268 type: object
1269 maxItems: 8
1270 type: array
1271 x-kubernetes-list-map-keys:
1272 - type
1273 x-kubernetes-list-type: map
1274 name:
1275 description: Name is the name of the Listener that this status
1276 corresponds to.
1277 maxLength: 253
1278 minLength: 1
1279 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1280 type: string
1281 supportedKinds:
1282 description: "SupportedKinds is the list indicating the Kinds
1283 supported by this listener. This MUST represent the kinds
1284 an implementation supports for that Listener configuration.
1285 \n If kinds are specified in Spec that are not supported,
1286 they MUST NOT appear in this list and an implementation MUST
1287 set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\"
1288 reason. If both valid and invalid Route kinds are specified,
1289 the implementation MUST reference the valid Route kinds that
1290 have been specified."
1291 items:
1292 description: RouteGroupKind indicates the group and kind of
1293 a Route resource.
1294 properties:
1295 group:
1296 default: gateway.networking.k8s.io
1297 description: Group is the group of the Route.
1298 maxLength: 253
1299 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1300 type: string
1301 kind:
1302 description: Kind is the kind of the Route.
1303 maxLength: 63
1304 minLength: 1
1305 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1306 type: string
1307 required:
1308 - kind
1309 type: object
1310 maxItems: 8
1311 type: array
1312 required:
1313 - attachedRoutes
1314 - conditions
1315 - name
1316 - supportedKinds
1317 type: object
1318 maxItems: 64
1319 type: array
1320 x-kubernetes-list-map-keys:
1321 - name
1322 x-kubernetes-list-type: map
1323 type: object
1324 required:
1325 - spec
1326 type: object
1327 served: true
1328 storage: false
1329 subresources:
1330 status: {}
1331 - additionalPrinterColumns:
1332 - jsonPath: .spec.gatewayClassName
1333 name: Class
1334 type: string
1335 - jsonPath: .status.addresses[*].value
1336 name: Address
1337 type: string
1338 - jsonPath: .status.conditions[?(@.type=="Programmed")].status
1339 name: Programmed
1340 type: string
1341 - jsonPath: .metadata.creationTimestamp
1342 name: Age
1343 type: date
1344 name: v1beta1
1345 schema:
1346 openAPIV3Schema:
1347 description: Gateway represents an instance of a service-traffic handling
1348 infrastructure by binding Listeners to a set of IP addresses.
1349 properties:
1350 apiVersion:
1351 description: 'APIVersion defines the versioned schema of this representation
1352 of an object. Servers should convert recognized schemas to the latest
1353 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
1354 type: string
1355 kind:
1356 description: 'Kind is a string value representing the REST resource this
1357 object represents. Servers may infer this from the endpoint the client
1358 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
1359 type: string
1360 metadata:
1361 type: object
1362 spec:
1363 description: Spec defines the desired state of Gateway.
1364 properties:
1365 addresses:
1366 description: "Addresses requested for this Gateway. This is optional
1367 and behavior can depend on the implementation. If a value is set
1368 in the spec and the requested address is invalid or unavailable,
1369 the implementation MUST indicate this in the associated entry in
1370 GatewayStatus.Addresses. \n The Addresses field represents a request
1371 for the address(es) on the \"outside of the Gateway\", that traffic
1372 bound for this Gateway will use. This could be the IP address or
1373 hostname of an external load balancer or other networking infrastructure,
1374 or some other address that traffic will be sent to. \n If no Addresses
1375 are specified, the implementation MAY schedule the Gateway in an
1376 implementation-specific manner, assigning an appropriate set of
1377 Addresses. \n The implementation MUST bind all Listeners to every
1378 GatewayAddress that it assigns to the Gateway and add a corresponding
1379 entry in GatewayStatus.Addresses. \n Support: Extended \n "
1380 items:
1381 description: GatewayAddress describes an address that can be bound
1382 to a Gateway.
1383 oneOf:
1384 - properties:
1385 type:
1386 enum:
1387 - IPAddress
1388 value:
1389 anyOf:
1390 - format: ipv4
1391 - format: ipv6
1392 - properties:
1393 type:
1394 not:
1395 enum:
1396 - IPAddress
1397 properties:
1398 type:
1399 default: IPAddress
1400 description: Type of the address.
1401 maxLength: 253
1402 minLength: 1
1403 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
1404 type: string
1405 value:
1406 description: "Value of the address. The validity of the values
1407 will depend on the type and support by the controller. \n
1408 Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
1409 maxLength: 253
1410 minLength: 1
1411 type: string
1412 required:
1413 - value
1414 type: object
1415 x-kubernetes-validations:
1416 - message: Hostname value must only contain valid characters (matching
1417 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
1418 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
1419 true'
1420 maxItems: 16
1421 type: array
1422 x-kubernetes-validations:
1423 - message: IPAddress values must be unique
1424 rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2,
1425 a2.type == a1.type && a2.value == a1.value) : true )'
1426 - message: Hostname values must be unique
1427 rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2,
1428 a2.type == a1.type && a2.value == a1.value) : true )'
1429 gatewayClassName:
1430 description: GatewayClassName used for this Gateway. This is the name
1431 of a GatewayClass resource.
1432 maxLength: 253
1433 minLength: 1
1434 type: string
1435 listeners:
1436 description: "Listeners associated with this Gateway. Listeners define
1437 logical endpoints that are bound on this Gateway's addresses. At
1438 least one Listener MUST be specified. \n Each Listener in a set
1439 of Listeners (for example, in a single Gateway) MUST be _distinct_,
1440 in that a traffic flow MUST be able to be assigned to exactly one
1441 listener. (This section uses \"set of Listeners\" rather than \"Listeners
1442 in a single Gateway\" because implementations MAY merge configuration
1443 from multiple Gateways onto a single data plane, and these rules
1444 _also_ apply in that case). \n Practically, this means that each
1445 listener in a set MUST have a unique combination of Port, Protocol,
1446 and, if supported by the protocol, Hostname. \n Some combinations
1447 of port, protocol, and TLS settings are considered Core support
1448 and MUST be supported by implementations based on their targeted
1449 conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80,
1450 Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode:
1451 Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port:
1452 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners
1453 have the following property: \n The implementation can match inbound
1454 requests to a single distinct Listener. When multiple Listeners
1455 share values for fields (for example, two Listeners with the same
1456 Port value), the implementation can match requests to only one of
1457 the Listeners using other Listener fields. \n For example, the following
1458 Listener scenarios are distinct: \n 1. Multiple Listeners with the
1459 same Port that all use the \"HTTP\" Protocol that all have unique
1460 Hostname values. 2. Multiple Listeners with the same Port that use
1461 either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname
1462 values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners,
1463 where no Listener with the same Protocol has the same Port value.
1464 \n Some fields in the Listener struct have possible values that
1465 affect whether the Listener is distinct. Hostname is particularly
1466 relevant for HTTP or HTTPS protocols. \n When using the Hostname
1467 value to select between same-Port, same-Protocol Listeners, the
1468 Hostname value must be different on each Listener for the Listener
1469 to be distinct. \n When the Listeners are distinct based on Hostname,
1470 inbound request hostnames MUST match from the most specific to least
1471 specific Hostname values to choose the correct Listener and its
1472 associated set of Routes. \n Exact matches must be processed before
1473 wildcard matches, and wildcard matches must be processed before
1474 fallback (empty Hostname value) matches. For example, `\"foo.example.com\"`
1475 takes precedence over `\"*.example.com\"`, and `\"*.example.com\"`
1476 takes precedence over `\"\"`. \n Additionally, if there are multiple
1477 wildcard entries, more specific wildcard entries must be processed
1478 before less specific wildcard entries. For example, `\"*.foo.example.com\"`
1479 takes precedence over `\"*.example.com\"`. The precise definition
1480 here is that the higher the number of dots in the hostname to the
1481 right of the wildcard character, the higher the precedence. \n The
1482 wildcard character will match any number of characters _and dots_
1483 to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"`
1484 _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners
1485 that are not distinct, then those Listeners are Conflicted, and
1486 the implementation MUST set the \"Conflicted\" condition in the
1487 Listener Status to \"True\". \n Implementations MAY choose to accept
1488 a Gateway with some Conflicted Listeners only if they only accept
1489 the partial Listener set that contains no Conflicted Listeners.
1490 To put this another way, implementations may accept a partial Listener
1491 set only if they throw out *all* the conflicting Listeners. No picking
1492 one of the conflicting listeners as the winner. This also means
1493 that the Gateway must have at least one non-conflicting Listener
1494 in this case, otherwise it violates the requirement that at least
1495 one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\"
1496 condition on the Gateway Status when the Gateway contains Conflicted
1497 Listeners whether or not they accept the Gateway. That Condition
1498 SHOULD clearly indicate in the Message which Listeners are conflicted,
1499 and which are Accepted. Additionally, the Listener status for those
1500 listeners SHOULD indicate which Listeners are conflicted and not
1501 Accepted. \n A Gateway's Listeners are considered \"compatible\"
1502 if: \n 1. They are distinct. 2. The implementation can serve them
1503 in compliance with the Addresses requirement that all Listeners
1504 are available on all assigned addresses. \n Compatible combinations
1505 in Extended support are expected to vary across implementations.
1506 A combination that is compatible for one implementation may not
1507 be compatible for another. \n For example, an implementation that
1508 cannot serve both TCP and UDP listeners on the same address, or
1509 cannot mix HTTPS and generic TLS listens on the same port would
1510 not consider those cases compatible, even though they are distinct.
1511 \n Note that requests SHOULD match at most one Listener. For example,
1512 if Listeners are defined for \"foo.example.com\" and \"*.example.com\",
1513 a request to \"foo.example.com\" SHOULD only be routed using routes
1514 attached to the \"foo.example.com\" Listener (and not the \"*.example.com\"
1515 Listener). This concept is known as \"Listener Isolation\". Implementations
1516 that do not support Listener Isolation MUST clearly document this.
1517 \n Implementations MAY merge separate Gateways onto a single set
1518 of Addresses if all Listeners across all Gateways are compatible.
1519 \n Support: Core"
1520 items:
1521 description: Listener embodies the concept of a logical endpoint
1522 where a Gateway accepts network connections.
1523 properties:
1524 allowedRoutes:
1525 default:
1526 namespaces:
1527 from: Same
1528 description: "AllowedRoutes defines the types of routes that
1529 MAY be attached to a Listener and the trusted namespaces where
1530 those Route resources MAY be present. \n Although a client
1531 request may match multiple route rules, only one rule may
1532 ultimately receive the request. Matching precedence MUST be
1533 determined in order of the following criteria: \n * The most
1534 specific match as defined by the Route type. * The oldest
1535 Route based on creation timestamp. For example, a Route with
1536 a creation timestamp of \"2020-09-08 01:02:03\" is given precedence
1537 over a Route with a creation timestamp of \"2020-09-08 01:02:04\".
1538 * If everything else is equivalent, the Route appearing first
1539 in alphabetical order (namespace/name) should be given precedence.
1540 For example, foo/bar is given precedence over foo/baz. \n
1541 All valid rules within a Route attached to this Listener should
1542 be implemented. Invalid Route rules can be ignored (sometimes
1543 that will mean the full Route). If a Route rule transitions
1544 from valid to invalid, support for that Route rule should
1545 be dropped to ensure consistency. For example, even if a filter
1546 specified by a Route rule is invalid, the rest of the rules
1547 within that Route should still be supported. \n Support: Core"
1548 properties:
1549 kinds:
1550 description: "Kinds specifies the groups and kinds of Routes
1551 that are allowed to bind to this Gateway Listener. When
1552 unspecified or empty, the kinds of Routes selected are
1553 determined using the Listener protocol. \n A RouteGroupKind
1554 MUST correspond to kinds of Routes that are compatible
1555 with the application protocol specified in the Listener's
1556 Protocol field. If an implementation does not support
1557 or recognize this resource type, it MUST set the \"ResolvedRefs\"
1558 condition to False for this Listener with the \"InvalidRouteKinds\"
1559 reason. \n Support: Core"
1560 items:
1561 description: RouteGroupKind indicates the group and kind
1562 of a Route resource.
1563 properties:
1564 group:
1565 default: gateway.networking.k8s.io
1566 description: Group is the group of the Route.
1567 maxLength: 253
1568 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1569 type: string
1570 kind:
1571 description: Kind is the kind of the Route.
1572 maxLength: 63
1573 minLength: 1
1574 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1575 type: string
1576 required:
1577 - kind
1578 type: object
1579 maxItems: 8
1580 type: array
1581 namespaces:
1582 default:
1583 from: Same
1584 description: "Namespaces indicates namespaces from which
1585 Routes may be attached to this Listener. This is restricted
1586 to the namespace of this Gateway by default. \n Support:
1587 Core"
1588 properties:
1589 from:
1590 default: Same
1591 description: "From indicates where Routes will be selected
1592 for this Gateway. Possible values are: \n * All: Routes
1593 in all namespaces may be used by this Gateway. * Selector:
1594 Routes in namespaces selected by the selector may
1595 be used by this Gateway. * Same: Only Routes in the
1596 same namespace may be used by this Gateway. \n Support:
1597 Core"
1598 enum:
1599 - All
1600 - Selector
1601 - Same
1602 type: string
1603 selector:
1604 description: "Selector must be specified when From is
1605 set to \"Selector\". In that case, only Routes in
1606 Namespaces matching this Selector will be selected
1607 by this Gateway. This field is ignored for other values
1608 of \"From\". \n Support: Core"
1609 properties:
1610 matchExpressions:
1611 description: matchExpressions is a list of label
1612 selector requirements. The requirements are ANDed.
1613 items:
1614 description: A label selector requirement is a
1615 selector that contains values, a key, and an
1616 operator that relates the key and values.
1617 properties:
1618 key:
1619 description: key is the label key that the
1620 selector applies to.
1621 type: string
1622 operator:
1623 description: operator represents a key's relationship
1624 to a set of values. Valid operators are
1625 In, NotIn, Exists and DoesNotExist.
1626 type: string
1627 values:
1628 description: values is an array of string
1629 values. If the operator is In or NotIn,
1630 the values array must be non-empty. If the
1631 operator is Exists or DoesNotExist, the
1632 values array must be empty. This array is
1633 replaced during a strategic merge patch.
1634 items:
1635 type: string
1636 type: array
1637 required:
1638 - key
1639 - operator
1640 type: object
1641 type: array
1642 matchLabels:
1643 additionalProperties:
1644 type: string
1645 description: matchLabels is a map of {key,value}
1646 pairs. A single {key,value} in the matchLabels
1647 map is equivalent to an element of matchExpressions,
1648 whose key field is "key", the operator is "In",
1649 and the values array contains only "value". The
1650 requirements are ANDed.
1651 type: object
1652 type: object
1653 x-kubernetes-map-type: atomic
1654 type: object
1655 type: object
1656 hostname:
1657 description: "Hostname specifies the virtual hostname to match
1658 for protocol types that define this concept. When unspecified,
1659 all hostnames are matched. This field is ignored for protocols
1660 that don't require hostname based matching. \n Implementations
1661 MUST apply Hostname matching appropriately for each of the
1662 following protocols: \n * TLS: The Listener Hostname MUST
1663 match the SNI. * HTTP: The Listener Hostname MUST match the
1664 Host header of the request. * HTTPS: The Listener Hostname
1665 SHOULD match at both the TLS and HTTP protocol layers as described
1666 above. If an implementation does not ensure that both the
1667 SNI and Host header match the Listener hostname, it MUST clearly
1668 document that. \n For HTTPRoute and TLSRoute resources, there
1669 is an interaction with the `spec.hostnames` array. When both
1670 listener and route specify hostnames, there MUST be an intersection
1671 between the values for a Route to be accepted. For more information,
1672 refer to the Route specific Hostnames documentation. \n Hostnames
1673 that are prefixed with a wildcard label (`*.`) are interpreted
1674 as a suffix match. That means that a match for `*.example.com`
1675 would match both `test.example.com`, and `foo.test.example.com`,
1676 but not `example.com`. \n Support: Core"
1677 maxLength: 253
1678 minLength: 1
1679 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1680 type: string
1681 name:
1682 description: "Name is the name of the Listener. This name MUST
1683 be unique within a Gateway. \n Support: Core"
1684 maxLength: 253
1685 minLength: 1
1686 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1687 type: string
1688 port:
1689 description: "Port is the network port. Multiple listeners may
1690 use the same port, subject to the Listener compatibility rules.
1691 \n Support: Core"
1692 format: int32
1693 maximum: 65535
1694 minimum: 1
1695 type: integer
1696 protocol:
1697 description: "Protocol specifies the network protocol this listener
1698 expects to receive. \n Support: Core"
1699 maxLength: 255
1700 minLength: 1
1701 pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
1702 type: string
1703 tls:
1704 description: "TLS is the TLS configuration for the Listener.
1705 This field is required if the Protocol field is \"HTTPS\"
1706 or \"TLS\". It is invalid to set this field if the Protocol
1707 field is \"HTTP\", \"TCP\", or \"UDP\". \n The association
1708 of SNIs to Certificate defined in GatewayTLSConfig is defined
1709 based on the Hostname field for this listener. \n The GatewayClass
1710 MUST use the longest matching SNI out of all available certificates
1711 for any TLS handshake. \n Support: Core"
1712 properties:
1713 certificateRefs:
1714 description: "CertificateRefs contains a series of references
1715 to Kubernetes objects that contains TLS certificates and
1716 private keys. These certificates are used to establish
1717 a TLS handshake for requests that match the hostname of
1718 the associated listener. \n A single CertificateRef to
1719 a Kubernetes Secret has \"Core\" support. Implementations
1720 MAY choose to support attaching multiple certificates
1721 to a Listener, but this behavior is implementation-specific.
1722 \n References to a resource in different namespace are
1723 invalid UNLESS there is a ReferenceGrant in the target
1724 namespace that allows the certificate to be attached.
1725 If a ReferenceGrant does not allow this reference, the
1726 \"ResolvedRefs\" condition MUST be set to False for this
1727 listener with the \"RefNotPermitted\" reason. \n This
1728 field is required to have at least one element when the
1729 mode is set to \"Terminate\" (default) and is optional
1730 otherwise. \n CertificateRefs can reference to standard
1731 Kubernetes resources, i.e. Secret, or implementation-specific
1732 custom resources. \n Support: Core - A single reference
1733 to a Kubernetes Secret of type kubernetes.io/tls \n Support:
1734 Implementation-specific (More than one reference or other
1735 resource types)"
1736 items:
1737 description: "SecretObjectReference identifies an API
1738 object including its namespace, defaulting to Secret.
1739 \n The API object must be valid in the cluster; the
1740 Group and Kind must be registered in the cluster for
1741 this reference to be valid. \n References to objects
1742 with invalid Group and Kind are not valid, and must
1743 be rejected by the implementation, with appropriate
1744 Conditions set on the containing object."
1745 properties:
1746 group:
1747 default: ""
1748 description: Group is the group of the referent. For
1749 example, "gateway.networking.k8s.io". When unspecified
1750 or empty string, core API group is inferred.
1751 maxLength: 253
1752 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1753 type: string
1754 kind:
1755 default: Secret
1756 description: Kind is kind of the referent. For example
1757 "Secret".
1758 maxLength: 63
1759 minLength: 1
1760 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1761 type: string
1762 name:
1763 description: Name is the name of the referent.
1764 maxLength: 253
1765 minLength: 1
1766 type: string
1767 namespace:
1768 description: "Namespace is the namespace of the referenced
1769 object. When unspecified, the local namespace is
1770 inferred. \n Note that when a namespace different
1771 than the local namespace is specified, a ReferenceGrant
1772 object is required in the referent namespace to
1773 allow that namespace's owner to accept the reference.
1774 See the ReferenceGrant documentation for details.
1775 \n Support: Core"
1776 maxLength: 63
1777 minLength: 1
1778 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1779 type: string
1780 required:
1781 - name
1782 type: object
1783 maxItems: 64
1784 type: array
1785 mode:
1786 default: Terminate
1787 description: "Mode defines the TLS behavior for the TLS
1788 session initiated by the client. There are two possible
1789 modes: \n - Terminate: The TLS session between the downstream
1790 client and the Gateway is terminated at the Gateway. This
1791 mode requires certificateRefs to be set and contain at
1792 least one element. - Passthrough: The TLS session is NOT
1793 terminated by the Gateway. This implies that the Gateway
1794 can't decipher the TLS stream except for the ClientHello
1795 message of the TLS protocol. CertificateRefs field is
1796 ignored in this mode. \n Support: Core"
1797 enum:
1798 - Terminate
1799 - Passthrough
1800 type: string
1801 options:
1802 additionalProperties:
1803 description: AnnotationValue is the value of an annotation
1804 in Gateway API. This is used for validation of maps
1805 such as TLS options. This roughly matches Kubernetes
1806 annotation validation, although the length validation
1807 in that case is based on the entire size of the annotations
1808 struct.
1809 maxLength: 4096
1810 minLength: 0
1811 type: string
1812 description: "Options are a list of key/value pairs to enable
1813 extended TLS configuration for each implementation. For
1814 example, configuring the minimum TLS version or supported
1815 cipher suites. \n A set of common keys MAY be defined
1816 by the API in the future. To avoid any ambiguity, implementation-specific
1817 definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`.
1818 Un-prefixed names are reserved for key names defined by
1819 Gateway API. \n Support: Implementation-specific"
1820 maxProperties: 16
1821 type: object
1822 type: object
1823 x-kubernetes-validations:
1824 - message: certificateRefs must be specified when TLSModeType
1825 is Terminate
1826 rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs)
1827 > 0 : true'
1828 required:
1829 - name
1830 - port
1831 - protocol
1832 type: object
1833 maxItems: 64
1834 minItems: 1
1835 type: array
1836 x-kubernetes-list-map-keys:
1837 - name
1838 x-kubernetes-list-type: map
1839 x-kubernetes-validations:
1840 - message: tls must be specified for protocols ['HTTPS', 'TLS']
1841 rule: 'self.all(l, l.protocol in [''HTTPS'', ''TLS''] ? has(l.tls)
1842 : true)'
1843 - message: tls must not be specified for protocols ['HTTP', 'TCP',
1844 'UDP']
1845 rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ?
1846 !has(l.tls) : true)'
1847 - message: hostname must not be specified for protocols ['TCP', 'UDP']
1848 rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname)
1849 || l.hostname == '''') : true)'
1850 - message: Listener name must be unique within the Gateway
1851 rule: self.all(l1, self.exists_one(l2, l1.name == l2.name))
1852 - message: Combination of port, protocol and hostname must be unique
1853 for each listener
1854 rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol
1855 == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname
1856 == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))'
1857 required:
1858 - gatewayClassName
1859 - listeners
1860 type: object
1861 status:
1862 default:
1863 conditions:
1864 - lastTransitionTime: "1970-01-01T00:00:00Z"
1865 message: Waiting for controller
1866 reason: Pending
1867 status: Unknown
1868 type: Accepted
1869 - lastTransitionTime: "1970-01-01T00:00:00Z"
1870 message: Waiting for controller
1871 reason: Pending
1872 status: Unknown
1873 type: Programmed
1874 description: Status defines the current state of Gateway.
1875 properties:
1876 addresses:
1877 description: "Addresses lists the network addresses that have been
1878 bound to the Gateway. \n This list may differ from the addresses
1879 provided in the spec under some conditions: \n * no addresses are
1880 specified, all addresses are dynamically assigned * a combination
1881 of specified and dynamic addresses are assigned * a specified address
1882 was unusable (e.g. already in use) \n "
1883 items:
1884 description: GatewayStatusAddress describes a network address that
1885 is bound to a Gateway.
1886 oneOf:
1887 - properties:
1888 type:
1889 enum:
1890 - IPAddress
1891 value:
1892 anyOf:
1893 - format: ipv4
1894 - format: ipv6
1895 - properties:
1896 type:
1897 not:
1898 enum:
1899 - IPAddress
1900 properties:
1901 type:
1902 default: IPAddress
1903 description: Type of the address.
1904 maxLength: 253
1905 minLength: 1
1906 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
1907 type: string
1908 value:
1909 description: "Value of the address. The validity of the values
1910 will depend on the type and support by the controller. \n
1911 Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
1912 maxLength: 253
1913 minLength: 1
1914 type: string
1915 required:
1916 - value
1917 type: object
1918 x-kubernetes-validations:
1919 - message: Hostname value must only contain valid characters (matching
1920 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
1921 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
1922 true'
1923 maxItems: 16
1924 type: array
1925 conditions:
1926 default:
1927 - lastTransitionTime: "1970-01-01T00:00:00Z"
1928 message: Waiting for controller
1929 reason: Pending
1930 status: Unknown
1931 type: Accepted
1932 - lastTransitionTime: "1970-01-01T00:00:00Z"
1933 message: Waiting for controller
1934 reason: Pending
1935 status: Unknown
1936 type: Programmed
1937 description: "Conditions describe the current conditions of the Gateway.
1938 \n Implementations should prefer to express Gateway conditions using
1939 the `GatewayConditionType` and `GatewayConditionReason` constants
1940 so that operators and tools can converge on a common vocabulary
1941 to describe Gateway state. \n Known condition types are: \n * \"Accepted\"
1942 * \"Programmed\" * \"Ready\""
1943 items:
1944 description: "Condition contains details for one aspect of the current
1945 state of this API Resource. --- This struct is intended for direct
1946 use as an array at the field path .status.conditions. For example,
1947 \n type FooStatus struct{ // Represents the observations of a
1948 foo's current state. // Known .status.conditions.type are: \"Available\",
1949 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1950 // +listType=map // +listMapKey=type Conditions []metav1.Condition
1951 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1952 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
1953 properties:
1954 lastTransitionTime:
1955 description: lastTransitionTime is the last time the condition
1956 transitioned from one status to another. This should be when
1957 the underlying condition changed. If that is not known, then
1958 using the time when the API field changed is acceptable.
1959 format: date-time
1960 type: string
1961 message:
1962 description: message is a human readable message indicating
1963 details about the transition. This may be an empty string.
1964 maxLength: 32768
1965 type: string
1966 observedGeneration:
1967 description: observedGeneration represents the .metadata.generation
1968 that the condition was set based upon. For instance, if .metadata.generation
1969 is currently 12, but the .status.conditions[x].observedGeneration
1970 is 9, the condition is out of date with respect to the current
1971 state of the instance.
1972 format: int64
1973 minimum: 0
1974 type: integer
1975 reason:
1976 description: reason contains a programmatic identifier indicating
1977 the reason for the condition's last transition. Producers
1978 of specific condition types may define expected values and
1979 meanings for this field, and whether the values are considered
1980 a guaranteed API. The value should be a CamelCase string.
1981 This field may not be empty.
1982 maxLength: 1024
1983 minLength: 1
1984 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1985 type: string
1986 status:
1987 description: status of the condition, one of True, False, Unknown.
1988 enum:
1989 - "True"
1990 - "False"
1991 - Unknown
1992 type: string
1993 type:
1994 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1995 --- Many .condition.type values are consistent across resources
1996 like Available, but because arbitrary conditions can be useful
1997 (see .node.status.conditions), the ability to deconflict is
1998 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1999 maxLength: 316
2000 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2001 type: string
2002 required:
2003 - lastTransitionTime
2004 - message
2005 - reason
2006 - status
2007 - type
2008 type: object
2009 maxItems: 8
2010 type: array
2011 x-kubernetes-list-map-keys:
2012 - type
2013 x-kubernetes-list-type: map
2014 listeners:
2015 description: Listeners provide status for each unique listener port
2016 defined in the Spec.
2017 items:
2018 description: ListenerStatus is the status associated with a Listener.
2019 properties:
2020 attachedRoutes:
2021 description: "AttachedRoutes represents the total number of
2022 Routes that have been successfully attached to this Listener.
2023 \n Successful attachment of a Route to a Listener is based
2024 solely on the combination of the AllowedRoutes field on the
2025 corresponding Listener and the Route's ParentRefs field. A
2026 Route is successfully attached to a Listener when it is selected
2027 by the Listener's AllowedRoutes field AND the Route has a
2028 valid ParentRef selecting the whole Gateway resource or a
2029 specific Listener as a parent resource (more detail on attachment
2030 semantics can be found in the documentation on the various
2031 Route kinds ParentRefs fields). Listener or Route status does
2032 not impact successful attachment, i.e. the AttachedRoutes
2033 field count MUST be set for Listeners with condition Accepted:
2034 false and MUST count successfully attached Routes that may
2035 themselves have Accepted: false conditions. \n Uses for this
2036 field include troubleshooting Route attachment and measuring
2037 blast radius/impact of changes to a Listener."
2038 format: int32
2039 type: integer
2040 conditions:
2041 description: Conditions describe the current condition of this
2042 listener.
2043 items:
2044 description: "Condition contains details for one aspect of
2045 the current state of this API Resource. --- This struct
2046 is intended for direct use as an array at the field path
2047 .status.conditions. For example, \n type FooStatus struct{
2048 // Represents the observations of a foo's current state.
2049 // Known .status.conditions.type are: \"Available\", \"Progressing\",
2050 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
2051 // +listType=map // +listMapKey=type Conditions []metav1.Condition
2052 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
2053 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
2054 }"
2055 properties:
2056 lastTransitionTime:
2057 description: lastTransitionTime is the last time the condition
2058 transitioned from one status to another. This should
2059 be when the underlying condition changed. If that is
2060 not known, then using the time when the API field changed
2061 is acceptable.
2062 format: date-time
2063 type: string
2064 message:
2065 description: message is a human readable message indicating
2066 details about the transition. This may be an empty string.
2067 maxLength: 32768
2068 type: string
2069 observedGeneration:
2070 description: observedGeneration represents the .metadata.generation
2071 that the condition was set based upon. For instance,
2072 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
2073 is 9, the condition is out of date with respect to the
2074 current state of the instance.
2075 format: int64
2076 minimum: 0
2077 type: integer
2078 reason:
2079 description: reason contains a programmatic identifier
2080 indicating the reason for the condition's last transition.
2081 Producers of specific condition types may define expected
2082 values and meanings for this field, and whether the
2083 values are considered a guaranteed API. The value should
2084 be a CamelCase string. This field may not be empty.
2085 maxLength: 1024
2086 minLength: 1
2087 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2088 type: string
2089 status:
2090 description: status of the condition, one of True, False,
2091 Unknown.
2092 enum:
2093 - "True"
2094 - "False"
2095 - Unknown
2096 type: string
2097 type:
2098 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2099 --- Many .condition.type values are consistent across
2100 resources like Available, but because arbitrary conditions
2101 can be useful (see .node.status.conditions), the ability
2102 to deconflict is important. The regex it matches is
2103 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2104 maxLength: 316
2105 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2106 type: string
2107 required:
2108 - lastTransitionTime
2109 - message
2110 - reason
2111 - status
2112 - type
2113 type: object
2114 maxItems: 8
2115 type: array
2116 x-kubernetes-list-map-keys:
2117 - type
2118 x-kubernetes-list-type: map
2119 name:
2120 description: Name is the name of the Listener that this status
2121 corresponds to.
2122 maxLength: 253
2123 minLength: 1
2124 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2125 type: string
2126 supportedKinds:
2127 description: "SupportedKinds is the list indicating the Kinds
2128 supported by this listener. This MUST represent the kinds
2129 an implementation supports for that Listener configuration.
2130 \n If kinds are specified in Spec that are not supported,
2131 they MUST NOT appear in this list and an implementation MUST
2132 set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\"
2133 reason. If both valid and invalid Route kinds are specified,
2134 the implementation MUST reference the valid Route kinds that
2135 have been specified."
2136 items:
2137 description: RouteGroupKind indicates the group and kind of
2138 a Route resource.
2139 properties:
2140 group:
2141 default: gateway.networking.k8s.io
2142 description: Group is the group of the Route.
2143 maxLength: 253
2144 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2145 type: string
2146 kind:
2147 description: Kind is the kind of the Route.
2148 maxLength: 63
2149 minLength: 1
2150 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2151 type: string
2152 required:
2153 - kind
2154 type: object
2155 maxItems: 8
2156 type: array
2157 required:
2158 - attachedRoutes
2159 - conditions
2160 - name
2161 - supportedKinds
2162 type: object
2163 maxItems: 64
2164 type: array
2165 x-kubernetes-list-map-keys:
2166 - name
2167 x-kubernetes-list-type: map
2168 type: object
2169 required:
2170 - spec
2171 type: object
2172 served: true
2173 storage: true
2174 subresources:
2175 status: {}
2176status:
2177 acceptedNames:
2178 kind: ""
2179 plural: ""
2180 conditions: null
2181 storedVersions: null
2182---
2183#
2184# config/crd/standard/gateway.networking.k8s.io_httproutes.yaml
2185#
2186apiVersion: apiextensions.k8s.io/v1
2187kind: CustomResourceDefinition
2188metadata:
2189 annotations:
2190 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
2191 gateway.networking.k8s.io/bundle-version: v1.0.0-rc1
2192 gateway.networking.k8s.io/channel: standard
2193 creationTimestamp: null
2194 name: httproutes.gateway.networking.k8s.io
2195spec:
2196 group: gateway.networking.k8s.io
2197 names:
2198 categories:
2199 - gateway-api
2200 kind: HTTPRoute
2201 listKind: HTTPRouteList
2202 plural: httproutes
2203 singular: httproute
2204 scope: Namespaced
2205 versions:
2206 - additionalPrinterColumns:
2207 - jsonPath: .spec.hostnames
2208 name: Hostnames
2209 type: string
2210 - jsonPath: .metadata.creationTimestamp
2211 name: Age
2212 type: date
2213 name: v1
2214 schema:
2215 openAPIV3Schema:
2216 description: HTTPRoute provides a way to route HTTP requests. This includes
2217 the capability to match requests by hostname, path, header, or query param.
2218 Filters can be used to specify additional processing steps. Backends specify
2219 where matching requests should be routed.
2220 properties:
2221 apiVersion:
2222 description: 'APIVersion defines the versioned schema of this representation
2223 of an object. Servers should convert recognized schemas to the latest
2224 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2225 type: string
2226 kind:
2227 description: 'Kind is a string value representing the REST resource this
2228 object represents. Servers may infer this from the endpoint the client
2229 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2230 type: string
2231 metadata:
2232 type: object
2233 spec:
2234 description: Spec defines the desired state of HTTPRoute.
2235 properties:
2236 hostnames:
2237 description: "Hostnames defines a set of hostnames that should match
2238 against the HTTP Host header to select a HTTPRoute used to process
2239 the request. Implementations MUST ignore any port value specified
2240 in the HTTP Host header while performing a match and (absent of
2241 any applicable header modification configuration) MUST forward this
2242 header unmodified to the backend. \n Valid values for Hostnames
2243 are determined by RFC 1123 definition of a hostname with 2 notable
2244 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
2245 with a wildcard label (`*.`). The wildcard label must appear by
2246 itself as the first label. \n If a hostname is specified by both
2247 the Listener and HTTPRoute, there must be at least one intersecting
2248 hostname for the HTTPRoute to be attached to the Listener. For example:
2249 \n * A Listener with `test.example.com` as the hostname matches
2250 HTTPRoutes that have either not specified any hostnames, or have
2251 specified at least one of `test.example.com` or `*.example.com`.
2252 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
2253 that have either not specified any hostnames or have specified at
2254 least one hostname that matches the Listener hostname. For example,
2255 `*.example.com`, `test.example.com`, and `foo.test.example.com`
2256 would all match. On the other hand, `example.com` and `test.example.net`
2257 would not match. \n Hostnames that are prefixed with a wildcard
2258 label (`*.`) are interpreted as a suffix match. That means that
2259 a match for `*.example.com` would match both `test.example.com`,
2260 and `foo.test.example.com`, but not `example.com`. \n If both the
2261 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
2262 that do not match the Listener hostname MUST be ignored. For example,
2263 if a Listener specified `*.example.com`, and the HTTPRoute specified
2264 `test.example.com` and `test.example.net`, `test.example.net` must
2265 not be considered for a match. \n If both the Listener and HTTPRoute
2266 have specified hostnames, and none match with the criteria above,
2267 then the HTTPRoute is not accepted. The implementation must raise
2268 an 'Accepted' Condition with a status of `False` in the corresponding
2269 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
2270 intersecting hostnames (e.g. overlapping wildcard matching and exact
2271 matching hostnames), precedence must be given to rules from the
2272 HTTPRoute with the largest number of: \n * Characters in a matching
2273 non-wildcard hostname. * Characters in a matching hostname. \n If
2274 ties exist across multiple Routes, the matching precedence rules
2275 for HTTPRouteMatches takes over. \n Support: Core"
2276 items:
2277 description: "Hostname is the fully qualified domain name of a network
2278 host. This matches the RFC 1123 definition of a hostname with
2279 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
2280 may be prefixed with a wildcard label (`*.`). The wildcard label
2281 must appear by itself as the first label. \n Hostname can be \"precise\"
2282 which is a domain name without the terminating dot of a network
2283 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
2284 name prefixed with a single wildcard label (e.g. `*.example.com`).
2285 \n Note that as per RFC1035 and RFC1123, a *label* must consist
2286 of lower case alphanumeric characters or '-', and must start and
2287 end with an alphanumeric character. No other punctuation is allowed."
2288 maxLength: 253
2289 minLength: 1
2290 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2291 type: string
2292 maxItems: 16
2293 type: array
2294 parentRefs:
2295 description: "ParentRefs references the resources (usually Gateways)
2296 that a Route wants to be attached to. Note that the referenced parent
2297 resource needs to allow this for the attachment to be complete.
2298 For Gateways, that means the Gateway needs to allow attachment from
2299 Routes of this kind and namespace. For Services, that means the
2300 Service must either be in the same namespace for a \"producer\"
2301 route, or the mesh implementation must support and allow \"consumer\"
2302 routes for the referenced Service. ReferenceGrant is not applicable
2303 for governing ParentRefs to Services - it is not possible to create
2304 a \"producer\" route for a Service in a different namespace from
2305 the Route. \n There are two kinds of parent resources with \"Core\"
2306 support: \n * Gateway (Gateway conformance profile) This API may
2307 be extended in the future to support additional kinds of parent
2308 resources. \n ParentRefs must be _distinct_. This means either that:
2309 \n * They select different objects. If this is the case, then parentRef
2310 entries are distinct. In terms of fields, this means that the multi-part
2311 key defined by `group`, `kind`, `namespace`, and `name` must be
2312 unique across all parentRef entries in the Route. * They do not
2313 select different objects, but for each optional field used, each
2314 ParentRef that selects the same object must set the same set of
2315 optional fields to different values. If one ParentRef sets a combination
2316 of optional fields, all must set the same combination. \n Some examples:
2317 \n * If one ParentRef sets `sectionName`, all ParentRefs referencing
2318 the same object must also set `sectionName`. * If one ParentRef
2319 sets `port`, all ParentRefs referencing the same object must also
2320 set `port`. * If one ParentRef sets `sectionName` and `port`, all
2321 ParentRefs referencing the same object must also set `sectionName`
2322 and `port`. \n It is possible to separately reference multiple distinct
2323 objects that may be collapsed by an implementation. For example,
2324 some implementations may choose to merge compatible Gateway Listeners
2325 together. If that is the case, the list of routes attached to those
2326 resources should also be merged. \n Note that for ParentRefs that
2327 cross namespace boundaries, there are specific rules. Cross-namespace
2328 references are only valid if they are explicitly allowed by something
2329 in the namespace they are referring to. For example, Gateway has
2330 the AllowedRoutes field, and ReferenceGrant provides a generic way
2331 to enable other kinds of cross-namespace reference. \n \n "
2332 items:
2333 description: "ParentReference identifies an API object (usually
2334 a Gateway) that can be considered a parent of this resource (usually
2335 a route). There are two kinds of parent resources with \"Core\"
2336 support: \n * Gateway (Gateway conformance profile) * Service
2337 (Mesh conformance profile, experimental, ClusterIP Services only)
2338 \n This API may be extended in the future to support additional
2339 kinds of parent resources. \n The API object must be valid in
2340 the cluster; the Group and Kind must be registered in the cluster
2341 for this reference to be valid."
2342 properties:
2343 group:
2344 default: gateway.networking.k8s.io
2345 description: "Group is the group of the referent. When unspecified,
2346 \"gateway.networking.k8s.io\" is inferred. To set the core
2347 API group (such as for a \"Service\" kind referent), Group
2348 must be explicitly set to \"\" (empty string). \n Support:
2349 Core"
2350 maxLength: 253
2351 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2352 type: string
2353 kind:
2354 default: Gateway
2355 description: "Kind is kind of the referent. \n There are two
2356 kinds of parent resources with \"Core\" support: \n * Gateway
2357 (Gateway conformance profile) * Service (Mesh conformance
2358 profile, experimental, ClusterIP Services only) \n Support
2359 for other resources is Implementation-Specific."
2360 maxLength: 63
2361 minLength: 1
2362 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2363 type: string
2364 name:
2365 description: "Name is the name of the referent. \n Support:
2366 Core"
2367 maxLength: 253
2368 minLength: 1
2369 type: string
2370 namespace:
2371 description: "Namespace is the namespace of the referent. When
2372 unspecified, this refers to the local namespace of the Route.
2373 \n Note that there are specific rules for ParentRefs which
2374 cross namespace boundaries. Cross-namespace references are
2375 only valid if they are explicitly allowed by something in
2376 the namespace they are referring to. For example: Gateway
2377 has the AllowedRoutes field, and ReferenceGrant provides a
2378 generic way to enable any other kind of cross-namespace reference.
2379 \n \n Support: Core"
2380 maxLength: 63
2381 minLength: 1
2382 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2383 type: string
2384 sectionName:
2385 description: "SectionName is the name of a section within the
2386 target resource. In the following resources, SectionName is
2387 interpreted as the following: \n * Gateway: Listener Name.
2388 When both Port (experimental) and SectionName are specified,
2389 the name and port of the selected listener must match both
2390 specified values. * Service: Port Name. When both Port (experimental)
2391 and SectionName are specified, the name and port of the selected
2392 listener must match both specified values. Note that attaching
2393 Routes to Services as Parents is part of experimental Mesh
2394 support and is not supported for any other purpose. \n Implementations
2395 MAY choose to support attaching Routes to other resources.
2396 If that is the case, they MUST clearly document how SectionName
2397 is interpreted. \n When unspecified (empty string), this will
2398 reference the entire resource. For the purpose of status,
2399 an attachment is considered successful if at least one section
2400 in the parent resource accepts it. For example, Gateway listeners
2401 can restrict which Routes can attach to them by Route kind,
2402 namespace, or hostname. If 1 of 2 Gateway listeners accept
2403 attachment from the referencing Route, the Route MUST be considered
2404 successfully attached. If no Gateway listeners accept attachment
2405 from this Route, the Route MUST be considered detached from
2406 the Gateway. \n Support: Core"
2407 maxLength: 253
2408 minLength: 1
2409 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2410 type: string
2411 required:
2412 - name
2413 type: object
2414 maxItems: 32
2415 type: array
2416 x-kubernetes-validations:
2417 - message: sectionName must be specified when parentRefs includes
2418 2 or more references to the same parent
2419 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind
2420 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
2421 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__
2422 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
2423 p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName)
2424 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName
2425 == '''')) : true))'
2426 - message: sectionName must be unique when parentRefs includes 2 or
2427 more references to the same parent
2428 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind
2429 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
2430 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__
2431 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
2432 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName)
2433 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName
2434 == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName
2435 == p2.sectionName))))
2436 rules:
2437 default:
2438 - matches:
2439 - path:
2440 type: PathPrefix
2441 value: /
2442 description: Rules are a list of HTTP matchers, filters and actions.
2443 items:
2444 description: HTTPRouteRule defines semantics for matching an HTTP
2445 request based on conditions (matches), processing it (filters),
2446 and forwarding the request to an API object (backendRefs).
2447 properties:
2448 backendRefs:
2449 description: "BackendRefs defines the backend(s) where matching
2450 requests should be sent. \n Failure behavior here depends
2451 on how many BackendRefs are specified and how many are invalid.
2452 \n If *all* entries in BackendRefs are invalid, and there
2453 are also no filters specified in this route rule, *all* traffic
2454 which matches this rule MUST receive a 500 status code. \n
2455 See the HTTPBackendRef definition for the rules about what
2456 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
2457 is invalid, 500 status codes MUST be returned for requests
2458 that would have otherwise been routed to an invalid backend.
2459 If multiple backends are specified, and some are invalid,
2460 the proportion of requests that would otherwise have been
2461 routed to an invalid backend MUST receive a 500 status code.
2462 \n For example, if two backends are specified with equal weights,
2463 and one is invalid, 50 percent of traffic must receive a 500.
2464 Implementations may choose how that 50 percent is determined.
2465 \n Support: Core for Kubernetes Service \n Support: Extended
2466 for Kubernetes ServiceImport \n Support: Implementation-specific
2467 for any other resource \n Support for weight: Core"
2468 items:
2469 description: "HTTPBackendRef defines how a HTTPRoute forwards
2470 a HTTP request. \n Note that when a namespace different
2471 than the local namespace is specified, a ReferenceGrant
2472 object is required in the referent namespace to allow that
2473 namespace's owner to accept the reference. See the ReferenceGrant
2474 documentation for details. \n <gateway:experimental:description>
2475 \n When the BackendRef points to a Kubernetes Service, implementations
2476 SHOULD honor the appProtocol field if it is set for the
2477 target Service Port. \n Implementations supporting appProtocol
2478 SHOULD recognize the Kubernetes Standard Application Protocols
2479 defined in KEP-3726. \n If a Service appProtocol isn't specified,
2480 an implementation MAY infer the backend protocol through
2481 its own means. Implementations MAY infer the protocol from
2482 the Route type referring to the backend Service. \n If a
2483 Route is not able to send traffic to the backend using the
2484 specified protocol then the backend is considered invalid.
2485 Implementations MUST set the \"ResolvedRefs\" condition
2486 to \"False\" with the \"UnsupportedProtocol\" reason. \n
2487 </gateway:experimental:description>"
2488 properties:
2489 filters:
2490 description: "Filters defined at this level should be
2491 executed if and only if the request is being forwarded
2492 to the backend defined here. \n Support: Implementation-specific
2493 (For broader support of filters, use the Filters field
2494 in HTTPRouteRule.)"
2495 items:
2496 description: HTTPRouteFilter defines processing steps
2497 that must be completed during the request or response
2498 lifecycle. HTTPRouteFilters are meant as an extension
2499 point to express processing that may be done in Gateway
2500 implementations. Some examples include request or
2501 response modification, implementing authentication
2502 strategies, rate-limiting, and traffic shaping. API
2503 guarantee/conformance is defined based on the type
2504 of the filter.
2505 properties:
2506 extensionRef:
2507 description: "ExtensionRef is an optional, implementation-specific
2508 extension to the \"filter\" behavior. For example,
2509 resource \"myroutefilter\" in group \"networking.example.net\").
2510 ExtensionRef MUST NOT be used for core and extended
2511 filters. \n This filter can be used multiple times
2512 within the same rule. \n Support: Implementation-specific"
2513 properties:
2514 group:
2515 description: Group is the group of the referent.
2516 For example, "gateway.networking.k8s.io".
2517 When unspecified or empty string, core API
2518 group is inferred.
2519 maxLength: 253
2520 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2521 type: string
2522 kind:
2523 description: Kind is kind of the referent. For
2524 example "HTTPRoute" or "Service".
2525 maxLength: 63
2526 minLength: 1
2527 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2528 type: string
2529 name:
2530 description: Name is the name of the referent.
2531 maxLength: 253
2532 minLength: 1
2533 type: string
2534 required:
2535 - group
2536 - kind
2537 - name
2538 type: object
2539 requestHeaderModifier:
2540 description: "RequestHeaderModifier defines a schema
2541 for a filter that modifies request headers. \n
2542 Support: Core"
2543 properties:
2544 add:
2545 description: "Add adds the given header(s) (name,
2546 value) to the request before the action. It
2547 appends to any existing values associated
2548 with the header name. \n Input: GET /foo HTTP/1.1
2549 my-header: foo \n Config: add: - name: \"my-header\"
2550 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
2551 my-header: foo,bar,baz"
2552 items:
2553 description: HTTPHeader represents an HTTP
2554 Header name and value as defined by RFC
2555 7230.
2556 properties:
2557 name:
2558 description: "Name is the name of the
2559 HTTP Header to be matched. Name matching
2560 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2561 \n If multiple entries specify equivalent
2562 header names, the first entry with an
2563 equivalent name MUST be considered for
2564 a match. Subsequent entries with an
2565 equivalent header name MUST be ignored.
2566 Due to the case-insensitivity of header
2567 names, \"foo\" and \"Foo\" are considered
2568 equivalent."
2569 maxLength: 256
2570 minLength: 1
2571 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2572 type: string
2573 value:
2574 description: Value is the value of HTTP
2575 Header to be matched.
2576 maxLength: 4096
2577 minLength: 1
2578 type: string
2579 required:
2580 - name
2581 - value
2582 type: object
2583 maxItems: 16
2584 type: array
2585 x-kubernetes-list-map-keys:
2586 - name
2587 x-kubernetes-list-type: map
2588 remove:
2589 description: "Remove the given header(s) from
2590 the HTTP request before the action. The value
2591 of Remove is a list of HTTP header names.
2592 Note that the header names are case-insensitive
2593 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
2594 \n Input: GET /foo HTTP/1.1 my-header1: foo
2595 my-header2: bar my-header3: baz \n Config:
2596 remove: [\"my-header1\", \"my-header3\"] \n
2597 Output: GET /foo HTTP/1.1 my-header2: bar"
2598 items:
2599 type: string
2600 maxItems: 16
2601 type: array
2602 x-kubernetes-list-type: set
2603 set:
2604 description: "Set overwrites the request with
2605 the given header (name, value) before the
2606 action. \n Input: GET /foo HTTP/1.1 my-header:
2607 foo \n Config: set: - name: \"my-header\"
2608 value: \"bar\" \n Output: GET /foo HTTP/1.1
2609 my-header: bar"
2610 items:
2611 description: HTTPHeader represents an HTTP
2612 Header name and value as defined by RFC
2613 7230.
2614 properties:
2615 name:
2616 description: "Name is the name of the
2617 HTTP Header to be matched. Name matching
2618 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2619 \n If multiple entries specify equivalent
2620 header names, the first entry with an
2621 equivalent name MUST be considered for
2622 a match. Subsequent entries with an
2623 equivalent header name MUST be ignored.
2624 Due to the case-insensitivity of header
2625 names, \"foo\" and \"Foo\" are considered
2626 equivalent."
2627 maxLength: 256
2628 minLength: 1
2629 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2630 type: string
2631 value:
2632 description: Value is the value of HTTP
2633 Header to be matched.
2634 maxLength: 4096
2635 minLength: 1
2636 type: string
2637 required:
2638 - name
2639 - value
2640 type: object
2641 maxItems: 16
2642 type: array
2643 x-kubernetes-list-map-keys:
2644 - name
2645 x-kubernetes-list-type: map
2646 type: object
2647 requestMirror:
2648 description: "RequestMirror defines a schema for
2649 a filter that mirrors requests. Requests are sent
2650 to the specified destination, but responses from
2651 that destination are ignored. \n This filter can
2652 be used multiple times within the same rule. Note
2653 that not all implementations will be able to support
2654 mirroring to multiple backends. \n Support: Extended"
2655 properties:
2656 backendRef:
2657 description: "BackendRef references a resource
2658 where mirrored requests are sent. \n Mirrored
2659 requests must be sent only to a single destination
2660 endpoint within this BackendRef, irrespective
2661 of how many endpoints are present within this
2662 BackendRef. \n If the referent cannot be found,
2663 this BackendRef is invalid and must be dropped
2664 from the Gateway. The controller must ensure
2665 the \"ResolvedRefs\" condition on the Route
2666 status is set to `status: False` and not configure
2667 this backend in the underlying implementation.
2668 \n If there is a cross-namespace reference
2669 to an *existing* object that is not allowed
2670 by a ReferenceGrant, the controller must ensure
2671 the \"ResolvedRefs\" condition on the Route
2672 is set to `status: False`, with the \"RefNotPermitted\"
2673 reason and not configure this backend in the
2674 underlying implementation. \n In either error
2675 case, the Message of the `ResolvedRefs` Condition
2676 should be used to provide more detail about
2677 the problem. \n Support: Extended for Kubernetes
2678 Service \n Support: Implementation-specific
2679 for any other resource"
2680 properties:
2681 group:
2682 default: ""
2683 description: Group is the group of the referent.
2684 For example, "gateway.networking.k8s.io".
2685 When unspecified or empty string, core
2686 API group is inferred.
2687 maxLength: 253
2688 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2689 type: string
2690 kind:
2691 default: Service
2692 description: "Kind is the Kubernetes resource
2693 kind of the referent. For example \"Service\".
2694 \n Defaults to \"Service\" when not specified.
2695 \n ExternalName services can refer to
2696 CNAME DNS records that may live outside
2697 of the cluster and as such are difficult
2698 to reason about in terms of conformance.
2699 They also may not be safe to forward to
2700 (see CVE-2021-25740 for more information).
2701 Implementations SHOULD NOT support ExternalName
2702 Services. \n Support: Core (Services with
2703 a type other than ExternalName) \n Support:
2704 Implementation-specific (Services with
2705 type ExternalName)"
2706 maxLength: 63
2707 minLength: 1
2708 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2709 type: string
2710 name:
2711 description: Name is the name of the referent.
2712 maxLength: 253
2713 minLength: 1
2714 type: string
2715 namespace:
2716 description: "Namespace is the namespace
2717 of the backend. When unspecified, the
2718 local namespace is inferred. \n Note that
2719 when a namespace different than the local
2720 namespace is specified, a ReferenceGrant
2721 object is required in the referent namespace
2722 to allow that namespace's owner to accept
2723 the reference. See the ReferenceGrant
2724 documentation for details. \n Support:
2725 Core"
2726 maxLength: 63
2727 minLength: 1
2728 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2729 type: string
2730 port:
2731 description: Port specifies the destination
2732 port number to use for this resource.
2733 Port is required when the referent is
2734 a Kubernetes Service. In this case, the
2735 port number is the service port number,
2736 not the target port. For other resources,
2737 destination port might be derived from
2738 the referent resource or this field.
2739 format: int32
2740 maximum: 65535
2741 minimum: 1
2742 type: integer
2743 required:
2744 - name
2745 type: object
2746 x-kubernetes-validations:
2747 - message: Must have port for Service reference
2748 rule: '(size(self.group) == 0 && self.kind
2749 == ''Service'') ? has(self.port) : true'
2750 required:
2751 - backendRef
2752 type: object
2753 requestRedirect:
2754 description: "RequestRedirect defines a schema for
2755 a filter that responds to the request with an
2756 HTTP redirection. \n Support: Core"
2757 properties:
2758 hostname:
2759 description: "Hostname is the hostname to be
2760 used in the value of the `Location` header
2761 in the response. When empty, the hostname
2762 in the `Host` header of the request is used.
2763 \n Support: Core"
2764 maxLength: 253
2765 minLength: 1
2766 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2767 type: string
2768 path:
2769 description: "Path defines parameters used to
2770 modify the path of the incoming request. The
2771 modified path is then used to construct the
2772 `Location` header. When empty, the request
2773 path is used as-is. \n Support: Extended"
2774 properties:
2775 replaceFullPath:
2776 description: ReplaceFullPath specifies the
2777 value with which to replace the full path
2778 of a request during a rewrite or redirect.
2779 maxLength: 1024
2780 type: string
2781 replacePrefixMatch:
2782 description: "ReplacePrefixMatch specifies
2783 the value with which to replace the prefix
2784 match of a request during a rewrite or
2785 redirect. For example, a request to \"/foo/bar\"
2786 with a prefix match of \"/foo\" and a
2787 ReplacePrefixMatch of \"/xyz\" would be
2788 modified to \"/xyz/bar\". \n Note that
2789 this matches the behavior of the PathPrefix
2790 match type. This matches full path elements.
2791 A path element refers to the list of labels
2792 in the path split by the `/` separator.
2793 When specified, a trailing `/` is ignored.
2794 For example, the paths `/abc`, `/abc/`,
2795 and `/abc/def` would all match the prefix
2796 `/abc`, but the path `/abcd` would not.
2797 \n ReplacePrefixMatch is only compatible
2798 with a `PathPrefix` HTTPRouteMatch. Using
2799 any other HTTPRouteMatch type on the same
2800 HTTPRouteRule will result in the implementation
2801 setting the Accepted Condition for the
2802 Route to `status: False`. \n Request Path
2803 | Prefix Match | Replace Prefix | Modified
2804 Path -------------|--------------|----------------|----------
2805 /foo/bar | /foo | /xyz |
2806 /xyz/bar /foo/bar | /foo |
2807 /xyz/ | /xyz/bar /foo/bar |
2808 /foo/ | /xyz | /xyz/bar
2809 /foo/bar | /foo/ | /xyz/ |
2810 /xyz/bar /foo | /foo |
2811 /xyz | /xyz /foo/ | /foo
2812 \ | /xyz | /xyz/ /foo/bar
2813 \ | /foo | <empty string> |
2814 /bar /foo/ | /foo | <empty
2815 string> | / /foo | /foo |
2816 <empty string> | / /foo/ | /foo
2817 \ | / | / /foo |
2818 /foo | / | /"
2819 maxLength: 1024
2820 type: string
2821 type:
2822 description: "Type defines the type of path
2823 modifier. Additional types may be added
2824 in a future release of the API. \n Note
2825 that values may be added to this enum,
2826 implementations must ensure that unknown
2827 values will not cause a crash. \n Unknown
2828 values here must result in the implementation
2829 setting the Accepted Condition for the
2830 Route to `status: False`, with a Reason
2831 of `UnsupportedValue`."
2832 enum:
2833 - ReplaceFullPath
2834 - ReplacePrefixMatch
2835 type: string
2836 required:
2837 - type
2838 type: object
2839 x-kubernetes-validations:
2840 - message: replaceFullPath must be specified
2841 when type is set to 'ReplaceFullPath'
2842 rule: 'self.type == ''ReplaceFullPath'' ?
2843 has(self.replaceFullPath) : true'
2844 - message: type must be 'ReplaceFullPath' when
2845 replaceFullPath is set
2846 rule: 'has(self.replaceFullPath) ? self.type
2847 == ''ReplaceFullPath'' : true'
2848 - message: replacePrefixMatch must be specified
2849 when type is set to 'ReplacePrefixMatch'
2850 rule: 'self.type == ''ReplacePrefixMatch''
2851 ? has(self.replacePrefixMatch) : true'
2852 - message: type must be 'ReplacePrefixMatch'
2853 when replacePrefixMatch is set
2854 rule: 'has(self.replacePrefixMatch) ? self.type
2855 == ''ReplacePrefixMatch'' : true'
2856 port:
2857 description: "Port is the port to be used in
2858 the value of the `Location` header in the
2859 response. \n If no port is specified, the
2860 redirect port MUST be derived using the following
2861 rules: \n * If redirect scheme is not-empty,
2862 the redirect port MUST be the well-known port
2863 associated with the redirect scheme. Specifically
2864 \"http\" to port 80 and \"https\" to port
2865 443. If the redirect scheme does not have
2866 a well-known port, the listener port of the
2867 Gateway SHOULD be used. * If redirect scheme
2868 is empty, the redirect port MUST be the Gateway
2869 Listener port. \n Implementations SHOULD NOT
2870 add the port number in the 'Location' header
2871 in the following cases: \n * A Location header
2872 that will use HTTP (whether that is determined
2873 via the Listener protocol or the Scheme field)
2874 _and_ use port 80. * A Location header that
2875 will use HTTPS (whether that is determined
2876 via the Listener protocol or the Scheme field)
2877 _and_ use port 443. \n Support: Extended"
2878 format: int32
2879 maximum: 65535
2880 minimum: 1
2881 type: integer
2882 scheme:
2883 description: "Scheme is the scheme to be used
2884 in the value of the `Location` header in the
2885 response. When empty, the scheme of the request
2886 is used. \n Scheme redirects can affect the
2887 port of the redirect, for more information,
2888 refer to the documentation for the port field
2889 of this filter. \n Note that values may be
2890 added to this enum, implementations must ensure
2891 that unknown values will not cause a crash.
2892 \n Unknown values here must result in the
2893 implementation setting the Accepted Condition
2894 for the Route to `status: False`, with a Reason
2895 of `UnsupportedValue`. \n Support: Extended"
2896 enum:
2897 - http
2898 - https
2899 type: string
2900 statusCode:
2901 default: 302
2902 description: "StatusCode is the HTTP status
2903 code to be used in response. \n Note that
2904 values may be added to this enum, implementations
2905 must ensure that unknown values will not cause
2906 a crash. \n Unknown values here must result
2907 in the implementation setting the Accepted
2908 Condition for the Route to `status: False`,
2909 with a Reason of `UnsupportedValue`. \n Support:
2910 Core"
2911 enum:
2912 - 301
2913 - 302
2914 type: integer
2915 type: object
2916 responseHeaderModifier:
2917 description: "ResponseHeaderModifier defines a schema
2918 for a filter that modifies response headers. \n
2919 Support: Extended"
2920 properties:
2921 add:
2922 description: "Add adds the given header(s) (name,
2923 value) to the request before the action. It
2924 appends to any existing values associated
2925 with the header name. \n Input: GET /foo HTTP/1.1
2926 my-header: foo \n Config: add: - name: \"my-header\"
2927 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
2928 my-header: foo,bar,baz"
2929 items:
2930 description: HTTPHeader represents an HTTP
2931 Header name and value as defined by RFC
2932 7230.
2933 properties:
2934 name:
2935 description: "Name is the name of the
2936 HTTP Header to be matched. Name matching
2937 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2938 \n If multiple entries specify equivalent
2939 header names, the first entry with an
2940 equivalent name MUST be considered for
2941 a match. Subsequent entries with an
2942 equivalent header name MUST be ignored.
2943 Due to the case-insensitivity of header
2944 names, \"foo\" and \"Foo\" are considered
2945 equivalent."
2946 maxLength: 256
2947 minLength: 1
2948 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2949 type: string
2950 value:
2951 description: Value is the value of HTTP
2952 Header to be matched.
2953 maxLength: 4096
2954 minLength: 1
2955 type: string
2956 required:
2957 - name
2958 - value
2959 type: object
2960 maxItems: 16
2961 type: array
2962 x-kubernetes-list-map-keys:
2963 - name
2964 x-kubernetes-list-type: map
2965 remove:
2966 description: "Remove the given header(s) from
2967 the HTTP request before the action. The value
2968 of Remove is a list of HTTP header names.
2969 Note that the header names are case-insensitive
2970 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
2971 \n Input: GET /foo HTTP/1.1 my-header1: foo
2972 my-header2: bar my-header3: baz \n Config:
2973 remove: [\"my-header1\", \"my-header3\"] \n
2974 Output: GET /foo HTTP/1.1 my-header2: bar"
2975 items:
2976 type: string
2977 maxItems: 16
2978 type: array
2979 x-kubernetes-list-type: set
2980 set:
2981 description: "Set overwrites the request with
2982 the given header (name, value) before the
2983 action. \n Input: GET /foo HTTP/1.1 my-header:
2984 foo \n Config: set: - name: \"my-header\"
2985 value: \"bar\" \n Output: GET /foo HTTP/1.1
2986 my-header: bar"
2987 items:
2988 description: HTTPHeader represents an HTTP
2989 Header name and value as defined by RFC
2990 7230.
2991 properties:
2992 name:
2993 description: "Name is the name of the
2994 HTTP Header to be matched. Name matching
2995 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2996 \n If multiple entries specify equivalent
2997 header names, the first entry with an
2998 equivalent name MUST be considered for
2999 a match. Subsequent entries with an
3000 equivalent header name MUST be ignored.
3001 Due to the case-insensitivity of header
3002 names, \"foo\" and \"Foo\" are considered
3003 equivalent."
3004 maxLength: 256
3005 minLength: 1
3006 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3007 type: string
3008 value:
3009 description: Value is the value of HTTP
3010 Header to be matched.
3011 maxLength: 4096
3012 minLength: 1
3013 type: string
3014 required:
3015 - name
3016 - value
3017 type: object
3018 maxItems: 16
3019 type: array
3020 x-kubernetes-list-map-keys:
3021 - name
3022 x-kubernetes-list-type: map
3023 type: object
3024 type:
3025 description: "Type identifies the type of filter
3026 to apply. As with other API fields, types are
3027 classified into three conformance levels: \n -
3028 Core: Filter types and their corresponding configuration
3029 defined by \"Support: Core\" in this package,
3030 e.g. \"RequestHeaderModifier\". All implementations
3031 must support core filters. \n - Extended: Filter
3032 types and their corresponding configuration defined
3033 by \"Support: Extended\" in this package, e.g.
3034 \"RequestMirror\". Implementers are encouraged
3035 to support extended filters. \n - Implementation-specific:
3036 Filters that are defined and supported by specific
3037 vendors. In the future, filters showing convergence
3038 in behavior across multiple implementations will
3039 be considered for inclusion in extended or core
3040 conformance levels. Filter-specific configuration
3041 for such filters is specified using the ExtensionRef
3042 field. `Type` should be set to \"ExtensionRef\"
3043 for custom filters. \n Implementers are encouraged
3044 to define custom implementation types to extend
3045 the core API with implementation-specific behavior.
3046 \n If a reference to a custom filter type cannot
3047 be resolved, the filter MUST NOT be skipped. Instead,
3048 requests that would have been processed by that
3049 filter MUST receive a HTTP error response. \n
3050 Note that values may be added to this enum, implementations
3051 must ensure that unknown values will not cause
3052 a crash. \n Unknown values here must result in
3053 the implementation setting the Accepted Condition
3054 for the Route to `status: False`, with a Reason
3055 of `UnsupportedValue`."
3056 enum:
3057 - RequestHeaderModifier
3058 - ResponseHeaderModifier
3059 - RequestMirror
3060 - RequestRedirect
3061 - URLRewrite
3062 - ExtensionRef
3063 type: string
3064 urlRewrite:
3065 description: "URLRewrite defines a schema for a
3066 filter that modifies a request during forwarding.
3067 \n Support: Extended"
3068 properties:
3069 hostname:
3070 description: "Hostname is the value to be used
3071 to replace the Host header value during forwarding.
3072 \n Support: Extended"
3073 maxLength: 253
3074 minLength: 1
3075 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3076 type: string
3077 path:
3078 description: "Path defines a path rewrite. \n
3079 Support: Extended"
3080 properties:
3081 replaceFullPath:
3082 description: ReplaceFullPath specifies the
3083 value with which to replace the full path
3084 of a request during a rewrite or redirect.
3085 maxLength: 1024
3086 type: string
3087 replacePrefixMatch:
3088 description: "ReplacePrefixMatch specifies
3089 the value with which to replace the prefix
3090 match of a request during a rewrite or
3091 redirect. For example, a request to \"/foo/bar\"
3092 with a prefix match of \"/foo\" and a
3093 ReplacePrefixMatch of \"/xyz\" would be
3094 modified to \"/xyz/bar\". \n Note that
3095 this matches the behavior of the PathPrefix
3096 match type. This matches full path elements.
3097 A path element refers to the list of labels
3098 in the path split by the `/` separator.
3099 When specified, a trailing `/` is ignored.
3100 For example, the paths `/abc`, `/abc/`,
3101 and `/abc/def` would all match the prefix
3102 `/abc`, but the path `/abcd` would not.
3103 \n ReplacePrefixMatch is only compatible
3104 with a `PathPrefix` HTTPRouteMatch. Using
3105 any other HTTPRouteMatch type on the same
3106 HTTPRouteRule will result in the implementation
3107 setting the Accepted Condition for the
3108 Route to `status: False`. \n Request Path
3109 | Prefix Match | Replace Prefix | Modified
3110 Path -------------|--------------|----------------|----------
3111 /foo/bar | /foo | /xyz |
3112 /xyz/bar /foo/bar | /foo |
3113 /xyz/ | /xyz/bar /foo/bar |
3114 /foo/ | /xyz | /xyz/bar
3115 /foo/bar | /foo/ | /xyz/ |
3116 /xyz/bar /foo | /foo |
3117 /xyz | /xyz /foo/ | /foo
3118 \ | /xyz | /xyz/ /foo/bar
3119 \ | /foo | <empty string> |
3120 /bar /foo/ | /foo | <empty
3121 string> | / /foo | /foo |
3122 <empty string> | / /foo/ | /foo
3123 \ | / | / /foo |
3124 /foo | / | /"
3125 maxLength: 1024
3126 type: string
3127 type:
3128 description: "Type defines the type of path
3129 modifier. Additional types may be added
3130 in a future release of the API. \n Note
3131 that values may be added to this enum,
3132 implementations must ensure that unknown
3133 values will not cause a crash. \n Unknown
3134 values here must result in the implementation
3135 setting the Accepted Condition for the
3136 Route to `status: False`, with a Reason
3137 of `UnsupportedValue`."
3138 enum:
3139 - ReplaceFullPath
3140 - ReplacePrefixMatch
3141 type: string
3142 required:
3143 - type
3144 type: object
3145 x-kubernetes-validations:
3146 - message: replaceFullPath must be specified
3147 when type is set to 'ReplaceFullPath'
3148 rule: 'self.type == ''ReplaceFullPath'' ?
3149 has(self.replaceFullPath) : true'
3150 - message: type must be 'ReplaceFullPath' when
3151 replaceFullPath is set
3152 rule: 'has(self.replaceFullPath) ? self.type
3153 == ''ReplaceFullPath'' : true'
3154 - message: replacePrefixMatch must be specified
3155 when type is set to 'ReplacePrefixMatch'
3156 rule: 'self.type == ''ReplacePrefixMatch''
3157 ? has(self.replacePrefixMatch) : true'
3158 - message: type must be 'ReplacePrefixMatch'
3159 when replacePrefixMatch is set
3160 rule: 'has(self.replacePrefixMatch) ? self.type
3161 == ''ReplacePrefixMatch'' : true'
3162 type: object
3163 required:
3164 - type
3165 type: object
3166 x-kubernetes-validations:
3167 - message: filter.requestHeaderModifier must be nil
3168 if the filter.type is not RequestHeaderModifier
3169 rule: '!(has(self.requestHeaderModifier) && self.type
3170 != ''RequestHeaderModifier'')'
3171 - message: filter.requestHeaderModifier must be specified
3172 for RequestHeaderModifier filter.type
3173 rule: '!(!has(self.requestHeaderModifier) && self.type
3174 == ''RequestHeaderModifier'')'
3175 - message: filter.responseHeaderModifier must be nil
3176 if the filter.type is not ResponseHeaderModifier
3177 rule: '!(has(self.responseHeaderModifier) && self.type
3178 != ''ResponseHeaderModifier'')'
3179 - message: filter.responseHeaderModifier must be specified
3180 for ResponseHeaderModifier filter.type
3181 rule: '!(!has(self.responseHeaderModifier) && self.type
3182 == ''ResponseHeaderModifier'')'
3183 - message: filter.requestMirror must be nil if the filter.type
3184 is not RequestMirror
3185 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
3186 - message: filter.requestMirror must be specified for
3187 RequestMirror filter.type
3188 rule: '!(!has(self.requestMirror) && self.type ==
3189 ''RequestMirror'')'
3190 - message: filter.requestRedirect must be nil if the
3191 filter.type is not RequestRedirect
3192 rule: '!(has(self.requestRedirect) && self.type !=
3193 ''RequestRedirect'')'
3194 - message: filter.requestRedirect must be specified
3195 for RequestRedirect filter.type
3196 rule: '!(!has(self.requestRedirect) && self.type ==
3197 ''RequestRedirect'')'
3198 - message: filter.urlRewrite must be nil if the filter.type
3199 is not URLRewrite
3200 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
3201 - message: filter.urlRewrite must be specified for URLRewrite
3202 filter.type
3203 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
3204 - message: filter.extensionRef must be nil if the filter.type
3205 is not ExtensionRef
3206 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
3207 - message: filter.extensionRef must be specified for
3208 ExtensionRef filter.type
3209 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
3210 maxItems: 16
3211 type: array
3212 x-kubernetes-validations:
3213 - message: May specify either httpRouteFilterRequestRedirect
3214 or httpRouteFilterRequestRewrite, but not both
3215 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
3216 && self.exists(f, f.type == ''URLRewrite''))'
3217 - message: May specify either httpRouteFilterRequestRedirect
3218 or httpRouteFilterRequestRewrite, but not both
3219 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
3220 && self.exists(f, f.type == ''URLRewrite''))'
3221 - message: RequestHeaderModifier filter cannot be repeated
3222 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
3223 <= 1
3224 - message: ResponseHeaderModifier filter cannot be repeated
3225 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
3226 <= 1
3227 - message: RequestRedirect filter cannot be repeated
3228 rule: self.filter(f, f.type == 'RequestRedirect').size()
3229 <= 1
3230 - message: URLRewrite filter cannot be repeated
3231 rule: self.filter(f, f.type == 'URLRewrite').size()
3232 <= 1
3233 group:
3234 default: ""
3235 description: Group is the group of the referent. For example,
3236 "gateway.networking.k8s.io". When unspecified or empty
3237 string, core API group is inferred.
3238 maxLength: 253
3239 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3240 type: string
3241 kind:
3242 default: Service
3243 description: "Kind is the Kubernetes resource kind of
3244 the referent. For example \"Service\". \n Defaults to
3245 \"Service\" when not specified. \n ExternalName services
3246 can refer to CNAME DNS records that may live outside
3247 of the cluster and as such are difficult to reason about
3248 in terms of conformance. They also may not be safe to
3249 forward to (see CVE-2021-25740 for more information).
3250 Implementations SHOULD NOT support ExternalName Services.
3251 \n Support: Core (Services with a type other than ExternalName)
3252 \n Support: Implementation-specific (Services with type
3253 ExternalName)"
3254 maxLength: 63
3255 minLength: 1
3256 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3257 type: string
3258 name:
3259 description: Name is the name of the referent.
3260 maxLength: 253
3261 minLength: 1
3262 type: string
3263 namespace:
3264 description: "Namespace is the namespace of the backend.
3265 When unspecified, the local namespace is inferred. \n
3266 Note that when a namespace different than the local
3267 namespace is specified, a ReferenceGrant object is required
3268 in the referent namespace to allow that namespace's
3269 owner to accept the reference. See the ReferenceGrant
3270 documentation for details. \n Support: Core"
3271 maxLength: 63
3272 minLength: 1
3273 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3274 type: string
3275 port:
3276 description: Port specifies the destination port number
3277 to use for this resource. Port is required when the
3278 referent is a Kubernetes Service. In this case, the
3279 port number is the service port number, not the target
3280 port. For other resources, destination port might be
3281 derived from the referent resource or this field.
3282 format: int32
3283 maximum: 65535
3284 minimum: 1
3285 type: integer
3286 weight:
3287 default: 1
3288 description: "Weight specifies the proportion of requests
3289 forwarded to the referenced backend. This is computed
3290 as weight/(sum of all weights in this BackendRefs list).
3291 For non-zero values, there may be some epsilon from
3292 the exact proportion defined here depending on the precision
3293 an implementation supports. Weight is not a percentage
3294 and the sum of weights does not need to equal 100. \n
3295 If only one backend is specified and it has a weight
3296 greater than 0, 100% of the traffic is forwarded to
3297 that backend. If weight is set to 0, no traffic should
3298 be forwarded for this entry. If unspecified, weight
3299 defaults to 1. \n Support for this field varies based
3300 on the context where used."
3301 format: int32
3302 maximum: 1000000
3303 minimum: 0
3304 type: integer
3305 required:
3306 - name
3307 type: object
3308 x-kubernetes-validations:
3309 - message: Must have port for Service reference
3310 rule: '(size(self.group) == 0 && self.kind == ''Service'')
3311 ? has(self.port) : true'
3312 maxItems: 16
3313 type: array
3314 filters:
3315 description: "Filters define the filters that are applied to
3316 requests that match this rule. \n The effects of ordering
3317 of multiple behaviors are currently unspecified. This can
3318 change in the future based on feedback during the alpha stage.
3319 \n Conformance-levels at this level are defined based on the
3320 type of filter: \n - ALL core filters MUST be supported by
3321 all implementations. - Implementers are encouraged to support
3322 extended filters. - Implementation-specific custom filters
3323 have no API guarantees across implementations. \n Specifying
3324 the same filter multiple times is not supported unless explicitly
3325 indicated in the filter. \n All filters are expected to be
3326 compatible with each other except for the URLRewrite and RequestRedirect
3327 filters, which may not be combined. If an implementation can
3328 not support other combinations of filters, they must clearly
3329 document that limitation. In cases where incompatible or unsupported
3330 filters are specified and cause the `Accepted` condition to
3331 be set to status `False`, implementations may use the `IncompatibleFilters`
3332 reason to specify this configuration error. \n Support: Core"
3333 items:
3334 description: HTTPRouteFilter defines processing steps that
3335 must be completed during the request or response lifecycle.
3336 HTTPRouteFilters are meant as an extension point to express
3337 processing that may be done in Gateway implementations.
3338 Some examples include request or response modification,
3339 implementing authentication strategies, rate-limiting, and
3340 traffic shaping. API guarantee/conformance is defined based
3341 on the type of the filter.
3342 properties:
3343 extensionRef:
3344 description: "ExtensionRef is an optional, implementation-specific
3345 extension to the \"filter\" behavior. For example,
3346 resource \"myroutefilter\" in group \"networking.example.net\").
3347 ExtensionRef MUST NOT be used for core and extended
3348 filters. \n This filter can be used multiple times within
3349 the same rule. \n Support: Implementation-specific"
3350 properties:
3351 group:
3352 description: Group is the group of the referent. For
3353 example, "gateway.networking.k8s.io". When unspecified
3354 or empty string, core API group is inferred.
3355 maxLength: 253
3356 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3357 type: string
3358 kind:
3359 description: Kind is kind of the referent. For example
3360 "HTTPRoute" or "Service".
3361 maxLength: 63
3362 minLength: 1
3363 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3364 type: string
3365 name:
3366 description: Name is the name of the referent.
3367 maxLength: 253
3368 minLength: 1
3369 type: string
3370 required:
3371 - group
3372 - kind
3373 - name
3374 type: object
3375 requestHeaderModifier:
3376 description: "RequestHeaderModifier defines a schema for
3377 a filter that modifies request headers. \n Support:
3378 Core"
3379 properties:
3380 add:
3381 description: "Add adds the given header(s) (name,
3382 value) to the request before the action. It appends
3383 to any existing values associated with the header
3384 name. \n Input: GET /foo HTTP/1.1 my-header: foo
3385 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
3386 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
3387 items:
3388 description: HTTPHeader represents an HTTP Header
3389 name and value as defined by RFC 7230.
3390 properties:
3391 name:
3392 description: "Name is the name of the HTTP Header
3393 to be matched. Name matching MUST be case
3394 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3395 \n If multiple entries specify equivalent
3396 header names, the first entry with an equivalent
3397 name MUST be considered for a match. Subsequent
3398 entries with an equivalent header name MUST
3399 be ignored. Due to the case-insensitivity
3400 of header names, \"foo\" and \"Foo\" are considered
3401 equivalent."
3402 maxLength: 256
3403 minLength: 1
3404 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3405 type: string
3406 value:
3407 description: Value is the value of HTTP Header
3408 to be matched.
3409 maxLength: 4096
3410 minLength: 1
3411 type: string
3412 required:
3413 - name
3414 - value
3415 type: object
3416 maxItems: 16
3417 type: array
3418 x-kubernetes-list-map-keys:
3419 - name
3420 x-kubernetes-list-type: map
3421 remove:
3422 description: "Remove the given header(s) from the
3423 HTTP request before the action. The value of Remove
3424 is a list of HTTP header names. Note that the header
3425 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3426 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
3427 bar my-header3: baz \n Config: remove: [\"my-header1\",
3428 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
3429 bar"
3430 items:
3431 type: string
3432 maxItems: 16
3433 type: array
3434 x-kubernetes-list-type: set
3435 set:
3436 description: "Set overwrites the request with the
3437 given header (name, value) before the action. \n
3438 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
3439 set: - name: \"my-header\" value: \"bar\" \n Output:
3440 GET /foo HTTP/1.1 my-header: bar"
3441 items:
3442 description: HTTPHeader represents an HTTP Header
3443 name and value as defined by RFC 7230.
3444 properties:
3445 name:
3446 description: "Name is the name of the HTTP Header
3447 to be matched. Name matching MUST be case
3448 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3449 \n If multiple entries specify equivalent
3450 header names, the first entry with an equivalent
3451 name MUST be considered for a match. Subsequent
3452 entries with an equivalent header name MUST
3453 be ignored. Due to the case-insensitivity
3454 of header names, \"foo\" and \"Foo\" are considered
3455 equivalent."
3456 maxLength: 256
3457 minLength: 1
3458 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3459 type: string
3460 value:
3461 description: Value is the value of HTTP Header
3462 to be matched.
3463 maxLength: 4096
3464 minLength: 1
3465 type: string
3466 required:
3467 - name
3468 - value
3469 type: object
3470 maxItems: 16
3471 type: array
3472 x-kubernetes-list-map-keys:
3473 - name
3474 x-kubernetes-list-type: map
3475 type: object
3476 requestMirror:
3477 description: "RequestMirror defines a schema for a filter
3478 that mirrors requests. Requests are sent to the specified
3479 destination, but responses from that destination are
3480 ignored. \n This filter can be used multiple times within
3481 the same rule. Note that not all implementations will
3482 be able to support mirroring to multiple backends. \n
3483 Support: Extended"
3484 properties:
3485 backendRef:
3486 description: "BackendRef references a resource where
3487 mirrored requests are sent. \n Mirrored requests
3488 must be sent only to a single destination endpoint
3489 within this BackendRef, irrespective of how many
3490 endpoints are present within this BackendRef. \n
3491 If the referent cannot be found, this BackendRef
3492 is invalid and must be dropped from the Gateway.
3493 The controller must ensure the \"ResolvedRefs\"
3494 condition on the Route status is set to `status:
3495 False` and not configure this backend in the underlying
3496 implementation. \n If there is a cross-namespace
3497 reference to an *existing* object that is not allowed
3498 by a ReferenceGrant, the controller must ensure
3499 the \"ResolvedRefs\" condition on the Route is
3500 set to `status: False`, with the \"RefNotPermitted\"
3501 reason and not configure this backend in the underlying
3502 implementation. \n In either error case, the Message
3503 of the `ResolvedRefs` Condition should be used to
3504 provide more detail about the problem. \n Support:
3505 Extended for Kubernetes Service \n Support: Implementation-specific
3506 for any other resource"
3507 properties:
3508 group:
3509 default: ""
3510 description: Group is the group of the referent.
3511 For example, "gateway.networking.k8s.io". When
3512 unspecified or empty string, core API group
3513 is inferred.
3514 maxLength: 253
3515 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3516 type: string
3517 kind:
3518 default: Service
3519 description: "Kind is the Kubernetes resource
3520 kind of the referent. For example \"Service\".
3521 \n Defaults to \"Service\" when not specified.
3522 \n ExternalName services can refer to CNAME
3523 DNS records that may live outside of the cluster
3524 and as such are difficult to reason about in
3525 terms of conformance. They also may not be safe
3526 to forward to (see CVE-2021-25740 for more information).
3527 Implementations SHOULD NOT support ExternalName
3528 Services. \n Support: Core (Services with a
3529 type other than ExternalName) \n Support: Implementation-specific
3530 (Services with type ExternalName)"
3531 maxLength: 63
3532 minLength: 1
3533 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3534 type: string
3535 name:
3536 description: Name is the name of the referent.
3537 maxLength: 253
3538 minLength: 1
3539 type: string
3540 namespace:
3541 description: "Namespace is the namespace of the
3542 backend. When unspecified, the local namespace
3543 is inferred. \n Note that when a namespace different
3544 than the local namespace is specified, a ReferenceGrant
3545 object is required in the referent namespace
3546 to allow that namespace's owner to accept the
3547 reference. See the ReferenceGrant documentation
3548 for details. \n Support: Core"
3549 maxLength: 63
3550 minLength: 1
3551 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3552 type: string
3553 port:
3554 description: Port specifies the destination port
3555 number to use for this resource. Port is required
3556 when the referent is a Kubernetes Service. In
3557 this case, the port number is the service port
3558 number, not the target port. For other resources,
3559 destination port might be derived from the referent
3560 resource or this field.
3561 format: int32
3562 maximum: 65535
3563 minimum: 1
3564 type: integer
3565 required:
3566 - name
3567 type: object
3568 x-kubernetes-validations:
3569 - message: Must have port for Service reference
3570 rule: '(size(self.group) == 0 && self.kind == ''Service'')
3571 ? has(self.port) : true'
3572 required:
3573 - backendRef
3574 type: object
3575 requestRedirect:
3576 description: "RequestRedirect defines a schema for a filter
3577 that responds to the request with an HTTP redirection.
3578 \n Support: Core"
3579 properties:
3580 hostname:
3581 description: "Hostname is the hostname to be used
3582 in the value of the `Location` header in the response.
3583 When empty, the hostname in the `Host` header of
3584 the request is used. \n Support: Core"
3585 maxLength: 253
3586 minLength: 1
3587 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3588 type: string
3589 path:
3590 description: "Path defines parameters used to modify
3591 the path of the incoming request. The modified path
3592 is then used to construct the `Location` header.
3593 When empty, the request path is used as-is. \n Support:
3594 Extended"
3595 properties:
3596 replaceFullPath:
3597 description: ReplaceFullPath specifies the value
3598 with which to replace the full path of a request
3599 during a rewrite or redirect.
3600 maxLength: 1024
3601 type: string
3602 replacePrefixMatch:
3603 description: "ReplacePrefixMatch specifies the
3604 value with which to replace the prefix match
3605 of a request during a rewrite or redirect. For
3606 example, a request to \"/foo/bar\" with a prefix
3607 match of \"/foo\" and a ReplacePrefixMatch of
3608 \"/xyz\" would be modified to \"/xyz/bar\".
3609 \n Note that this matches the behavior of the
3610 PathPrefix match type. This matches full path
3611 elements. A path element refers to the list
3612 of labels in the path split by the `/` separator.
3613 When specified, a trailing `/` is ignored. For
3614 example, the paths `/abc`, `/abc/`, and `/abc/def`
3615 would all match the prefix `/abc`, but the path
3616 `/abcd` would not. \n ReplacePrefixMatch is
3617 only compatible with a `PathPrefix` HTTPRouteMatch.
3618 Using any other HTTPRouteMatch type on the same
3619 HTTPRouteRule will result in the implementation
3620 setting the Accepted Condition for the Route
3621 to `status: False`. \n Request Path | Prefix
3622 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
3623 /foo/bar | /foo | /xyz |
3624 /xyz/bar /foo/bar | /foo | /xyz/
3625 \ | /xyz/bar /foo/bar | /foo/ |
3626 /xyz | /xyz/bar /foo/bar | /foo/
3627 \ | /xyz/ | /xyz/bar /foo |
3628 /foo | /xyz | /xyz /foo/ |
3629 /foo | /xyz | /xyz/ /foo/bar
3630 \ | /foo | <empty string> | /bar
3631 /foo/ | /foo | <empty string>
3632 | / /foo | /foo | <empty string>
3633 | / /foo/ | /foo | / |
3634 / /foo | /foo | / |
3635 /"
3636 maxLength: 1024
3637 type: string
3638 type:
3639 description: "Type defines the type of path modifier.
3640 Additional types may be added in a future release
3641 of the API. \n Note that values may be added
3642 to this enum, implementations must ensure that
3643 unknown values will not cause a crash. \n Unknown
3644 values here must result in the implementation
3645 setting the Accepted Condition for the Route
3646 to `status: False`, with a Reason of `UnsupportedValue`."
3647 enum:
3648 - ReplaceFullPath
3649 - ReplacePrefixMatch
3650 type: string
3651 required:
3652 - type
3653 type: object
3654 x-kubernetes-validations:
3655 - message: replaceFullPath must be specified when
3656 type is set to 'ReplaceFullPath'
3657 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
3658 : true'
3659 - message: type must be 'ReplaceFullPath' when replaceFullPath
3660 is set
3661 rule: 'has(self.replaceFullPath) ? self.type ==
3662 ''ReplaceFullPath'' : true'
3663 - message: replacePrefixMatch must be specified when
3664 type is set to 'ReplacePrefixMatch'
3665 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
3666 : true'
3667 - message: type must be 'ReplacePrefixMatch' when
3668 replacePrefixMatch is set
3669 rule: 'has(self.replacePrefixMatch) ? self.type
3670 == ''ReplacePrefixMatch'' : true'
3671 port:
3672 description: "Port is the port to be used in the value
3673 of the `Location` header in the response. \n If
3674 no port is specified, the redirect port MUST be
3675 derived using the following rules: \n * If redirect
3676 scheme is not-empty, the redirect port MUST be the
3677 well-known port associated with the redirect scheme.
3678 Specifically \"http\" to port 80 and \"https\" to
3679 port 443. If the redirect scheme does not have a
3680 well-known port, the listener port of the Gateway
3681 SHOULD be used. * If redirect scheme is empty, the
3682 redirect port MUST be the Gateway Listener port.
3683 \n Implementations SHOULD NOT add the port number
3684 in the 'Location' header in the following cases:
3685 \n * A Location header that will use HTTP (whether
3686 that is determined via the Listener protocol or
3687 the Scheme field) _and_ use port 80. * A Location
3688 header that will use HTTPS (whether that is determined
3689 via the Listener protocol or the Scheme field) _and_
3690 use port 443. \n Support: Extended"
3691 format: int32
3692 maximum: 65535
3693 minimum: 1
3694 type: integer
3695 scheme:
3696 description: "Scheme is the scheme to be used in the
3697 value of the `Location` header in the response.
3698 When empty, the scheme of the request is used. \n
3699 Scheme redirects can affect the port of the redirect,
3700 for more information, refer to the documentation
3701 for the port field of this filter. \n Note that
3702 values may be added to this enum, implementations
3703 must ensure that unknown values will not cause a
3704 crash. \n Unknown values here must result in the
3705 implementation setting the Accepted Condition for
3706 the Route to `status: False`, with a Reason of `UnsupportedValue`.
3707 \n Support: Extended"
3708 enum:
3709 - http
3710 - https
3711 type: string
3712 statusCode:
3713 default: 302
3714 description: "StatusCode is the HTTP status code to
3715 be used in response. \n Note that values may be
3716 added to this enum, implementations must ensure
3717 that unknown values will not cause a crash. \n Unknown
3718 values here must result in the implementation setting
3719 the Accepted Condition for the Route to `status:
3720 False`, with a Reason of `UnsupportedValue`. \n
3721 Support: Core"
3722 enum:
3723 - 301
3724 - 302
3725 type: integer
3726 type: object
3727 responseHeaderModifier:
3728 description: "ResponseHeaderModifier defines a schema
3729 for a filter that modifies response headers. \n Support:
3730 Extended"
3731 properties:
3732 add:
3733 description: "Add adds the given header(s) (name,
3734 value) to the request before the action. It appends
3735 to any existing values associated with the header
3736 name. \n Input: GET /foo HTTP/1.1 my-header: foo
3737 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
3738 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
3739 items:
3740 description: HTTPHeader represents an HTTP Header
3741 name and value as defined by RFC 7230.
3742 properties:
3743 name:
3744 description: "Name is the name of the HTTP Header
3745 to be matched. Name matching MUST be case
3746 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3747 \n If multiple entries specify equivalent
3748 header names, the first entry with an equivalent
3749 name MUST be considered for a match. Subsequent
3750 entries with an equivalent header name MUST
3751 be ignored. Due to the case-insensitivity
3752 of header names, \"foo\" and \"Foo\" are considered
3753 equivalent."
3754 maxLength: 256
3755 minLength: 1
3756 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3757 type: string
3758 value:
3759 description: Value is the value of HTTP Header
3760 to be matched.
3761 maxLength: 4096
3762 minLength: 1
3763 type: string
3764 required:
3765 - name
3766 - value
3767 type: object
3768 maxItems: 16
3769 type: array
3770 x-kubernetes-list-map-keys:
3771 - name
3772 x-kubernetes-list-type: map
3773 remove:
3774 description: "Remove the given header(s) from the
3775 HTTP request before the action. The value of Remove
3776 is a list of HTTP header names. Note that the header
3777 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3778 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
3779 bar my-header3: baz \n Config: remove: [\"my-header1\",
3780 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
3781 bar"
3782 items:
3783 type: string
3784 maxItems: 16
3785 type: array
3786 x-kubernetes-list-type: set
3787 set:
3788 description: "Set overwrites the request with the
3789 given header (name, value) before the action. \n
3790 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
3791 set: - name: \"my-header\" value: \"bar\" \n Output:
3792 GET /foo HTTP/1.1 my-header: bar"
3793 items:
3794 description: HTTPHeader represents an HTTP Header
3795 name and value as defined by RFC 7230.
3796 properties:
3797 name:
3798 description: "Name is the name of the HTTP Header
3799 to be matched. Name matching MUST be case
3800 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3801 \n If multiple entries specify equivalent
3802 header names, the first entry with an equivalent
3803 name MUST be considered for a match. Subsequent
3804 entries with an equivalent header name MUST
3805 be ignored. Due to the case-insensitivity
3806 of header names, \"foo\" and \"Foo\" are considered
3807 equivalent."
3808 maxLength: 256
3809 minLength: 1
3810 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3811 type: string
3812 value:
3813 description: Value is the value of HTTP Header
3814 to be matched.
3815 maxLength: 4096
3816 minLength: 1
3817 type: string
3818 required:
3819 - name
3820 - value
3821 type: object
3822 maxItems: 16
3823 type: array
3824 x-kubernetes-list-map-keys:
3825 - name
3826 x-kubernetes-list-type: map
3827 type: object
3828 type:
3829 description: "Type identifies the type of filter to apply.
3830 As with other API fields, types are classified into
3831 three conformance levels: \n - Core: Filter types and
3832 their corresponding configuration defined by \"Support:
3833 Core\" in this package, e.g. \"RequestHeaderModifier\".
3834 All implementations must support core filters. \n -
3835 Extended: Filter types and their corresponding configuration
3836 defined by \"Support: Extended\" in this package, e.g.
3837 \"RequestMirror\". Implementers are encouraged to support
3838 extended filters. \n - Implementation-specific: Filters
3839 that are defined and supported by specific vendors.
3840 In the future, filters showing convergence in behavior
3841 across multiple implementations will be considered for
3842 inclusion in extended or core conformance levels. Filter-specific
3843 configuration for such filters is specified using the
3844 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
3845 for custom filters. \n Implementers are encouraged to
3846 define custom implementation types to extend the core
3847 API with implementation-specific behavior. \n If a reference
3848 to a custom filter type cannot be resolved, the filter
3849 MUST NOT be skipped. Instead, requests that would have
3850 been processed by that filter MUST receive a HTTP error
3851 response. \n Note that values may be added to this enum,
3852 implementations must ensure that unknown values will
3853 not cause a crash. \n Unknown values here must result
3854 in the implementation setting the Accepted Condition
3855 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
3856 enum:
3857 - RequestHeaderModifier
3858 - ResponseHeaderModifier
3859 - RequestMirror
3860 - RequestRedirect
3861 - URLRewrite
3862 - ExtensionRef
3863 type: string
3864 urlRewrite:
3865 description: "URLRewrite defines a schema for a filter
3866 that modifies a request during forwarding. \n Support:
3867 Extended"
3868 properties:
3869 hostname:
3870 description: "Hostname is the value to be used to
3871 replace the Host header value during forwarding.
3872 \n Support: Extended"
3873 maxLength: 253
3874 minLength: 1
3875 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3876 type: string
3877 path:
3878 description: "Path defines a path rewrite. \n Support:
3879 Extended"
3880 properties:
3881 replaceFullPath:
3882 description: ReplaceFullPath specifies the value
3883 with which to replace the full path of a request
3884 during a rewrite or redirect.
3885 maxLength: 1024
3886 type: string
3887 replacePrefixMatch:
3888 description: "ReplacePrefixMatch specifies the
3889 value with which to replace the prefix match
3890 of a request during a rewrite or redirect. For
3891 example, a request to \"/foo/bar\" with a prefix
3892 match of \"/foo\" and a ReplacePrefixMatch of
3893 \"/xyz\" would be modified to \"/xyz/bar\".
3894 \n Note that this matches the behavior of the
3895 PathPrefix match type. This matches full path
3896 elements. A path element refers to the list
3897 of labels in the path split by the `/` separator.
3898 When specified, a trailing `/` is ignored. For
3899 example, the paths `/abc`, `/abc/`, and `/abc/def`
3900 would all match the prefix `/abc`, but the path
3901 `/abcd` would not. \n ReplacePrefixMatch is
3902 only compatible with a `PathPrefix` HTTPRouteMatch.
3903 Using any other HTTPRouteMatch type on the same
3904 HTTPRouteRule will result in the implementation
3905 setting the Accepted Condition for the Route
3906 to `status: False`. \n Request Path | Prefix
3907 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
3908 /foo/bar | /foo | /xyz |
3909 /xyz/bar /foo/bar | /foo | /xyz/
3910 \ | /xyz/bar /foo/bar | /foo/ |
3911 /xyz | /xyz/bar /foo/bar | /foo/
3912 \ | /xyz/ | /xyz/bar /foo |
3913 /foo | /xyz | /xyz /foo/ |
3914 /foo | /xyz | /xyz/ /foo/bar
3915 \ | /foo | <empty string> | /bar
3916 /foo/ | /foo | <empty string>
3917 | / /foo | /foo | <empty string>
3918 | / /foo/ | /foo | / |
3919 / /foo | /foo | / |
3920 /"
3921 maxLength: 1024
3922 type: string
3923 type:
3924 description: "Type defines the type of path modifier.
3925 Additional types may be added in a future release
3926 of the API. \n Note that values may be added
3927 to this enum, implementations must ensure that
3928 unknown values will not cause a crash. \n Unknown
3929 values here must result in the implementation
3930 setting the Accepted Condition for the Route
3931 to `status: False`, with a Reason of `UnsupportedValue`."
3932 enum:
3933 - ReplaceFullPath
3934 - ReplacePrefixMatch
3935 type: string
3936 required:
3937 - type
3938 type: object
3939 x-kubernetes-validations:
3940 - message: replaceFullPath must be specified when
3941 type is set to 'ReplaceFullPath'
3942 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
3943 : true'
3944 - message: type must be 'ReplaceFullPath' when replaceFullPath
3945 is set
3946 rule: 'has(self.replaceFullPath) ? self.type ==
3947 ''ReplaceFullPath'' : true'
3948 - message: replacePrefixMatch must be specified when
3949 type is set to 'ReplacePrefixMatch'
3950 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
3951 : true'
3952 - message: type must be 'ReplacePrefixMatch' when
3953 replacePrefixMatch is set
3954 rule: 'has(self.replacePrefixMatch) ? self.type
3955 == ''ReplacePrefixMatch'' : true'
3956 type: object
3957 required:
3958 - type
3959 type: object
3960 x-kubernetes-validations:
3961 - message: filter.requestHeaderModifier must be nil if the
3962 filter.type is not RequestHeaderModifier
3963 rule: '!(has(self.requestHeaderModifier) && self.type !=
3964 ''RequestHeaderModifier'')'
3965 - message: filter.requestHeaderModifier must be specified
3966 for RequestHeaderModifier filter.type
3967 rule: '!(!has(self.requestHeaderModifier) && self.type ==
3968 ''RequestHeaderModifier'')'
3969 - message: filter.responseHeaderModifier must be nil if the
3970 filter.type is not ResponseHeaderModifier
3971 rule: '!(has(self.responseHeaderModifier) && self.type !=
3972 ''ResponseHeaderModifier'')'
3973 - message: filter.responseHeaderModifier must be specified
3974 for ResponseHeaderModifier filter.type
3975 rule: '!(!has(self.responseHeaderModifier) && self.type
3976 == ''ResponseHeaderModifier'')'
3977 - message: filter.requestMirror must be nil if the filter.type
3978 is not RequestMirror
3979 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
3980 - message: filter.requestMirror must be specified for RequestMirror
3981 filter.type
3982 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')'
3983 - message: filter.requestRedirect must be nil if the filter.type
3984 is not RequestRedirect
3985 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')'
3986 - message: filter.requestRedirect must be specified for RequestRedirect
3987 filter.type
3988 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')'
3989 - message: filter.urlRewrite must be nil if the filter.type
3990 is not URLRewrite
3991 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
3992 - message: filter.urlRewrite must be specified for URLRewrite
3993 filter.type
3994 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
3995 - message: filter.extensionRef must be nil if the filter.type
3996 is not ExtensionRef
3997 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
3998 - message: filter.extensionRef must be specified for ExtensionRef
3999 filter.type
4000 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
4001 maxItems: 16
4002 type: array
4003 x-kubernetes-validations:
4004 - message: May specify either httpRouteFilterRequestRedirect
4005 or httpRouteFilterRequestRewrite, but not both
4006 rule: '!(self.exists(f, f.type == ''RequestRedirect'') &&
4007 self.exists(f, f.type == ''URLRewrite''))'
4008 - message: RequestHeaderModifier filter cannot be repeated
4009 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
4010 <= 1
4011 - message: ResponseHeaderModifier filter cannot be repeated
4012 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
4013 <= 1
4014 - message: RequestRedirect filter cannot be repeated
4015 rule: self.filter(f, f.type == 'RequestRedirect').size() <=
4016 1
4017 - message: URLRewrite filter cannot be repeated
4018 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1
4019 matches:
4020 default:
4021 - path:
4022 type: PathPrefix
4023 value: /
4024 description: "Matches define conditions used for matching the
4025 rule against incoming HTTP requests. Each match is independent,
4026 i.e. this rule will be matched if **any** one of the matches
4027 is satisfied. \n For example, take the following matches configuration:
4028 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
4029 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
4030 to match against this rule, a request must satisfy EITHER
4031 of the two conditions: \n - path prefixed with `/foo` AND
4032 contains the header `version: v2` - path prefix of `/v2/foo`
4033 \n See the documentation for HTTPRouteMatch on how to specify
4034 multiple match conditions that should be ANDed together. \n
4035 If no matches are specified, the default is a prefix path
4036 match on \"/\", which has the effect of matching every HTTP
4037 request. \n Proxy or Load Balancer routing configuration generated
4038 from HTTPRoutes MUST prioritize matches based on the following
4039 criteria, continuing on ties. Across all rules specified on
4040 applicable Routes, precedence must be given to the match having:
4041 \n * \"Exact\" path match. * \"Prefix\" path match with largest
4042 number of characters. * Method match. * Largest number of
4043 header matches. * Largest number of query param matches. \n
4044 Note: The precedence of RegularExpression path matches are
4045 implementation-specific. \n If ties still exist across multiple
4046 Routes, matching precedence MUST be determined in order of
4047 the following criteria, continuing on ties: \n * The oldest
4048 Route based on creation timestamp. * The Route appearing first
4049 in alphabetical order by \"{namespace}/{name}\". \n If ties
4050 still exist within an HTTPRoute, matching precedence MUST
4051 be granted to the FIRST matching rule (in list order) with
4052 a match meeting the above criteria. \n When no rules matching
4053 a request have been successfully attached to the parent a
4054 request is coming from, a HTTP 404 status code MUST be returned."
4055 items:
4056 description: "HTTPRouteMatch defines the predicate used to
4057 match requests to a given action. Multiple match types are
4058 ANDed together, i.e. the match will evaluate to true only
4059 if all conditions are satisfied. \n For example, the match
4060 below will match a HTTP request only if its path starts
4061 with `/foo` AND it contains the `version: v1` header: \n
4062 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
4063 value \"v1\" \n ```"
4064 properties:
4065 headers:
4066 description: Headers specifies HTTP request header matchers.
4067 Multiple match values are ANDed together, meaning, a
4068 request must match all the specified headers to select
4069 the route.
4070 items:
4071 description: HTTPHeaderMatch describes how to select
4072 a HTTP route by matching HTTP request headers.
4073 properties:
4074 name:
4075 description: "Name is the name of the HTTP Header
4076 to be matched. Name matching MUST be case insensitive.
4077 (See https://tools.ietf.org/html/rfc7230#section-3.2).
4078 \n If multiple entries specify equivalent header
4079 names, only the first entry with an equivalent
4080 name MUST be considered for a match. Subsequent
4081 entries with an equivalent header name MUST be
4082 ignored. Due to the case-insensitivity of header
4083 names, \"foo\" and \"Foo\" are considered equivalent.
4084 \n When a header is repeated in an HTTP request,
4085 it is implementation-specific behavior as to how
4086 this is represented. Generally, proxies should
4087 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
4088 regarding processing a repeated header, with special
4089 handling for \"Set-Cookie\"."
4090 maxLength: 256
4091 minLength: 1
4092 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4093 type: string
4094 type:
4095 default: Exact
4096 description: "Type specifies how to match against
4097 the value of the header. \n Support: Core (Exact)
4098 \n Support: Implementation-specific (RegularExpression)
4099 \n Since RegularExpression HeaderMatchType has
4100 implementation-specific conformance, implementations
4101 can support POSIX, PCRE or any other dialects
4102 of regular expressions. Please read the implementation's
4103 documentation to determine the supported dialect."
4104 enum:
4105 - Exact
4106 - RegularExpression
4107 type: string
4108 value:
4109 description: Value is the value of HTTP Header to
4110 be matched.
4111 maxLength: 4096
4112 minLength: 1
4113 type: string
4114 required:
4115 - name
4116 - value
4117 type: object
4118 maxItems: 16
4119 type: array
4120 x-kubernetes-list-map-keys:
4121 - name
4122 x-kubernetes-list-type: map
4123 method:
4124 description: "Method specifies HTTP method matcher. When
4125 specified, this route will be matched only if the request
4126 has the specified method. \n Support: Extended"
4127 enum:
4128 - GET
4129 - HEAD
4130 - POST
4131 - PUT
4132 - DELETE
4133 - CONNECT
4134 - OPTIONS
4135 - TRACE
4136 - PATCH
4137 type: string
4138 path:
4139 default:
4140 type: PathPrefix
4141 value: /
4142 description: Path specifies a HTTP request path matcher.
4143 If this field is not specified, a default prefix match
4144 on the "/" path is provided.
4145 properties:
4146 type:
4147 default: PathPrefix
4148 description: "Type specifies how to match against
4149 the path Value. \n Support: Core (Exact, PathPrefix)
4150 \n Support: Implementation-specific (RegularExpression)"
4151 enum:
4152 - Exact
4153 - PathPrefix
4154 - RegularExpression
4155 type: string
4156 value:
4157 default: /
4158 description: Value of the HTTP path to match against.
4159 maxLength: 1024
4160 type: string
4161 type: object
4162 x-kubernetes-validations:
4163 - message: value must be an absolute path and start with
4164 '/' when type one of ['Exact', 'PathPrefix']
4165 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'')
4166 : true'
4167 - message: must not contain '//' when type one of ['Exact',
4168 'PathPrefix']
4169 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'')
4170 : true'
4171 - message: must not contain '/./' when type one of ['Exact',
4172 'PathPrefix']
4173 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'')
4174 : true'
4175 - message: must not contain '/../' when type one of ['Exact',
4176 'PathPrefix']
4177 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'')
4178 : true'
4179 - message: must not contain '%2f' when type one of ['Exact',
4180 'PathPrefix']
4181 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'')
4182 : true'
4183 - message: must not contain '%2F' when type one of ['Exact',
4184 'PathPrefix']
4185 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'')
4186 : true'
4187 - message: must not contain '#' when type one of ['Exact',
4188 'PathPrefix']
4189 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'')
4190 : true'
4191 - message: must not end with '/..' when type one of ['Exact',
4192 'PathPrefix']
4193 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'')
4194 : true'
4195 - message: must not end with '/.' when type one of ['Exact',
4196 'PathPrefix']
4197 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'')
4198 : true'
4199 - message: type must be one of ['Exact', 'PathPrefix',
4200 'RegularExpression']
4201 rule: self.type in ['Exact','PathPrefix'] || self.type
4202 == 'RegularExpression'
4203 - message: must only contain valid characters (matching
4204 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$)
4205 for types ['Exact', 'PathPrefix']
4206 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""")
4207 : true'
4208 queryParams:
4209 description: "QueryParams specifies HTTP query parameter
4210 matchers. Multiple match values are ANDed together,
4211 meaning, a request must match all the specified query
4212 parameters to select the route. \n Support: Extended"
4213 items:
4214 description: HTTPQueryParamMatch describes how to select
4215 a HTTP route by matching HTTP query parameters.
4216 properties:
4217 name:
4218 description: "Name is the name of the HTTP query
4219 param to be matched. This must be an exact string
4220 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
4221 \n If multiple entries specify equivalent query
4222 param names, only the first entry with an equivalent
4223 name MUST be considered for a match. Subsequent
4224 entries with an equivalent query param name MUST
4225 be ignored. \n If a query param is repeated in
4226 an HTTP request, the behavior is purposely left
4227 undefined, since different data planes have different
4228 capabilities. However, it is *recommended* that
4229 implementations should match against the first
4230 value of the param if the data plane supports
4231 it, as this behavior is expected in other load
4232 balancing contexts outside of the Gateway API.
4233 \n Users SHOULD NOT route traffic based on repeated
4234 query params to guard themselves against potential
4235 differences in the implementations."
4236 maxLength: 256
4237 minLength: 1
4238 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4239 type: string
4240 type:
4241 default: Exact
4242 description: "Type specifies how to match against
4243 the value of the query parameter. \n Support:
4244 Extended (Exact) \n Support: Implementation-specific
4245 (RegularExpression) \n Since RegularExpression
4246 QueryParamMatchType has Implementation-specific
4247 conformance, implementations can support POSIX,
4248 PCRE or any other dialects of regular expressions.
4249 Please read the implementation's documentation
4250 to determine the supported dialect."
4251 enum:
4252 - Exact
4253 - RegularExpression
4254 type: string
4255 value:
4256 description: Value is the value of HTTP query param
4257 to be matched.
4258 maxLength: 1024
4259 minLength: 1
4260 type: string
4261 required:
4262 - name
4263 - value
4264 type: object
4265 maxItems: 16
4266 type: array
4267 x-kubernetes-list-map-keys:
4268 - name
4269 x-kubernetes-list-type: map
4270 type: object
4271 maxItems: 8
4272 type: array
4273 type: object
4274 x-kubernetes-validations:
4275 - message: RequestRedirect filter must not be used together with
4276 backendRefs
4277 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ?
4278 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))):
4279 true'
4280 - message: When using RequestRedirect filter with path.replacePrefixMatch,
4281 exactly one PathPrefix match must be specified
4282 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect)
4283 && has(f.requestRedirect.path) && f.requestRedirect.path.type
4284 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
4285 ? ((size(self.matches) != 1 || !has(self.matches[0].path) ||
4286 self.matches[0].path.type != ''PathPrefix'') ? false : true)
4287 : true'
4288 - message: When using URLRewrite filter with path.replacePrefixMatch,
4289 exactly one PathPrefix match must be specified
4290 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite)
4291 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
4292 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches)
4293 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
4294 != ''PathPrefix'') ? false : true) : true'
4295 - message: Within backendRefs, when using RequestRedirect filter
4296 with path.replacePrefixMatch, exactly one PathPrefix match must
4297 be specified
4298 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
4299 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect)
4300 && has(f.requestRedirect.path) && f.requestRedirect.path.type
4301 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
4302 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path)
4303 || self.matches[0].path.type != ''PathPrefix'') ? false : true)
4304 : true'
4305 - message: Within backendRefs, When using URLRewrite filter with
4306 path.replacePrefixMatch, exactly one PathPrefix match must be
4307 specified
4308 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
4309 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite)
4310 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
4311 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches)
4312 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
4313 != ''PathPrefix'') ? false : true) : true'
4314 maxItems: 16
4315 type: array
4316 type: object
4317 status:
4318 description: Status defines the current state of HTTPRoute.
4319 properties:
4320 parents:
4321 description: "Parents is a list of parent resources (usually Gateways)
4322 that are associated with the route, and the status of the route
4323 with respect to each parent. When this route attaches to a parent,
4324 the controller that manages the parent must add an entry to this
4325 list when the controller first sees the route and should update
4326 the entry as appropriate when the route or gateway is modified.
4327 \n Note that parent references that cannot be resolved by an implementation
4328 of this API will not be added to this list. Implementations of this
4329 API can only populate Route status for the Gateways/parent resources
4330 they are responsible for. \n A maximum of 32 Gateways will be represented
4331 in this list. An empty list means the route has not been attached
4332 to any Gateway."
4333 items:
4334 description: RouteParentStatus describes the status of a route with
4335 respect to an associated Parent.
4336 properties:
4337 conditions:
4338 description: "Conditions describes the status of the route with
4339 respect to the Gateway. Note that the route's availability
4340 is also subject to the Gateway's own status conditions and
4341 listener status. \n If the Route's ParentRef specifies an
4342 existing Gateway that supports Routes of this kind AND that
4343 Gateway's controller has sufficient access, then that Gateway's
4344 controller MUST set the \"Accepted\" condition on the Route,
4345 to indicate whether the route has been accepted or rejected
4346 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
4347 if at least one of the Route's rules is implemented by the
4348 Gateway. \n There are a number of cases where the \"Accepted\"
4349 condition may not be set due to lack of controller visibility,
4350 that includes when: \n * The Route refers to a non-existent
4351 parent. * The Route is of a type that the controller does
4352 not support. * The Route is in a namespace the controller
4353 does not have access to."
4354 items:
4355 description: "Condition contains details for one aspect of
4356 the current state of this API Resource. --- This struct
4357 is intended for direct use as an array at the field path
4358 .status.conditions. For example, \n type FooStatus struct{
4359 // Represents the observations of a foo's current state.
4360 // Known .status.conditions.type are: \"Available\", \"Progressing\",
4361 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
4362 // +listType=map // +listMapKey=type Conditions []metav1.Condition
4363 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
4364 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
4365 }"
4366 properties:
4367 lastTransitionTime:
4368 description: lastTransitionTime is the last time the condition
4369 transitioned from one status to another. This should
4370 be when the underlying condition changed. If that is
4371 not known, then using the time when the API field changed
4372 is acceptable.
4373 format: date-time
4374 type: string
4375 message:
4376 description: message is a human readable message indicating
4377 details about the transition. This may be an empty string.
4378 maxLength: 32768
4379 type: string
4380 observedGeneration:
4381 description: observedGeneration represents the .metadata.generation
4382 that the condition was set based upon. For instance,
4383 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
4384 is 9, the condition is out of date with respect to the
4385 current state of the instance.
4386 format: int64
4387 minimum: 0
4388 type: integer
4389 reason:
4390 description: reason contains a programmatic identifier
4391 indicating the reason for the condition's last transition.
4392 Producers of specific condition types may define expected
4393 values and meanings for this field, and whether the
4394 values are considered a guaranteed API. The value should
4395 be a CamelCase string. This field may not be empty.
4396 maxLength: 1024
4397 minLength: 1
4398 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4399 type: string
4400 status:
4401 description: status of the condition, one of True, False,
4402 Unknown.
4403 enum:
4404 - "True"
4405 - "False"
4406 - Unknown
4407 type: string
4408 type:
4409 description: type of condition in CamelCase or in foo.example.com/CamelCase.
4410 --- Many .condition.type values are consistent across
4411 resources like Available, but because arbitrary conditions
4412 can be useful (see .node.status.conditions), the ability
4413 to deconflict is important. The regex it matches is
4414 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
4415 maxLength: 316
4416 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4417 type: string
4418 required:
4419 - lastTransitionTime
4420 - message
4421 - reason
4422 - status
4423 - type
4424 type: object
4425 maxItems: 8
4426 minItems: 1
4427 type: array
4428 x-kubernetes-list-map-keys:
4429 - type
4430 x-kubernetes-list-type: map
4431 controllerName:
4432 description: "ControllerName is a domain/path string that indicates
4433 the name of the controller that wrote this status. This corresponds
4434 with the controllerName field on GatewayClass. \n Example:
4435 \"example.net/gateway-controller\". \n The format of this
4436 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
4437 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
4438 \n Controllers MUST populate this field when writing status.
4439 Controllers should ensure that entries to status populated
4440 with their ControllerName are cleaned up when they are no
4441 longer necessary."
4442 maxLength: 253
4443 minLength: 1
4444 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
4445 type: string
4446 parentRef:
4447 description: ParentRef corresponds with a ParentRef in the spec
4448 that this RouteParentStatus struct describes the status of.
4449 properties:
4450 group:
4451 default: gateway.networking.k8s.io
4452 description: "Group is the group of the referent. When unspecified,
4453 \"gateway.networking.k8s.io\" is inferred. To set the
4454 core API group (such as for a \"Service\" kind referent),
4455 Group must be explicitly set to \"\" (empty string). \n
4456 Support: Core"
4457 maxLength: 253
4458 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4459 type: string
4460 kind:
4461 default: Gateway
4462 description: "Kind is kind of the referent. \n There are
4463 two kinds of parent resources with \"Core\" support: \n
4464 * Gateway (Gateway conformance profile) * Service (Mesh
4465 conformance profile, experimental, ClusterIP Services
4466 only) \n Support for other resources is Implementation-Specific."
4467 maxLength: 63
4468 minLength: 1
4469 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4470 type: string
4471 name:
4472 description: "Name is the name of the referent. \n Support:
4473 Core"
4474 maxLength: 253
4475 minLength: 1
4476 type: string
4477 namespace:
4478 description: "Namespace is the namespace of the referent.
4479 When unspecified, this refers to the local namespace of
4480 the Route. \n Note that there are specific rules for ParentRefs
4481 which cross namespace boundaries. Cross-namespace references
4482 are only valid if they are explicitly allowed by something
4483 in the namespace they are referring to. For example: Gateway
4484 has the AllowedRoutes field, and ReferenceGrant provides
4485 a generic way to enable any other kind of cross-namespace
4486 reference. \n \n Support: Core"
4487 maxLength: 63
4488 minLength: 1
4489 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4490 type: string
4491 sectionName:
4492 description: "SectionName is the name of a section within
4493 the target resource. In the following resources, SectionName
4494 is interpreted as the following: \n * Gateway: Listener
4495 Name. When both Port (experimental) and SectionName are
4496 specified, the name and port of the selected listener
4497 must match both specified values. * Service: Port Name.
4498 When both Port (experimental) and SectionName are specified,
4499 the name and port of the selected listener must match
4500 both specified values. Note that attaching Routes to Services
4501 as Parents is part of experimental Mesh support and is
4502 not supported for any other purpose. \n Implementations
4503 MAY choose to support attaching Routes to other resources.
4504 If that is the case, they MUST clearly document how SectionName
4505 is interpreted. \n When unspecified (empty string), this
4506 will reference the entire resource. For the purpose of
4507 status, an attachment is considered successful if at least
4508 one section in the parent resource accepts it. For example,
4509 Gateway listeners can restrict which Routes can attach
4510 to them by Route kind, namespace, or hostname. If 1 of
4511 2 Gateway listeners accept attachment from the referencing
4512 Route, the Route MUST be considered successfully attached.
4513 If no Gateway listeners accept attachment from this Route,
4514 the Route MUST be considered detached from the Gateway.
4515 \n Support: Core"
4516 maxLength: 253
4517 minLength: 1
4518 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4519 type: string
4520 required:
4521 - name
4522 type: object
4523 required:
4524 - controllerName
4525 - parentRef
4526 type: object
4527 maxItems: 32
4528 type: array
4529 required:
4530 - parents
4531 type: object
4532 required:
4533 - spec
4534 type: object
4535 served: true
4536 storage: false
4537 subresources:
4538 status: {}
4539 - additionalPrinterColumns:
4540 - jsonPath: .spec.hostnames
4541 name: Hostnames
4542 type: string
4543 - jsonPath: .metadata.creationTimestamp
4544 name: Age
4545 type: date
4546 name: v1beta1
4547 schema:
4548 openAPIV3Schema:
4549 description: HTTPRoute provides a way to route HTTP requests. This includes
4550 the capability to match requests by hostname, path, header, or query param.
4551 Filters can be used to specify additional processing steps. Backends specify
4552 where matching requests should be routed.
4553 properties:
4554 apiVersion:
4555 description: 'APIVersion defines the versioned schema of this representation
4556 of an object. Servers should convert recognized schemas to the latest
4557 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
4558 type: string
4559 kind:
4560 description: 'Kind is a string value representing the REST resource this
4561 object represents. Servers may infer this from the endpoint the client
4562 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
4563 type: string
4564 metadata:
4565 type: object
4566 spec:
4567 description: Spec defines the desired state of HTTPRoute.
4568 properties:
4569 hostnames:
4570 description: "Hostnames defines a set of hostnames that should match
4571 against the HTTP Host header to select a HTTPRoute used to process
4572 the request. Implementations MUST ignore any port value specified
4573 in the HTTP Host header while performing a match and (absent of
4574 any applicable header modification configuration) MUST forward this
4575 header unmodified to the backend. \n Valid values for Hostnames
4576 are determined by RFC 1123 definition of a hostname with 2 notable
4577 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
4578 with a wildcard label (`*.`). The wildcard label must appear by
4579 itself as the first label. \n If a hostname is specified by both
4580 the Listener and HTTPRoute, there must be at least one intersecting
4581 hostname for the HTTPRoute to be attached to the Listener. For example:
4582 \n * A Listener with `test.example.com` as the hostname matches
4583 HTTPRoutes that have either not specified any hostnames, or have
4584 specified at least one of `test.example.com` or `*.example.com`.
4585 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
4586 that have either not specified any hostnames or have specified at
4587 least one hostname that matches the Listener hostname. For example,
4588 `*.example.com`, `test.example.com`, and `foo.test.example.com`
4589 would all match. On the other hand, `example.com` and `test.example.net`
4590 would not match. \n Hostnames that are prefixed with a wildcard
4591 label (`*.`) are interpreted as a suffix match. That means that
4592 a match for `*.example.com` would match both `test.example.com`,
4593 and `foo.test.example.com`, but not `example.com`. \n If both the
4594 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
4595 that do not match the Listener hostname MUST be ignored. For example,
4596 if a Listener specified `*.example.com`, and the HTTPRoute specified
4597 `test.example.com` and `test.example.net`, `test.example.net` must
4598 not be considered for a match. \n If both the Listener and HTTPRoute
4599 have specified hostnames, and none match with the criteria above,
4600 then the HTTPRoute is not accepted. The implementation must raise
4601 an 'Accepted' Condition with a status of `False` in the corresponding
4602 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
4603 intersecting hostnames (e.g. overlapping wildcard matching and exact
4604 matching hostnames), precedence must be given to rules from the
4605 HTTPRoute with the largest number of: \n * Characters in a matching
4606 non-wildcard hostname. * Characters in a matching hostname. \n If
4607 ties exist across multiple Routes, the matching precedence rules
4608 for HTTPRouteMatches takes over. \n Support: Core"
4609 items:
4610 description: "Hostname is the fully qualified domain name of a network
4611 host. This matches the RFC 1123 definition of a hostname with
4612 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
4613 may be prefixed with a wildcard label (`*.`). The wildcard label
4614 must appear by itself as the first label. \n Hostname can be \"precise\"
4615 which is a domain name without the terminating dot of a network
4616 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
4617 name prefixed with a single wildcard label (e.g. `*.example.com`).
4618 \n Note that as per RFC1035 and RFC1123, a *label* must consist
4619 of lower case alphanumeric characters or '-', and must start and
4620 end with an alphanumeric character. No other punctuation is allowed."
4621 maxLength: 253
4622 minLength: 1
4623 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4624 type: string
4625 maxItems: 16
4626 type: array
4627 parentRefs:
4628 description: "ParentRefs references the resources (usually Gateways)
4629 that a Route wants to be attached to. Note that the referenced parent
4630 resource needs to allow this for the attachment to be complete.
4631 For Gateways, that means the Gateway needs to allow attachment from
4632 Routes of this kind and namespace. For Services, that means the
4633 Service must either be in the same namespace for a \"producer\"
4634 route, or the mesh implementation must support and allow \"consumer\"
4635 routes for the referenced Service. ReferenceGrant is not applicable
4636 for governing ParentRefs to Services - it is not possible to create
4637 a \"producer\" route for a Service in a different namespace from
4638 the Route. \n There are two kinds of parent resources with \"Core\"
4639 support: \n * Gateway (Gateway conformance profile) This API may
4640 be extended in the future to support additional kinds of parent
4641 resources. \n ParentRefs must be _distinct_. This means either that:
4642 \n * They select different objects. If this is the case, then parentRef
4643 entries are distinct. In terms of fields, this means that the multi-part
4644 key defined by `group`, `kind`, `namespace`, and `name` must be
4645 unique across all parentRef entries in the Route. * They do not
4646 select different objects, but for each optional field used, each
4647 ParentRef that selects the same object must set the same set of
4648 optional fields to different values. If one ParentRef sets a combination
4649 of optional fields, all must set the same combination. \n Some examples:
4650 \n * If one ParentRef sets `sectionName`, all ParentRefs referencing
4651 the same object must also set `sectionName`. * If one ParentRef
4652 sets `port`, all ParentRefs referencing the same object must also
4653 set `port`. * If one ParentRef sets `sectionName` and `port`, all
4654 ParentRefs referencing the same object must also set `sectionName`
4655 and `port`. \n It is possible to separately reference multiple distinct
4656 objects that may be collapsed by an implementation. For example,
4657 some implementations may choose to merge compatible Gateway Listeners
4658 together. If that is the case, the list of routes attached to those
4659 resources should also be merged. \n Note that for ParentRefs that
4660 cross namespace boundaries, there are specific rules. Cross-namespace
4661 references are only valid if they are explicitly allowed by something
4662 in the namespace they are referring to. For example, Gateway has
4663 the AllowedRoutes field, and ReferenceGrant provides a generic way
4664 to enable other kinds of cross-namespace reference. \n \n "
4665 items:
4666 description: "ParentReference identifies an API object (usually
4667 a Gateway) that can be considered a parent of this resource (usually
4668 a route). There are two kinds of parent resources with \"Core\"
4669 support: \n * Gateway (Gateway conformance profile) * Service
4670 (Mesh conformance profile, experimental, ClusterIP Services only)
4671 \n This API may be extended in the future to support additional
4672 kinds of parent resources. \n The API object must be valid in
4673 the cluster; the Group and Kind must be registered in the cluster
4674 for this reference to be valid."
4675 properties:
4676 group:
4677 default: gateway.networking.k8s.io
4678 description: "Group is the group of the referent. When unspecified,
4679 \"gateway.networking.k8s.io\" is inferred. To set the core
4680 API group (such as for a \"Service\" kind referent), Group
4681 must be explicitly set to \"\" (empty string). \n Support:
4682 Core"
4683 maxLength: 253
4684 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4685 type: string
4686 kind:
4687 default: Gateway
4688 description: "Kind is kind of the referent. \n There are two
4689 kinds of parent resources with \"Core\" support: \n * Gateway
4690 (Gateway conformance profile) * Service (Mesh conformance
4691 profile, experimental, ClusterIP Services only) \n Support
4692 for other resources is Implementation-Specific."
4693 maxLength: 63
4694 minLength: 1
4695 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4696 type: string
4697 name:
4698 description: "Name is the name of the referent. \n Support:
4699 Core"
4700 maxLength: 253
4701 minLength: 1
4702 type: string
4703 namespace:
4704 description: "Namespace is the namespace of the referent. When
4705 unspecified, this refers to the local namespace of the Route.
4706 \n Note that there are specific rules for ParentRefs which
4707 cross namespace boundaries. Cross-namespace references are
4708 only valid if they are explicitly allowed by something in
4709 the namespace they are referring to. For example: Gateway
4710 has the AllowedRoutes field, and ReferenceGrant provides a
4711 generic way to enable any other kind of cross-namespace reference.
4712 \n \n Support: Core"
4713 maxLength: 63
4714 minLength: 1
4715 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4716 type: string
4717 sectionName:
4718 description: "SectionName is the name of a section within the
4719 target resource. In the following resources, SectionName is
4720 interpreted as the following: \n * Gateway: Listener Name.
4721 When both Port (experimental) and SectionName are specified,
4722 the name and port of the selected listener must match both
4723 specified values. * Service: Port Name. When both Port (experimental)
4724 and SectionName are specified, the name and port of the selected
4725 listener must match both specified values. Note that attaching
4726 Routes to Services as Parents is part of experimental Mesh
4727 support and is not supported for any other purpose. \n Implementations
4728 MAY choose to support attaching Routes to other resources.
4729 If that is the case, they MUST clearly document how SectionName
4730 is interpreted. \n When unspecified (empty string), this will
4731 reference the entire resource. For the purpose of status,
4732 an attachment is considered successful if at least one section
4733 in the parent resource accepts it. For example, Gateway listeners
4734 can restrict which Routes can attach to them by Route kind,
4735 namespace, or hostname. If 1 of 2 Gateway listeners accept
4736 attachment from the referencing Route, the Route MUST be considered
4737 successfully attached. If no Gateway listeners accept attachment
4738 from this Route, the Route MUST be considered detached from
4739 the Gateway. \n Support: Core"
4740 maxLength: 253
4741 minLength: 1
4742 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4743 type: string
4744 required:
4745 - name
4746 type: object
4747 maxItems: 32
4748 type: array
4749 x-kubernetes-validations:
4750 - message: sectionName must be specified when parentRefs includes
4751 2 or more references to the same parent
4752 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind
4753 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
4754 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__
4755 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
4756 p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName)
4757 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName
4758 == '''')) : true))'
4759 - message: sectionName must be unique when parentRefs includes 2 or
4760 more references to the same parent
4761 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind
4762 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
4763 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__
4764 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
4765 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName)
4766 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName
4767 == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName
4768 == p2.sectionName))))
4769 rules:
4770 default:
4771 - matches:
4772 - path:
4773 type: PathPrefix
4774 value: /
4775 description: Rules are a list of HTTP matchers, filters and actions.
4776 items:
4777 description: HTTPRouteRule defines semantics for matching an HTTP
4778 request based on conditions (matches), processing it (filters),
4779 and forwarding the request to an API object (backendRefs).
4780 properties:
4781 backendRefs:
4782 description: "BackendRefs defines the backend(s) where matching
4783 requests should be sent. \n Failure behavior here depends
4784 on how many BackendRefs are specified and how many are invalid.
4785 \n If *all* entries in BackendRefs are invalid, and there
4786 are also no filters specified in this route rule, *all* traffic
4787 which matches this rule MUST receive a 500 status code. \n
4788 See the HTTPBackendRef definition for the rules about what
4789 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
4790 is invalid, 500 status codes MUST be returned for requests
4791 that would have otherwise been routed to an invalid backend.
4792 If multiple backends are specified, and some are invalid,
4793 the proportion of requests that would otherwise have been
4794 routed to an invalid backend MUST receive a 500 status code.
4795 \n For example, if two backends are specified with equal weights,
4796 and one is invalid, 50 percent of traffic must receive a 500.
4797 Implementations may choose how that 50 percent is determined.
4798 \n Support: Core for Kubernetes Service \n Support: Extended
4799 for Kubernetes ServiceImport \n Support: Implementation-specific
4800 for any other resource \n Support for weight: Core"
4801 items:
4802 description: "HTTPBackendRef defines how a HTTPRoute forwards
4803 a HTTP request. \n Note that when a namespace different
4804 than the local namespace is specified, a ReferenceGrant
4805 object is required in the referent namespace to allow that
4806 namespace's owner to accept the reference. See the ReferenceGrant
4807 documentation for details. \n <gateway:experimental:description>
4808 \n When the BackendRef points to a Kubernetes Service, implementations
4809 SHOULD honor the appProtocol field if it is set for the
4810 target Service Port. \n Implementations supporting appProtocol
4811 SHOULD recognize the Kubernetes Standard Application Protocols
4812 defined in KEP-3726. \n If a Service appProtocol isn't specified,
4813 an implementation MAY infer the backend protocol through
4814 its own means. Implementations MAY infer the protocol from
4815 the Route type referring to the backend Service. \n If a
4816 Route is not able to send traffic to the backend using the
4817 specified protocol then the backend is considered invalid.
4818 Implementations MUST set the \"ResolvedRefs\" condition
4819 to \"False\" with the \"UnsupportedProtocol\" reason. \n
4820 </gateway:experimental:description>"
4821 properties:
4822 filters:
4823 description: "Filters defined at this level should be
4824 executed if and only if the request is being forwarded
4825 to the backend defined here. \n Support: Implementation-specific
4826 (For broader support of filters, use the Filters field
4827 in HTTPRouteRule.)"
4828 items:
4829 description: HTTPRouteFilter defines processing steps
4830 that must be completed during the request or response
4831 lifecycle. HTTPRouteFilters are meant as an extension
4832 point to express processing that may be done in Gateway
4833 implementations. Some examples include request or
4834 response modification, implementing authentication
4835 strategies, rate-limiting, and traffic shaping. API
4836 guarantee/conformance is defined based on the type
4837 of the filter.
4838 properties:
4839 extensionRef:
4840 description: "ExtensionRef is an optional, implementation-specific
4841 extension to the \"filter\" behavior. For example,
4842 resource \"myroutefilter\" in group \"networking.example.net\").
4843 ExtensionRef MUST NOT be used for core and extended
4844 filters. \n This filter can be used multiple times
4845 within the same rule. \n Support: Implementation-specific"
4846 properties:
4847 group:
4848 description: Group is the group of the referent.
4849 For example, "gateway.networking.k8s.io".
4850 When unspecified or empty string, core API
4851 group is inferred.
4852 maxLength: 253
4853 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4854 type: string
4855 kind:
4856 description: Kind is kind of the referent. For
4857 example "HTTPRoute" or "Service".
4858 maxLength: 63
4859 minLength: 1
4860 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4861 type: string
4862 name:
4863 description: Name is the name of the referent.
4864 maxLength: 253
4865 minLength: 1
4866 type: string
4867 required:
4868 - group
4869 - kind
4870 - name
4871 type: object
4872 requestHeaderModifier:
4873 description: "RequestHeaderModifier defines a schema
4874 for a filter that modifies request headers. \n
4875 Support: Core"
4876 properties:
4877 add:
4878 description: "Add adds the given header(s) (name,
4879 value) to the request before the action. It
4880 appends to any existing values associated
4881 with the header name. \n Input: GET /foo HTTP/1.1
4882 my-header: foo \n Config: add: - name: \"my-header\"
4883 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
4884 my-header: foo,bar,baz"
4885 items:
4886 description: HTTPHeader represents an HTTP
4887 Header name and value as defined by RFC
4888 7230.
4889 properties:
4890 name:
4891 description: "Name is the name of the
4892 HTTP Header to be matched. Name matching
4893 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4894 \n If multiple entries specify equivalent
4895 header names, the first entry with an
4896 equivalent name MUST be considered for
4897 a match. Subsequent entries with an
4898 equivalent header name MUST be ignored.
4899 Due to the case-insensitivity of header
4900 names, \"foo\" and \"Foo\" are considered
4901 equivalent."
4902 maxLength: 256
4903 minLength: 1
4904 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4905 type: string
4906 value:
4907 description: Value is the value of HTTP
4908 Header to be matched.
4909 maxLength: 4096
4910 minLength: 1
4911 type: string
4912 required:
4913 - name
4914 - value
4915 type: object
4916 maxItems: 16
4917 type: array
4918 x-kubernetes-list-map-keys:
4919 - name
4920 x-kubernetes-list-type: map
4921 remove:
4922 description: "Remove the given header(s) from
4923 the HTTP request before the action. The value
4924 of Remove is a list of HTTP header names.
4925 Note that the header names are case-insensitive
4926 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
4927 \n Input: GET /foo HTTP/1.1 my-header1: foo
4928 my-header2: bar my-header3: baz \n Config:
4929 remove: [\"my-header1\", \"my-header3\"] \n
4930 Output: GET /foo HTTP/1.1 my-header2: bar"
4931 items:
4932 type: string
4933 maxItems: 16
4934 type: array
4935 x-kubernetes-list-type: set
4936 set:
4937 description: "Set overwrites the request with
4938 the given header (name, value) before the
4939 action. \n Input: GET /foo HTTP/1.1 my-header:
4940 foo \n Config: set: - name: \"my-header\"
4941 value: \"bar\" \n Output: GET /foo HTTP/1.1
4942 my-header: bar"
4943 items:
4944 description: HTTPHeader represents an HTTP
4945 Header name and value as defined by RFC
4946 7230.
4947 properties:
4948 name:
4949 description: "Name is the name of the
4950 HTTP Header to be matched. Name matching
4951 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4952 \n If multiple entries specify equivalent
4953 header names, the first entry with an
4954 equivalent name MUST be considered for
4955 a match. Subsequent entries with an
4956 equivalent header name MUST be ignored.
4957 Due to the case-insensitivity of header
4958 names, \"foo\" and \"Foo\" are considered
4959 equivalent."
4960 maxLength: 256
4961 minLength: 1
4962 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4963 type: string
4964 value:
4965 description: Value is the value of HTTP
4966 Header to be matched.
4967 maxLength: 4096
4968 minLength: 1
4969 type: string
4970 required:
4971 - name
4972 - value
4973 type: object
4974 maxItems: 16
4975 type: array
4976 x-kubernetes-list-map-keys:
4977 - name
4978 x-kubernetes-list-type: map
4979 type: object
4980 requestMirror:
4981 description: "RequestMirror defines a schema for
4982 a filter that mirrors requests. Requests are sent
4983 to the specified destination, but responses from
4984 that destination are ignored. \n This filter can
4985 be used multiple times within the same rule. Note
4986 that not all implementations will be able to support
4987 mirroring to multiple backends. \n Support: Extended"
4988 properties:
4989 backendRef:
4990 description: "BackendRef references a resource
4991 where mirrored requests are sent. \n Mirrored
4992 requests must be sent only to a single destination
4993 endpoint within this BackendRef, irrespective
4994 of how many endpoints are present within this
4995 BackendRef. \n If the referent cannot be found,
4996 this BackendRef is invalid and must be dropped
4997 from the Gateway. The controller must ensure
4998 the \"ResolvedRefs\" condition on the Route
4999 status is set to `status: False` and not configure
5000 this backend in the underlying implementation.
5001 \n If there is a cross-namespace reference
5002 to an *existing* object that is not allowed
5003 by a ReferenceGrant, the controller must ensure
5004 the \"ResolvedRefs\" condition on the Route
5005 is set to `status: False`, with the \"RefNotPermitted\"
5006 reason and not configure this backend in the
5007 underlying implementation. \n In either error
5008 case, the Message of the `ResolvedRefs` Condition
5009 should be used to provide more detail about
5010 the problem. \n Support: Extended for Kubernetes
5011 Service \n Support: Implementation-specific
5012 for any other resource"
5013 properties:
5014 group:
5015 default: ""
5016 description: Group is the group of the referent.
5017 For example, "gateway.networking.k8s.io".
5018 When unspecified or empty string, core
5019 API group is inferred.
5020 maxLength: 253
5021 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5022 type: string
5023 kind:
5024 default: Service
5025 description: "Kind is the Kubernetes resource
5026 kind of the referent. For example \"Service\".
5027 \n Defaults to \"Service\" when not specified.
5028 \n ExternalName services can refer to
5029 CNAME DNS records that may live outside
5030 of the cluster and as such are difficult
5031 to reason about in terms of conformance.
5032 They also may not be safe to forward to
5033 (see CVE-2021-25740 for more information).
5034 Implementations SHOULD NOT support ExternalName
5035 Services. \n Support: Core (Services with
5036 a type other than ExternalName) \n Support:
5037 Implementation-specific (Services with
5038 type ExternalName)"
5039 maxLength: 63
5040 minLength: 1
5041 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5042 type: string
5043 name:
5044 description: Name is the name of the referent.
5045 maxLength: 253
5046 minLength: 1
5047 type: string
5048 namespace:
5049 description: "Namespace is the namespace
5050 of the backend. When unspecified, the
5051 local namespace is inferred. \n Note that
5052 when a namespace different than the local
5053 namespace is specified, a ReferenceGrant
5054 object is required in the referent namespace
5055 to allow that namespace's owner to accept
5056 the reference. See the ReferenceGrant
5057 documentation for details. \n Support:
5058 Core"
5059 maxLength: 63
5060 minLength: 1
5061 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
5062 type: string
5063 port:
5064 description: Port specifies the destination
5065 port number to use for this resource.
5066 Port is required when the referent is
5067 a Kubernetes Service. In this case, the
5068 port number is the service port number,
5069 not the target port. For other resources,
5070 destination port might be derived from
5071 the referent resource or this field.
5072 format: int32
5073 maximum: 65535
5074 minimum: 1
5075 type: integer
5076 required:
5077 - name
5078 type: object
5079 x-kubernetes-validations:
5080 - message: Must have port for Service reference
5081 rule: '(size(self.group) == 0 && self.kind
5082 == ''Service'') ? has(self.port) : true'
5083 required:
5084 - backendRef
5085 type: object
5086 requestRedirect:
5087 description: "RequestRedirect defines a schema for
5088 a filter that responds to the request with an
5089 HTTP redirection. \n Support: Core"
5090 properties:
5091 hostname:
5092 description: "Hostname is the hostname to be
5093 used in the value of the `Location` header
5094 in the response. When empty, the hostname
5095 in the `Host` header of the request is used.
5096 \n Support: Core"
5097 maxLength: 253
5098 minLength: 1
5099 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5100 type: string
5101 path:
5102 description: "Path defines parameters used to
5103 modify the path of the incoming request. The
5104 modified path is then used to construct the
5105 `Location` header. When empty, the request
5106 path is used as-is. \n Support: Extended"
5107 properties:
5108 replaceFullPath:
5109 description: ReplaceFullPath specifies the
5110 value with which to replace the full path
5111 of a request during a rewrite or redirect.
5112 maxLength: 1024
5113 type: string
5114 replacePrefixMatch:
5115 description: "ReplacePrefixMatch specifies
5116 the value with which to replace the prefix
5117 match of a request during a rewrite or
5118 redirect. For example, a request to \"/foo/bar\"
5119 with a prefix match of \"/foo\" and a
5120 ReplacePrefixMatch of \"/xyz\" would be
5121 modified to \"/xyz/bar\". \n Note that
5122 this matches the behavior of the PathPrefix
5123 match type. This matches full path elements.
5124 A path element refers to the list of labels
5125 in the path split by the `/` separator.
5126 When specified, a trailing `/` is ignored.
5127 For example, the paths `/abc`, `/abc/`,
5128 and `/abc/def` would all match the prefix
5129 `/abc`, but the path `/abcd` would not.
5130 \n ReplacePrefixMatch is only compatible
5131 with a `PathPrefix` HTTPRouteMatch. Using
5132 any other HTTPRouteMatch type on the same
5133 HTTPRouteRule will result in the implementation
5134 setting the Accepted Condition for the
5135 Route to `status: False`. \n Request Path
5136 | Prefix Match | Replace Prefix | Modified
5137 Path -------------|--------------|----------------|----------
5138 /foo/bar | /foo | /xyz |
5139 /xyz/bar /foo/bar | /foo |
5140 /xyz/ | /xyz/bar /foo/bar |
5141 /foo/ | /xyz | /xyz/bar
5142 /foo/bar | /foo/ | /xyz/ |
5143 /xyz/bar /foo | /foo |
5144 /xyz | /xyz /foo/ | /foo
5145 \ | /xyz | /xyz/ /foo/bar
5146 \ | /foo | <empty string> |
5147 /bar /foo/ | /foo | <empty
5148 string> | / /foo | /foo |
5149 <empty string> | / /foo/ | /foo
5150 \ | / | / /foo |
5151 /foo | / | /"
5152 maxLength: 1024
5153 type: string
5154 type:
5155 description: "Type defines the type of path
5156 modifier. Additional types may be added
5157 in a future release of the API. \n Note
5158 that values may be added to this enum,
5159 implementations must ensure that unknown
5160 values will not cause a crash. \n Unknown
5161 values here must result in the implementation
5162 setting the Accepted Condition for the
5163 Route to `status: False`, with a Reason
5164 of `UnsupportedValue`."
5165 enum:
5166 - ReplaceFullPath
5167 - ReplacePrefixMatch
5168 type: string
5169 required:
5170 - type
5171 type: object
5172 x-kubernetes-validations:
5173 - message: replaceFullPath must be specified
5174 when type is set to 'ReplaceFullPath'
5175 rule: 'self.type == ''ReplaceFullPath'' ?
5176 has(self.replaceFullPath) : true'
5177 - message: type must be 'ReplaceFullPath' when
5178 replaceFullPath is set
5179 rule: 'has(self.replaceFullPath) ? self.type
5180 == ''ReplaceFullPath'' : true'
5181 - message: replacePrefixMatch must be specified
5182 when type is set to 'ReplacePrefixMatch'
5183 rule: 'self.type == ''ReplacePrefixMatch''
5184 ? has(self.replacePrefixMatch) : true'
5185 - message: type must be 'ReplacePrefixMatch'
5186 when replacePrefixMatch is set
5187 rule: 'has(self.replacePrefixMatch) ? self.type
5188 == ''ReplacePrefixMatch'' : true'
5189 port:
5190 description: "Port is the port to be used in
5191 the value of the `Location` header in the
5192 response. \n If no port is specified, the
5193 redirect port MUST be derived using the following
5194 rules: \n * If redirect scheme is not-empty,
5195 the redirect port MUST be the well-known port
5196 associated with the redirect scheme. Specifically
5197 \"http\" to port 80 and \"https\" to port
5198 443. If the redirect scheme does not have
5199 a well-known port, the listener port of the
5200 Gateway SHOULD be used. * If redirect scheme
5201 is empty, the redirect port MUST be the Gateway
5202 Listener port. \n Implementations SHOULD NOT
5203 add the port number in the 'Location' header
5204 in the following cases: \n * A Location header
5205 that will use HTTP (whether that is determined
5206 via the Listener protocol or the Scheme field)
5207 _and_ use port 80. * A Location header that
5208 will use HTTPS (whether that is determined
5209 via the Listener protocol or the Scheme field)
5210 _and_ use port 443. \n Support: Extended"
5211 format: int32
5212 maximum: 65535
5213 minimum: 1
5214 type: integer
5215 scheme:
5216 description: "Scheme is the scheme to be used
5217 in the value of the `Location` header in the
5218 response. When empty, the scheme of the request
5219 is used. \n Scheme redirects can affect the
5220 port of the redirect, for more information,
5221 refer to the documentation for the port field
5222 of this filter. \n Note that values may be
5223 added to this enum, implementations must ensure
5224 that unknown values will not cause a crash.
5225 \n Unknown values here must result in the
5226 implementation setting the Accepted Condition
5227 for the Route to `status: False`, with a Reason
5228 of `UnsupportedValue`. \n Support: Extended"
5229 enum:
5230 - http
5231 - https
5232 type: string
5233 statusCode:
5234 default: 302
5235 description: "StatusCode is the HTTP status
5236 code to be used in response. \n Note that
5237 values may be added to this enum, implementations
5238 must ensure that unknown values will not cause
5239 a crash. \n Unknown values here must result
5240 in the implementation setting the Accepted
5241 Condition for the Route to `status: False`,
5242 with a Reason of `UnsupportedValue`. \n Support:
5243 Core"
5244 enum:
5245 - 301
5246 - 302
5247 type: integer
5248 type: object
5249 responseHeaderModifier:
5250 description: "ResponseHeaderModifier defines a schema
5251 for a filter that modifies response headers. \n
5252 Support: Extended"
5253 properties:
5254 add:
5255 description: "Add adds the given header(s) (name,
5256 value) to the request before the action. It
5257 appends to any existing values associated
5258 with the header name. \n Input: GET /foo HTTP/1.1
5259 my-header: foo \n Config: add: - name: \"my-header\"
5260 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
5261 my-header: foo,bar,baz"
5262 items:
5263 description: HTTPHeader represents an HTTP
5264 Header name and value as defined by RFC
5265 7230.
5266 properties:
5267 name:
5268 description: "Name is the name of the
5269 HTTP Header to be matched. Name matching
5270 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
5271 \n If multiple entries specify equivalent
5272 header names, the first entry with an
5273 equivalent name MUST be considered for
5274 a match. Subsequent entries with an
5275 equivalent header name MUST be ignored.
5276 Due to the case-insensitivity of header
5277 names, \"foo\" and \"Foo\" are considered
5278 equivalent."
5279 maxLength: 256
5280 minLength: 1
5281 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5282 type: string
5283 value:
5284 description: Value is the value of HTTP
5285 Header to be matched.
5286 maxLength: 4096
5287 minLength: 1
5288 type: string
5289 required:
5290 - name
5291 - value
5292 type: object
5293 maxItems: 16
5294 type: array
5295 x-kubernetes-list-map-keys:
5296 - name
5297 x-kubernetes-list-type: map
5298 remove:
5299 description: "Remove the given header(s) from
5300 the HTTP request before the action. The value
5301 of Remove is a list of HTTP header names.
5302 Note that the header names are case-insensitive
5303 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
5304 \n Input: GET /foo HTTP/1.1 my-header1: foo
5305 my-header2: bar my-header3: baz \n Config:
5306 remove: [\"my-header1\", \"my-header3\"] \n
5307 Output: GET /foo HTTP/1.1 my-header2: bar"
5308 items:
5309 type: string
5310 maxItems: 16
5311 type: array
5312 x-kubernetes-list-type: set
5313 set:
5314 description: "Set overwrites the request with
5315 the given header (name, value) before the
5316 action. \n Input: GET /foo HTTP/1.1 my-header:
5317 foo \n Config: set: - name: \"my-header\"
5318 value: \"bar\" \n Output: GET /foo HTTP/1.1
5319 my-header: bar"
5320 items:
5321 description: HTTPHeader represents an HTTP
5322 Header name and value as defined by RFC
5323 7230.
5324 properties:
5325 name:
5326 description: "Name is the name of the
5327 HTTP Header to be matched. Name matching
5328 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
5329 \n If multiple entries specify equivalent
5330 header names, the first entry with an
5331 equivalent name MUST be considered for
5332 a match. Subsequent entries with an
5333 equivalent header name MUST be ignored.
5334 Due to the case-insensitivity of header
5335 names, \"foo\" and \"Foo\" are considered
5336 equivalent."
5337 maxLength: 256
5338 minLength: 1
5339 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5340 type: string
5341 value:
5342 description: Value is the value of HTTP
5343 Header to be matched.
5344 maxLength: 4096
5345 minLength: 1
5346 type: string
5347 required:
5348 - name
5349 - value
5350 type: object
5351 maxItems: 16
5352 type: array
5353 x-kubernetes-list-map-keys:
5354 - name
5355 x-kubernetes-list-type: map
5356 type: object
5357 type:
5358 description: "Type identifies the type of filter
5359 to apply. As with other API fields, types are
5360 classified into three conformance levels: \n -
5361 Core: Filter types and their corresponding configuration
5362 defined by \"Support: Core\" in this package,
5363 e.g. \"RequestHeaderModifier\". All implementations
5364 must support core filters. \n - Extended: Filter
5365 types and their corresponding configuration defined
5366 by \"Support: Extended\" in this package, e.g.
5367 \"RequestMirror\". Implementers are encouraged
5368 to support extended filters. \n - Implementation-specific:
5369 Filters that are defined and supported by specific
5370 vendors. In the future, filters showing convergence
5371 in behavior across multiple implementations will
5372 be considered for inclusion in extended or core
5373 conformance levels. Filter-specific configuration
5374 for such filters is specified using the ExtensionRef
5375 field. `Type` should be set to \"ExtensionRef\"
5376 for custom filters. \n Implementers are encouraged
5377 to define custom implementation types to extend
5378 the core API with implementation-specific behavior.
5379 \n If a reference to a custom filter type cannot
5380 be resolved, the filter MUST NOT be skipped. Instead,
5381 requests that would have been processed by that
5382 filter MUST receive a HTTP error response. \n
5383 Note that values may be added to this enum, implementations
5384 must ensure that unknown values will not cause
5385 a crash. \n Unknown values here must result in
5386 the implementation setting the Accepted Condition
5387 for the Route to `status: False`, with a Reason
5388 of `UnsupportedValue`."
5389 enum:
5390 - RequestHeaderModifier
5391 - ResponseHeaderModifier
5392 - RequestMirror
5393 - RequestRedirect
5394 - URLRewrite
5395 - ExtensionRef
5396 type: string
5397 urlRewrite:
5398 description: "URLRewrite defines a schema for a
5399 filter that modifies a request during forwarding.
5400 \n Support: Extended"
5401 properties:
5402 hostname:
5403 description: "Hostname is the value to be used
5404 to replace the Host header value during forwarding.
5405 \n Support: Extended"
5406 maxLength: 253
5407 minLength: 1
5408 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5409 type: string
5410 path:
5411 description: "Path defines a path rewrite. \n
5412 Support: Extended"
5413 properties:
5414 replaceFullPath:
5415 description: ReplaceFullPath specifies the
5416 value with which to replace the full path
5417 of a request during a rewrite or redirect.
5418 maxLength: 1024
5419 type: string
5420 replacePrefixMatch:
5421 description: "ReplacePrefixMatch specifies
5422 the value with which to replace the prefix
5423 match of a request during a rewrite or
5424 redirect. For example, a request to \"/foo/bar\"
5425 with a prefix match of \"/foo\" and a
5426 ReplacePrefixMatch of \"/xyz\" would be
5427 modified to \"/xyz/bar\". \n Note that
5428 this matches the behavior of the PathPrefix
5429 match type. This matches full path elements.
5430 A path element refers to the list of labels
5431 in the path split by the `/` separator.
5432 When specified, a trailing `/` is ignored.
5433 For example, the paths `/abc`, `/abc/`,
5434 and `/abc/def` would all match the prefix
5435 `/abc`, but the path `/abcd` would not.
5436 \n ReplacePrefixMatch is only compatible
5437 with a `PathPrefix` HTTPRouteMatch. Using
5438 any other HTTPRouteMatch type on the same
5439 HTTPRouteRule will result in the implementation
5440 setting the Accepted Condition for the
5441 Route to `status: False`. \n Request Path
5442 | Prefix Match | Replace Prefix | Modified
5443 Path -------------|--------------|----------------|----------
5444 /foo/bar | /foo | /xyz |
5445 /xyz/bar /foo/bar | /foo |
5446 /xyz/ | /xyz/bar /foo/bar |
5447 /foo/ | /xyz | /xyz/bar
5448 /foo/bar | /foo/ | /xyz/ |
5449 /xyz/bar /foo | /foo |
5450 /xyz | /xyz /foo/ | /foo
5451 \ | /xyz | /xyz/ /foo/bar
5452 \ | /foo | <empty string> |
5453 /bar /foo/ | /foo | <empty
5454 string> | / /foo | /foo |
5455 <empty string> | / /foo/ | /foo
5456 \ | / | / /foo |
5457 /foo | / | /"
5458 maxLength: 1024
5459 type: string
5460 type:
5461 description: "Type defines the type of path
5462 modifier. Additional types may be added
5463 in a future release of the API. \n Note
5464 that values may be added to this enum,
5465 implementations must ensure that unknown
5466 values will not cause a crash. \n Unknown
5467 values here must result in the implementation
5468 setting the Accepted Condition for the
5469 Route to `status: False`, with a Reason
5470 of `UnsupportedValue`."
5471 enum:
5472 - ReplaceFullPath
5473 - ReplacePrefixMatch
5474 type: string
5475 required:
5476 - type
5477 type: object
5478 x-kubernetes-validations:
5479 - message: replaceFullPath must be specified
5480 when type is set to 'ReplaceFullPath'
5481 rule: 'self.type == ''ReplaceFullPath'' ?
5482 has(self.replaceFullPath) : true'
5483 - message: type must be 'ReplaceFullPath' when
5484 replaceFullPath is set
5485 rule: 'has(self.replaceFullPath) ? self.type
5486 == ''ReplaceFullPath'' : true'
5487 - message: replacePrefixMatch must be specified
5488 when type is set to 'ReplacePrefixMatch'
5489 rule: 'self.type == ''ReplacePrefixMatch''
5490 ? has(self.replacePrefixMatch) : true'
5491 - message: type must be 'ReplacePrefixMatch'
5492 when replacePrefixMatch is set
5493 rule: 'has(self.replacePrefixMatch) ? self.type
5494 == ''ReplacePrefixMatch'' : true'
5495 type: object
5496 required:
5497 - type
5498 type: object
5499 x-kubernetes-validations:
5500 - message: filter.requestHeaderModifier must be nil
5501 if the filter.type is not RequestHeaderModifier
5502 rule: '!(has(self.requestHeaderModifier) && self.type
5503 != ''RequestHeaderModifier'')'
5504 - message: filter.requestHeaderModifier must be specified
5505 for RequestHeaderModifier filter.type
5506 rule: '!(!has(self.requestHeaderModifier) && self.type
5507 == ''RequestHeaderModifier'')'
5508 - message: filter.responseHeaderModifier must be nil
5509 if the filter.type is not ResponseHeaderModifier
5510 rule: '!(has(self.responseHeaderModifier) && self.type
5511 != ''ResponseHeaderModifier'')'
5512 - message: filter.responseHeaderModifier must be specified
5513 for ResponseHeaderModifier filter.type
5514 rule: '!(!has(self.responseHeaderModifier) && self.type
5515 == ''ResponseHeaderModifier'')'
5516 - message: filter.requestMirror must be nil if the filter.type
5517 is not RequestMirror
5518 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
5519 - message: filter.requestMirror must be specified for
5520 RequestMirror filter.type
5521 rule: '!(!has(self.requestMirror) && self.type ==
5522 ''RequestMirror'')'
5523 - message: filter.requestRedirect must be nil if the
5524 filter.type is not RequestRedirect
5525 rule: '!(has(self.requestRedirect) && self.type !=
5526 ''RequestRedirect'')'
5527 - message: filter.requestRedirect must be specified
5528 for RequestRedirect filter.type
5529 rule: '!(!has(self.requestRedirect) && self.type ==
5530 ''RequestRedirect'')'
5531 - message: filter.urlRewrite must be nil if the filter.type
5532 is not URLRewrite
5533 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
5534 - message: filter.urlRewrite must be specified for URLRewrite
5535 filter.type
5536 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
5537 - message: filter.extensionRef must be nil if the filter.type
5538 is not ExtensionRef
5539 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
5540 - message: filter.extensionRef must be specified for
5541 ExtensionRef filter.type
5542 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
5543 maxItems: 16
5544 type: array
5545 x-kubernetes-validations:
5546 - message: May specify either httpRouteFilterRequestRedirect
5547 or httpRouteFilterRequestRewrite, but not both
5548 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
5549 && self.exists(f, f.type == ''URLRewrite''))'
5550 - message: May specify either httpRouteFilterRequestRedirect
5551 or httpRouteFilterRequestRewrite, but not both
5552 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
5553 && self.exists(f, f.type == ''URLRewrite''))'
5554 - message: RequestHeaderModifier filter cannot be repeated
5555 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
5556 <= 1
5557 - message: ResponseHeaderModifier filter cannot be repeated
5558 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
5559 <= 1
5560 - message: RequestRedirect filter cannot be repeated
5561 rule: self.filter(f, f.type == 'RequestRedirect').size()
5562 <= 1
5563 - message: URLRewrite filter cannot be repeated
5564 rule: self.filter(f, f.type == 'URLRewrite').size()
5565 <= 1
5566 group:
5567 default: ""
5568 description: Group is the group of the referent. For example,
5569 "gateway.networking.k8s.io". When unspecified or empty
5570 string, core API group is inferred.
5571 maxLength: 253
5572 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5573 type: string
5574 kind:
5575 default: Service
5576 description: "Kind is the Kubernetes resource kind of
5577 the referent. For example \"Service\". \n Defaults to
5578 \"Service\" when not specified. \n ExternalName services
5579 can refer to CNAME DNS records that may live outside
5580 of the cluster and as such are difficult to reason about
5581 in terms of conformance. They also may not be safe to
5582 forward to (see CVE-2021-25740 for more information).
5583 Implementations SHOULD NOT support ExternalName Services.
5584 \n Support: Core (Services with a type other than ExternalName)
5585 \n Support: Implementation-specific (Services with type
5586 ExternalName)"
5587 maxLength: 63
5588 minLength: 1
5589 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5590 type: string
5591 name:
5592 description: Name is the name of the referent.
5593 maxLength: 253
5594 minLength: 1
5595 type: string
5596 namespace:
5597 description: "Namespace is the namespace of the backend.
5598 When unspecified, the local namespace is inferred. \n
5599 Note that when a namespace different than the local
5600 namespace is specified, a ReferenceGrant object is required
5601 in the referent namespace to allow that namespace's
5602 owner to accept the reference. See the ReferenceGrant
5603 documentation for details. \n Support: Core"
5604 maxLength: 63
5605 minLength: 1
5606 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
5607 type: string
5608 port:
5609 description: Port specifies the destination port number
5610 to use for this resource. Port is required when the
5611 referent is a Kubernetes Service. In this case, the
5612 port number is the service port number, not the target
5613 port. For other resources, destination port might be
5614 derived from the referent resource or this field.
5615 format: int32
5616 maximum: 65535
5617 minimum: 1
5618 type: integer
5619 weight:
5620 default: 1
5621 description: "Weight specifies the proportion of requests
5622 forwarded to the referenced backend. This is computed
5623 as weight/(sum of all weights in this BackendRefs list).
5624 For non-zero values, there may be some epsilon from
5625 the exact proportion defined here depending on the precision
5626 an implementation supports. Weight is not a percentage
5627 and the sum of weights does not need to equal 100. \n
5628 If only one backend is specified and it has a weight
5629 greater than 0, 100% of the traffic is forwarded to
5630 that backend. If weight is set to 0, no traffic should
5631 be forwarded for this entry. If unspecified, weight
5632 defaults to 1. \n Support for this field varies based
5633 on the context where used."
5634 format: int32
5635 maximum: 1000000
5636 minimum: 0
5637 type: integer
5638 required:
5639 - name
5640 type: object
5641 x-kubernetes-validations:
5642 - message: Must have port for Service reference
5643 rule: '(size(self.group) == 0 && self.kind == ''Service'')
5644 ? has(self.port) : true'
5645 maxItems: 16
5646 type: array
5647 filters:
5648 description: "Filters define the filters that are applied to
5649 requests that match this rule. \n The effects of ordering
5650 of multiple behaviors are currently unspecified. This can
5651 change in the future based on feedback during the alpha stage.
5652 \n Conformance-levels at this level are defined based on the
5653 type of filter: \n - ALL core filters MUST be supported by
5654 all implementations. - Implementers are encouraged to support
5655 extended filters. - Implementation-specific custom filters
5656 have no API guarantees across implementations. \n Specifying
5657 the same filter multiple times is not supported unless explicitly
5658 indicated in the filter. \n All filters are expected to be
5659 compatible with each other except for the URLRewrite and RequestRedirect
5660 filters, which may not be combined. If an implementation can
5661 not support other combinations of filters, they must clearly
5662 document that limitation. In cases where incompatible or unsupported
5663 filters are specified and cause the `Accepted` condition to
5664 be set to status `False`, implementations may use the `IncompatibleFilters`
5665 reason to specify this configuration error. \n Support: Core"
5666 items:
5667 description: HTTPRouteFilter defines processing steps that
5668 must be completed during the request or response lifecycle.
5669 HTTPRouteFilters are meant as an extension point to express
5670 processing that may be done in Gateway implementations.
5671 Some examples include request or response modification,
5672 implementing authentication strategies, rate-limiting, and
5673 traffic shaping. API guarantee/conformance is defined based
5674 on the type of the filter.
5675 properties:
5676 extensionRef:
5677 description: "ExtensionRef is an optional, implementation-specific
5678 extension to the \"filter\" behavior. For example,
5679 resource \"myroutefilter\" in group \"networking.example.net\").
5680 ExtensionRef MUST NOT be used for core and extended
5681 filters. \n This filter can be used multiple times within
5682 the same rule. \n Support: Implementation-specific"
5683 properties:
5684 group:
5685 description: Group is the group of the referent. For
5686 example, "gateway.networking.k8s.io". When unspecified
5687 or empty string, core API group is inferred.
5688 maxLength: 253
5689 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5690 type: string
5691 kind:
5692 description: Kind is kind of the referent. For example
5693 "HTTPRoute" or "Service".
5694 maxLength: 63
5695 minLength: 1
5696 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5697 type: string
5698 name:
5699 description: Name is the name of the referent.
5700 maxLength: 253
5701 minLength: 1
5702 type: string
5703 required:
5704 - group
5705 - kind
5706 - name
5707 type: object
5708 requestHeaderModifier:
5709 description: "RequestHeaderModifier defines a schema for
5710 a filter that modifies request headers. \n Support:
5711 Core"
5712 properties:
5713 add:
5714 description: "Add adds the given header(s) (name,
5715 value) to the request before the action. It appends
5716 to any existing values associated with the header
5717 name. \n Input: GET /foo HTTP/1.1 my-header: foo
5718 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
5719 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
5720 items:
5721 description: HTTPHeader represents an HTTP Header
5722 name and value as defined by RFC 7230.
5723 properties:
5724 name:
5725 description: "Name is the name of the HTTP Header
5726 to be matched. Name matching MUST be case
5727 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
5728 \n If multiple entries specify equivalent
5729 header names, the first entry with an equivalent
5730 name MUST be considered for a match. Subsequent
5731 entries with an equivalent header name MUST
5732 be ignored. Due to the case-insensitivity
5733 of header names, \"foo\" and \"Foo\" are considered
5734 equivalent."
5735 maxLength: 256
5736 minLength: 1
5737 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5738 type: string
5739 value:
5740 description: Value is the value of HTTP Header
5741 to be matched.
5742 maxLength: 4096
5743 minLength: 1
5744 type: string
5745 required:
5746 - name
5747 - value
5748 type: object
5749 maxItems: 16
5750 type: array
5751 x-kubernetes-list-map-keys:
5752 - name
5753 x-kubernetes-list-type: map
5754 remove:
5755 description: "Remove the given header(s) from the
5756 HTTP request before the action. The value of Remove
5757 is a list of HTTP header names. Note that the header
5758 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
5759 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
5760 bar my-header3: baz \n Config: remove: [\"my-header1\",
5761 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
5762 bar"
5763 items:
5764 type: string
5765 maxItems: 16
5766 type: array
5767 x-kubernetes-list-type: set
5768 set:
5769 description: "Set overwrites the request with the
5770 given header (name, value) before the action. \n
5771 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
5772 set: - name: \"my-header\" value: \"bar\" \n Output:
5773 GET /foo HTTP/1.1 my-header: bar"
5774 items:
5775 description: HTTPHeader represents an HTTP Header
5776 name and value as defined by RFC 7230.
5777 properties:
5778 name:
5779 description: "Name is the name of the HTTP Header
5780 to be matched. Name matching MUST be case
5781 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
5782 \n If multiple entries specify equivalent
5783 header names, the first entry with an equivalent
5784 name MUST be considered for a match. Subsequent
5785 entries with an equivalent header name MUST
5786 be ignored. Due to the case-insensitivity
5787 of header names, \"foo\" and \"Foo\" are considered
5788 equivalent."
5789 maxLength: 256
5790 minLength: 1
5791 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
5792 type: string
5793 value:
5794 description: Value is the value of HTTP Header
5795 to be matched.
5796 maxLength: 4096
5797 minLength: 1
5798 type: string
5799 required:
5800 - name
5801 - value
5802 type: object
5803 maxItems: 16
5804 type: array
5805 x-kubernetes-list-map-keys:
5806 - name
5807 x-kubernetes-list-type: map
5808 type: object
5809 requestMirror:
5810 description: "RequestMirror defines a schema for a filter
5811 that mirrors requests. Requests are sent to the specified
5812 destination, but responses from that destination are
5813 ignored. \n This filter can be used multiple times within
5814 the same rule. Note that not all implementations will
5815 be able to support mirroring to multiple backends. \n
5816 Support: Extended"
5817 properties:
5818 backendRef:
5819 description: "BackendRef references a resource where
5820 mirrored requests are sent. \n Mirrored requests
5821 must be sent only to a single destination endpoint
5822 within this BackendRef, irrespective of how many
5823 endpoints are present within this BackendRef. \n
5824 If the referent cannot be found, this BackendRef
5825 is invalid and must be dropped from the Gateway.
5826 The controller must ensure the \"ResolvedRefs\"
5827 condition on the Route status is set to `status:
5828 False` and not configure this backend in the underlying
5829 implementation. \n If there is a cross-namespace
5830 reference to an *existing* object that is not allowed
5831 by a ReferenceGrant, the controller must ensure
5832 the \"ResolvedRefs\" condition on the Route is
5833 set to `status: False`, with the \"RefNotPermitted\"
5834 reason and not configure this backend in the underlying
5835 implementation. \n In either error case, the Message
5836 of the `ResolvedRefs` Condition should be used to
5837 provide more detail about the problem. \n Support:
5838 Extended for Kubernetes Service \n Support: Implementation-specific
5839 for any other resource"
5840 properties:
5841 group:
5842 default: ""
5843 description: Group is the group of the referent.
5844 For example, "gateway.networking.k8s.io". When
5845 unspecified or empty string, core API group
5846 is inferred.
5847 maxLength: 253
5848 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5849 type: string
5850 kind:
5851 default: Service
5852 description: "Kind is the Kubernetes resource
5853 kind of the referent. For example \"Service\".
5854 \n Defaults to \"Service\" when not specified.
5855 \n ExternalName services can refer to CNAME
5856 DNS records that may live outside of the cluster
5857 and as such are difficult to reason about in
5858 terms of conformance. They also may not be safe
5859 to forward to (see CVE-2021-25740 for more information).
5860 Implementations SHOULD NOT support ExternalName
5861 Services. \n Support: Core (Services with a
5862 type other than ExternalName) \n Support: Implementation-specific
5863 (Services with type ExternalName)"
5864 maxLength: 63
5865 minLength: 1
5866 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
5867 type: string
5868 name:
5869 description: Name is the name of the referent.
5870 maxLength: 253
5871 minLength: 1
5872 type: string
5873 namespace:
5874 description: "Namespace is the namespace of the
5875 backend. When unspecified, the local namespace
5876 is inferred. \n Note that when a namespace different
5877 than the local namespace is specified, a ReferenceGrant
5878 object is required in the referent namespace
5879 to allow that namespace's owner to accept the
5880 reference. See the ReferenceGrant documentation
5881 for details. \n Support: Core"
5882 maxLength: 63
5883 minLength: 1
5884 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
5885 type: string
5886 port:
5887 description: Port specifies the destination port
5888 number to use for this resource. Port is required
5889 when the referent is a Kubernetes Service. In
5890 this case, the port number is the service port
5891 number, not the target port. For other resources,
5892 destination port might be derived from the referent
5893 resource or this field.
5894 format: int32
5895 maximum: 65535
5896 minimum: 1
5897 type: integer
5898 required:
5899 - name
5900 type: object
5901 x-kubernetes-validations:
5902 - message: Must have port for Service reference
5903 rule: '(size(self.group) == 0 && self.kind == ''Service'')
5904 ? has(self.port) : true'
5905 required:
5906 - backendRef
5907 type: object
5908 requestRedirect:
5909 description: "RequestRedirect defines a schema for a filter
5910 that responds to the request with an HTTP redirection.
5911 \n Support: Core"
5912 properties:
5913 hostname:
5914 description: "Hostname is the hostname to be used
5915 in the value of the `Location` header in the response.
5916 When empty, the hostname in the `Host` header of
5917 the request is used. \n Support: Core"
5918 maxLength: 253
5919 minLength: 1
5920 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
5921 type: string
5922 path:
5923 description: "Path defines parameters used to modify
5924 the path of the incoming request. The modified path
5925 is then used to construct the `Location` header.
5926 When empty, the request path is used as-is. \n Support:
5927 Extended"
5928 properties:
5929 replaceFullPath:
5930 description: ReplaceFullPath specifies the value
5931 with which to replace the full path of a request
5932 during a rewrite or redirect.
5933 maxLength: 1024
5934 type: string
5935 replacePrefixMatch:
5936 description: "ReplacePrefixMatch specifies the
5937 value with which to replace the prefix match
5938 of a request during a rewrite or redirect. For
5939 example, a request to \"/foo/bar\" with a prefix
5940 match of \"/foo\" and a ReplacePrefixMatch of
5941 \"/xyz\" would be modified to \"/xyz/bar\".
5942 \n Note that this matches the behavior of the
5943 PathPrefix match type. This matches full path
5944 elements. A path element refers to the list
5945 of labels in the path split by the `/` separator.
5946 When specified, a trailing `/` is ignored. For
5947 example, the paths `/abc`, `/abc/`, and `/abc/def`
5948 would all match the prefix `/abc`, but the path
5949 `/abcd` would not. \n ReplacePrefixMatch is
5950 only compatible with a `PathPrefix` HTTPRouteMatch.
5951 Using any other HTTPRouteMatch type on the same
5952 HTTPRouteRule will result in the implementation
5953 setting the Accepted Condition for the Route
5954 to `status: False`. \n Request Path | Prefix
5955 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
5956 /foo/bar | /foo | /xyz |
5957 /xyz/bar /foo/bar | /foo | /xyz/
5958 \ | /xyz/bar /foo/bar | /foo/ |
5959 /xyz | /xyz/bar /foo/bar | /foo/
5960 \ | /xyz/ | /xyz/bar /foo |
5961 /foo | /xyz | /xyz /foo/ |
5962 /foo | /xyz | /xyz/ /foo/bar
5963 \ | /foo | <empty string> | /bar
5964 /foo/ | /foo | <empty string>
5965 | / /foo | /foo | <empty string>
5966 | / /foo/ | /foo | / |
5967 / /foo | /foo | / |
5968 /"
5969 maxLength: 1024
5970 type: string
5971 type:
5972 description: "Type defines the type of path modifier.
5973 Additional types may be added in a future release
5974 of the API. \n Note that values may be added
5975 to this enum, implementations must ensure that
5976 unknown values will not cause a crash. \n Unknown
5977 values here must result in the implementation
5978 setting the Accepted Condition for the Route
5979 to `status: False`, with a Reason of `UnsupportedValue`."
5980 enum:
5981 - ReplaceFullPath
5982 - ReplacePrefixMatch
5983 type: string
5984 required:
5985 - type
5986 type: object
5987 x-kubernetes-validations:
5988 - message: replaceFullPath must be specified when
5989 type is set to 'ReplaceFullPath'
5990 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
5991 : true'
5992 - message: type must be 'ReplaceFullPath' when replaceFullPath
5993 is set
5994 rule: 'has(self.replaceFullPath) ? self.type ==
5995 ''ReplaceFullPath'' : true'
5996 - message: replacePrefixMatch must be specified when
5997 type is set to 'ReplacePrefixMatch'
5998 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
5999 : true'
6000 - message: type must be 'ReplacePrefixMatch' when
6001 replacePrefixMatch is set
6002 rule: 'has(self.replacePrefixMatch) ? self.type
6003 == ''ReplacePrefixMatch'' : true'
6004 port:
6005 description: "Port is the port to be used in the value
6006 of the `Location` header in the response. \n If
6007 no port is specified, the redirect port MUST be
6008 derived using the following rules: \n * If redirect
6009 scheme is not-empty, the redirect port MUST be the
6010 well-known port associated with the redirect scheme.
6011 Specifically \"http\" to port 80 and \"https\" to
6012 port 443. If the redirect scheme does not have a
6013 well-known port, the listener port of the Gateway
6014 SHOULD be used. * If redirect scheme is empty, the
6015 redirect port MUST be the Gateway Listener port.
6016 \n Implementations SHOULD NOT add the port number
6017 in the 'Location' header in the following cases:
6018 \n * A Location header that will use HTTP (whether
6019 that is determined via the Listener protocol or
6020 the Scheme field) _and_ use port 80. * A Location
6021 header that will use HTTPS (whether that is determined
6022 via the Listener protocol or the Scheme field) _and_
6023 use port 443. \n Support: Extended"
6024 format: int32
6025 maximum: 65535
6026 minimum: 1
6027 type: integer
6028 scheme:
6029 description: "Scheme is the scheme to be used in the
6030 value of the `Location` header in the response.
6031 When empty, the scheme of the request is used. \n
6032 Scheme redirects can affect the port of the redirect,
6033 for more information, refer to the documentation
6034 for the port field of this filter. \n Note that
6035 values may be added to this enum, implementations
6036 must ensure that unknown values will not cause a
6037 crash. \n Unknown values here must result in the
6038 implementation setting the Accepted Condition for
6039 the Route to `status: False`, with a Reason of `UnsupportedValue`.
6040 \n Support: Extended"
6041 enum:
6042 - http
6043 - https
6044 type: string
6045 statusCode:
6046 default: 302
6047 description: "StatusCode is the HTTP status code to
6048 be used in response. \n Note that values may be
6049 added to this enum, implementations must ensure
6050 that unknown values will not cause a crash. \n Unknown
6051 values here must result in the implementation setting
6052 the Accepted Condition for the Route to `status:
6053 False`, with a Reason of `UnsupportedValue`. \n
6054 Support: Core"
6055 enum:
6056 - 301
6057 - 302
6058 type: integer
6059 type: object
6060 responseHeaderModifier:
6061 description: "ResponseHeaderModifier defines a schema
6062 for a filter that modifies response headers. \n Support:
6063 Extended"
6064 properties:
6065 add:
6066 description: "Add adds the given header(s) (name,
6067 value) to the request before the action. It appends
6068 to any existing values associated with the header
6069 name. \n Input: GET /foo HTTP/1.1 my-header: foo
6070 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
6071 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
6072 items:
6073 description: HTTPHeader represents an HTTP Header
6074 name and value as defined by RFC 7230.
6075 properties:
6076 name:
6077 description: "Name is the name of the HTTP Header
6078 to be matched. Name matching MUST be case
6079 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
6080 \n If multiple entries specify equivalent
6081 header names, the first entry with an equivalent
6082 name MUST be considered for a match. Subsequent
6083 entries with an equivalent header name MUST
6084 be ignored. Due to the case-insensitivity
6085 of header names, \"foo\" and \"Foo\" are considered
6086 equivalent."
6087 maxLength: 256
6088 minLength: 1
6089 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
6090 type: string
6091 value:
6092 description: Value is the value of HTTP Header
6093 to be matched.
6094 maxLength: 4096
6095 minLength: 1
6096 type: string
6097 required:
6098 - name
6099 - value
6100 type: object
6101 maxItems: 16
6102 type: array
6103 x-kubernetes-list-map-keys:
6104 - name
6105 x-kubernetes-list-type: map
6106 remove:
6107 description: "Remove the given header(s) from the
6108 HTTP request before the action. The value of Remove
6109 is a list of HTTP header names. Note that the header
6110 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
6111 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
6112 bar my-header3: baz \n Config: remove: [\"my-header1\",
6113 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
6114 bar"
6115 items:
6116 type: string
6117 maxItems: 16
6118 type: array
6119 x-kubernetes-list-type: set
6120 set:
6121 description: "Set overwrites the request with the
6122 given header (name, value) before the action. \n
6123 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
6124 set: - name: \"my-header\" value: \"bar\" \n Output:
6125 GET /foo HTTP/1.1 my-header: bar"
6126 items:
6127 description: HTTPHeader represents an HTTP Header
6128 name and value as defined by RFC 7230.
6129 properties:
6130 name:
6131 description: "Name is the name of the HTTP Header
6132 to be matched. Name matching MUST be case
6133 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
6134 \n If multiple entries specify equivalent
6135 header names, the first entry with an equivalent
6136 name MUST be considered for a match. Subsequent
6137 entries with an equivalent header name MUST
6138 be ignored. Due to the case-insensitivity
6139 of header names, \"foo\" and \"Foo\" are considered
6140 equivalent."
6141 maxLength: 256
6142 minLength: 1
6143 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
6144 type: string
6145 value:
6146 description: Value is the value of HTTP Header
6147 to be matched.
6148 maxLength: 4096
6149 minLength: 1
6150 type: string
6151 required:
6152 - name
6153 - value
6154 type: object
6155 maxItems: 16
6156 type: array
6157 x-kubernetes-list-map-keys:
6158 - name
6159 x-kubernetes-list-type: map
6160 type: object
6161 type:
6162 description: "Type identifies the type of filter to apply.
6163 As with other API fields, types are classified into
6164 three conformance levels: \n - Core: Filter types and
6165 their corresponding configuration defined by \"Support:
6166 Core\" in this package, e.g. \"RequestHeaderModifier\".
6167 All implementations must support core filters. \n -
6168 Extended: Filter types and their corresponding configuration
6169 defined by \"Support: Extended\" in this package, e.g.
6170 \"RequestMirror\". Implementers are encouraged to support
6171 extended filters. \n - Implementation-specific: Filters
6172 that are defined and supported by specific vendors.
6173 In the future, filters showing convergence in behavior
6174 across multiple implementations will be considered for
6175 inclusion in extended or core conformance levels. Filter-specific
6176 configuration for such filters is specified using the
6177 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
6178 for custom filters. \n Implementers are encouraged to
6179 define custom implementation types to extend the core
6180 API with implementation-specific behavior. \n If a reference
6181 to a custom filter type cannot be resolved, the filter
6182 MUST NOT be skipped. Instead, requests that would have
6183 been processed by that filter MUST receive a HTTP error
6184 response. \n Note that values may be added to this enum,
6185 implementations must ensure that unknown values will
6186 not cause a crash. \n Unknown values here must result
6187 in the implementation setting the Accepted Condition
6188 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
6189 enum:
6190 - RequestHeaderModifier
6191 - ResponseHeaderModifier
6192 - RequestMirror
6193 - RequestRedirect
6194 - URLRewrite
6195 - ExtensionRef
6196 type: string
6197 urlRewrite:
6198 description: "URLRewrite defines a schema for a filter
6199 that modifies a request during forwarding. \n Support:
6200 Extended"
6201 properties:
6202 hostname:
6203 description: "Hostname is the value to be used to
6204 replace the Host header value during forwarding.
6205 \n Support: Extended"
6206 maxLength: 253
6207 minLength: 1
6208 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6209 type: string
6210 path:
6211 description: "Path defines a path rewrite. \n Support:
6212 Extended"
6213 properties:
6214 replaceFullPath:
6215 description: ReplaceFullPath specifies the value
6216 with which to replace the full path of a request
6217 during a rewrite or redirect.
6218 maxLength: 1024
6219 type: string
6220 replacePrefixMatch:
6221 description: "ReplacePrefixMatch specifies the
6222 value with which to replace the prefix match
6223 of a request during a rewrite or redirect. For
6224 example, a request to \"/foo/bar\" with a prefix
6225 match of \"/foo\" and a ReplacePrefixMatch of
6226 \"/xyz\" would be modified to \"/xyz/bar\".
6227 \n Note that this matches the behavior of the
6228 PathPrefix match type. This matches full path
6229 elements. A path element refers to the list
6230 of labels in the path split by the `/` separator.
6231 When specified, a trailing `/` is ignored. For
6232 example, the paths `/abc`, `/abc/`, and `/abc/def`
6233 would all match the prefix `/abc`, but the path
6234 `/abcd` would not. \n ReplacePrefixMatch is
6235 only compatible with a `PathPrefix` HTTPRouteMatch.
6236 Using any other HTTPRouteMatch type on the same
6237 HTTPRouteRule will result in the implementation
6238 setting the Accepted Condition for the Route
6239 to `status: False`. \n Request Path | Prefix
6240 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
6241 /foo/bar | /foo | /xyz |
6242 /xyz/bar /foo/bar | /foo | /xyz/
6243 \ | /xyz/bar /foo/bar | /foo/ |
6244 /xyz | /xyz/bar /foo/bar | /foo/
6245 \ | /xyz/ | /xyz/bar /foo |
6246 /foo | /xyz | /xyz /foo/ |
6247 /foo | /xyz | /xyz/ /foo/bar
6248 \ | /foo | <empty string> | /bar
6249 /foo/ | /foo | <empty string>
6250 | / /foo | /foo | <empty string>
6251 | / /foo/ | /foo | / |
6252 / /foo | /foo | / |
6253 /"
6254 maxLength: 1024
6255 type: string
6256 type:
6257 description: "Type defines the type of path modifier.
6258 Additional types may be added in a future release
6259 of the API. \n Note that values may be added
6260 to this enum, implementations must ensure that
6261 unknown values will not cause a crash. \n Unknown
6262 values here must result in the implementation
6263 setting the Accepted Condition for the Route
6264 to `status: False`, with a Reason of `UnsupportedValue`."
6265 enum:
6266 - ReplaceFullPath
6267 - ReplacePrefixMatch
6268 type: string
6269 required:
6270 - type
6271 type: object
6272 x-kubernetes-validations:
6273 - message: replaceFullPath must be specified when
6274 type is set to 'ReplaceFullPath'
6275 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
6276 : true'
6277 - message: type must be 'ReplaceFullPath' when replaceFullPath
6278 is set
6279 rule: 'has(self.replaceFullPath) ? self.type ==
6280 ''ReplaceFullPath'' : true'
6281 - message: replacePrefixMatch must be specified when
6282 type is set to 'ReplacePrefixMatch'
6283 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
6284 : true'
6285 - message: type must be 'ReplacePrefixMatch' when
6286 replacePrefixMatch is set
6287 rule: 'has(self.replacePrefixMatch) ? self.type
6288 == ''ReplacePrefixMatch'' : true'
6289 type: object
6290 required:
6291 - type
6292 type: object
6293 x-kubernetes-validations:
6294 - message: filter.requestHeaderModifier must be nil if the
6295 filter.type is not RequestHeaderModifier
6296 rule: '!(has(self.requestHeaderModifier) && self.type !=
6297 ''RequestHeaderModifier'')'
6298 - message: filter.requestHeaderModifier must be specified
6299 for RequestHeaderModifier filter.type
6300 rule: '!(!has(self.requestHeaderModifier) && self.type ==
6301 ''RequestHeaderModifier'')'
6302 - message: filter.responseHeaderModifier must be nil if the
6303 filter.type is not ResponseHeaderModifier
6304 rule: '!(has(self.responseHeaderModifier) && self.type !=
6305 ''ResponseHeaderModifier'')'
6306 - message: filter.responseHeaderModifier must be specified
6307 for ResponseHeaderModifier filter.type
6308 rule: '!(!has(self.responseHeaderModifier) && self.type
6309 == ''ResponseHeaderModifier'')'
6310 - message: filter.requestMirror must be nil if the filter.type
6311 is not RequestMirror
6312 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
6313 - message: filter.requestMirror must be specified for RequestMirror
6314 filter.type
6315 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')'
6316 - message: filter.requestRedirect must be nil if the filter.type
6317 is not RequestRedirect
6318 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')'
6319 - message: filter.requestRedirect must be specified for RequestRedirect
6320 filter.type
6321 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')'
6322 - message: filter.urlRewrite must be nil if the filter.type
6323 is not URLRewrite
6324 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
6325 - message: filter.urlRewrite must be specified for URLRewrite
6326 filter.type
6327 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
6328 - message: filter.extensionRef must be nil if the filter.type
6329 is not ExtensionRef
6330 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
6331 - message: filter.extensionRef must be specified for ExtensionRef
6332 filter.type
6333 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
6334 maxItems: 16
6335 type: array
6336 x-kubernetes-validations:
6337 - message: May specify either httpRouteFilterRequestRedirect
6338 or httpRouteFilterRequestRewrite, but not both
6339 rule: '!(self.exists(f, f.type == ''RequestRedirect'') &&
6340 self.exists(f, f.type == ''URLRewrite''))'
6341 - message: RequestHeaderModifier filter cannot be repeated
6342 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
6343 <= 1
6344 - message: ResponseHeaderModifier filter cannot be repeated
6345 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
6346 <= 1
6347 - message: RequestRedirect filter cannot be repeated
6348 rule: self.filter(f, f.type == 'RequestRedirect').size() <=
6349 1
6350 - message: URLRewrite filter cannot be repeated
6351 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1
6352 matches:
6353 default:
6354 - path:
6355 type: PathPrefix
6356 value: /
6357 description: "Matches define conditions used for matching the
6358 rule against incoming HTTP requests. Each match is independent,
6359 i.e. this rule will be matched if **any** one of the matches
6360 is satisfied. \n For example, take the following matches configuration:
6361 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
6362 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
6363 to match against this rule, a request must satisfy EITHER
6364 of the two conditions: \n - path prefixed with `/foo` AND
6365 contains the header `version: v2` - path prefix of `/v2/foo`
6366 \n See the documentation for HTTPRouteMatch on how to specify
6367 multiple match conditions that should be ANDed together. \n
6368 If no matches are specified, the default is a prefix path
6369 match on \"/\", which has the effect of matching every HTTP
6370 request. \n Proxy or Load Balancer routing configuration generated
6371 from HTTPRoutes MUST prioritize matches based on the following
6372 criteria, continuing on ties. Across all rules specified on
6373 applicable Routes, precedence must be given to the match having:
6374 \n * \"Exact\" path match. * \"Prefix\" path match with largest
6375 number of characters. * Method match. * Largest number of
6376 header matches. * Largest number of query param matches. \n
6377 Note: The precedence of RegularExpression path matches are
6378 implementation-specific. \n If ties still exist across multiple
6379 Routes, matching precedence MUST be determined in order of
6380 the following criteria, continuing on ties: \n * The oldest
6381 Route based on creation timestamp. * The Route appearing first
6382 in alphabetical order by \"{namespace}/{name}\". \n If ties
6383 still exist within an HTTPRoute, matching precedence MUST
6384 be granted to the FIRST matching rule (in list order) with
6385 a match meeting the above criteria. \n When no rules matching
6386 a request have been successfully attached to the parent a
6387 request is coming from, a HTTP 404 status code MUST be returned."
6388 items:
6389 description: "HTTPRouteMatch defines the predicate used to
6390 match requests to a given action. Multiple match types are
6391 ANDed together, i.e. the match will evaluate to true only
6392 if all conditions are satisfied. \n For example, the match
6393 below will match a HTTP request only if its path starts
6394 with `/foo` AND it contains the `version: v1` header: \n
6395 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
6396 value \"v1\" \n ```"
6397 properties:
6398 headers:
6399 description: Headers specifies HTTP request header matchers.
6400 Multiple match values are ANDed together, meaning, a
6401 request must match all the specified headers to select
6402 the route.
6403 items:
6404 description: HTTPHeaderMatch describes how to select
6405 a HTTP route by matching HTTP request headers.
6406 properties:
6407 name:
6408 description: "Name is the name of the HTTP Header
6409 to be matched. Name matching MUST be case insensitive.
6410 (See https://tools.ietf.org/html/rfc7230#section-3.2).
6411 \n If multiple entries specify equivalent header
6412 names, only the first entry with an equivalent
6413 name MUST be considered for a match. Subsequent
6414 entries with an equivalent header name MUST be
6415 ignored. Due to the case-insensitivity of header
6416 names, \"foo\" and \"Foo\" are considered equivalent.
6417 \n When a header is repeated in an HTTP request,
6418 it is implementation-specific behavior as to how
6419 this is represented. Generally, proxies should
6420 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
6421 regarding processing a repeated header, with special
6422 handling for \"Set-Cookie\"."
6423 maxLength: 256
6424 minLength: 1
6425 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
6426 type: string
6427 type:
6428 default: Exact
6429 description: "Type specifies how to match against
6430 the value of the header. \n Support: Core (Exact)
6431 \n Support: Implementation-specific (RegularExpression)
6432 \n Since RegularExpression HeaderMatchType has
6433 implementation-specific conformance, implementations
6434 can support POSIX, PCRE or any other dialects
6435 of regular expressions. Please read the implementation's
6436 documentation to determine the supported dialect."
6437 enum:
6438 - Exact
6439 - RegularExpression
6440 type: string
6441 value:
6442 description: Value is the value of HTTP Header to
6443 be matched.
6444 maxLength: 4096
6445 minLength: 1
6446 type: string
6447 required:
6448 - name
6449 - value
6450 type: object
6451 maxItems: 16
6452 type: array
6453 x-kubernetes-list-map-keys:
6454 - name
6455 x-kubernetes-list-type: map
6456 method:
6457 description: "Method specifies HTTP method matcher. When
6458 specified, this route will be matched only if the request
6459 has the specified method. \n Support: Extended"
6460 enum:
6461 - GET
6462 - HEAD
6463 - POST
6464 - PUT
6465 - DELETE
6466 - CONNECT
6467 - OPTIONS
6468 - TRACE
6469 - PATCH
6470 type: string
6471 path:
6472 default:
6473 type: PathPrefix
6474 value: /
6475 description: Path specifies a HTTP request path matcher.
6476 If this field is not specified, a default prefix match
6477 on the "/" path is provided.
6478 properties:
6479 type:
6480 default: PathPrefix
6481 description: "Type specifies how to match against
6482 the path Value. \n Support: Core (Exact, PathPrefix)
6483 \n Support: Implementation-specific (RegularExpression)"
6484 enum:
6485 - Exact
6486 - PathPrefix
6487 - RegularExpression
6488 type: string
6489 value:
6490 default: /
6491 description: Value of the HTTP path to match against.
6492 maxLength: 1024
6493 type: string
6494 type: object
6495 x-kubernetes-validations:
6496 - message: value must be an absolute path and start with
6497 '/' when type one of ['Exact', 'PathPrefix']
6498 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'')
6499 : true'
6500 - message: must not contain '//' when type one of ['Exact',
6501 'PathPrefix']
6502 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'')
6503 : true'
6504 - message: must not contain '/./' when type one of ['Exact',
6505 'PathPrefix']
6506 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'')
6507 : true'
6508 - message: must not contain '/../' when type one of ['Exact',
6509 'PathPrefix']
6510 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'')
6511 : true'
6512 - message: must not contain '%2f' when type one of ['Exact',
6513 'PathPrefix']
6514 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'')
6515 : true'
6516 - message: must not contain '%2F' when type one of ['Exact',
6517 'PathPrefix']
6518 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'')
6519 : true'
6520 - message: must not contain '#' when type one of ['Exact',
6521 'PathPrefix']
6522 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'')
6523 : true'
6524 - message: must not end with '/..' when type one of ['Exact',
6525 'PathPrefix']
6526 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'')
6527 : true'
6528 - message: must not end with '/.' when type one of ['Exact',
6529 'PathPrefix']
6530 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'')
6531 : true'
6532 - message: type must be one of ['Exact', 'PathPrefix',
6533 'RegularExpression']
6534 rule: self.type in ['Exact','PathPrefix'] || self.type
6535 == 'RegularExpression'
6536 - message: must only contain valid characters (matching
6537 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$)
6538 for types ['Exact', 'PathPrefix']
6539 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""")
6540 : true'
6541 queryParams:
6542 description: "QueryParams specifies HTTP query parameter
6543 matchers. Multiple match values are ANDed together,
6544 meaning, a request must match all the specified query
6545 parameters to select the route. \n Support: Extended"
6546 items:
6547 description: HTTPQueryParamMatch describes how to select
6548 a HTTP route by matching HTTP query parameters.
6549 properties:
6550 name:
6551 description: "Name is the name of the HTTP query
6552 param to be matched. This must be an exact string
6553 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
6554 \n If multiple entries specify equivalent query
6555 param names, only the first entry with an equivalent
6556 name MUST be considered for a match. Subsequent
6557 entries with an equivalent query param name MUST
6558 be ignored. \n If a query param is repeated in
6559 an HTTP request, the behavior is purposely left
6560 undefined, since different data planes have different
6561 capabilities. However, it is *recommended* that
6562 implementations should match against the first
6563 value of the param if the data plane supports
6564 it, as this behavior is expected in other load
6565 balancing contexts outside of the Gateway API.
6566 \n Users SHOULD NOT route traffic based on repeated
6567 query params to guard themselves against potential
6568 differences in the implementations."
6569 maxLength: 256
6570 minLength: 1
6571 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
6572 type: string
6573 type:
6574 default: Exact
6575 description: "Type specifies how to match against
6576 the value of the query parameter. \n Support:
6577 Extended (Exact) \n Support: Implementation-specific
6578 (RegularExpression) \n Since RegularExpression
6579 QueryParamMatchType has Implementation-specific
6580 conformance, implementations can support POSIX,
6581 PCRE or any other dialects of regular expressions.
6582 Please read the implementation's documentation
6583 to determine the supported dialect."
6584 enum:
6585 - Exact
6586 - RegularExpression
6587 type: string
6588 value:
6589 description: Value is the value of HTTP query param
6590 to be matched.
6591 maxLength: 1024
6592 minLength: 1
6593 type: string
6594 required:
6595 - name
6596 - value
6597 type: object
6598 maxItems: 16
6599 type: array
6600 x-kubernetes-list-map-keys:
6601 - name
6602 x-kubernetes-list-type: map
6603 type: object
6604 maxItems: 8
6605 type: array
6606 type: object
6607 x-kubernetes-validations:
6608 - message: RequestRedirect filter must not be used together with
6609 backendRefs
6610 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ?
6611 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))):
6612 true'
6613 - message: When using RequestRedirect filter with path.replacePrefixMatch,
6614 exactly one PathPrefix match must be specified
6615 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect)
6616 && has(f.requestRedirect.path) && f.requestRedirect.path.type
6617 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
6618 ? ((size(self.matches) != 1 || !has(self.matches[0].path) ||
6619 self.matches[0].path.type != ''PathPrefix'') ? false : true)
6620 : true'
6621 - message: When using URLRewrite filter with path.replacePrefixMatch,
6622 exactly one PathPrefix match must be specified
6623 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite)
6624 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
6625 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches)
6626 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
6627 != ''PathPrefix'') ? false : true) : true'
6628 - message: Within backendRefs, when using RequestRedirect filter
6629 with path.replacePrefixMatch, exactly one PathPrefix match must
6630 be specified
6631 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
6632 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect)
6633 && has(f.requestRedirect.path) && f.requestRedirect.path.type
6634 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
6635 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path)
6636 || self.matches[0].path.type != ''PathPrefix'') ? false : true)
6637 : true'
6638 - message: Within backendRefs, When using URLRewrite filter with
6639 path.replacePrefixMatch, exactly one PathPrefix match must be
6640 specified
6641 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
6642 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite)
6643 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
6644 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches)
6645 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
6646 != ''PathPrefix'') ? false : true) : true'
6647 maxItems: 16
6648 type: array
6649 type: object
6650 status:
6651 description: Status defines the current state of HTTPRoute.
6652 properties:
6653 parents:
6654 description: "Parents is a list of parent resources (usually Gateways)
6655 that are associated with the route, and the status of the route
6656 with respect to each parent. When this route attaches to a parent,
6657 the controller that manages the parent must add an entry to this
6658 list when the controller first sees the route and should update
6659 the entry as appropriate when the route or gateway is modified.
6660 \n Note that parent references that cannot be resolved by an implementation
6661 of this API will not be added to this list. Implementations of this
6662 API can only populate Route status for the Gateways/parent resources
6663 they are responsible for. \n A maximum of 32 Gateways will be represented
6664 in this list. An empty list means the route has not been attached
6665 to any Gateway."
6666 items:
6667 description: RouteParentStatus describes the status of a route with
6668 respect to an associated Parent.
6669 properties:
6670 conditions:
6671 description: "Conditions describes the status of the route with
6672 respect to the Gateway. Note that the route's availability
6673 is also subject to the Gateway's own status conditions and
6674 listener status. \n If the Route's ParentRef specifies an
6675 existing Gateway that supports Routes of this kind AND that
6676 Gateway's controller has sufficient access, then that Gateway's
6677 controller MUST set the \"Accepted\" condition on the Route,
6678 to indicate whether the route has been accepted or rejected
6679 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
6680 if at least one of the Route's rules is implemented by the
6681 Gateway. \n There are a number of cases where the \"Accepted\"
6682 condition may not be set due to lack of controller visibility,
6683 that includes when: \n * The Route refers to a non-existent
6684 parent. * The Route is of a type that the controller does
6685 not support. * The Route is in a namespace the controller
6686 does not have access to."
6687 items:
6688 description: "Condition contains details for one aspect of
6689 the current state of this API Resource. --- This struct
6690 is intended for direct use as an array at the field path
6691 .status.conditions. For example, \n type FooStatus struct{
6692 // Represents the observations of a foo's current state.
6693 // Known .status.conditions.type are: \"Available\", \"Progressing\",
6694 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
6695 // +listType=map // +listMapKey=type Conditions []metav1.Condition
6696 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
6697 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
6698 }"
6699 properties:
6700 lastTransitionTime:
6701 description: lastTransitionTime is the last time the condition
6702 transitioned from one status to another. This should
6703 be when the underlying condition changed. If that is
6704 not known, then using the time when the API field changed
6705 is acceptable.
6706 format: date-time
6707 type: string
6708 message:
6709 description: message is a human readable message indicating
6710 details about the transition. This may be an empty string.
6711 maxLength: 32768
6712 type: string
6713 observedGeneration:
6714 description: observedGeneration represents the .metadata.generation
6715 that the condition was set based upon. For instance,
6716 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
6717 is 9, the condition is out of date with respect to the
6718 current state of the instance.
6719 format: int64
6720 minimum: 0
6721 type: integer
6722 reason:
6723 description: reason contains a programmatic identifier
6724 indicating the reason for the condition's last transition.
6725 Producers of specific condition types may define expected
6726 values and meanings for this field, and whether the
6727 values are considered a guaranteed API. The value should
6728 be a CamelCase string. This field may not be empty.
6729 maxLength: 1024
6730 minLength: 1
6731 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
6732 type: string
6733 status:
6734 description: status of the condition, one of True, False,
6735 Unknown.
6736 enum:
6737 - "True"
6738 - "False"
6739 - Unknown
6740 type: string
6741 type:
6742 description: type of condition in CamelCase or in foo.example.com/CamelCase.
6743 --- Many .condition.type values are consistent across
6744 resources like Available, but because arbitrary conditions
6745 can be useful (see .node.status.conditions), the ability
6746 to deconflict is important. The regex it matches is
6747 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
6748 maxLength: 316
6749 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
6750 type: string
6751 required:
6752 - lastTransitionTime
6753 - message
6754 - reason
6755 - status
6756 - type
6757 type: object
6758 maxItems: 8
6759 minItems: 1
6760 type: array
6761 x-kubernetes-list-map-keys:
6762 - type
6763 x-kubernetes-list-type: map
6764 controllerName:
6765 description: "ControllerName is a domain/path string that indicates
6766 the name of the controller that wrote this status. This corresponds
6767 with the controllerName field on GatewayClass. \n Example:
6768 \"example.net/gateway-controller\". \n The format of this
6769 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
6770 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
6771 \n Controllers MUST populate this field when writing status.
6772 Controllers should ensure that entries to status populated
6773 with their ControllerName are cleaned up when they are no
6774 longer necessary."
6775 maxLength: 253
6776 minLength: 1
6777 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
6778 type: string
6779 parentRef:
6780 description: ParentRef corresponds with a ParentRef in the spec
6781 that this RouteParentStatus struct describes the status of.
6782 properties:
6783 group:
6784 default: gateway.networking.k8s.io
6785 description: "Group is the group of the referent. When unspecified,
6786 \"gateway.networking.k8s.io\" is inferred. To set the
6787 core API group (such as for a \"Service\" kind referent),
6788 Group must be explicitly set to \"\" (empty string). \n
6789 Support: Core"
6790 maxLength: 253
6791 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6792 type: string
6793 kind:
6794 default: Gateway
6795 description: "Kind is kind of the referent. \n There are
6796 two kinds of parent resources with \"Core\" support: \n
6797 * Gateway (Gateway conformance profile) * Service (Mesh
6798 conformance profile, experimental, ClusterIP Services
6799 only) \n Support for other resources is Implementation-Specific."
6800 maxLength: 63
6801 minLength: 1
6802 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
6803 type: string
6804 name:
6805 description: "Name is the name of the referent. \n Support:
6806 Core"
6807 maxLength: 253
6808 minLength: 1
6809 type: string
6810 namespace:
6811 description: "Namespace is the namespace of the referent.
6812 When unspecified, this refers to the local namespace of
6813 the Route. \n Note that there are specific rules for ParentRefs
6814 which cross namespace boundaries. Cross-namespace references
6815 are only valid if they are explicitly allowed by something
6816 in the namespace they are referring to. For example: Gateway
6817 has the AllowedRoutes field, and ReferenceGrant provides
6818 a generic way to enable any other kind of cross-namespace
6819 reference. \n \n Support: Core"
6820 maxLength: 63
6821 minLength: 1
6822 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
6823 type: string
6824 sectionName:
6825 description: "SectionName is the name of a section within
6826 the target resource. In the following resources, SectionName
6827 is interpreted as the following: \n * Gateway: Listener
6828 Name. When both Port (experimental) and SectionName are
6829 specified, the name and port of the selected listener
6830 must match both specified values. * Service: Port Name.
6831 When both Port (experimental) and SectionName are specified,
6832 the name and port of the selected listener must match
6833 both specified values. Note that attaching Routes to Services
6834 as Parents is part of experimental Mesh support and is
6835 not supported for any other purpose. \n Implementations
6836 MAY choose to support attaching Routes to other resources.
6837 If that is the case, they MUST clearly document how SectionName
6838 is interpreted. \n When unspecified (empty string), this
6839 will reference the entire resource. For the purpose of
6840 status, an attachment is considered successful if at least
6841 one section in the parent resource accepts it. For example,
6842 Gateway listeners can restrict which Routes can attach
6843 to them by Route kind, namespace, or hostname. If 1 of
6844 2 Gateway listeners accept attachment from the referencing
6845 Route, the Route MUST be considered successfully attached.
6846 If no Gateway listeners accept attachment from this Route,
6847 the Route MUST be considered detached from the Gateway.
6848 \n Support: Core"
6849 maxLength: 253
6850 minLength: 1
6851 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6852 type: string
6853 required:
6854 - name
6855 type: object
6856 required:
6857 - controllerName
6858 - parentRef
6859 type: object
6860 maxItems: 32
6861 type: array
6862 required:
6863 - parents
6864 type: object
6865 required:
6866 - spec
6867 type: object
6868 served: true
6869 storage: true
6870 subresources:
6871 status: {}
6872status:
6873 acceptedNames:
6874 kind: ""
6875 plural: ""
6876 conditions: null
6877 storedVersions: null
6878---
6879#
6880# config/crd/standard/gateway.networking.k8s.io_referencegrants.yaml
6881#
6882apiVersion: apiextensions.k8s.io/v1
6883kind: CustomResourceDefinition
6884metadata:
6885 annotations:
6886 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
6887 gateway.networking.k8s.io/bundle-version: v1.0.0-rc1
6888 gateway.networking.k8s.io/channel: standard
6889 creationTimestamp: null
6890 name: referencegrants.gateway.networking.k8s.io
6891spec:
6892 group: gateway.networking.k8s.io
6893 names:
6894 categories:
6895 - gateway-api
6896 kind: ReferenceGrant
6897 listKind: ReferenceGrantList
6898 plural: referencegrants
6899 shortNames:
6900 - refgrant
6901 singular: referencegrant
6902 scope: Namespaced
6903 versions:
6904 - additionalPrinterColumns:
6905 - jsonPath: .metadata.creationTimestamp
6906 name: Age
6907 type: date
6908 deprecated: true
6909 deprecationWarning: The v1alpha2 version of ReferenceGrant has been deprecated
6910 and will be removed in a future release of the API. Please upgrade to v1beta1.
6911 name: v1alpha2
6912 schema:
6913 openAPIV3Schema:
6914 description: "ReferenceGrant identifies kinds of resources in other namespaces
6915 that are trusted to reference the specified kinds of resources in the same
6916 namespace as the policy. \n Each ReferenceGrant can be used to represent
6917 a unique trust relationship. Additional Reference Grants can be used to
6918 add to the set of trusted sources of inbound references for the namespace
6919 they are defined within. \n A ReferenceGrant is required for all cross-namespace
6920 references in Gateway API (with the exception of cross-namespace Route-Gateway
6921 attachment, which is governed by the AllowedRoutes configuration on the
6922 Gateway, and cross-namespace Service ParentRefs on a \"consumer\" mesh Route,
6923 which defines routing rules applicable only to workloads in the Route namespace).
6924 ReferenceGrants allowing a reference from a Route to a Service are only
6925 applicable to BackendRefs. \n ReferenceGrant is a form of runtime verification
6926 allowing users to assert which cross-namespace object references are permitted.
6927 Implementations that support ReferenceGrant MUST NOT permit cross-namespace
6928 references which have no grant, and MUST respond to the removal of a grant
6929 by revoking the access that the grant allowed."
6930 properties:
6931 apiVersion:
6932 description: 'APIVersion defines the versioned schema of this representation
6933 of an object. Servers should convert recognized schemas to the latest
6934 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
6935 type: string
6936 kind:
6937 description: 'Kind is a string value representing the REST resource this
6938 object represents. Servers may infer this from the endpoint the client
6939 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
6940 type: string
6941 metadata:
6942 type: object
6943 spec:
6944 description: Spec defines the desired state of ReferenceGrant.
6945 properties:
6946 from:
6947 description: "From describes the trusted namespaces and kinds that
6948 can reference the resources described in \"To\". Each entry in this
6949 list MUST be considered to be an additional place that references
6950 can be valid from, or to put this another way, entries MUST be combined
6951 using OR. \n Support: Core"
6952 items:
6953 description: ReferenceGrantFrom describes trusted namespaces and
6954 kinds.
6955 properties:
6956 group:
6957 description: "Group is the group of the referent. When empty,
6958 the Kubernetes core API group is inferred. \n Support: Core"
6959 maxLength: 253
6960 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
6961 type: string
6962 kind:
6963 description: "Kind is the kind of the referent. Although implementations
6964 may support additional resources, the following types are
6965 part of the \"Core\" support level for this field. \n When
6966 used to permit a SecretObjectReference: \n * Gateway \n When
6967 used to permit a BackendObjectReference: \n * GRPCRoute *
6968 HTTPRoute * TCPRoute * TLSRoute * UDPRoute"
6969 maxLength: 63
6970 minLength: 1
6971 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
6972 type: string
6973 namespace:
6974 description: "Namespace is the namespace of the referent. \n
6975 Support: Core"
6976 maxLength: 63
6977 minLength: 1
6978 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
6979 type: string
6980 required:
6981 - group
6982 - kind
6983 - namespace
6984 type: object
6985 maxItems: 16
6986 minItems: 1
6987 type: array
6988 to:
6989 description: "To describes the resources that may be referenced by
6990 the resources described in \"From\". Each entry in this list MUST
6991 be considered to be an additional place that references can be valid
6992 to, or to put this another way, entries MUST be combined using OR.
6993 \n Support: Core"
6994 items:
6995 description: ReferenceGrantTo describes what Kinds are allowed as
6996 targets of the references.
6997 properties:
6998 group:
6999 description: "Group is the group of the referent. When empty,
7000 the Kubernetes core API group is inferred. \n Support: Core"
7001 maxLength: 253
7002 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7003 type: string
7004 kind:
7005 description: "Kind is the kind of the referent. Although implementations
7006 may support additional resources, the following types are
7007 part of the \"Core\" support level for this field: \n * Secret
7008 when used to permit a SecretObjectReference * Service when
7009 used to permit a BackendObjectReference"
7010 maxLength: 63
7011 minLength: 1
7012 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
7013 type: string
7014 name:
7015 description: Name is the name of the referent. When unspecified,
7016 this policy refers to all resources of the specified Group
7017 and Kind in the local namespace.
7018 maxLength: 253
7019 minLength: 1
7020 type: string
7021 required:
7022 - group
7023 - kind
7024 type: object
7025 maxItems: 16
7026 minItems: 1
7027 type: array
7028 required:
7029 - from
7030 - to
7031 type: object
7032 type: object
7033 served: true
7034 storage: false
7035 subresources: {}
7036 - additionalPrinterColumns:
7037 - jsonPath: .metadata.creationTimestamp
7038 name: Age
7039 type: date
7040 name: v1beta1
7041 schema:
7042 openAPIV3Schema:
7043 description: "ReferenceGrant identifies kinds of resources in other namespaces
7044 that are trusted to reference the specified kinds of resources in the same
7045 namespace as the policy. \n Each ReferenceGrant can be used to represent
7046 a unique trust relationship. Additional Reference Grants can be used to
7047 add to the set of trusted sources of inbound references for the namespace
7048 they are defined within. \n All cross-namespace references in Gateway API
7049 (with the exception of cross-namespace Gateway-route attachment) require
7050 a ReferenceGrant. \n ReferenceGrant is a form of runtime verification allowing
7051 users to assert which cross-namespace object references are permitted. Implementations
7052 that support ReferenceGrant MUST NOT permit cross-namespace references which
7053 have no grant, and MUST respond to the removal of a grant by revoking the
7054 access that the grant allowed."
7055 properties:
7056 apiVersion:
7057 description: 'APIVersion defines the versioned schema of this representation
7058 of an object. Servers should convert recognized schemas to the latest
7059 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
7060 type: string
7061 kind:
7062 description: 'Kind is a string value representing the REST resource this
7063 object represents. Servers may infer this from the endpoint the client
7064 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
7065 type: string
7066 metadata:
7067 type: object
7068 spec:
7069 description: Spec defines the desired state of ReferenceGrant.
7070 properties:
7071 from:
7072 description: "From describes the trusted namespaces and kinds that
7073 can reference the resources described in \"To\". Each entry in this
7074 list MUST be considered to be an additional place that references
7075 can be valid from, or to put this another way, entries MUST be combined
7076 using OR. \n Support: Core"
7077 items:
7078 description: ReferenceGrantFrom describes trusted namespaces and
7079 kinds.
7080 properties:
7081 group:
7082 description: "Group is the group of the referent. When empty,
7083 the Kubernetes core API group is inferred. \n Support: Core"
7084 maxLength: 253
7085 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7086 type: string
7087 kind:
7088 description: "Kind is the kind of the referent. Although implementations
7089 may support additional resources, the following types are
7090 part of the \"Core\" support level for this field. \n When
7091 used to permit a SecretObjectReference: \n * Gateway \n When
7092 used to permit a BackendObjectReference: \n * GRPCRoute *
7093 HTTPRoute * TCPRoute * TLSRoute * UDPRoute"
7094 maxLength: 63
7095 minLength: 1
7096 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
7097 type: string
7098 namespace:
7099 description: "Namespace is the namespace of the referent. \n
7100 Support: Core"
7101 maxLength: 63
7102 minLength: 1
7103 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
7104 type: string
7105 required:
7106 - group
7107 - kind
7108 - namespace
7109 type: object
7110 maxItems: 16
7111 minItems: 1
7112 type: array
7113 to:
7114 description: "To describes the resources that may be referenced by
7115 the resources described in \"From\". Each entry in this list MUST
7116 be considered to be an additional place that references can be valid
7117 to, or to put this another way, entries MUST be combined using OR.
7118 \n Support: Core"
7119 items:
7120 description: ReferenceGrantTo describes what Kinds are allowed as
7121 targets of the references.
7122 properties:
7123 group:
7124 description: "Group is the group of the referent. When empty,
7125 the Kubernetes core API group is inferred. \n Support: Core"
7126 maxLength: 253
7127 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
7128 type: string
7129 kind:
7130 description: "Kind is the kind of the referent. Although implementations
7131 may support additional resources, the following types are
7132 part of the \"Core\" support level for this field: \n * Secret
7133 when used to permit a SecretObjectReference * Service when
7134 used to permit a BackendObjectReference"
7135 maxLength: 63
7136 minLength: 1
7137 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
7138 type: string
7139 name:
7140 description: Name is the name of the referent. When unspecified,
7141 this policy refers to all resources of the specified Group
7142 and Kind in the local namespace.
7143 maxLength: 253
7144 minLength: 1
7145 type: string
7146 required:
7147 - group
7148 - kind
7149 type: object
7150 maxItems: 16
7151 minItems: 1
7152 type: array
7153 required:
7154 - from
7155 - to
7156 type: object
7157 type: object
7158 served: true
7159 storage: true
7160 subresources: {}
7161status:
7162 acceptedNames:
7163 kind: ""
7164 plural: ""
7165 conditions: null
7166 storedVersions: null
View as plain text