1 /* 2 Copyright 2020 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1 18 19 import ( 20 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 ) 22 23 // ParentReference identifies an API object (usually a Gateway) that can be considered 24 // a parent of this resource (usually a route). There are two kinds of parent resources 25 // with "Core" support: 26 // 27 // * Gateway (Gateway conformance profile) 28 // * Service (Mesh conformance profile, experimental, ClusterIP Services only) 29 // 30 // This API may be extended in the future to support additional kinds of parent 31 // resources. 32 // 33 // The API object must be valid in the cluster; the Group and Kind must 34 // be registered in the cluster for this reference to be valid. 35 type ParentReference struct { 36 // Group is the group of the referent. 37 // When unspecified, "gateway.networking.k8s.io" is inferred. 38 // To set the core API group (such as for a "Service" kind referent), 39 // Group must be explicitly set to "" (empty string). 40 // 41 // Support: Core 42 // 43 // +kubebuilder:default=gateway.networking.k8s.io 44 // +optional 45 Group *Group `json:"group,omitempty"` 46 47 // Kind is kind of the referent. 48 // 49 // There are two kinds of parent resources with "Core" support: 50 // 51 // * Gateway (Gateway conformance profile) 52 // * Service (Mesh conformance profile, experimental, ClusterIP Services only) 53 // 54 // Support for other resources is Implementation-Specific. 55 // 56 // +kubebuilder:default=Gateway 57 // +optional 58 Kind *Kind `json:"kind,omitempty"` 59 60 // Namespace is the namespace of the referent. When unspecified, this refers 61 // to the local namespace of the Route. 62 // 63 // Note that there are specific rules for ParentRefs which cross namespace 64 // boundaries. Cross-namespace references are only valid if they are explicitly 65 // allowed by something in the namespace they are referring to. For example: 66 // Gateway has the AllowedRoutes field, and ReferenceGrant provides a 67 // generic way to enable any other kind of cross-namespace reference. 68 // 69 // <gateway:experimental:description> 70 // ParentRefs from a Route to a Service in the same namespace are "producer" 71 // routes, which apply default routing rules to inbound connections from 72 // any namespace to the Service. 73 // 74 // ParentRefs from a Route to a Service in a different namespace are 75 // "consumer" routes, and these routing rules are only applied to outbound 76 // connections originating from the same namespace as the Route, for which 77 // the intended destination of the connections are a Service targeted as a 78 // ParentRef of the Route. 79 // </gateway:experimental:description> 80 // 81 // Support: Core 82 // 83 // +optional 84 Namespace *Namespace `json:"namespace,omitempty"` 85 86 // Name is the name of the referent. 87 // 88 // Support: Core 89 Name ObjectName `json:"name"` 90 91 // SectionName is the name of a section within the target resource. In the 92 // following resources, SectionName is interpreted as the following: 93 // 94 // * Gateway: Listener Name. When both Port (experimental) and SectionName 95 // are specified, the name and port of the selected listener must match 96 // both specified values. 97 // * Service: Port Name. When both Port (experimental) and SectionName 98 // are specified, the name and port of the selected listener must match 99 // both specified values. Note that attaching Routes to Services as Parents 100 // is part of experimental Mesh support and is not supported for any other 101 // purpose. 102 // 103 // Implementations MAY choose to support attaching Routes to other resources. 104 // If that is the case, they MUST clearly document how SectionName is 105 // interpreted. 106 // 107 // When unspecified (empty string), this will reference the entire resource. 108 // For the purpose of status, an attachment is considered successful if at 109 // least one section in the parent resource accepts it. For example, Gateway 110 // listeners can restrict which Routes can attach to them by Route kind, 111 // namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from 112 // the referencing Route, the Route MUST be considered successfully 113 // attached. If no Gateway listeners accept attachment from this Route, the 114 // Route MUST be considered detached from the Gateway. 115 // 116 // Support: Core 117 // 118 // +optional 119 SectionName *SectionName `json:"sectionName,omitempty"` 120 121 // Port is the network port this Route targets. It can be interpreted 122 // differently based on the type of parent resource. 123 // 124 // When the parent resource is a Gateway, this targets all listeners 125 // listening on the specified port that also support this kind of Route(and 126 // select this Route). It's not recommended to set `Port` unless the 127 // networking behaviors specified in a Route must apply to a specific port 128 // as opposed to a listener(s) whose port(s) may be changed. When both Port 129 // and SectionName are specified, the name and port of the selected listener 130 // must match both specified values. 131 // 132 // <gateway:experimental:description> 133 // When the parent resource is a Service, this targets a specific port in the 134 // Service spec. When both Port (experimental) and SectionName are specified, 135 // the name and port of the selected port must match both specified values. 136 // </gateway:experimental:description> 137 // 138 // Implementations MAY choose to support other parent resources. 139 // Implementations supporting other types of parent resources MUST clearly 140 // document how/if Port is interpreted. 141 // 142 // For the purpose of status, an attachment is considered successful as 143 // long as the parent resource accepts it partially. For example, Gateway 144 // listeners can restrict which Routes can attach to them by Route kind, 145 // namespace, or hostname. If 1 of 2 Gateway listeners accept attachment 146 // from the referencing Route, the Route MUST be considered successfully 147 // attached. If no Gateway listeners accept attachment from this Route, 148 // the Route MUST be considered detached from the Gateway. 149 // 150 // Support: Extended 151 // 152 // +optional 153 // <gateway:experimental> 154 Port *PortNumber `json:"port,omitempty"` 155 } 156 157 // CommonRouteSpec defines the common attributes that all Routes MUST include 158 // within their spec. 159 type CommonRouteSpec struct { 160 // ParentRefs references the resources (usually Gateways) that a Route wants 161 // to be attached to. Note that the referenced parent resource needs to 162 // allow this for the attachment to be complete. For Gateways, that means 163 // the Gateway needs to allow attachment from Routes of this kind and 164 // namespace. For Services, that means the Service must either be in the same 165 // namespace for a "producer" route, or the mesh implementation must support 166 // and allow "consumer" routes for the referenced Service. ReferenceGrant is 167 // not applicable for governing ParentRefs to Services - it is not possible to 168 // create a "producer" route for a Service in a different namespace from the 169 // Route. 170 // 171 // There are two kinds of parent resources with "Core" support: 172 // 173 // * Gateway (Gateway conformance profile) 174 // <gateway:experimental:description> 175 // * Service (Mesh conformance profile, experimental, ClusterIP Services only) 176 // </gateway:experimental:description> 177 // This API may be extended in the future to support additional kinds of parent 178 // resources. 179 // 180 // ParentRefs must be _distinct_. This means either that: 181 // 182 // * They select different objects. If this is the case, then parentRef 183 // entries are distinct. In terms of fields, this means that the 184 // multi-part key defined by `group`, `kind`, `namespace`, and `name` must 185 // be unique across all parentRef entries in the Route. 186 // * They do not select different objects, but for each optional field used, 187 // each ParentRef that selects the same object must set the same set of 188 // optional fields to different values. If one ParentRef sets a 189 // combination of optional fields, all must set the same combination. 190 // 191 // Some examples: 192 // 193 // * If one ParentRef sets `sectionName`, all ParentRefs referencing the 194 // same object must also set `sectionName`. 195 // * If one ParentRef sets `port`, all ParentRefs referencing the same 196 // object must also set `port`. 197 // * If one ParentRef sets `sectionName` and `port`, all ParentRefs 198 // referencing the same object must also set `sectionName` and `port`. 199 // 200 // It is possible to separately reference multiple distinct objects that may 201 // be collapsed by an implementation. For example, some implementations may 202 // choose to merge compatible Gateway Listeners together. If that is the 203 // case, the list of routes attached to those resources should also be 204 // merged. 205 // 206 // Note that for ParentRefs that cross namespace boundaries, there are specific 207 // rules. Cross-namespace references are only valid if they are explicitly 208 // allowed by something in the namespace they are referring to. For example, 209 // Gateway has the AllowedRoutes field, and ReferenceGrant provides a 210 // generic way to enable other kinds of cross-namespace reference. 211 // 212 // <gateway:experimental:description> 213 // ParentRefs from a Route to a Service in the same namespace are "producer" 214 // routes, which apply default routing rules to inbound connections from 215 // any namespace to the Service. 216 // 217 // ParentRefs from a Route to a Service in a different namespace are 218 // "consumer" routes, and these routing rules are only applied to outbound 219 // connections originating from the same namespace as the Route, for which 220 // the intended destination of the connections are a Service targeted as a 221 // ParentRef of the Route. 222 // </gateway:experimental:description> 223 // 224 // +optional 225 // +kubebuilder:validation:MaxItems=32 226 // <gateway:standard:validation:XValidation:message="sectionName must be specified when parentRefs includes 2 or more references to the same parent",rule="self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '')) : true))"> 227 // <gateway:standard:validation:XValidation:message="sectionName must be unique when parentRefs includes 2 or more references to the same parent",rule="self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName))))"> 228 // <gateway:experimental:validation:XValidation:message="sectionName or port must be specified when parentRefs includes 2 or more references to the same parent",rule="self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) || p2.port == 0)): true))"> 229 // <gateway:experimental:validation:XValidation:message="sectionName or port must be unique when parentRefs includes 2 or more references to the same parent",rule="self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port))))"> 230 ParentRefs []ParentReference `json:"parentRefs,omitempty"` 231 } 232 233 // PortNumber defines a network port. 234 // 235 // +kubebuilder:validation:Minimum=1 236 // +kubebuilder:validation:Maximum=65535 237 type PortNumber int32 238 239 // BackendRef defines how a Route should forward a request to a Kubernetes 240 // resource. 241 // 242 // Note that when a namespace different than the local namespace is specified, a 243 // ReferenceGrant object is required in the referent namespace to allow that 244 // namespace's owner to accept the reference. See the ReferenceGrant 245 // documentation for details. 246 // 247 // <gateway:experimental:description> 248 // 249 // When the BackendRef points to a Kubernetes Service, implementations SHOULD 250 // honor the appProtocol field if it is set for the target Service Port. 251 // 252 // Implementations supporting appProtocol SHOULD recognize the Kubernetes 253 // Standard Application Protocols defined in KEP-3726. 254 // 255 // If a Service appProtocol isn't specified, an implementation MAY infer the 256 // backend protocol through its own means. Implementations MAY infer the 257 // protocol from the Route type referring to the backend Service. 258 // 259 // If a Route is not able to send traffic to the backend using the specified 260 // protocol then the backend is considered invalid. Implementations MUST set the 261 // "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. 262 // 263 // </gateway:experimental:description> 264 // 265 // Note that when the BackendTLSPolicy object is enabled by the implementation, 266 // there are some extra rules about validity to consider here. See the fields 267 // where this struct is used for more information about the exact behavior. 268 type BackendRef struct { 269 // BackendObjectReference references a Kubernetes object. 270 BackendObjectReference `json:",inline"` 271 272 // Weight specifies the proportion of requests forwarded to the referenced 273 // backend. This is computed as weight/(sum of all weights in this 274 // BackendRefs list). For non-zero values, there may be some epsilon from 275 // the exact proportion defined here depending on the precision an 276 // implementation supports. Weight is not a percentage and the sum of 277 // weights does not need to equal 100. 278 // 279 // If only one backend is specified and it has a weight greater than 0, 100% 280 // of the traffic is forwarded to that backend. If weight is set to 0, no 281 // traffic should be forwarded for this entry. If unspecified, weight 282 // defaults to 1. 283 // 284 // Support for this field varies based on the context where used. 285 // 286 // +optional 287 // +kubebuilder:default=1 288 // +kubebuilder:validation:Minimum=0 289 // +kubebuilder:validation:Maximum=1000000 290 Weight *int32 `json:"weight,omitempty"` 291 } 292 293 // RouteConditionType is a type of condition for a route. 294 type RouteConditionType string 295 296 // RouteConditionReason is a reason for a route condition. 297 type RouteConditionReason string 298 299 const ( 300 // This condition indicates whether the route has been accepted or rejected 301 // by a Gateway, and why. 302 // 303 // Possible reasons for this condition to be True are: 304 // 305 // * "Accepted" 306 // 307 // Possible reasons for this condition to be False are: 308 // 309 // * "NotAllowedByListeners" 310 // * "NoMatchingListenerHostname" 311 // * "NoMatchingParent" 312 // * "UnsupportedValue" 313 // 314 // Possible reasons for this condition to be Unknown are: 315 // 316 // * "Pending" 317 // 318 // Controllers may raise this condition with other reasons, 319 // but should prefer to use the reasons listed above to improve 320 // interoperability. 321 RouteConditionAccepted RouteConditionType = "Accepted" 322 323 // This reason is used with the "Accepted" condition when the Route has been 324 // accepted by the Gateway. 325 RouteReasonAccepted RouteConditionReason = "Accepted" 326 327 // This reason is used with the "Accepted" condition when the route has not 328 // been accepted by a Gateway because the Gateway has no Listener whose 329 // allowedRoutes criteria permit the route 330 RouteReasonNotAllowedByListeners RouteConditionReason = "NotAllowedByListeners" 331 332 // This reason is used with the "Accepted" condition when the Gateway has no 333 // compatible Listeners whose Hostname matches the route 334 RouteReasonNoMatchingListenerHostname RouteConditionReason = "NoMatchingListenerHostname" 335 336 // This reason is used with the "Accepted" condition when there are 337 // no matching Parents. In the case of Gateways, this can occur when 338 // a Route ParentRef specifies a Port and/or SectionName that does not 339 // match any Listeners in the Gateway. 340 RouteReasonNoMatchingParent RouteConditionReason = "NoMatchingParent" 341 342 // This reason is used with the "Accepted" condition when a value for an Enum 343 // is not recognized. 344 RouteReasonUnsupportedValue RouteConditionReason = "UnsupportedValue" 345 346 // This reason is used with the "Accepted" when a controller has not yet 347 // reconciled the route. 348 RouteReasonPending RouteConditionReason = "Pending" 349 350 // This reason is used with the "Accepted" condition when there 351 // are incompatible filters present on a route rule (for example if 352 // the URLRewrite and RequestRedirect are both present on an HTTPRoute). 353 RouteReasonIncompatibleFilters RouteConditionReason = "IncompatibleFilters" 354 ) 355 356 const ( 357 // This condition indicates whether the controller was able to resolve all 358 // the object references for the Route. 359 // 360 // Possible reasons for this condition to be True are: 361 // 362 // * "ResolvedRefs" 363 // 364 // Possible reasons for this condition to be False are: 365 // 366 // * "RefNotPermitted" 367 // * "InvalidKind" 368 // * "BackendNotFound" 369 // * "UnsupportedProtocol" 370 // 371 // Controllers may raise this condition with other reasons, 372 // but should prefer to use the reasons listed above to improve 373 // interoperability. 374 RouteConditionResolvedRefs RouteConditionType = "ResolvedRefs" 375 376 // This reason is used with the "ResolvedRefs" condition when the condition 377 // is true. 378 RouteReasonResolvedRefs RouteConditionReason = "ResolvedRefs" 379 380 // This reason is used with the "ResolvedRefs" condition when 381 // one of the Listener's Routes has a BackendRef to an object in 382 // another namespace, where the object in the other namespace does 383 // not have a ReferenceGrant explicitly allowing the reference. 384 RouteReasonRefNotPermitted RouteConditionReason = "RefNotPermitted" 385 386 // This reason is used with the "ResolvedRefs" condition when 387 // one of the Route's rules has a reference to an unknown or unsupported 388 // Group and/or Kind. 389 RouteReasonInvalidKind RouteConditionReason = "InvalidKind" 390 391 // This reason is used with the "ResolvedRefs" condition when one of the 392 // Route's rules has a reference to a resource that does not exist. 393 RouteReasonBackendNotFound RouteConditionReason = "BackendNotFound" 394 395 // This reason is used with the "ResolvedRefs" condition when one of the 396 // Route's rules has a reference to a resource with an app protocol that 397 // is not supported by this implementation. 398 RouteReasonUnsupportedProtocol RouteConditionReason = "UnsupportedProtocol" 399 ) 400 401 const ( 402 // This condition indicates that the Route contains a combination of both 403 // valid and invalid rules. 404 // 405 // When this happens, implementations MUST take one of the following 406 // approaches: 407 // 408 // 1) Drop Rule(s): With this approach, implementations will drop the 409 // invalid Route Rule(s) until they are fully valid again. The message 410 // for this condition MUST start with the prefix "Dropped Rule" and 411 // include information about which Rules have been dropped. In this 412 // state, the "Accepted" condition MUST be set to "True" with the latest 413 // generation of the resource. 414 // 2) Fall Back: With this approach, implementations will fall back to the 415 // last known good state of the entire Route. The message for this 416 // condition MUST start with the prefix "Fall Back" and include 417 // information about why the current Rule(s) are invalid. To represent 418 // this, the "Accepted" condition MUST be set to "True" with the 419 // generation of the last known good state of the resource. 420 // 421 // Reverting to the last known good state should only be done by 422 // implementations that have a means of restoring that state if/when they 423 // are restarted. 424 // 425 // This condition MUST NOT be set if a Route is fully valid, fully invalid, 426 // or not accepted. By extension, that means that this condition MUST only 427 // be set when it is "True". 428 // 429 // Possible reasons for this condition to be True are: 430 // 431 // * "UnsupportedValue" 432 // 433 // Controllers may raise this condition with other reasons, but should 434 // prefer to use the reasons listed above to improve interoperability. 435 RouteConditionPartiallyInvalid RouteConditionType = "PartiallyInvalid" 436 ) 437 438 // RouteParentStatus describes the status of a route with respect to an 439 // associated Parent. 440 type RouteParentStatus struct { 441 // ParentRef corresponds with a ParentRef in the spec that this 442 // RouteParentStatus struct describes the status of. 443 ParentRef ParentReference `json:"parentRef"` 444 445 // ControllerName is a domain/path string that indicates the name of the 446 // controller that wrote this status. This corresponds with the 447 // controllerName field on GatewayClass. 448 // 449 // Example: "example.net/gateway-controller". 450 // 451 // The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are 452 // valid Kubernetes names 453 // (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). 454 // 455 // Controllers MUST populate this field when writing status. Controllers should ensure that 456 // entries to status populated with their ControllerName are cleaned up when they are no 457 // longer necessary. 458 ControllerName GatewayController `json:"controllerName"` 459 460 // Conditions describes the status of the route with respect to the Gateway. 461 // Note that the route's availability is also subject to the Gateway's own 462 // status conditions and listener status. 463 // 464 // If the Route's ParentRef specifies an existing Gateway that supports 465 // Routes of this kind AND that Gateway's controller has sufficient access, 466 // then that Gateway's controller MUST set the "Accepted" condition on the 467 // Route, to indicate whether the route has been accepted or rejected by the 468 // Gateway, and why. 469 // 470 // A Route MUST be considered "Accepted" if at least one of the Route's 471 // rules is implemented by the Gateway. 472 // 473 // There are a number of cases where the "Accepted" condition may not be set 474 // due to lack of controller visibility, that includes when: 475 // 476 // * The Route refers to a non-existent parent. 477 // * The Route is of a type that the controller does not support. 478 // * The Route is in a namespace the controller does not have access to. 479 // 480 // +listType=map 481 // +listMapKey=type 482 // +kubebuilder:validation:MinItems=1 483 // +kubebuilder:validation:MaxItems=8 484 Conditions []metav1.Condition `json:"conditions,omitempty"` 485 } 486 487 // RouteStatus defines the common attributes that all Routes MUST include within 488 // their status. 489 type RouteStatus struct { 490 // Parents is a list of parent resources (usually Gateways) that are 491 // associated with the route, and the status of the route with respect to 492 // each parent. When this route attaches to a parent, the controller that 493 // manages the parent must add an entry to this list when the controller 494 // first sees the route and should update the entry as appropriate when the 495 // route or gateway is modified. 496 // 497 // Note that parent references that cannot be resolved by an implementation 498 // of this API will not be added to this list. Implementations of this API 499 // can only populate Route status for the Gateways/parent resources they are 500 // responsible for. 501 // 502 // A maximum of 32 Gateways will be represented in this list. An empty list 503 // means the route has not been attached to any Gateway. 504 // 505 // +kubebuilder:validation:MaxItems=32 506 Parents []RouteParentStatus `json:"parents"` 507 } 508 509 // Hostname is the fully qualified domain name of a network host. This matches 510 // the RFC 1123 definition of a hostname with 2 notable exceptions: 511 // 512 // 1. IPs are not allowed. 513 // 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard 514 // label must appear by itself as the first label. 515 // 516 // Hostname can be "precise" which is a domain name without the terminating 517 // dot of a network host (e.g. "foo.example.com") or "wildcard", which is a 518 // domain name prefixed with a single wildcard label (e.g. `*.example.com`). 519 // 520 // Note that as per RFC1035 and RFC1123, a *label* must consist of lower case 521 // alphanumeric characters or '-', and must start and end with an alphanumeric 522 // character. No other punctuation is allowed. 523 // 524 // +kubebuilder:validation:MinLength=1 525 // +kubebuilder:validation:MaxLength=253 526 // +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` 527 type Hostname string 528 529 // PreciseHostname is the fully qualified domain name of a network host. This 530 // matches the RFC 1123 definition of a hostname with 1 notable exception that 531 // numeric IP addresses are not allowed. 532 // 533 // Note that as per RFC1035 and RFC1123, a *label* must consist of lower case 534 // alphanumeric characters or '-', and must start and end with an alphanumeric 535 // character. No other punctuation is allowed. 536 // 537 // +kubebuilder:validation:MinLength=1 538 // +kubebuilder:validation:MaxLength=253 539 // +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` 540 type PreciseHostname string 541 542 // Group refers to a Kubernetes Group. It must either be an empty string or a 543 // RFC 1123 subdomain. 544 // 545 // This validation is based off of the corresponding Kubernetes validation: 546 // https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208 547 // 548 // Valid values include: 549 // 550 // * "" - empty string implies core Kubernetes API group 551 // * "gateway.networking.k8s.io" 552 // * "foo.example.com" 553 // 554 // Invalid values include: 555 // 556 // * "example.com/bar" - "/" is an invalid character 557 // 558 // +kubebuilder:validation:MaxLength=253 559 // +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` 560 type Group string 561 562 // Kind refers to a Kubernetes Kind. 563 // 564 // Valid values include: 565 // 566 // * "Service" 567 // * "HTTPRoute" 568 // 569 // Invalid values include: 570 // 571 // * "invalid/kind" - "/" is an invalid character 572 // 573 // +kubebuilder:validation:MinLength=1 574 // +kubebuilder:validation:MaxLength=63 575 // +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$` 576 type Kind string 577 578 // ObjectName refers to the name of a Kubernetes object. 579 // Object names can have a variety of forms, including RFC1123 subdomains, 580 // RFC 1123 labels, or RFC 1035 labels. 581 // 582 // +kubebuilder:validation:MinLength=1 583 // +kubebuilder:validation:MaxLength=253 584 type ObjectName string 585 586 // Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label. 587 // 588 // This validation is based off of the corresponding Kubernetes validation: 589 // https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187 590 // 591 // This is used for Namespace name validation here: 592 // https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63 593 // 594 // Valid values include: 595 // 596 // * "example" 597 // 598 // Invalid values include: 599 // 600 // * "example.com" - "." is an invalid character 601 // 602 // +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` 603 // +kubebuilder:validation:MinLength=1 604 // +kubebuilder:validation:MaxLength=63 605 type Namespace string 606 607 // SectionName is the name of a section in a Kubernetes resource. 608 // 609 // This validation is based off of the corresponding Kubernetes validation: 610 // https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208 611 // 612 // Valid values include: 613 // 614 // * "example.com" 615 // * "foo.example.com" 616 // 617 // Invalid values include: 618 // 619 // * "example.com/bar" - "/" is an invalid character 620 // 621 // +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` 622 // +kubebuilder:validation:MinLength=1 623 // +kubebuilder:validation:MaxLength=253 624 type SectionName string 625 626 // GatewayController is the name of a Gateway API controller. It must be a 627 // domain prefixed path. 628 // 629 // Valid values include: 630 // 631 // * "example.com/bar" 632 // 633 // Invalid values include: 634 // 635 // * "example.com" - must include path 636 // * "foo.example.com" - must include path 637 // 638 // +kubebuilder:validation:MinLength=1 639 // +kubebuilder:validation:MaxLength=253 640 // +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$` 641 type GatewayController string 642 643 // AnnotationKey is the key of an annotation in Gateway API. This is used for 644 // validation of maps such as TLS options. This matches the Kubernetes 645 // "qualified name" validation that is used for annotations and other common 646 // values. 647 // 648 // Valid values include: 649 // 650 // * example 651 // * example.com 652 // * example.com/path 653 // * example.com/path.html 654 // 655 // Invalid values include: 656 // 657 // * example~ - "~" is an invalid character 658 // * example.com. - can not start or end with "." 659 // 660 // +kubebuilder:validation:MinLength=1 661 // +kubebuilder:validation:MaxLength=253 662 // +kubebuilder:validation:Pattern=`^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]/?)*$` 663 type AnnotationKey string 664 665 // AnnotationValue is the value of an annotation in Gateway API. This is used 666 // for validation of maps such as TLS options. This roughly matches Kubernetes 667 // annotation validation, although the length validation in that case is based 668 // on the entire size of the annotations struct. 669 // 670 // +kubebuilder:validation:MinLength=0 671 // +kubebuilder:validation:MaxLength=4096 672 type AnnotationValue string 673 674 // AddressType defines how a network address is represented as a text string. 675 // This may take two possible forms: 676 // 677 // * A predefined CamelCase string identifier (currently limited to `IPAddress` or `Hostname`) 678 // * A domain-prefixed string identifier (like `acme.io/CustomAddressType`) 679 // 680 // Values `IPAddress` and `Hostname` have Extended support. 681 // 682 // The `NamedAddress` value has been deprecated in favor of implementation 683 // specific domain-prefixed strings. 684 // 685 // All other values, including domain-prefixed values have Implementation-specific support, 686 // which are used in implementation-specific behaviors. Support for additional 687 // predefined CamelCase identifiers may be added in future releases. 688 // 689 // +kubebuilder:validation:MinLength=1 690 // +kubebuilder:validation:MaxLength=253 691 // +kubebuilder:validation:Pattern=`^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$` 692 type AddressType string 693 694 // HeaderName is the name of a header or query parameter. 695 // 696 // +kubebuilder:validation:MinLength=1 697 // +kubebuilder:validation:MaxLength=256 698 // +kubebuilder:validation:Pattern=`^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$` 699 // +k8s:deepcopy-gen=false 700 type HeaderName string 701 702 // Duration is a string value representing a duration in time. The format is as specified 703 // in GEP-2257, a strict subset of the syntax parsed by Golang time.ParseDuration. 704 // 705 // +kubebuilder:validation:Pattern=`^([0-9]{1,5}(h|m|s|ms)){1,4}$` 706 type Duration string 707 708 const ( 709 // A textual representation of a numeric IP address. IPv4 710 // addresses must be in dotted-decimal form. IPv6 addresses 711 // must be in a standard IPv6 text representation 712 // (see [RFC 5952](https://tools.ietf.org/html/rfc5952)). 713 // 714 // This type is intended for specific addresses. Address ranges are not 715 // supported (e.g. you can not use a CIDR range like 127.0.0.0/24 as an 716 // IPAddress). 717 // 718 // Support: Extended 719 IPAddressType AddressType = "IPAddress" 720 721 // A Hostname represents a DNS based ingress point. This is similar to the 722 // corresponding hostname field in Kubernetes load balancer status. For 723 // example, this concept may be used for cloud load balancers where a DNS 724 // name is used to expose a load balancer. 725 // 726 // Support: Extended 727 HostnameAddressType AddressType = "Hostname" 728 729 // A NamedAddress provides a way to reference a specific IP address by name. 730 // For example, this may be a name or other unique identifier that refers 731 // to a resource on a cloud provider such as a static IP. 732 // 733 // The `NamedAddress` type has been deprecated in favor of implementation 734 // specific domain-prefixed strings. 735 // 736 // Support: Implementation-specific 737 NamedAddressType AddressType = "NamedAddress" 738 ) 739