1 /* 2 Copyright 2022 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1alpha2 18 19 import ( 20 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 22 v1 "sigs.k8s.io/gateway-api/apis/v1" 23 ) 24 25 // +genclient 26 // +kubebuilder:object:root=true 27 // +kubebuilder:resource:categories=gateway-api 28 // +kubebuilder:subresource:status 29 // +kubebuilder:storageversion 30 // +kubebuilder:printcolumn:name="Hostnames",type=string,JSONPath=`.spec.hostnames` 31 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` 32 33 // GRPCRoute provides a way to route gRPC requests. This includes the capability 34 // to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. 35 // Filters can be used to specify additional processing steps. Backends specify 36 // where matching requests will be routed. 37 // 38 // GRPCRoute falls under extended support within the Gateway API. Within the 39 // following specification, the word "MUST" indicates that an implementation 40 // supporting GRPCRoute must conform to the indicated requirement, but an 41 // implementation not supporting this route type need not follow the requirement 42 // unless explicitly indicated. 43 // 44 // Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST 45 // accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via 46 // ALPN. If the implementation does not support this, then it MUST set the 47 // "Accepted" condition to "False" for the affected listener with a reason of 48 // "UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections 49 // with an upgrade from HTTP/1. 50 // 51 // Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST 52 // support HTTP/2 over cleartext TCP (h2c, 53 // https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial 54 // upgrade from HTTP/1.1, i.e. with prior knowledge 55 // (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation 56 // does not support this, then it MUST set the "Accepted" condition to "False" 57 // for the affected listener with a reason of "UnsupportedProtocol". 58 // Implementations MAY also accept HTTP/2 connections with an upgrade from 59 // HTTP/1, i.e. without prior knowledge. 60 type GRPCRoute struct { 61 metav1.TypeMeta `json:",inline"` 62 metav1.ObjectMeta `json:"metadata,omitempty"` 63 64 // Spec defines the desired state of GRPCRoute. 65 Spec GRPCRouteSpec `json:"spec,omitempty"` 66 67 // Status defines the current state of GRPCRoute. 68 Status GRPCRouteStatus `json:"status,omitempty"` 69 } 70 71 // +kubebuilder:object:root=true 72 73 // GRPCRouteList contains a list of GRPCRoute. 74 type GRPCRouteList struct { 75 metav1.TypeMeta `json:",inline"` 76 metav1.ListMeta `json:"metadata,omitempty"` 77 Items []GRPCRoute `json:"items"` 78 } 79 80 // GRPCRouteStatus defines the observed state of GRPCRoute. 81 type GRPCRouteStatus struct { 82 RouteStatus `json:",inline"` 83 } 84 85 // GRPCRouteSpec defines the desired state of GRPCRoute 86 type GRPCRouteSpec struct { 87 CommonRouteSpec `json:",inline"` 88 89 // Hostnames defines a set of hostnames to match against the GRPC 90 // Host header to select a GRPCRoute to process the request. This matches 91 // the RFC 1123 definition of a hostname with 2 notable exceptions: 92 // 93 // 1. IPs are not allowed. 94 // 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard 95 // label MUST appear by itself as the first label. 96 // 97 // If a hostname is specified by both the Listener and GRPCRoute, there 98 // MUST be at least one intersecting hostname for the GRPCRoute to be 99 // attached to the Listener. For example: 100 // 101 // * A Listener with `test.example.com` as the hostname matches GRPCRoutes 102 // that have either not specified any hostnames, or have specified at 103 // least one of `test.example.com` or `*.example.com`. 104 // * A Listener with `*.example.com` as the hostname matches GRPCRoutes 105 // that have either not specified any hostnames or have specified at least 106 // one hostname that matches the Listener hostname. For example, 107 // `test.example.com` and `*.example.com` would both match. On the other 108 // hand, `example.com` and `test.example.net` would not match. 109 // 110 // Hostnames that are prefixed with a wildcard label (`*.`) are interpreted 111 // as a suffix match. That means that a match for `*.example.com` would match 112 // both `test.example.com`, and `foo.test.example.com`, but not `example.com`. 113 // 114 // If both the Listener and GRPCRoute have specified hostnames, any 115 // GRPCRoute hostnames that do not match the Listener hostname MUST be 116 // ignored. For example, if a Listener specified `*.example.com`, and the 117 // GRPCRoute specified `test.example.com` and `test.example.net`, 118 // `test.example.net` MUST NOT be considered for a match. 119 // 120 // If both the Listener and GRPCRoute have specified hostnames, and none 121 // match with the criteria above, then the GRPCRoute MUST NOT be accepted by 122 // the implementation. The implementation MUST raise an 'Accepted' Condition 123 // with a status of `False` in the corresponding RouteParentStatus. 124 // 125 // If a Route (A) of type HTTPRoute or GRPCRoute is attached to a 126 // Listener and that listener already has another Route (B) of the other 127 // type attached and the intersection of the hostnames of A and B is 128 // non-empty, then the implementation MUST accept exactly one of these two 129 // routes, determined by the following criteria, in order: 130 // 131 // * The oldest Route based on creation timestamp. 132 // * The Route appearing first in alphabetical order by 133 // "{namespace}/{name}". 134 // 135 // The rejected Route MUST raise an 'Accepted' condition with a status of 136 // 'False' in the corresponding RouteParentStatus. 137 // 138 // Support: Core 139 // 140 // +optional 141 // +kubebuilder:validation:MaxItems=16 142 Hostnames []Hostname `json:"hostnames,omitempty"` 143 144 // Rules are a list of GRPC matchers, filters and actions. 145 // 146 // +optional 147 // +kubebuilder:validation:MaxItems=16 148 Rules []GRPCRouteRule `json:"rules,omitempty"` 149 } 150 151 // GRPCRouteRule defines the semantics for matching a gRPC request based on 152 // conditions (matches), processing it (filters), and forwarding the request to 153 // an API object (backendRefs). 154 type GRPCRouteRule struct { 155 // Matches define conditions used for matching the rule against incoming 156 // gRPC requests. Each match is independent, i.e. this rule will be matched 157 // if **any** one of the matches is satisfied. 158 // 159 // For example, take the following matches configuration: 160 // 161 // ``` 162 // matches: 163 // - method: 164 // service: foo.bar 165 // headers: 166 // values: 167 // version: 2 168 // - method: 169 // service: foo.bar.v2 170 // ``` 171 // 172 // For a request to match against this rule, it MUST satisfy 173 // EITHER of the two conditions: 174 // 175 // - service of foo.bar AND contains the header `version: 2` 176 // - service of foo.bar.v2 177 // 178 // See the documentation for GRPCRouteMatch on how to specify multiple 179 // match conditions to be ANDed together. 180 // 181 // If no matches are specified, the implementation MUST match every gRPC request. 182 // 183 // Proxy or Load Balancer routing configuration generated from GRPCRoutes 184 // MUST prioritize rules based on the following criteria, continuing on 185 // ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. 186 // Precedence MUST be given to the rule with the largest number of: 187 // 188 // * Characters in a matching non-wildcard hostname. 189 // * Characters in a matching hostname. 190 // * Characters in a matching service. 191 // * Characters in a matching method. 192 // * Header matches. 193 // 194 // If ties still exist across multiple Routes, matching precedence MUST be 195 // determined in order of the following criteria, continuing on ties: 196 // 197 // * The oldest Route based on creation timestamp. 198 // * The Route appearing first in alphabetical order by 199 // "{namespace}/{name}". 200 // 201 // If ties still exist within the Route that has been given precedence, 202 // matching precedence MUST be granted to the first matching rule meeting 203 // the above criteria. 204 // 205 // +optional 206 // +kubebuilder:validation:MaxItems=8 207 Matches []GRPCRouteMatch `json:"matches,omitempty"` 208 209 // Filters define the filters that are applied to requests that match 210 // this rule. 211 // 212 // The effects of ordering of multiple behaviors are currently unspecified. 213 // This can change in the future based on feedback during the alpha stage. 214 // 215 // Conformance-levels at this level are defined based on the type of filter: 216 // 217 // - ALL core filters MUST be supported by all implementations that support 218 // GRPCRoute. 219 // - Implementers are encouraged to support extended filters. 220 // - Implementation-specific custom filters have no API guarantees across 221 // implementations. 222 // 223 // Specifying the same filter multiple times is not supported unless explicitly 224 // indicated in the filter. 225 // 226 // If an implementation can not support a combination of filters, it must clearly 227 // document that limitation. In cases where incompatible or unsupported 228 // filters are specified and cause the `Accepted` condition to be set to status 229 // `False`, implementations may use the `IncompatibleFilters` reason to specify 230 // this configuration error. 231 // 232 // Support: Core 233 // 234 // +optional 235 // +kubebuilder:validation:MaxItems=16 236 // +kubebuilder:validation:XValidation:message="RequestHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" 237 // +kubebuilder:validation:XValidation:message="ResponseHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" 238 Filters []GRPCRouteFilter `json:"filters,omitempty"` 239 240 // BackendRefs defines the backend(s) where matching requests should be 241 // sent. 242 // 243 // Failure behavior here depends on how many BackendRefs are specified and 244 // how many are invalid. 245 // 246 // If *all* entries in BackendRefs are invalid, and there are also no filters 247 // specified in this route rule, *all* traffic which matches this rule MUST 248 // receive an `UNAVAILABLE` status. 249 // 250 // See the GRPCBackendRef definition for the rules about what makes a single 251 // GRPCBackendRef invalid. 252 // 253 // When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for 254 // requests that would have otherwise been routed to an invalid backend. If 255 // multiple backends are specified, and some are invalid, the proportion of 256 // requests that would otherwise have been routed to an invalid backend 257 // MUST receive an `UNAVAILABLE` status. 258 // 259 // For example, if two backends are specified with equal weights, and one is 260 // invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. 261 // Implementations may choose how that 50 percent is determined. 262 // 263 // Support: Core for Kubernetes Service 264 // 265 // Support: Implementation-specific for any other resource 266 // 267 // Support for weight: Core 268 // 269 // +optional 270 // +kubebuilder:validation:MaxItems=16 271 BackendRefs []GRPCBackendRef `json:"backendRefs,omitempty"` 272 } 273 274 // GRPCRouteMatch defines the predicate used to match requests to a given 275 // action. Multiple match types are ANDed together, i.e. the match will 276 // evaluate to true only if all conditions are satisfied. 277 // 278 // For example, the match below will match a gRPC request only if its service 279 // is `foo` AND it contains the `version: v1` header: 280 // 281 // ``` 282 // matches: 283 // - method: 284 // type: Exact 285 // service: "foo" 286 // headers: 287 // - name: "version" 288 // value "v1" 289 // 290 // ``` 291 type GRPCRouteMatch struct { 292 // Method specifies a gRPC request service/method matcher. If this field is 293 // not specified, all services and methods will match. 294 // 295 // +optional 296 Method *GRPCMethodMatch `json:"method,omitempty"` 297 298 // Headers specifies gRPC request header matchers. Multiple match values are 299 // ANDed together, meaning, a request MUST match all the specified headers 300 // to select the route. 301 // 302 // +listType=map 303 // +listMapKey=name 304 // +optional 305 // +kubebuilder:validation:MaxItems=16 306 Headers []GRPCHeaderMatch `json:"headers,omitempty"` 307 } 308 309 // GRPCMethodMatch describes how to select a gRPC route by matching the gRPC 310 // request service and/or method. 311 // 312 // At least one of Service and Method MUST be a non-empty string. 313 // 314 // +kubebuilder:validation:XValidation:message="One or both of 'service' or 'method' must be specified",rule="has(self.type) ? has(self.service) || has(self.method) : true" 315 // +kubebuilder:validation:XValidation:message="service must only contain valid characters (matching ^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$)",rule="(!has(self.type) || self.type == 'Exact') && has(self.service) ? self.service.matches(r\"\"\"^(?i)\\.?[a-z_][a-z_0-9]*(\\.[a-z_][a-z_0-9]*)*$\"\"\"): true" 316 // +kubebuilder:validation:XValidation:message="method must only contain valid characters (matching ^[A-Za-z_][A-Za-z_0-9]*$)",rule="(!has(self.type) || self.type == 'Exact') && has(self.method) ? self.method.matches(r\"\"\"^[A-Za-z_][A-Za-z_0-9]*$\"\"\"): true" 317 type GRPCMethodMatch struct { 318 // Type specifies how to match against the service and/or method. 319 // Support: Core (Exact with service and method specified) 320 // 321 // Support: Implementation-specific (Exact with method specified but no service specified) 322 // 323 // Support: Implementation-specific (RegularExpression) 324 // 325 // +optional 326 // +kubebuilder:default=Exact 327 Type *GRPCMethodMatchType `json:"type,omitempty"` 328 329 // Value of the service to match against. If left empty or omitted, will 330 // match any service. 331 // 332 // At least one of Service and Method MUST be a non-empty string. 333 // 334 // +optional 335 // +kubebuilder:validation:MaxLength=1024 336 Service *string `json:"service,omitempty"` 337 338 // Value of the method to match against. If left empty or omitted, will 339 // match all services. 340 // 341 // At least one of Service and Method MUST be a non-empty string. 342 // 343 // +optional 344 // +kubebuilder:validation:MaxLength=1024 345 Method *string `json:"method,omitempty"` 346 } 347 348 // MethodMatchType specifies the semantics of how gRPC methods and services are compared. 349 // Valid MethodMatchType values, along with their conformance levels, are: 350 // 351 // * "Exact" - Core 352 // * "RegularExpression" - Implementation Specific 353 // 354 // Exact methods MUST be syntactically valid: 355 // 356 // - Must not contain `/` character 357 // 358 // +kubebuilder:validation:Enum=Exact;RegularExpression 359 type GRPCMethodMatchType string 360 361 const ( 362 // Matches the method or service exactly and with case sensitivity. 363 GRPCMethodMatchExact GRPCMethodMatchType = "Exact" 364 365 // Matches if the method or service matches the given regular expression with 366 // case sensitivity. 367 // 368 // Since `"RegularExpression"` has implementation-specific conformance, 369 // implementations can support POSIX, PCRE, RE2 or any other regular expression 370 // dialect. 371 // Please read the implementation's documentation to determine the supported 372 // dialect. 373 GRPCMethodMatchRegularExpression GRPCMethodMatchType = "RegularExpression" 374 ) 375 376 // GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request 377 // headers. 378 type GRPCHeaderMatch struct { 379 // Type specifies how to match against the value of the header. 380 // 381 // +optional 382 // +kubebuilder:default=Exact 383 Type *HeaderMatchType `json:"type,omitempty"` 384 385 // Name is the name of the gRPC Header to be matched. 386 // 387 // If multiple entries specify equivalent header names, only the first 388 // entry with an equivalent name MUST be considered for a match. Subsequent 389 // entries with an equivalent header name MUST be ignored. Due to the 390 // case-insensitivity of header names, "foo" and "Foo" are considered 391 // equivalent. 392 Name GRPCHeaderName `json:"name"` 393 394 // Value is the value of the gRPC Header to be matched. 395 // 396 // +kubebuilder:validation:MinLength=1 397 // +kubebuilder:validation:MaxLength=4096 398 Value string `json:"value"` 399 } 400 401 // GRPCHeaderMatchType specifies the semantics of how GRPC header values should 402 // be compared. Valid GRPCHeaderMatchType values, along with their conformance 403 // levels, are: 404 // 405 // * "Exact" - Core 406 // * "RegularExpression" - Implementation Specific 407 // 408 // Note that new values may be added to this enum in future releases of the API, 409 // implementations MUST ensure that unknown values will not cause a crash. 410 // 411 // Unknown values here MUST result in the implementation setting the Accepted 412 // Condition for the Route to `status: False`, with a Reason of 413 // `UnsupportedValue`. 414 // 415 // +kubebuilder:validation:Enum=Exact;RegularExpression 416 type GRPCHeaderMatchType string 417 418 // GRPCHeaderMatchType constants. 419 const ( 420 GRPCHeaderMatchExact GRPCHeaderMatchType = "Exact" 421 GRPCHeaderMatchRegularExpression GRPCHeaderMatchType = "RegularExpression" 422 ) 423 424 type GRPCHeaderName v1.HeaderName 425 426 // GRPCRouteFilterType identifies a type of GRPCRoute filter. 427 type GRPCRouteFilterType string 428 429 const ( 430 // GRPCRouteFilterRequestHeaderModifier can be used to add or remove a gRPC 431 // header from a gRPC request before it is sent to the upstream target. 432 // 433 // Support in GRPCRouteRule: Core 434 // 435 // Support in GRPCBackendRef: Extended 436 GRPCRouteFilterRequestHeaderModifier GRPCRouteFilterType = "RequestHeaderModifier" 437 438 // GRPCRouteFilterRequestHeaderModifier can be used to add or remove a gRPC 439 // header from a gRPC response before it is sent to the client. 440 // 441 // Support in GRPCRouteRule: Core 442 // 443 // Support in GRPCBackendRef: Extended 444 GRPCRouteFilterResponseHeaderModifier GRPCRouteFilterType = "ResponseHeaderModifier" 445 446 // GRPCRouteFilterRequestMirror can be used to mirror gRPC requests to a 447 // different backend. The responses from this backend MUST be ignored by 448 // the Gateway. 449 // 450 // Support in GRPCRouteRule: Extended 451 // 452 // Support in GRPCBackendRef: Extended 453 GRPCRouteFilterRequestMirror GRPCRouteFilterType = "RequestMirror" 454 455 // GRPCRouteFilterExtensionRef should be used for configuring custom 456 // gRPC filters. 457 // 458 // Support in GRPCRouteRule: Implementation-specific 459 // 460 // Support in GRPCBackendRef: Implementation-specific 461 GRPCRouteFilterExtensionRef GRPCRouteFilterType = "ExtensionRef" 462 ) 463 464 // GRPCRouteFilter defines processing steps that must be completed during the 465 // request or response lifecycle. GRPCRouteFilters are meant as an extension 466 // point to express processing that may be done in Gateway implementations. Some 467 // examples include request or response modification, implementing 468 // authentication strategies, rate-limiting, and traffic shaping. API 469 // guarantee/conformance is defined based on the type of the filter. 470 // 471 // +kubebuilder:validation:XValidation:message="filter.requestHeaderModifier must be nil if the filter.type is not RequestHeaderModifier",rule="!(has(self.requestHeaderModifier) && self.type != 'RequestHeaderModifier')" 472 // +kubebuilder:validation:XValidation:message="filter.requestHeaderModifier must be specified for RequestHeaderModifier filter.type",rule="!(!has(self.requestHeaderModifier) && self.type == 'RequestHeaderModifier')" 473 // +kubebuilder:validation:XValidation:message="filter.responseHeaderModifier must be nil if the filter.type is not ResponseHeaderModifier",rule="!(has(self.responseHeaderModifier) && self.type != 'ResponseHeaderModifier')" 474 // +kubebuilder:validation:XValidation:message="filter.responseHeaderModifier must be specified for ResponseHeaderModifier filter.type",rule="!(!has(self.responseHeaderModifier) && self.type == 'ResponseHeaderModifier')" 475 // +kubebuilder:validation:XValidation:message="filter.requestMirror must be nil if the filter.type is not RequestMirror",rule="!(has(self.requestMirror) && self.type != 'RequestMirror')" 476 // +kubebuilder:validation:XValidation:message="filter.requestMirror must be specified for RequestMirror filter.type",rule="!(!has(self.requestMirror) && self.type == 'RequestMirror')" 477 // +kubebuilder:validation:XValidation:message="filter.extensionRef must be nil if the filter.type is not ExtensionRef",rule="!(has(self.extensionRef) && self.type != 'ExtensionRef')" 478 // +kubebuilder:validation:XValidation:message="filter.extensionRef must be specified for ExtensionRef filter.type",rule="!(!has(self.extensionRef) && self.type == 'ExtensionRef')" 479 type GRPCRouteFilter struct { 480 // Type identifies the type of filter to apply. As with other API fields, 481 // types are classified into three conformance levels: 482 // 483 // - Core: Filter types and their corresponding configuration defined by 484 // "Support: Core" in this package, e.g. "RequestHeaderModifier". All 485 // implementations supporting GRPCRoute MUST support core filters. 486 // 487 // - Extended: Filter types and their corresponding configuration defined by 488 // "Support: Extended" in this package, e.g. "RequestMirror". Implementers 489 // are encouraged to support extended filters. 490 // 491 // - Implementation-specific: Filters that are defined and supported by specific vendors. 492 // In the future, filters showing convergence in behavior across multiple 493 // implementations will be considered for inclusion in extended or core 494 // conformance levels. Filter-specific configuration for such filters 495 // is specified using the ExtensionRef field. `Type` MUST be set to 496 // "ExtensionRef" for custom filters. 497 // 498 // Implementers are encouraged to define custom implementation types to 499 // extend the core API with implementation-specific behavior. 500 // 501 // If a reference to a custom filter type cannot be resolved, the filter 502 // MUST NOT be skipped. Instead, requests that would have been processed by 503 // that filter MUST receive a HTTP error response. 504 // 505 // +unionDiscriminator 506 // +kubebuilder:validation:Enum=ResponseHeaderModifier;RequestHeaderModifier;RequestMirror;ExtensionRef 507 // <gateway:experimental:validation:Enum=ResponseHeaderModifier;RequestHeaderModifier;RequestMirror;ExtensionRef> 508 Type GRPCRouteFilterType `json:"type"` 509 510 // RequestHeaderModifier defines a schema for a filter that modifies request 511 // headers. 512 // 513 // Support: Core 514 // 515 // +optional 516 RequestHeaderModifier *HTTPHeaderFilter `json:"requestHeaderModifier,omitempty"` 517 518 // ResponseHeaderModifier defines a schema for a filter that modifies response 519 // headers. 520 // 521 // Support: Extended 522 // 523 // +optional 524 ResponseHeaderModifier *HTTPHeaderFilter `json:"responseHeaderModifier,omitempty"` 525 526 // RequestMirror defines a schema for a filter that mirrors requests. 527 // Requests are sent to the specified destination, but responses from 528 // that destination are ignored. 529 // 530 // This filter can be used multiple times within the same rule. Note that 531 // not all implementations will be able to support mirroring to multiple 532 // backends. 533 // 534 // Support: Extended 535 // 536 // +optional 537 RequestMirror *HTTPRequestMirrorFilter `json:"requestMirror,omitempty"` 538 539 // ExtensionRef is an optional, implementation-specific extension to the 540 // "filter" behavior. For example, resource "myroutefilter" in group 541 // "networking.example.net"). ExtensionRef MUST NOT be used for core and 542 // extended filters. 543 // 544 // Support: Implementation-specific 545 // 546 // This filter can be used multiple times within the same rule. 547 // +optional 548 ExtensionRef *LocalObjectReference `json:"extensionRef,omitempty"` 549 } 550 551 // GRPCBackendRef defines how a GRPCRoute forwards a gRPC request. 552 // 553 // Note that when a namespace different than the local namespace is specified, a 554 // ReferenceGrant object is required in the referent namespace to allow that 555 // namespace's owner to accept the reference. See the ReferenceGrant 556 // documentation for details. 557 // 558 // <gateway:experimental:description> 559 // 560 // When the BackendRef points to a Kubernetes Service, implementations SHOULD 561 // honor the appProtocol field if it is set for the target Service Port. 562 // 563 // Implementations supporting appProtocol SHOULD recognize the Kubernetes 564 // Standard Application Protocols defined in KEP-3726. 565 // 566 // If a Service appProtocol isn't specified, an implementation MAY infer the 567 // backend protocol through its own means. Implementations MAY infer the 568 // protocol from the Route type referring to the backend Service. 569 // 570 // If a Route is not able to send traffic to the backend using the specified 571 // protocol then the backend is considered invalid. Implementations MUST set the 572 // "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason. 573 // 574 // </gateway:experimental:description> 575 type GRPCBackendRef struct { 576 // BackendRef is a reference to a backend to forward matched requests to. 577 // 578 // A BackendRef can be invalid for the following reasons. In all cases, the 579 // implementation MUST ensure the `ResolvedRefs` Condition on the Route 580 // is set to `status: False`, with a Reason and Message that indicate 581 // what is the cause of the error. 582 // 583 // A BackendRef is invalid if: 584 // 585 // * It refers to an unknown or unsupported kind of resource. In this 586 // case, the Reason MUST be set to `InvalidKind` and Message of the 587 // Condition MUST explain which kind of resource is unknown or unsupported. 588 // 589 // * It refers to a resource that does not exist. In this case, the Reason MUST 590 // be set to `BackendNotFound` and the Message of the Condition MUST explain 591 // which resource does not exist. 592 // 593 // * It refers a resource in another namespace when the reference has not been 594 // explicitly allowed by a ReferenceGrant (or equivalent concept). In this 595 // case, the Reason MUST be set to `RefNotPermitted` and the Message of the 596 // Condition MUST explain which cross-namespace reference is not allowed. 597 // 598 // Support: Core for Kubernetes Service 599 // 600 // Support: Extended for Kubernetes ServiceImport 601 // 602 // Support: Implementation-specific for any other resource 603 // 604 // Support for weight: Core 605 // 606 // +optional 607 BackendRef `json:",inline"` 608 609 // Filters defined at this level MUST be executed if and only if the 610 // request is being forwarded to the backend defined here. 611 // 612 // Support: Implementation-specific (For broader support of filters, use the 613 // Filters field in GRPCRouteRule.) 614 // 615 // +optional 616 // +kubebuilder:validation:MaxItems=16 617 // +kubebuilder:validation:XValidation:message="RequestHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'RequestHeaderModifier').size() <= 1" 618 // +kubebuilder:validation:XValidation:message="ResponseHeaderModifier filter cannot be repeated",rule="self.filter(f, f.type == 'ResponseHeaderModifier').size() <= 1" 619 Filters []GRPCRouteFilter `json:"filters,omitempty"` 620 } 621