1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
6 gateway.networking.k8s.io/bundle-version: v1.0.0
7 gateway.networking.k8s.io/channel: experimental
8 creationTimestamp: null
9 name: gateways.gateway.networking.k8s.io
10spec:
11 group: gateway.networking.k8s.io
12 names:
13 categories:
14 - gateway-api
15 kind: Gateway
16 listKind: GatewayList
17 plural: gateways
18 shortNames:
19 - gtw
20 singular: gateway
21 scope: Namespaced
22 versions:
23 - additionalPrinterColumns:
24 - jsonPath: .spec.gatewayClassName
25 name: Class
26 type: string
27 - jsonPath: .status.addresses[*].value
28 name: Address
29 type: string
30 - jsonPath: .status.conditions[?(@.type=="Programmed")].status
31 name: Programmed
32 type: string
33 - jsonPath: .metadata.creationTimestamp
34 name: Age
35 type: date
36 name: v1
37 schema:
38 openAPIV3Schema:
39 description: Gateway represents an instance of a service-traffic handling
40 infrastructure by binding Listeners to a set of IP addresses.
41 properties:
42 apiVersion:
43 description: 'APIVersion defines the versioned schema of this representation
44 of an object. Servers should convert recognized schemas to the latest
45 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
46 type: string
47 kind:
48 description: 'Kind is a string value representing the REST resource this
49 object represents. Servers may infer this from the endpoint the client
50 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
51 type: string
52 metadata:
53 type: object
54 spec:
55 description: Spec defines the desired state of Gateway.
56 properties:
57 addresses:
58 description: "Addresses requested for this Gateway. This is optional
59 and behavior can depend on the implementation. If a value is set
60 in the spec and the requested address is invalid or unavailable,
61 the implementation MUST indicate this in the associated entry in
62 GatewayStatus.Addresses. \n The Addresses field represents a request
63 for the address(es) on the \"outside of the Gateway\", that traffic
64 bound for this Gateway will use. This could be the IP address or
65 hostname of an external load balancer or other networking infrastructure,
66 or some other address that traffic will be sent to. \n If no Addresses
67 are specified, the implementation MAY schedule the Gateway in an
68 implementation-specific manner, assigning an appropriate set of
69 Addresses. \n The implementation MUST bind all Listeners to every
70 GatewayAddress that it assigns to the Gateway and add a corresponding
71 entry in GatewayStatus.Addresses. \n Support: Extended \n "
72 items:
73 description: GatewayAddress describes an address that can be bound
74 to a Gateway.
75 oneOf:
76 - properties:
77 type:
78 enum:
79 - IPAddress
80 value:
81 anyOf:
82 - format: ipv4
83 - format: ipv6
84 - properties:
85 type:
86 not:
87 enum:
88 - IPAddress
89 properties:
90 type:
91 default: IPAddress
92 description: Type of the address.
93 maxLength: 253
94 minLength: 1
95 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
96 type: string
97 value:
98 description: "Value of the address. The validity of the values
99 will depend on the type and support by the controller. \n
100 Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
101 maxLength: 253
102 minLength: 1
103 type: string
104 required:
105 - value
106 type: object
107 x-kubernetes-validations:
108 - message: Hostname value must only contain valid characters (matching
109 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
110 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
111 true'
112 maxItems: 16
113 type: array
114 x-kubernetes-validations:
115 - message: IPAddress values must be unique
116 rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2,
117 a2.type == a1.type && a2.value == a1.value) : true )'
118 - message: Hostname values must be unique
119 rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2,
120 a2.type == a1.type && a2.value == a1.value) : true )'
121 gatewayClassName:
122 description: GatewayClassName used for this Gateway. This is the name
123 of a GatewayClass resource.
124 maxLength: 253
125 minLength: 1
126 type: string
127 infrastructure:
128 description: "Infrastructure defines infrastructure level attributes
129 about this Gateway instance. \n Support: Core \n "
130 properties:
131 annotations:
132 additionalProperties:
133 description: AnnotationValue is the value of an annotation in
134 Gateway API. This is used for validation of maps such as TLS
135 options. This roughly matches Kubernetes annotation validation,
136 although the length validation in that case is based on the
137 entire size of the annotations struct.
138 maxLength: 4096
139 minLength: 0
140 type: string
141 description: "Annotations that SHOULD be applied to any resources
142 created in response to this Gateway. \n For implementations
143 creating other Kubernetes objects, this should be the `metadata.annotations`
144 field on resources. For other implementations, this refers to
145 any relevant (implementation specific) \"annotations\" concepts.
146 \n An implementation may chose to add additional implementation-specific
147 annotations as they see fit. \n Support: Extended"
148 maxProperties: 8
149 type: object
150 labels:
151 additionalProperties:
152 description: AnnotationValue is the value of an annotation in
153 Gateway API. This is used for validation of maps such as TLS
154 options. This roughly matches Kubernetes annotation validation,
155 although the length validation in that case is based on the
156 entire size of the annotations struct.
157 maxLength: 4096
158 minLength: 0
159 type: string
160 description: "Labels that SHOULD be applied to any resources created
161 in response to this Gateway. \n For implementations creating
162 other Kubernetes objects, this should be the `metadata.labels`
163 field on resources. For other implementations, this refers to
164 any relevant (implementation specific) \"labels\" concepts.
165 \n An implementation may chose to add additional implementation-specific
166 labels as they see fit. \n Support: Extended"
167 maxProperties: 8
168 type: object
169 type: object
170 listeners:
171 description: "Listeners associated with this Gateway. Listeners define
172 logical endpoints that are bound on this Gateway's addresses. At
173 least one Listener MUST be specified. \n Each Listener in a set
174 of Listeners (for example, in a single Gateway) MUST be _distinct_,
175 in that a traffic flow MUST be able to be assigned to exactly one
176 listener. (This section uses \"set of Listeners\" rather than \"Listeners
177 in a single Gateway\" because implementations MAY merge configuration
178 from multiple Gateways onto a single data plane, and these rules
179 _also_ apply in that case). \n Practically, this means that each
180 listener in a set MUST have a unique combination of Port, Protocol,
181 and, if supported by the protocol, Hostname. \n Some combinations
182 of port, protocol, and TLS settings are considered Core support
183 and MUST be supported by implementations based on their targeted
184 conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80,
185 Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode:
186 Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port:
187 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners
188 have the following property: \n The implementation can match inbound
189 requests to a single distinct Listener. When multiple Listeners
190 share values for fields (for example, two Listeners with the same
191 Port value), the implementation can match requests to only one of
192 the Listeners using other Listener fields. \n For example, the following
193 Listener scenarios are distinct: \n 1. Multiple Listeners with the
194 same Port that all use the \"HTTP\" Protocol that all have unique
195 Hostname values. 2. Multiple Listeners with the same Port that use
196 either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname
197 values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners,
198 where no Listener with the same Protocol has the same Port value.
199 \n Some fields in the Listener struct have possible values that
200 affect whether the Listener is distinct. Hostname is particularly
201 relevant for HTTP or HTTPS protocols. \n When using the Hostname
202 value to select between same-Port, same-Protocol Listeners, the
203 Hostname value must be different on each Listener for the Listener
204 to be distinct. \n When the Listeners are distinct based on Hostname,
205 inbound request hostnames MUST match from the most specific to least
206 specific Hostname values to choose the correct Listener and its
207 associated set of Routes. \n Exact matches must be processed before
208 wildcard matches, and wildcard matches must be processed before
209 fallback (empty Hostname value) matches. For example, `\"foo.example.com\"`
210 takes precedence over `\"*.example.com\"`, and `\"*.example.com\"`
211 takes precedence over `\"\"`. \n Additionally, if there are multiple
212 wildcard entries, more specific wildcard entries must be processed
213 before less specific wildcard entries. For example, `\"*.foo.example.com\"`
214 takes precedence over `\"*.example.com\"`. The precise definition
215 here is that the higher the number of dots in the hostname to the
216 right of the wildcard character, the higher the precedence. \n The
217 wildcard character will match any number of characters _and dots_
218 to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"`
219 _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners
220 that are not distinct, then those Listeners are Conflicted, and
221 the implementation MUST set the \"Conflicted\" condition in the
222 Listener Status to \"True\". \n Implementations MAY choose to accept
223 a Gateway with some Conflicted Listeners only if they only accept
224 the partial Listener set that contains no Conflicted Listeners.
225 To put this another way, implementations may accept a partial Listener
226 set only if they throw out *all* the conflicting Listeners. No picking
227 one of the conflicting listeners as the winner. This also means
228 that the Gateway must have at least one non-conflicting Listener
229 in this case, otherwise it violates the requirement that at least
230 one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\"
231 condition on the Gateway Status when the Gateway contains Conflicted
232 Listeners whether or not they accept the Gateway. That Condition
233 SHOULD clearly indicate in the Message which Listeners are conflicted,
234 and which are Accepted. Additionally, the Listener status for those
235 listeners SHOULD indicate which Listeners are conflicted and not
236 Accepted. \n A Gateway's Listeners are considered \"compatible\"
237 if: \n 1. They are distinct. 2. The implementation can serve them
238 in compliance with the Addresses requirement that all Listeners
239 are available on all assigned addresses. \n Compatible combinations
240 in Extended support are expected to vary across implementations.
241 A combination that is compatible for one implementation may not
242 be compatible for another. \n For example, an implementation that
243 cannot serve both TCP and UDP listeners on the same address, or
244 cannot mix HTTPS and generic TLS listens on the same port would
245 not consider those cases compatible, even though they are distinct.
246 \n Note that requests SHOULD match at most one Listener. For example,
247 if Listeners are defined for \"foo.example.com\" and \"*.example.com\",
248 a request to \"foo.example.com\" SHOULD only be routed using routes
249 attached to the \"foo.example.com\" Listener (and not the \"*.example.com\"
250 Listener). This concept is known as \"Listener Isolation\". Implementations
251 that do not support Listener Isolation MUST clearly document this.
252 \n Implementations MAY merge separate Gateways onto a single set
253 of Addresses if all Listeners across all Gateways are compatible.
254 \n Support: Core"
255 items:
256 description: Listener embodies the concept of a logical endpoint
257 where a Gateway accepts network connections.
258 properties:
259 allowedRoutes:
260 default:
261 namespaces:
262 from: Same
263 description: "AllowedRoutes defines the types of routes that
264 MAY be attached to a Listener and the trusted namespaces where
265 those Route resources MAY be present. \n Although a client
266 request may match multiple route rules, only one rule may
267 ultimately receive the request. Matching precedence MUST be
268 determined in order of the following criteria: \n * The most
269 specific match as defined by the Route type. * The oldest
270 Route based on creation timestamp. For example, a Route with
271 a creation timestamp of \"2020-09-08 01:02:03\" is given precedence
272 over a Route with a creation timestamp of \"2020-09-08 01:02:04\".
273 * If everything else is equivalent, the Route appearing first
274 in alphabetical order (namespace/name) should be given precedence.
275 For example, foo/bar is given precedence over foo/baz. \n
276 All valid rules within a Route attached to this Listener should
277 be implemented. Invalid Route rules can be ignored (sometimes
278 that will mean the full Route). If a Route rule transitions
279 from valid to invalid, support for that Route rule should
280 be dropped to ensure consistency. For example, even if a filter
281 specified by a Route rule is invalid, the rest of the rules
282 within that Route should still be supported. \n Support: Core"
283 properties:
284 kinds:
285 description: "Kinds specifies the groups and kinds of Routes
286 that are allowed to bind to this Gateway Listener. When
287 unspecified or empty, the kinds of Routes selected are
288 determined using the Listener protocol. \n A RouteGroupKind
289 MUST correspond to kinds of Routes that are compatible
290 with the application protocol specified in the Listener's
291 Protocol field. If an implementation does not support
292 or recognize this resource type, it MUST set the \"ResolvedRefs\"
293 condition to False for this Listener with the \"InvalidRouteKinds\"
294 reason. \n Support: Core"
295 items:
296 description: RouteGroupKind indicates the group and kind
297 of a Route resource.
298 properties:
299 group:
300 default: gateway.networking.k8s.io
301 description: Group is the group of the Route.
302 maxLength: 253
303 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
304 type: string
305 kind:
306 description: Kind is the kind of the Route.
307 maxLength: 63
308 minLength: 1
309 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
310 type: string
311 required:
312 - kind
313 type: object
314 maxItems: 8
315 type: array
316 namespaces:
317 default:
318 from: Same
319 description: "Namespaces indicates namespaces from which
320 Routes may be attached to this Listener. This is restricted
321 to the namespace of this Gateway by default. \n Support:
322 Core"
323 properties:
324 from:
325 default: Same
326 description: "From indicates where Routes will be selected
327 for this Gateway. Possible values are: \n * All: Routes
328 in all namespaces may be used by this Gateway. * Selector:
329 Routes in namespaces selected by the selector may
330 be used by this Gateway. * Same: Only Routes in the
331 same namespace may be used by this Gateway. \n Support:
332 Core"
333 enum:
334 - All
335 - Selector
336 - Same
337 type: string
338 selector:
339 description: "Selector must be specified when From is
340 set to \"Selector\". In that case, only Routes in
341 Namespaces matching this Selector will be selected
342 by this Gateway. This field is ignored for other values
343 of \"From\". \n Support: Core"
344 properties:
345 matchExpressions:
346 description: matchExpressions is a list of label
347 selector requirements. The requirements are ANDed.
348 items:
349 description: A label selector requirement is a
350 selector that contains values, a key, and an
351 operator that relates the key and values.
352 properties:
353 key:
354 description: key is the label key that the
355 selector applies to.
356 type: string
357 operator:
358 description: operator represents a key's relationship
359 to a set of values. Valid operators are
360 In, NotIn, Exists and DoesNotExist.
361 type: string
362 values:
363 description: values is an array of string
364 values. If the operator is In or NotIn,
365 the values array must be non-empty. If the
366 operator is Exists or DoesNotExist, the
367 values array must be empty. This array is
368 replaced during a strategic merge patch.
369 items:
370 type: string
371 type: array
372 required:
373 - key
374 - operator
375 type: object
376 type: array
377 matchLabels:
378 additionalProperties:
379 type: string
380 description: matchLabels is a map of {key,value}
381 pairs. A single {key,value} in the matchLabels
382 map is equivalent to an element of matchExpressions,
383 whose key field is "key", the operator is "In",
384 and the values array contains only "value". The
385 requirements are ANDed.
386 type: object
387 type: object
388 x-kubernetes-map-type: atomic
389 type: object
390 type: object
391 hostname:
392 description: "Hostname specifies the virtual hostname to match
393 for protocol types that define this concept. When unspecified,
394 all hostnames are matched. This field is ignored for protocols
395 that don't require hostname based matching. \n Implementations
396 MUST apply Hostname matching appropriately for each of the
397 following protocols: \n * TLS: The Listener Hostname MUST
398 match the SNI. * HTTP: The Listener Hostname MUST match the
399 Host header of the request. * HTTPS: The Listener Hostname
400 SHOULD match at both the TLS and HTTP protocol layers as described
401 above. If an implementation does not ensure that both the
402 SNI and Host header match the Listener hostname, it MUST clearly
403 document that. \n For HTTPRoute and TLSRoute resources, there
404 is an interaction with the `spec.hostnames` array. When both
405 listener and route specify hostnames, there MUST be an intersection
406 between the values for a Route to be accepted. For more information,
407 refer to the Route specific Hostnames documentation. \n Hostnames
408 that are prefixed with a wildcard label (`*.`) are interpreted
409 as a suffix match. That means that a match for `*.example.com`
410 would match both `test.example.com`, and `foo.test.example.com`,
411 but not `example.com`. \n Support: Core"
412 maxLength: 253
413 minLength: 1
414 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
415 type: string
416 name:
417 description: "Name is the name of the Listener. This name MUST
418 be unique within a Gateway. \n Support: Core"
419 maxLength: 253
420 minLength: 1
421 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
422 type: string
423 port:
424 description: "Port is the network port. Multiple listeners may
425 use the same port, subject to the Listener compatibility rules.
426 \n Support: Core"
427 format: int32
428 maximum: 65535
429 minimum: 1
430 type: integer
431 protocol:
432 description: "Protocol specifies the network protocol this listener
433 expects to receive. \n Support: Core"
434 maxLength: 255
435 minLength: 1
436 pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
437 type: string
438 tls:
439 description: "TLS is the TLS configuration for the Listener.
440 This field is required if the Protocol field is \"HTTPS\"
441 or \"TLS\". It is invalid to set this field if the Protocol
442 field is \"HTTP\", \"TCP\", or \"UDP\". \n The association
443 of SNIs to Certificate defined in GatewayTLSConfig is defined
444 based on the Hostname field for this listener. \n The GatewayClass
445 MUST use the longest matching SNI out of all available certificates
446 for any TLS handshake. \n Support: Core"
447 properties:
448 certificateRefs:
449 description: "CertificateRefs contains a series of references
450 to Kubernetes objects that contains TLS certificates and
451 private keys. These certificates are used to establish
452 a TLS handshake for requests that match the hostname of
453 the associated listener. \n A single CertificateRef to
454 a Kubernetes Secret has \"Core\" support. Implementations
455 MAY choose to support attaching multiple certificates
456 to a Listener, but this behavior is implementation-specific.
457 \n References to a resource in different namespace are
458 invalid UNLESS there is a ReferenceGrant in the target
459 namespace that allows the certificate to be attached.
460 If a ReferenceGrant does not allow this reference, the
461 \"ResolvedRefs\" condition MUST be set to False for this
462 listener with the \"RefNotPermitted\" reason. \n This
463 field is required to have at least one element when the
464 mode is set to \"Terminate\" (default) and is optional
465 otherwise. \n CertificateRefs can reference to standard
466 Kubernetes resources, i.e. Secret, or implementation-specific
467 custom resources. \n Support: Core - A single reference
468 to a Kubernetes Secret of type kubernetes.io/tls \n Support:
469 Implementation-specific (More than one reference or other
470 resource types)"
471 items:
472 description: "SecretObjectReference identifies an API
473 object including its namespace, defaulting to Secret.
474 \n The API object must be valid in the cluster; the
475 Group and Kind must be registered in the cluster for
476 this reference to be valid. \n References to objects
477 with invalid Group and Kind are not valid, and must
478 be rejected by the implementation, with appropriate
479 Conditions set on the containing object."
480 properties:
481 group:
482 default: ""
483 description: Group is the group of the referent. For
484 example, "gateway.networking.k8s.io". When unspecified
485 or empty string, core API group is inferred.
486 maxLength: 253
487 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
488 type: string
489 kind:
490 default: Secret
491 description: Kind is kind of the referent. For example
492 "Secret".
493 maxLength: 63
494 minLength: 1
495 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
496 type: string
497 name:
498 description: Name is the name of the referent.
499 maxLength: 253
500 minLength: 1
501 type: string
502 namespace:
503 description: "Namespace is the namespace of the referenced
504 object. When unspecified, the local namespace is
505 inferred. \n Note that when a namespace different
506 than the local namespace is specified, a ReferenceGrant
507 object is required in the referent namespace to
508 allow that namespace's owner to accept the reference.
509 See the ReferenceGrant documentation for details.
510 \n Support: Core"
511 maxLength: 63
512 minLength: 1
513 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
514 type: string
515 required:
516 - name
517 type: object
518 maxItems: 64
519 type: array
520 mode:
521 default: Terminate
522 description: "Mode defines the TLS behavior for the TLS
523 session initiated by the client. There are two possible
524 modes: \n - Terminate: The TLS session between the downstream
525 client and the Gateway is terminated at the Gateway. This
526 mode requires certificateRefs to be set and contain at
527 least one element. - Passthrough: The TLS session is NOT
528 terminated by the Gateway. This implies that the Gateway
529 can't decipher the TLS stream except for the ClientHello
530 message of the TLS protocol. CertificateRefs field is
531 ignored in this mode. \n Support: Core"
532 enum:
533 - Terminate
534 - Passthrough
535 type: string
536 options:
537 additionalProperties:
538 description: AnnotationValue is the value of an annotation
539 in Gateway API. This is used for validation of maps
540 such as TLS options. This roughly matches Kubernetes
541 annotation validation, although the length validation
542 in that case is based on the entire size of the annotations
543 struct.
544 maxLength: 4096
545 minLength: 0
546 type: string
547 description: "Options are a list of key/value pairs to enable
548 extended TLS configuration for each implementation. For
549 example, configuring the minimum TLS version or supported
550 cipher suites. \n A set of common keys MAY be defined
551 by the API in the future. To avoid any ambiguity, implementation-specific
552 definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`.
553 Un-prefixed names are reserved for key names defined by
554 Gateway API. \n Support: Implementation-specific"
555 maxProperties: 16
556 type: object
557 type: object
558 x-kubernetes-validations:
559 - message: certificateRefs must be specified when TLSModeType
560 is Terminate
561 rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs)
562 > 0 : true'
563 required:
564 - name
565 - port
566 - protocol
567 type: object
568 maxItems: 64
569 minItems: 1
570 type: array
571 x-kubernetes-list-map-keys:
572 - name
573 x-kubernetes-list-type: map
574 x-kubernetes-validations:
575 - message: tls must be specified for protocols ['HTTPS', 'TLS']
576 rule: 'self.all(l, l.protocol in [''HTTPS'', ''TLS''] ? has(l.tls)
577 : true)'
578 - message: tls must not be specified for protocols ['HTTP', 'TCP',
579 'UDP']
580 rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ?
581 !has(l.tls) : true)'
582 - message: hostname must not be specified for protocols ['TCP', 'UDP']
583 rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname)
584 || l.hostname == '''') : true)'
585 - message: Listener name must be unique within the Gateway
586 rule: self.all(l1, self.exists_one(l2, l1.name == l2.name))
587 - message: Combination of port, protocol and hostname must be unique
588 for each listener
589 rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol
590 == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname
591 == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))'
592 required:
593 - gatewayClassName
594 - listeners
595 type: object
596 status:
597 default:
598 conditions:
599 - lastTransitionTime: "1970-01-01T00:00:00Z"
600 message: Waiting for controller
601 reason: Pending
602 status: Unknown
603 type: Accepted
604 - lastTransitionTime: "1970-01-01T00:00:00Z"
605 message: Waiting for controller
606 reason: Pending
607 status: Unknown
608 type: Programmed
609 description: Status defines the current state of Gateway.
610 properties:
611 addresses:
612 description: "Addresses lists the network addresses that have been
613 bound to the Gateway. \n This list may differ from the addresses
614 provided in the spec under some conditions: \n * no addresses are
615 specified, all addresses are dynamically assigned * a combination
616 of specified and dynamic addresses are assigned * a specified address
617 was unusable (e.g. already in use) \n "
618 items:
619 description: GatewayStatusAddress describes a network address that
620 is bound to a Gateway.
621 oneOf:
622 - properties:
623 type:
624 enum:
625 - IPAddress
626 value:
627 anyOf:
628 - format: ipv4
629 - format: ipv6
630 - properties:
631 type:
632 not:
633 enum:
634 - IPAddress
635 properties:
636 type:
637 default: IPAddress
638 description: Type of the address.
639 maxLength: 253
640 minLength: 1
641 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
642 type: string
643 value:
644 description: "Value of the address. The validity of the values
645 will depend on the type and support by the controller. \n
646 Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
647 maxLength: 253
648 minLength: 1
649 type: string
650 required:
651 - value
652 type: object
653 x-kubernetes-validations:
654 - message: Hostname value must only contain valid characters (matching
655 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
656 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
657 true'
658 maxItems: 16
659 type: array
660 conditions:
661 default:
662 - lastTransitionTime: "1970-01-01T00:00:00Z"
663 message: Waiting for controller
664 reason: Pending
665 status: Unknown
666 type: Accepted
667 - lastTransitionTime: "1970-01-01T00:00:00Z"
668 message: Waiting for controller
669 reason: Pending
670 status: Unknown
671 type: Programmed
672 description: "Conditions describe the current conditions of the Gateway.
673 \n Implementations should prefer to express Gateway conditions using
674 the `GatewayConditionType` and `GatewayConditionReason` constants
675 so that operators and tools can converge on a common vocabulary
676 to describe Gateway state. \n Known condition types are: \n * \"Accepted\"
677 * \"Programmed\" * \"Ready\""
678 items:
679 description: "Condition contains details for one aspect of the current
680 state of this API Resource. --- This struct is intended for direct
681 use as an array at the field path .status.conditions. For example,
682 \n type FooStatus struct{ // Represents the observations of a
683 foo's current state. // Known .status.conditions.type are: \"Available\",
684 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
685 // +listType=map // +listMapKey=type Conditions []metav1.Condition
686 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
687 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
688 properties:
689 lastTransitionTime:
690 description: lastTransitionTime is the last time the condition
691 transitioned from one status to another. This should be when
692 the underlying condition changed. If that is not known, then
693 using the time when the API field changed is acceptable.
694 format: date-time
695 type: string
696 message:
697 description: message is a human readable message indicating
698 details about the transition. This may be an empty string.
699 maxLength: 32768
700 type: string
701 observedGeneration:
702 description: observedGeneration represents the .metadata.generation
703 that the condition was set based upon. For instance, if .metadata.generation
704 is currently 12, but the .status.conditions[x].observedGeneration
705 is 9, the condition is out of date with respect to the current
706 state of the instance.
707 format: int64
708 minimum: 0
709 type: integer
710 reason:
711 description: reason contains a programmatic identifier indicating
712 the reason for the condition's last transition. Producers
713 of specific condition types may define expected values and
714 meanings for this field, and whether the values are considered
715 a guaranteed API. The value should be a CamelCase string.
716 This field may not be empty.
717 maxLength: 1024
718 minLength: 1
719 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
720 type: string
721 status:
722 description: status of the condition, one of True, False, Unknown.
723 enum:
724 - "True"
725 - "False"
726 - Unknown
727 type: string
728 type:
729 description: type of condition in CamelCase or in foo.example.com/CamelCase.
730 --- Many .condition.type values are consistent across resources
731 like Available, but because arbitrary conditions can be useful
732 (see .node.status.conditions), the ability to deconflict is
733 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
734 maxLength: 316
735 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
736 type: string
737 required:
738 - lastTransitionTime
739 - message
740 - reason
741 - status
742 - type
743 type: object
744 maxItems: 8
745 type: array
746 x-kubernetes-list-map-keys:
747 - type
748 x-kubernetes-list-type: map
749 listeners:
750 description: Listeners provide status for each unique listener port
751 defined in the Spec.
752 items:
753 description: ListenerStatus is the status associated with a Listener.
754 properties:
755 attachedRoutes:
756 description: "AttachedRoutes represents the total number of
757 Routes that have been successfully attached to this Listener.
758 \n Successful attachment of a Route to a Listener is based
759 solely on the combination of the AllowedRoutes field on the
760 corresponding Listener and the Route's ParentRefs field. A
761 Route is successfully attached to a Listener when it is selected
762 by the Listener's AllowedRoutes field AND the Route has a
763 valid ParentRef selecting the whole Gateway resource or a
764 specific Listener as a parent resource (more detail on attachment
765 semantics can be found in the documentation on the various
766 Route kinds ParentRefs fields). Listener or Route status does
767 not impact successful attachment, i.e. the AttachedRoutes
768 field count MUST be set for Listeners with condition Accepted:
769 false and MUST count successfully attached Routes that may
770 themselves have Accepted: false conditions. \n Uses for this
771 field include troubleshooting Route attachment and measuring
772 blast radius/impact of changes to a Listener."
773 format: int32
774 type: integer
775 conditions:
776 description: Conditions describe the current condition of this
777 listener.
778 items:
779 description: "Condition contains details for one aspect of
780 the current state of this API Resource. --- This struct
781 is intended for direct use as an array at the field path
782 .status.conditions. For example, \n type FooStatus struct{
783 // Represents the observations of a foo's current state.
784 // Known .status.conditions.type are: \"Available\", \"Progressing\",
785 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
786 // +listType=map // +listMapKey=type Conditions []metav1.Condition
787 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
788 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
789 }"
790 properties:
791 lastTransitionTime:
792 description: lastTransitionTime is the last time the condition
793 transitioned from one status to another. This should
794 be when the underlying condition changed. If that is
795 not known, then using the time when the API field changed
796 is acceptable.
797 format: date-time
798 type: string
799 message:
800 description: message is a human readable message indicating
801 details about the transition. This may be an empty string.
802 maxLength: 32768
803 type: string
804 observedGeneration:
805 description: observedGeneration represents the .metadata.generation
806 that the condition was set based upon. For instance,
807 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
808 is 9, the condition is out of date with respect to the
809 current state of the instance.
810 format: int64
811 minimum: 0
812 type: integer
813 reason:
814 description: reason contains a programmatic identifier
815 indicating the reason for the condition's last transition.
816 Producers of specific condition types may define expected
817 values and meanings for this field, and whether the
818 values are considered a guaranteed API. The value should
819 be a CamelCase string. This field may not be empty.
820 maxLength: 1024
821 minLength: 1
822 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
823 type: string
824 status:
825 description: status of the condition, one of True, False,
826 Unknown.
827 enum:
828 - "True"
829 - "False"
830 - Unknown
831 type: string
832 type:
833 description: type of condition in CamelCase or in foo.example.com/CamelCase.
834 --- Many .condition.type values are consistent across
835 resources like Available, but because arbitrary conditions
836 can be useful (see .node.status.conditions), the ability
837 to deconflict is important. The regex it matches is
838 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
839 maxLength: 316
840 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
841 type: string
842 required:
843 - lastTransitionTime
844 - message
845 - reason
846 - status
847 - type
848 type: object
849 maxItems: 8
850 type: array
851 x-kubernetes-list-map-keys:
852 - type
853 x-kubernetes-list-type: map
854 name:
855 description: Name is the name of the Listener that this status
856 corresponds to.
857 maxLength: 253
858 minLength: 1
859 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
860 type: string
861 supportedKinds:
862 description: "SupportedKinds is the list indicating the Kinds
863 supported by this listener. This MUST represent the kinds
864 an implementation supports for that Listener configuration.
865 \n If kinds are specified in Spec that are not supported,
866 they MUST NOT appear in this list and an implementation MUST
867 set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\"
868 reason. If both valid and invalid Route kinds are specified,
869 the implementation MUST reference the valid Route kinds that
870 have been specified."
871 items:
872 description: RouteGroupKind indicates the group and kind of
873 a Route resource.
874 properties:
875 group:
876 default: gateway.networking.k8s.io
877 description: Group is the group of the Route.
878 maxLength: 253
879 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
880 type: string
881 kind:
882 description: Kind is the kind of the Route.
883 maxLength: 63
884 minLength: 1
885 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
886 type: string
887 required:
888 - kind
889 type: object
890 maxItems: 8
891 type: array
892 required:
893 - attachedRoutes
894 - conditions
895 - name
896 - supportedKinds
897 type: object
898 maxItems: 64
899 type: array
900 x-kubernetes-list-map-keys:
901 - name
902 x-kubernetes-list-type: map
903 type: object
904 required:
905 - spec
906 type: object
907 served: true
908 storage: false
909 subresources:
910 status: {}
911 - additionalPrinterColumns:
912 - jsonPath: .spec.gatewayClassName
913 name: Class
914 type: string
915 - jsonPath: .status.addresses[*].value
916 name: Address
917 type: string
918 - jsonPath: .status.conditions[?(@.type=="Programmed")].status
919 name: Programmed
920 type: string
921 - jsonPath: .metadata.creationTimestamp
922 name: Age
923 type: date
924 name: v1beta1
925 schema:
926 openAPIV3Schema:
927 description: Gateway represents an instance of a service-traffic handling
928 infrastructure by binding Listeners to a set of IP addresses.
929 properties:
930 apiVersion:
931 description: 'APIVersion defines the versioned schema of this representation
932 of an object. Servers should convert recognized schemas to the latest
933 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
934 type: string
935 kind:
936 description: 'Kind is a string value representing the REST resource this
937 object represents. Servers may infer this from the endpoint the client
938 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
939 type: string
940 metadata:
941 type: object
942 spec:
943 description: Spec defines the desired state of Gateway.
944 properties:
945 addresses:
946 description: "Addresses requested for this Gateway. This is optional
947 and behavior can depend on the implementation. If a value is set
948 in the spec and the requested address is invalid or unavailable,
949 the implementation MUST indicate this in the associated entry in
950 GatewayStatus.Addresses. \n The Addresses field represents a request
951 for the address(es) on the \"outside of the Gateway\", that traffic
952 bound for this Gateway will use. This could be the IP address or
953 hostname of an external load balancer or other networking infrastructure,
954 or some other address that traffic will be sent to. \n If no Addresses
955 are specified, the implementation MAY schedule the Gateway in an
956 implementation-specific manner, assigning an appropriate set of
957 Addresses. \n The implementation MUST bind all Listeners to every
958 GatewayAddress that it assigns to the Gateway and add a corresponding
959 entry in GatewayStatus.Addresses. \n Support: Extended \n "
960 items:
961 description: GatewayAddress describes an address that can be bound
962 to a Gateway.
963 oneOf:
964 - properties:
965 type:
966 enum:
967 - IPAddress
968 value:
969 anyOf:
970 - format: ipv4
971 - format: ipv6
972 - properties:
973 type:
974 not:
975 enum:
976 - IPAddress
977 properties:
978 type:
979 default: IPAddress
980 description: Type of the address.
981 maxLength: 253
982 minLength: 1
983 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
984 type: string
985 value:
986 description: "Value of the address. The validity of the values
987 will depend on the type and support by the controller. \n
988 Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
989 maxLength: 253
990 minLength: 1
991 type: string
992 required:
993 - value
994 type: object
995 x-kubernetes-validations:
996 - message: Hostname value must only contain valid characters (matching
997 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
998 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
999 true'
1000 maxItems: 16
1001 type: array
1002 x-kubernetes-validations:
1003 - message: IPAddress values must be unique
1004 rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2,
1005 a2.type == a1.type && a2.value == a1.value) : true )'
1006 - message: Hostname values must be unique
1007 rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2,
1008 a2.type == a1.type && a2.value == a1.value) : true )'
1009 gatewayClassName:
1010 description: GatewayClassName used for this Gateway. This is the name
1011 of a GatewayClass resource.
1012 maxLength: 253
1013 minLength: 1
1014 type: string
1015 infrastructure:
1016 description: "Infrastructure defines infrastructure level attributes
1017 about this Gateway instance. \n Support: Core \n "
1018 properties:
1019 annotations:
1020 additionalProperties:
1021 description: AnnotationValue is the value of an annotation in
1022 Gateway API. This is used for validation of maps such as TLS
1023 options. This roughly matches Kubernetes annotation validation,
1024 although the length validation in that case is based on the
1025 entire size of the annotations struct.
1026 maxLength: 4096
1027 minLength: 0
1028 type: string
1029 description: "Annotations that SHOULD be applied to any resources
1030 created in response to this Gateway. \n For implementations
1031 creating other Kubernetes objects, this should be the `metadata.annotations`
1032 field on resources. For other implementations, this refers to
1033 any relevant (implementation specific) \"annotations\" concepts.
1034 \n An implementation may chose to add additional implementation-specific
1035 annotations as they see fit. \n Support: Extended"
1036 maxProperties: 8
1037 type: object
1038 labels:
1039 additionalProperties:
1040 description: AnnotationValue is the value of an annotation in
1041 Gateway API. This is used for validation of maps such as TLS
1042 options. This roughly matches Kubernetes annotation validation,
1043 although the length validation in that case is based on the
1044 entire size of the annotations struct.
1045 maxLength: 4096
1046 minLength: 0
1047 type: string
1048 description: "Labels that SHOULD be applied to any resources created
1049 in response to this Gateway. \n For implementations creating
1050 other Kubernetes objects, this should be the `metadata.labels`
1051 field on resources. For other implementations, this refers to
1052 any relevant (implementation specific) \"labels\" concepts.
1053 \n An implementation may chose to add additional implementation-specific
1054 labels as they see fit. \n Support: Extended"
1055 maxProperties: 8
1056 type: object
1057 type: object
1058 listeners:
1059 description: "Listeners associated with this Gateway. Listeners define
1060 logical endpoints that are bound on this Gateway's addresses. At
1061 least one Listener MUST be specified. \n Each Listener in a set
1062 of Listeners (for example, in a single Gateway) MUST be _distinct_,
1063 in that a traffic flow MUST be able to be assigned to exactly one
1064 listener. (This section uses \"set of Listeners\" rather than \"Listeners
1065 in a single Gateway\" because implementations MAY merge configuration
1066 from multiple Gateways onto a single data plane, and these rules
1067 _also_ apply in that case). \n Practically, this means that each
1068 listener in a set MUST have a unique combination of Port, Protocol,
1069 and, if supported by the protocol, Hostname. \n Some combinations
1070 of port, protocol, and TLS settings are considered Core support
1071 and MUST be supported by implementations based on their targeted
1072 conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80,
1073 Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode:
1074 Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port:
1075 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners
1076 have the following property: \n The implementation can match inbound
1077 requests to a single distinct Listener. When multiple Listeners
1078 share values for fields (for example, two Listeners with the same
1079 Port value), the implementation can match requests to only one of
1080 the Listeners using other Listener fields. \n For example, the following
1081 Listener scenarios are distinct: \n 1. Multiple Listeners with the
1082 same Port that all use the \"HTTP\" Protocol that all have unique
1083 Hostname values. 2. Multiple Listeners with the same Port that use
1084 either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname
1085 values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners,
1086 where no Listener with the same Protocol has the same Port value.
1087 \n Some fields in the Listener struct have possible values that
1088 affect whether the Listener is distinct. Hostname is particularly
1089 relevant for HTTP or HTTPS protocols. \n When using the Hostname
1090 value to select between same-Port, same-Protocol Listeners, the
1091 Hostname value must be different on each Listener for the Listener
1092 to be distinct. \n When the Listeners are distinct based on Hostname,
1093 inbound request hostnames MUST match from the most specific to least
1094 specific Hostname values to choose the correct Listener and its
1095 associated set of Routes. \n Exact matches must be processed before
1096 wildcard matches, and wildcard matches must be processed before
1097 fallback (empty Hostname value) matches. For example, `\"foo.example.com\"`
1098 takes precedence over `\"*.example.com\"`, and `\"*.example.com\"`
1099 takes precedence over `\"\"`. \n Additionally, if there are multiple
1100 wildcard entries, more specific wildcard entries must be processed
1101 before less specific wildcard entries. For example, `\"*.foo.example.com\"`
1102 takes precedence over `\"*.example.com\"`. The precise definition
1103 here is that the higher the number of dots in the hostname to the
1104 right of the wildcard character, the higher the precedence. \n The
1105 wildcard character will match any number of characters _and dots_
1106 to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"`
1107 _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners
1108 that are not distinct, then those Listeners are Conflicted, and
1109 the implementation MUST set the \"Conflicted\" condition in the
1110 Listener Status to \"True\". \n Implementations MAY choose to accept
1111 a Gateway with some Conflicted Listeners only if they only accept
1112 the partial Listener set that contains no Conflicted Listeners.
1113 To put this another way, implementations may accept a partial Listener
1114 set only if they throw out *all* the conflicting Listeners. No picking
1115 one of the conflicting listeners as the winner. This also means
1116 that the Gateway must have at least one non-conflicting Listener
1117 in this case, otherwise it violates the requirement that at least
1118 one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\"
1119 condition on the Gateway Status when the Gateway contains Conflicted
1120 Listeners whether or not they accept the Gateway. That Condition
1121 SHOULD clearly indicate in the Message which Listeners are conflicted,
1122 and which are Accepted. Additionally, the Listener status for those
1123 listeners SHOULD indicate which Listeners are conflicted and not
1124 Accepted. \n A Gateway's Listeners are considered \"compatible\"
1125 if: \n 1. They are distinct. 2. The implementation can serve them
1126 in compliance with the Addresses requirement that all Listeners
1127 are available on all assigned addresses. \n Compatible combinations
1128 in Extended support are expected to vary across implementations.
1129 A combination that is compatible for one implementation may not
1130 be compatible for another. \n For example, an implementation that
1131 cannot serve both TCP and UDP listeners on the same address, or
1132 cannot mix HTTPS and generic TLS listens on the same port would
1133 not consider those cases compatible, even though they are distinct.
1134 \n Note that requests SHOULD match at most one Listener. For example,
1135 if Listeners are defined for \"foo.example.com\" and \"*.example.com\",
1136 a request to \"foo.example.com\" SHOULD only be routed using routes
1137 attached to the \"foo.example.com\" Listener (and not the \"*.example.com\"
1138 Listener). This concept is known as \"Listener Isolation\". Implementations
1139 that do not support Listener Isolation MUST clearly document this.
1140 \n Implementations MAY merge separate Gateways onto a single set
1141 of Addresses if all Listeners across all Gateways are compatible.
1142 \n Support: Core"
1143 items:
1144 description: Listener embodies the concept of a logical endpoint
1145 where a Gateway accepts network connections.
1146 properties:
1147 allowedRoutes:
1148 default:
1149 namespaces:
1150 from: Same
1151 description: "AllowedRoutes defines the types of routes that
1152 MAY be attached to a Listener and the trusted namespaces where
1153 those Route resources MAY be present. \n Although a client
1154 request may match multiple route rules, only one rule may
1155 ultimately receive the request. Matching precedence MUST be
1156 determined in order of the following criteria: \n * The most
1157 specific match as defined by the Route type. * The oldest
1158 Route based on creation timestamp. For example, a Route with
1159 a creation timestamp of \"2020-09-08 01:02:03\" is given precedence
1160 over a Route with a creation timestamp of \"2020-09-08 01:02:04\".
1161 * If everything else is equivalent, the Route appearing first
1162 in alphabetical order (namespace/name) should be given precedence.
1163 For example, foo/bar is given precedence over foo/baz. \n
1164 All valid rules within a Route attached to this Listener should
1165 be implemented. Invalid Route rules can be ignored (sometimes
1166 that will mean the full Route). If a Route rule transitions
1167 from valid to invalid, support for that Route rule should
1168 be dropped to ensure consistency. For example, even if a filter
1169 specified by a Route rule is invalid, the rest of the rules
1170 within that Route should still be supported. \n Support: Core"
1171 properties:
1172 kinds:
1173 description: "Kinds specifies the groups and kinds of Routes
1174 that are allowed to bind to this Gateway Listener. When
1175 unspecified or empty, the kinds of Routes selected are
1176 determined using the Listener protocol. \n A RouteGroupKind
1177 MUST correspond to kinds of Routes that are compatible
1178 with the application protocol specified in the Listener's
1179 Protocol field. If an implementation does not support
1180 or recognize this resource type, it MUST set the \"ResolvedRefs\"
1181 condition to False for this Listener with the \"InvalidRouteKinds\"
1182 reason. \n Support: Core"
1183 items:
1184 description: RouteGroupKind indicates the group and kind
1185 of a Route resource.
1186 properties:
1187 group:
1188 default: gateway.networking.k8s.io
1189 description: Group is the group of the Route.
1190 maxLength: 253
1191 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1192 type: string
1193 kind:
1194 description: Kind is the kind of the Route.
1195 maxLength: 63
1196 minLength: 1
1197 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1198 type: string
1199 required:
1200 - kind
1201 type: object
1202 maxItems: 8
1203 type: array
1204 namespaces:
1205 default:
1206 from: Same
1207 description: "Namespaces indicates namespaces from which
1208 Routes may be attached to this Listener. This is restricted
1209 to the namespace of this Gateway by default. \n Support:
1210 Core"
1211 properties:
1212 from:
1213 default: Same
1214 description: "From indicates where Routes will be selected
1215 for this Gateway. Possible values are: \n * All: Routes
1216 in all namespaces may be used by this Gateway. * Selector:
1217 Routes in namespaces selected by the selector may
1218 be used by this Gateway. * Same: Only Routes in the
1219 same namespace may be used by this Gateway. \n Support:
1220 Core"
1221 enum:
1222 - All
1223 - Selector
1224 - Same
1225 type: string
1226 selector:
1227 description: "Selector must be specified when From is
1228 set to \"Selector\". In that case, only Routes in
1229 Namespaces matching this Selector will be selected
1230 by this Gateway. This field is ignored for other values
1231 of \"From\". \n Support: Core"
1232 properties:
1233 matchExpressions:
1234 description: matchExpressions is a list of label
1235 selector requirements. The requirements are ANDed.
1236 items:
1237 description: A label selector requirement is a
1238 selector that contains values, a key, and an
1239 operator that relates the key and values.
1240 properties:
1241 key:
1242 description: key is the label key that the
1243 selector applies to.
1244 type: string
1245 operator:
1246 description: operator represents a key's relationship
1247 to a set of values. Valid operators are
1248 In, NotIn, Exists and DoesNotExist.
1249 type: string
1250 values:
1251 description: values is an array of string
1252 values. If the operator is In or NotIn,
1253 the values array must be non-empty. If the
1254 operator is Exists or DoesNotExist, the
1255 values array must be empty. This array is
1256 replaced during a strategic merge patch.
1257 items:
1258 type: string
1259 type: array
1260 required:
1261 - key
1262 - operator
1263 type: object
1264 type: array
1265 matchLabels:
1266 additionalProperties:
1267 type: string
1268 description: matchLabels is a map of {key,value}
1269 pairs. A single {key,value} in the matchLabels
1270 map is equivalent to an element of matchExpressions,
1271 whose key field is "key", the operator is "In",
1272 and the values array contains only "value". The
1273 requirements are ANDed.
1274 type: object
1275 type: object
1276 x-kubernetes-map-type: atomic
1277 type: object
1278 type: object
1279 hostname:
1280 description: "Hostname specifies the virtual hostname to match
1281 for protocol types that define this concept. When unspecified,
1282 all hostnames are matched. This field is ignored for protocols
1283 that don't require hostname based matching. \n Implementations
1284 MUST apply Hostname matching appropriately for each of the
1285 following protocols: \n * TLS: The Listener Hostname MUST
1286 match the SNI. * HTTP: The Listener Hostname MUST match the
1287 Host header of the request. * HTTPS: The Listener Hostname
1288 SHOULD match at both the TLS and HTTP protocol layers as described
1289 above. If an implementation does not ensure that both the
1290 SNI and Host header match the Listener hostname, it MUST clearly
1291 document that. \n For HTTPRoute and TLSRoute resources, there
1292 is an interaction with the `spec.hostnames` array. When both
1293 listener and route specify hostnames, there MUST be an intersection
1294 between the values for a Route to be accepted. For more information,
1295 refer to the Route specific Hostnames documentation. \n Hostnames
1296 that are prefixed with a wildcard label (`*.`) are interpreted
1297 as a suffix match. That means that a match for `*.example.com`
1298 would match both `test.example.com`, and `foo.test.example.com`,
1299 but not `example.com`. \n Support: Core"
1300 maxLength: 253
1301 minLength: 1
1302 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1303 type: string
1304 name:
1305 description: "Name is the name of the Listener. This name MUST
1306 be unique within a Gateway. \n Support: Core"
1307 maxLength: 253
1308 minLength: 1
1309 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1310 type: string
1311 port:
1312 description: "Port is the network port. Multiple listeners may
1313 use the same port, subject to the Listener compatibility rules.
1314 \n Support: Core"
1315 format: int32
1316 maximum: 65535
1317 minimum: 1
1318 type: integer
1319 protocol:
1320 description: "Protocol specifies the network protocol this listener
1321 expects to receive. \n Support: Core"
1322 maxLength: 255
1323 minLength: 1
1324 pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
1325 type: string
1326 tls:
1327 description: "TLS is the TLS configuration for the Listener.
1328 This field is required if the Protocol field is \"HTTPS\"
1329 or \"TLS\". It is invalid to set this field if the Protocol
1330 field is \"HTTP\", \"TCP\", or \"UDP\". \n The association
1331 of SNIs to Certificate defined in GatewayTLSConfig is defined
1332 based on the Hostname field for this listener. \n The GatewayClass
1333 MUST use the longest matching SNI out of all available certificates
1334 for any TLS handshake. \n Support: Core"
1335 properties:
1336 certificateRefs:
1337 description: "CertificateRefs contains a series of references
1338 to Kubernetes objects that contains TLS certificates and
1339 private keys. These certificates are used to establish
1340 a TLS handshake for requests that match the hostname of
1341 the associated listener. \n A single CertificateRef to
1342 a Kubernetes Secret has \"Core\" support. Implementations
1343 MAY choose to support attaching multiple certificates
1344 to a Listener, but this behavior is implementation-specific.
1345 \n References to a resource in different namespace are
1346 invalid UNLESS there is a ReferenceGrant in the target
1347 namespace that allows the certificate to be attached.
1348 If a ReferenceGrant does not allow this reference, the
1349 \"ResolvedRefs\" condition MUST be set to False for this
1350 listener with the \"RefNotPermitted\" reason. \n This
1351 field is required to have at least one element when the
1352 mode is set to \"Terminate\" (default) and is optional
1353 otherwise. \n CertificateRefs can reference to standard
1354 Kubernetes resources, i.e. Secret, or implementation-specific
1355 custom resources. \n Support: Core - A single reference
1356 to a Kubernetes Secret of type kubernetes.io/tls \n Support:
1357 Implementation-specific (More than one reference or other
1358 resource types)"
1359 items:
1360 description: "SecretObjectReference identifies an API
1361 object including its namespace, defaulting to Secret.
1362 \n The API object must be valid in the cluster; the
1363 Group and Kind must be registered in the cluster for
1364 this reference to be valid. \n References to objects
1365 with invalid Group and Kind are not valid, and must
1366 be rejected by the implementation, with appropriate
1367 Conditions set on the containing object."
1368 properties:
1369 group:
1370 default: ""
1371 description: Group is the group of the referent. For
1372 example, "gateway.networking.k8s.io". When unspecified
1373 or empty string, core API group is inferred.
1374 maxLength: 253
1375 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1376 type: string
1377 kind:
1378 default: Secret
1379 description: Kind is kind of the referent. For example
1380 "Secret".
1381 maxLength: 63
1382 minLength: 1
1383 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1384 type: string
1385 name:
1386 description: Name is the name of the referent.
1387 maxLength: 253
1388 minLength: 1
1389 type: string
1390 namespace:
1391 description: "Namespace is the namespace of the referenced
1392 object. When unspecified, the local namespace is
1393 inferred. \n Note that when a namespace different
1394 than the local namespace is specified, a ReferenceGrant
1395 object is required in the referent namespace to
1396 allow that namespace's owner to accept the reference.
1397 See the ReferenceGrant documentation for details.
1398 \n Support: Core"
1399 maxLength: 63
1400 minLength: 1
1401 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1402 type: string
1403 required:
1404 - name
1405 type: object
1406 maxItems: 64
1407 type: array
1408 mode:
1409 default: Terminate
1410 description: "Mode defines the TLS behavior for the TLS
1411 session initiated by the client. There are two possible
1412 modes: \n - Terminate: The TLS session between the downstream
1413 client and the Gateway is terminated at the Gateway. This
1414 mode requires certificateRefs to be set and contain at
1415 least one element. - Passthrough: The TLS session is NOT
1416 terminated by the Gateway. This implies that the Gateway
1417 can't decipher the TLS stream except for the ClientHello
1418 message of the TLS protocol. CertificateRefs field is
1419 ignored in this mode. \n Support: Core"
1420 enum:
1421 - Terminate
1422 - Passthrough
1423 type: string
1424 options:
1425 additionalProperties:
1426 description: AnnotationValue is the value of an annotation
1427 in Gateway API. This is used for validation of maps
1428 such as TLS options. This roughly matches Kubernetes
1429 annotation validation, although the length validation
1430 in that case is based on the entire size of the annotations
1431 struct.
1432 maxLength: 4096
1433 minLength: 0
1434 type: string
1435 description: "Options are a list of key/value pairs to enable
1436 extended TLS configuration for each implementation. For
1437 example, configuring the minimum TLS version or supported
1438 cipher suites. \n A set of common keys MAY be defined
1439 by the API in the future. To avoid any ambiguity, implementation-specific
1440 definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`.
1441 Un-prefixed names are reserved for key names defined by
1442 Gateway API. \n Support: Implementation-specific"
1443 maxProperties: 16
1444 type: object
1445 type: object
1446 x-kubernetes-validations:
1447 - message: certificateRefs must be specified when TLSModeType
1448 is Terminate
1449 rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs)
1450 > 0 : true'
1451 required:
1452 - name
1453 - port
1454 - protocol
1455 type: object
1456 maxItems: 64
1457 minItems: 1
1458 type: array
1459 x-kubernetes-list-map-keys:
1460 - name
1461 x-kubernetes-list-type: map
1462 x-kubernetes-validations:
1463 - message: tls must be specified for protocols ['HTTPS', 'TLS']
1464 rule: 'self.all(l, l.protocol in [''HTTPS'', ''TLS''] ? has(l.tls)
1465 : true)'
1466 - message: tls must not be specified for protocols ['HTTP', 'TCP',
1467 'UDP']
1468 rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ?
1469 !has(l.tls) : true)'
1470 - message: hostname must not be specified for protocols ['TCP', 'UDP']
1471 rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname)
1472 || l.hostname == '''') : true)'
1473 - message: Listener name must be unique within the Gateway
1474 rule: self.all(l1, self.exists_one(l2, l1.name == l2.name))
1475 - message: Combination of port, protocol and hostname must be unique
1476 for each listener
1477 rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol
1478 == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname
1479 == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))'
1480 required:
1481 - gatewayClassName
1482 - listeners
1483 type: object
1484 status:
1485 default:
1486 conditions:
1487 - lastTransitionTime: "1970-01-01T00:00:00Z"
1488 message: Waiting for controller
1489 reason: Pending
1490 status: Unknown
1491 type: Accepted
1492 - lastTransitionTime: "1970-01-01T00:00:00Z"
1493 message: Waiting for controller
1494 reason: Pending
1495 status: Unknown
1496 type: Programmed
1497 description: Status defines the current state of Gateway.
1498 properties:
1499 addresses:
1500 description: "Addresses lists the network addresses that have been
1501 bound to the Gateway. \n This list may differ from the addresses
1502 provided in the spec under some conditions: \n * no addresses are
1503 specified, all addresses are dynamically assigned * a combination
1504 of specified and dynamic addresses are assigned * a specified address
1505 was unusable (e.g. already in use) \n "
1506 items:
1507 description: GatewayStatusAddress describes a network address that
1508 is bound to a Gateway.
1509 oneOf:
1510 - properties:
1511 type:
1512 enum:
1513 - IPAddress
1514 value:
1515 anyOf:
1516 - format: ipv4
1517 - format: ipv6
1518 - properties:
1519 type:
1520 not:
1521 enum:
1522 - IPAddress
1523 properties:
1524 type:
1525 default: IPAddress
1526 description: Type of the address.
1527 maxLength: 253
1528 minLength: 1
1529 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
1530 type: string
1531 value:
1532 description: "Value of the address. The validity of the values
1533 will depend on the type and support by the controller. \n
1534 Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
1535 maxLength: 253
1536 minLength: 1
1537 type: string
1538 required:
1539 - value
1540 type: object
1541 x-kubernetes-validations:
1542 - message: Hostname value must only contain valid characters (matching
1543 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
1544 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
1545 true'
1546 maxItems: 16
1547 type: array
1548 conditions:
1549 default:
1550 - lastTransitionTime: "1970-01-01T00:00:00Z"
1551 message: Waiting for controller
1552 reason: Pending
1553 status: Unknown
1554 type: Accepted
1555 - lastTransitionTime: "1970-01-01T00:00:00Z"
1556 message: Waiting for controller
1557 reason: Pending
1558 status: Unknown
1559 type: Programmed
1560 description: "Conditions describe the current conditions of the Gateway.
1561 \n Implementations should prefer to express Gateway conditions using
1562 the `GatewayConditionType` and `GatewayConditionReason` constants
1563 so that operators and tools can converge on a common vocabulary
1564 to describe Gateway state. \n Known condition types are: \n * \"Accepted\"
1565 * \"Programmed\" * \"Ready\""
1566 items:
1567 description: "Condition contains details for one aspect of the current
1568 state of this API Resource. --- This struct is intended for direct
1569 use as an array at the field path .status.conditions. For example,
1570 \n type FooStatus struct{ // Represents the observations of a
1571 foo's current state. // Known .status.conditions.type are: \"Available\",
1572 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1573 // +listType=map // +listMapKey=type Conditions []metav1.Condition
1574 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1575 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
1576 properties:
1577 lastTransitionTime:
1578 description: lastTransitionTime is the last time the condition
1579 transitioned from one status to another. This should be when
1580 the underlying condition changed. If that is not known, then
1581 using the time when the API field changed is acceptable.
1582 format: date-time
1583 type: string
1584 message:
1585 description: message is a human readable message indicating
1586 details about the transition. This may be an empty string.
1587 maxLength: 32768
1588 type: string
1589 observedGeneration:
1590 description: observedGeneration represents the .metadata.generation
1591 that the condition was set based upon. For instance, if .metadata.generation
1592 is currently 12, but the .status.conditions[x].observedGeneration
1593 is 9, the condition is out of date with respect to the current
1594 state of the instance.
1595 format: int64
1596 minimum: 0
1597 type: integer
1598 reason:
1599 description: reason contains a programmatic identifier indicating
1600 the reason for the condition's last transition. Producers
1601 of specific condition types may define expected values and
1602 meanings for this field, and whether the values are considered
1603 a guaranteed API. The value should be a CamelCase string.
1604 This field may not be empty.
1605 maxLength: 1024
1606 minLength: 1
1607 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1608 type: string
1609 status:
1610 description: status of the condition, one of True, False, Unknown.
1611 enum:
1612 - "True"
1613 - "False"
1614 - Unknown
1615 type: string
1616 type:
1617 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1618 --- Many .condition.type values are consistent across resources
1619 like Available, but because arbitrary conditions can be useful
1620 (see .node.status.conditions), the ability to deconflict is
1621 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1622 maxLength: 316
1623 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1624 type: string
1625 required:
1626 - lastTransitionTime
1627 - message
1628 - reason
1629 - status
1630 - type
1631 type: object
1632 maxItems: 8
1633 type: array
1634 x-kubernetes-list-map-keys:
1635 - type
1636 x-kubernetes-list-type: map
1637 listeners:
1638 description: Listeners provide status for each unique listener port
1639 defined in the Spec.
1640 items:
1641 description: ListenerStatus is the status associated with a Listener.
1642 properties:
1643 attachedRoutes:
1644 description: "AttachedRoutes represents the total number of
1645 Routes that have been successfully attached to this Listener.
1646 \n Successful attachment of a Route to a Listener is based
1647 solely on the combination of the AllowedRoutes field on the
1648 corresponding Listener and the Route's ParentRefs field. A
1649 Route is successfully attached to a Listener when it is selected
1650 by the Listener's AllowedRoutes field AND the Route has a
1651 valid ParentRef selecting the whole Gateway resource or a
1652 specific Listener as a parent resource (more detail on attachment
1653 semantics can be found in the documentation on the various
1654 Route kinds ParentRefs fields). Listener or Route status does
1655 not impact successful attachment, i.e. the AttachedRoutes
1656 field count MUST be set for Listeners with condition Accepted:
1657 false and MUST count successfully attached Routes that may
1658 themselves have Accepted: false conditions. \n Uses for this
1659 field include troubleshooting Route attachment and measuring
1660 blast radius/impact of changes to a Listener."
1661 format: int32
1662 type: integer
1663 conditions:
1664 description: Conditions describe the current condition of this
1665 listener.
1666 items:
1667 description: "Condition contains details for one aspect of
1668 the current state of this API Resource. --- This struct
1669 is intended for direct use as an array at the field path
1670 .status.conditions. For example, \n type FooStatus struct{
1671 // Represents the observations of a foo's current state.
1672 // Known .status.conditions.type are: \"Available\", \"Progressing\",
1673 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1674 // +listType=map // +listMapKey=type Conditions []metav1.Condition
1675 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1676 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
1677 }"
1678 properties:
1679 lastTransitionTime:
1680 description: lastTransitionTime is the last time the condition
1681 transitioned from one status to another. This should
1682 be when the underlying condition changed. If that is
1683 not known, then using the time when the API field changed
1684 is acceptable.
1685 format: date-time
1686 type: string
1687 message:
1688 description: message is a human readable message indicating
1689 details about the transition. This may be an empty string.
1690 maxLength: 32768
1691 type: string
1692 observedGeneration:
1693 description: observedGeneration represents the .metadata.generation
1694 that the condition was set based upon. For instance,
1695 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
1696 is 9, the condition is out of date with respect to the
1697 current state of the instance.
1698 format: int64
1699 minimum: 0
1700 type: integer
1701 reason:
1702 description: reason contains a programmatic identifier
1703 indicating the reason for the condition's last transition.
1704 Producers of specific condition types may define expected
1705 values and meanings for this field, and whether the
1706 values are considered a guaranteed API. The value should
1707 be a CamelCase string. This field may not be empty.
1708 maxLength: 1024
1709 minLength: 1
1710 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1711 type: string
1712 status:
1713 description: status of the condition, one of True, False,
1714 Unknown.
1715 enum:
1716 - "True"
1717 - "False"
1718 - Unknown
1719 type: string
1720 type:
1721 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1722 --- Many .condition.type values are consistent across
1723 resources like Available, but because arbitrary conditions
1724 can be useful (see .node.status.conditions), the ability
1725 to deconflict is important. The regex it matches is
1726 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1727 maxLength: 316
1728 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1729 type: string
1730 required:
1731 - lastTransitionTime
1732 - message
1733 - reason
1734 - status
1735 - type
1736 type: object
1737 maxItems: 8
1738 type: array
1739 x-kubernetes-list-map-keys:
1740 - type
1741 x-kubernetes-list-type: map
1742 name:
1743 description: Name is the name of the Listener that this status
1744 corresponds to.
1745 maxLength: 253
1746 minLength: 1
1747 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1748 type: string
1749 supportedKinds:
1750 description: "SupportedKinds is the list indicating the Kinds
1751 supported by this listener. This MUST represent the kinds
1752 an implementation supports for that Listener configuration.
1753 \n If kinds are specified in Spec that are not supported,
1754 they MUST NOT appear in this list and an implementation MUST
1755 set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\"
1756 reason. If both valid and invalid Route kinds are specified,
1757 the implementation MUST reference the valid Route kinds that
1758 have been specified."
1759 items:
1760 description: RouteGroupKind indicates the group and kind of
1761 a Route resource.
1762 properties:
1763 group:
1764 default: gateway.networking.k8s.io
1765 description: Group is the group of the Route.
1766 maxLength: 253
1767 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1768 type: string
1769 kind:
1770 description: Kind is the kind of the Route.
1771 maxLength: 63
1772 minLength: 1
1773 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1774 type: string
1775 required:
1776 - kind
1777 type: object
1778 maxItems: 8
1779 type: array
1780 required:
1781 - attachedRoutes
1782 - conditions
1783 - name
1784 - supportedKinds
1785 type: object
1786 maxItems: 64
1787 type: array
1788 x-kubernetes-list-map-keys:
1789 - name
1790 x-kubernetes-list-type: map
1791 type: object
1792 required:
1793 - spec
1794 type: object
1795 served: true
1796 storage: true
1797 subresources:
1798 status: {}
1799status:
1800 acceptedNames:
1801 kind: ""
1802 plural: ""
1803 conditions: null
1804 storedVersions: null
View as plain text