1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
6 gateway.networking.k8s.io/bundle-version: v1.0.0
7 gateway.networking.k8s.io/channel: experimental
8 creationTimestamp: null
9 name: grpcroutes.gateway.networking.k8s.io
10spec:
11 group: gateway.networking.k8s.io
12 names:
13 categories:
14 - gateway-api
15 kind: GRPCRoute
16 listKind: GRPCRouteList
17 plural: grpcroutes
18 singular: grpcroute
19 scope: Namespaced
20 versions:
21 - additionalPrinterColumns:
22 - jsonPath: .spec.hostnames
23 name: Hostnames
24 type: string
25 - jsonPath: .metadata.creationTimestamp
26 name: Age
27 type: date
28 name: v1alpha2
29 schema:
30 openAPIV3Schema:
31 description: "GRPCRoute provides a way to route gRPC requests. This includes
32 the capability to match requests by hostname, gRPC service, gRPC method,
33 or HTTP/2 header. Filters can be used to specify additional processing steps.
34 Backends specify where matching requests will be routed. \n GRPCRoute falls
35 under extended support within the Gateway API. Within the following specification,
36 the word \"MUST\" indicates that an implementation supporting GRPCRoute
37 must conform to the indicated requirement, but an implementation not supporting
38 this route type need not follow the requirement unless explicitly indicated.
39 \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType`
40 MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1,
41 i.e. via ALPN. If the implementation does not support this, then it MUST
42 set the \"Accepted\" condition to \"False\" for the affected listener with
43 a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2
44 connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute`
45 with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c,
46 https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade
47 from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4).
48 If the implementation does not support this, then it MUST set the \"Accepted\"
49 condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\".
50 Implementations MAY also accept HTTP/2 connections with an upgrade from
51 HTTP/1, i.e. without prior knowledge."
52 properties:
53 apiVersion:
54 description: 'APIVersion defines the versioned schema of this representation
55 of an object. Servers should convert recognized schemas to the latest
56 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
57 type: string
58 kind:
59 description: 'Kind is a string value representing the REST resource this
60 object represents. Servers may infer this from the endpoint the client
61 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
62 type: string
63 metadata:
64 type: object
65 spec:
66 description: Spec defines the desired state of GRPCRoute.
67 properties:
68 hostnames:
69 description: "Hostnames defines a set of hostnames to match against
70 the GRPC Host header to select a GRPCRoute to process the request.
71 This matches the RFC 1123 definition of a hostname with 2 notable
72 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
73 with a wildcard label (`*.`). The wildcard label MUST appear by
74 itself as the first label. \n If a hostname is specified by both
75 the Listener and GRPCRoute, there MUST be at least one intersecting
76 hostname for the GRPCRoute to be attached to the Listener. For example:
77 \n * A Listener with `test.example.com` as the hostname matches
78 GRPCRoutes that have either not specified any hostnames, or have
79 specified at least one of `test.example.com` or `*.example.com`.
80 * A Listener with `*.example.com` as the hostname matches GRPCRoutes
81 that have either not specified any hostnames or have specified at
82 least one hostname that matches the Listener hostname. For example,
83 `test.example.com` and `*.example.com` would both match. On the
84 other hand, `example.com` and `test.example.net` would not match.
85 \n Hostnames that are prefixed with a wildcard label (`*.`) are
86 interpreted as a suffix match. That means that a match for `*.example.com`
87 would match both `test.example.com`, and `foo.test.example.com`,
88 but not `example.com`. \n If both the Listener and GRPCRoute have
89 specified hostnames, any GRPCRoute hostnames that do not match the
90 Listener hostname MUST be ignored. For example, if a Listener specified
91 `*.example.com`, and the GRPCRoute specified `test.example.com`
92 and `test.example.net`, `test.example.net` MUST NOT be considered
93 for a match. \n If both the Listener and GRPCRoute have specified
94 hostnames, and none match with the criteria above, then the GRPCRoute
95 MUST NOT be accepted by the implementation. The implementation MUST
96 raise an 'Accepted' Condition with a status of `False` in the corresponding
97 RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute
98 is attached to a Listener and that listener already has another
99 Route (B) of the other type attached and the intersection of the
100 hostnames of A and B is non-empty, then the implementation MUST
101 accept exactly one of these two routes, determined by the following
102 criteria, in order: \n * The oldest Route based on creation timestamp.
103 * The Route appearing first in alphabetical order by \"{namespace}/{name}\".
104 \n The rejected Route MUST raise an 'Accepted' condition with a
105 status of 'False' in the corresponding RouteParentStatus. \n Support:
106 Core"
107 items:
108 description: "Hostname is the fully qualified domain name of a network
109 host. This matches the RFC 1123 definition of a hostname with
110 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
111 may be prefixed with a wildcard label (`*.`). The wildcard label
112 must appear by itself as the first label. \n Hostname can be \"precise\"
113 which is a domain name without the terminating dot of a network
114 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
115 name prefixed with a single wildcard label (e.g. `*.example.com`).
116 \n Note that as per RFC1035 and RFC1123, a *label* must consist
117 of lower case alphanumeric characters or '-', and must start and
118 end with an alphanumeric character. No other punctuation is allowed."
119 maxLength: 253
120 minLength: 1
121 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
122 type: string
123 maxItems: 16
124 type: array
125 parentRefs:
126 description: "ParentRefs references the resources (usually Gateways)
127 that a Route wants to be attached to. Note that the referenced parent
128 resource needs to allow this for the attachment to be complete.
129 For Gateways, that means the Gateway needs to allow attachment from
130 Routes of this kind and namespace. For Services, that means the
131 Service must either be in the same namespace for a \"producer\"
132 route, or the mesh implementation must support and allow \"consumer\"
133 routes for the referenced Service. ReferenceGrant is not applicable
134 for governing ParentRefs to Services - it is not possible to create
135 a \"producer\" route for a Service in a different namespace from
136 the Route. \n There are two kinds of parent resources with \"Core\"
137 support: \n * Gateway (Gateway conformance profile) * Service (Mesh
138 conformance profile, experimental, ClusterIP Services only) This
139 API may be extended in the future to support additional kinds of
140 parent resources. \n ParentRefs must be _distinct_. This means either
141 that: \n * They select different objects. If this is the case,
142 then parentRef entries are distinct. In terms of fields, this means
143 that the multi-part key defined by `group`, `kind`, `namespace`,
144 and `name` must be unique across all parentRef entries in the Route.
145 * They do not select different objects, but for each optional field
146 used, each ParentRef that selects the same object must set the same
147 set of optional fields to different values. If one ParentRef sets
148 a combination of optional fields, all must set the same combination.
149 \n Some examples: \n * If one ParentRef sets `sectionName`, all
150 ParentRefs referencing the same object must also set `sectionName`.
151 * If one ParentRef sets `port`, all ParentRefs referencing the same
152 object must also set `port`. * If one ParentRef sets `sectionName`
153 and `port`, all ParentRefs referencing the same object must also
154 set `sectionName` and `port`. \n It is possible to separately reference
155 multiple distinct objects that may be collapsed by an implementation.
156 For example, some implementations may choose to merge compatible
157 Gateway Listeners together. If that is the case, the list of routes
158 attached to those resources should also be merged. \n Note that
159 for ParentRefs that cross namespace boundaries, there are specific
160 rules. Cross-namespace references are only valid if they are explicitly
161 allowed by something in the namespace they are referring to. For
162 example, Gateway has the AllowedRoutes field, and ReferenceGrant
163 provides a generic way to enable other kinds of cross-namespace
164 reference. \n ParentRefs from a Route to a Service in the same
165 namespace are \"producer\" routes, which apply default routing rules
166 to inbound connections from any namespace to the Service. \n ParentRefs
167 from a Route to a Service in a different namespace are \"consumer\"
168 routes, and these routing rules are only applied to outbound connections
169 originating from the same namespace as the Route, for which the
170 intended destination of the connections are a Service targeted as
171 a ParentRef of the Route. \n "
172 items:
173 description: "ParentReference identifies an API object (usually
174 a Gateway) that can be considered a parent of this resource (usually
175 a route). There are two kinds of parent resources with \"Core\"
176 support: \n * Gateway (Gateway conformance profile) * Service
177 (Mesh conformance profile, experimental, ClusterIP Services only)
178 \n This API may be extended in the future to support additional
179 kinds of parent resources. \n The API object must be valid in
180 the cluster; the Group and Kind must be registered in the cluster
181 for this reference to be valid."
182 properties:
183 group:
184 default: gateway.networking.k8s.io
185 description: "Group is the group of the referent. When unspecified,
186 \"gateway.networking.k8s.io\" is inferred. To set the core
187 API group (such as for a \"Service\" kind referent), Group
188 must be explicitly set to \"\" (empty string). \n Support:
189 Core"
190 maxLength: 253
191 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
192 type: string
193 kind:
194 default: Gateway
195 description: "Kind is kind of the referent. \n There are two
196 kinds of parent resources with \"Core\" support: \n * Gateway
197 (Gateway conformance profile) * Service (Mesh conformance
198 profile, experimental, ClusterIP Services only) \n Support
199 for other resources is Implementation-Specific."
200 maxLength: 63
201 minLength: 1
202 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
203 type: string
204 name:
205 description: "Name is the name of the referent. \n Support:
206 Core"
207 maxLength: 253
208 minLength: 1
209 type: string
210 namespace:
211 description: "Namespace is the namespace of the referent. When
212 unspecified, this refers to the local namespace of the Route.
213 \n Note that there are specific rules for ParentRefs which
214 cross namespace boundaries. Cross-namespace references are
215 only valid if they are explicitly allowed by something in
216 the namespace they are referring to. For example: Gateway
217 has the AllowedRoutes field, and ReferenceGrant provides a
218 generic way to enable any other kind of cross-namespace reference.
219 \n ParentRefs from a Route to a Service in the same namespace
220 are \"producer\" routes, which apply default routing rules
221 to inbound connections from any namespace to the Service.
222 \n ParentRefs from a Route to a Service in a different namespace
223 are \"consumer\" routes, and these routing rules are only
224 applied to outbound connections originating from the same
225 namespace as the Route, for which the intended destination
226 of the connections are a Service targeted as a ParentRef of
227 the Route. \n Support: Core"
228 maxLength: 63
229 minLength: 1
230 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
231 type: string
232 port:
233 description: "Port is the network port this Route targets. It
234 can be interpreted differently based on the type of parent
235 resource. \n When the parent resource is a Gateway, this targets
236 all listeners listening on the specified port that also support
237 this kind of Route(and select this Route). It's not recommended
238 to set `Port` unless the networking behaviors specified in
239 a Route must apply to a specific port as opposed to a listener(s)
240 whose port(s) may be changed. When both Port and SectionName
241 are specified, the name and port of the selected listener
242 must match both specified values. \n When the parent resource
243 is a Service, this targets a specific port in the Service
244 spec. When both Port (experimental) and SectionName are specified,
245 the name and port of the selected port must match both specified
246 values. \n Implementations MAY choose to support other parent
247 resources. Implementations supporting other types of parent
248 resources MUST clearly document how/if Port is interpreted.
249 \n For the purpose of status, an attachment is considered
250 successful as long as the parent resource accepts it partially.
251 For example, Gateway listeners can restrict which Routes can
252 attach to them by Route kind, namespace, or hostname. If 1
253 of 2 Gateway listeners accept attachment from the referencing
254 Route, the Route MUST be considered successfully attached.
255 If no Gateway listeners accept attachment from this Route,
256 the Route MUST be considered detached from the Gateway. \n
257 Support: Extended \n "
258 format: int32
259 maximum: 65535
260 minimum: 1
261 type: integer
262 sectionName:
263 description: "SectionName is the name of a section within the
264 target resource. In the following resources, SectionName is
265 interpreted as the following: \n * Gateway: Listener Name.
266 When both Port (experimental) and SectionName are specified,
267 the name and port of the selected listener must match both
268 specified values. * Service: Port Name. When both Port (experimental)
269 and SectionName are specified, the name and port of the selected
270 listener must match both specified values. Note that attaching
271 Routes to Services as Parents is part of experimental Mesh
272 support and is not supported for any other purpose. \n Implementations
273 MAY choose to support attaching Routes to other resources.
274 If that is the case, they MUST clearly document how SectionName
275 is interpreted. \n When unspecified (empty string), this will
276 reference the entire resource. For the purpose of status,
277 an attachment is considered successful if at least one section
278 in the parent resource accepts it. For example, Gateway listeners
279 can restrict which Routes can attach to them by Route kind,
280 namespace, or hostname. If 1 of 2 Gateway listeners accept
281 attachment from the referencing Route, the Route MUST be considered
282 successfully attached. If no Gateway listeners accept attachment
283 from this Route, the Route MUST be considered detached from
284 the Gateway. \n Support: Core"
285 maxLength: 253
286 minLength: 1
287 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
288 type: string
289 required:
290 - name
291 type: object
292 maxItems: 32
293 type: array
294 x-kubernetes-validations:
295 - message: sectionName or port must be specified when parentRefs includes
296 2 or more references to the same parent
297 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind
298 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
299 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__
300 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
301 p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName)
302 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName
303 == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port)
304 || p2.port == 0)): true))'
305 - message: sectionName or port must be unique when parentRefs includes
306 2 or more references to the same parent
307 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind
308 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
309 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__
310 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
311 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName)
312 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName
313 == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName
314 == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port)
315 || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port
316 == p2.port))))
317 rules:
318 description: Rules are a list of GRPC matchers, filters and actions.
319 items:
320 description: GRPCRouteRule defines the semantics for matching a
321 gRPC request based on conditions (matches), processing it (filters),
322 and forwarding the request to an API object (backendRefs).
323 properties:
324 backendRefs:
325 description: "BackendRefs defines the backend(s) where matching
326 requests should be sent. \n Failure behavior here depends
327 on how many BackendRefs are specified and how many are invalid.
328 \n If *all* entries in BackendRefs are invalid, and there
329 are also no filters specified in this route rule, *all* traffic
330 which matches this rule MUST receive an `UNAVAILABLE` status.
331 \n See the GRPCBackendRef definition for the rules about what
332 makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef
333 is invalid, `UNAVAILABLE` statuses MUST be returned for requests
334 that would have otherwise been routed to an invalid backend.
335 If multiple backends are specified, and some are invalid,
336 the proportion of requests that would otherwise have been
337 routed to an invalid backend MUST receive an `UNAVAILABLE`
338 status. \n For example, if two backends are specified with
339 equal weights, and one is invalid, 50 percent of traffic MUST
340 receive an `UNAVAILABLE` status. Implementations may choose
341 how that 50 percent is determined. \n Support: Core for Kubernetes
342 Service \n Support: Implementation-specific for any other
343 resource \n Support for weight: Core"
344 items:
345 description: "GRPCBackendRef defines how a GRPCRoute forwards
346 a gRPC request. \n Note that when a namespace different
347 than the local namespace is specified, a ReferenceGrant
348 object is required in the referent namespace to allow that
349 namespace's owner to accept the reference. See the ReferenceGrant
350 documentation for details. \n <gateway:experimental:description>
351 \n When the BackendRef points to a Kubernetes Service, implementations
352 SHOULD honor the appProtocol field if it is set for the
353 target Service Port. \n Implementations supporting appProtocol
354 SHOULD recognize the Kubernetes Standard Application Protocols
355 defined in KEP-3726. \n If a Service appProtocol isn't specified,
356 an implementation MAY infer the backend protocol through
357 its own means. Implementations MAY infer the protocol from
358 the Route type referring to the backend Service. \n If a
359 Route is not able to send traffic to the backend using the
360 specified protocol then the backend is considered invalid.
361 Implementations MUST set the \"ResolvedRefs\" condition
362 to \"False\" with the \"UnsupportedProtocol\" reason. \n
363 </gateway:experimental:description>"
364 properties:
365 filters:
366 description: "Filters defined at this level MUST be executed
367 if and only if the request is being forwarded to the
368 backend defined here. \n Support: Implementation-specific
369 (For broader support of filters, use the Filters field
370 in GRPCRouteRule.)"
371 items:
372 description: GRPCRouteFilter defines processing steps
373 that must be completed during the request or response
374 lifecycle. GRPCRouteFilters are meant as an extension
375 point to express processing that may be done in Gateway
376 implementations. Some examples include request or
377 response modification, implementing authentication
378 strategies, rate-limiting, and traffic shaping. API
379 guarantee/conformance is defined based on the type
380 of the filter.
381 properties:
382 extensionRef:
383 description: "ExtensionRef is an optional, implementation-specific
384 extension to the \"filter\" behavior. For example,
385 resource \"myroutefilter\" in group \"networking.example.net\").
386 ExtensionRef MUST NOT be used for core and extended
387 filters. \n Support: Implementation-specific \n
388 This filter can be used multiple times within
389 the same rule."
390 properties:
391 group:
392 description: Group is the group of the referent.
393 For example, "gateway.networking.k8s.io".
394 When unspecified or empty string, core API
395 group is inferred.
396 maxLength: 253
397 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
398 type: string
399 kind:
400 description: Kind is kind of the referent. For
401 example "HTTPRoute" or "Service".
402 maxLength: 63
403 minLength: 1
404 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
405 type: string
406 name:
407 description: Name is the name of the referent.
408 maxLength: 253
409 minLength: 1
410 type: string
411 required:
412 - group
413 - kind
414 - name
415 type: object
416 requestHeaderModifier:
417 description: "RequestHeaderModifier defines a schema
418 for a filter that modifies request headers. \n
419 Support: Core"
420 properties:
421 add:
422 description: "Add adds the given header(s) (name,
423 value) to the request before the action. It
424 appends to any existing values associated
425 with the header name. \n Input: GET /foo HTTP/1.1
426 my-header: foo \n Config: add: - name: \"my-header\"
427 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
428 my-header: foo,bar,baz"
429 items:
430 description: HTTPHeader represents an HTTP
431 Header name and value as defined by RFC
432 7230.
433 properties:
434 name:
435 description: "Name is the name of the
436 HTTP Header to be matched. Name matching
437 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
438 \n If multiple entries specify equivalent
439 header names, the first entry with an
440 equivalent name MUST be considered for
441 a match. Subsequent entries with an
442 equivalent header name MUST be ignored.
443 Due to the case-insensitivity of header
444 names, \"foo\" and \"Foo\" are considered
445 equivalent."
446 maxLength: 256
447 minLength: 1
448 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
449 type: string
450 value:
451 description: Value is the value of HTTP
452 Header to be matched.
453 maxLength: 4096
454 minLength: 1
455 type: string
456 required:
457 - name
458 - value
459 type: object
460 maxItems: 16
461 type: array
462 x-kubernetes-list-map-keys:
463 - name
464 x-kubernetes-list-type: map
465 remove:
466 description: "Remove the given header(s) from
467 the HTTP request before the action. The value
468 of Remove is a list of HTTP header names.
469 Note that the header names are case-insensitive
470 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
471 \n Input: GET /foo HTTP/1.1 my-header1: foo
472 my-header2: bar my-header3: baz \n Config:
473 remove: [\"my-header1\", \"my-header3\"] \n
474 Output: GET /foo HTTP/1.1 my-header2: bar"
475 items:
476 type: string
477 maxItems: 16
478 type: array
479 x-kubernetes-list-type: set
480 set:
481 description: "Set overwrites the request with
482 the given header (name, value) before the
483 action. \n Input: GET /foo HTTP/1.1 my-header:
484 foo \n Config: set: - name: \"my-header\"
485 value: \"bar\" \n Output: GET /foo HTTP/1.1
486 my-header: bar"
487 items:
488 description: HTTPHeader represents an HTTP
489 Header name and value as defined by RFC
490 7230.
491 properties:
492 name:
493 description: "Name is the name of the
494 HTTP Header to be matched. Name matching
495 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
496 \n If multiple entries specify equivalent
497 header names, the first entry with an
498 equivalent name MUST be considered for
499 a match. Subsequent entries with an
500 equivalent header name MUST be ignored.
501 Due to the case-insensitivity of header
502 names, \"foo\" and \"Foo\" are considered
503 equivalent."
504 maxLength: 256
505 minLength: 1
506 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
507 type: string
508 value:
509 description: Value is the value of HTTP
510 Header to be matched.
511 maxLength: 4096
512 minLength: 1
513 type: string
514 required:
515 - name
516 - value
517 type: object
518 maxItems: 16
519 type: array
520 x-kubernetes-list-map-keys:
521 - name
522 x-kubernetes-list-type: map
523 type: object
524 requestMirror:
525 description: "RequestMirror defines a schema for
526 a filter that mirrors requests. Requests are sent
527 to the specified destination, but responses from
528 that destination are ignored. \n This filter can
529 be used multiple times within the same rule. Note
530 that not all implementations will be able to support
531 mirroring to multiple backends. \n Support: Extended"
532 properties:
533 backendRef:
534 description: "BackendRef references a resource
535 where mirrored requests are sent. \n Mirrored
536 requests must be sent only to a single destination
537 endpoint within this BackendRef, irrespective
538 of how many endpoints are present within this
539 BackendRef. \n If the referent cannot be found,
540 this BackendRef is invalid and must be dropped
541 from the Gateway. The controller must ensure
542 the \"ResolvedRefs\" condition on the Route
543 status is set to `status: False` and not configure
544 this backend in the underlying implementation.
545 \n If there is a cross-namespace reference
546 to an *existing* object that is not allowed
547 by a ReferenceGrant, the controller must ensure
548 the \"ResolvedRefs\" condition on the Route
549 is set to `status: False`, with the \"RefNotPermitted\"
550 reason and not configure this backend in the
551 underlying implementation. \n In either error
552 case, the Message of the `ResolvedRefs` Condition
553 should be used to provide more detail about
554 the problem. \n Support: Extended for Kubernetes
555 Service \n Support: Implementation-specific
556 for any other resource"
557 properties:
558 group:
559 default: ""
560 description: Group is the group of the referent.
561 For example, "gateway.networking.k8s.io".
562 When unspecified or empty string, core
563 API group is inferred.
564 maxLength: 253
565 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
566 type: string
567 kind:
568 default: Service
569 description: "Kind is the Kubernetes resource
570 kind of the referent. For example \"Service\".
571 \n Defaults to \"Service\" when not specified.
572 \n ExternalName services can refer to
573 CNAME DNS records that may live outside
574 of the cluster and as such are difficult
575 to reason about in terms of conformance.
576 They also may not be safe to forward to
577 (see CVE-2021-25740 for more information).
578 Implementations SHOULD NOT support ExternalName
579 Services. \n Support: Core (Services with
580 a type other than ExternalName) \n Support:
581 Implementation-specific (Services with
582 type ExternalName)"
583 maxLength: 63
584 minLength: 1
585 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
586 type: string
587 name:
588 description: Name is the name of the referent.
589 maxLength: 253
590 minLength: 1
591 type: string
592 namespace:
593 description: "Namespace is the namespace
594 of the backend. When unspecified, the
595 local namespace is inferred. \n Note that
596 when a namespace different than the local
597 namespace is specified, a ReferenceGrant
598 object is required in the referent namespace
599 to allow that namespace's owner to accept
600 the reference. See the ReferenceGrant
601 documentation for details. \n Support:
602 Core"
603 maxLength: 63
604 minLength: 1
605 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
606 type: string
607 port:
608 description: Port specifies the destination
609 port number to use for this resource.
610 Port is required when the referent is
611 a Kubernetes Service. In this case, the
612 port number is the service port number,
613 not the target port. For other resources,
614 destination port might be derived from
615 the referent resource or this field.
616 format: int32
617 maximum: 65535
618 minimum: 1
619 type: integer
620 required:
621 - name
622 type: object
623 x-kubernetes-validations:
624 - message: Must have port for Service reference
625 rule: '(size(self.group) == 0 && self.kind
626 == ''Service'') ? has(self.port) : true'
627 required:
628 - backendRef
629 type: object
630 responseHeaderModifier:
631 description: "ResponseHeaderModifier defines a schema
632 for a filter that modifies response headers. \n
633 Support: Extended"
634 properties:
635 add:
636 description: "Add adds the given header(s) (name,
637 value) to the request before the action. It
638 appends to any existing values associated
639 with the header name. \n Input: GET /foo HTTP/1.1
640 my-header: foo \n Config: add: - name: \"my-header\"
641 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
642 my-header: foo,bar,baz"
643 items:
644 description: HTTPHeader represents an HTTP
645 Header name and value as defined by RFC
646 7230.
647 properties:
648 name:
649 description: "Name is the name of the
650 HTTP Header to be matched. Name matching
651 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
652 \n If multiple entries specify equivalent
653 header names, the first entry with an
654 equivalent name MUST be considered for
655 a match. Subsequent entries with an
656 equivalent header name MUST be ignored.
657 Due to the case-insensitivity of header
658 names, \"foo\" and \"Foo\" are considered
659 equivalent."
660 maxLength: 256
661 minLength: 1
662 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
663 type: string
664 value:
665 description: Value is the value of HTTP
666 Header to be matched.
667 maxLength: 4096
668 minLength: 1
669 type: string
670 required:
671 - name
672 - value
673 type: object
674 maxItems: 16
675 type: array
676 x-kubernetes-list-map-keys:
677 - name
678 x-kubernetes-list-type: map
679 remove:
680 description: "Remove the given header(s) from
681 the HTTP request before the action. The value
682 of Remove is a list of HTTP header names.
683 Note that the header names are case-insensitive
684 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
685 \n Input: GET /foo HTTP/1.1 my-header1: foo
686 my-header2: bar my-header3: baz \n Config:
687 remove: [\"my-header1\", \"my-header3\"] \n
688 Output: GET /foo HTTP/1.1 my-header2: bar"
689 items:
690 type: string
691 maxItems: 16
692 type: array
693 x-kubernetes-list-type: set
694 set:
695 description: "Set overwrites the request with
696 the given header (name, value) before the
697 action. \n Input: GET /foo HTTP/1.1 my-header:
698 foo \n Config: set: - name: \"my-header\"
699 value: \"bar\" \n Output: GET /foo HTTP/1.1
700 my-header: bar"
701 items:
702 description: HTTPHeader represents an HTTP
703 Header name and value as defined by RFC
704 7230.
705 properties:
706 name:
707 description: "Name is the name of the
708 HTTP Header to be matched. Name matching
709 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
710 \n If multiple entries specify equivalent
711 header names, the first entry with an
712 equivalent name MUST be considered for
713 a match. Subsequent entries with an
714 equivalent header name MUST be ignored.
715 Due to the case-insensitivity of header
716 names, \"foo\" and \"Foo\" are considered
717 equivalent."
718 maxLength: 256
719 minLength: 1
720 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
721 type: string
722 value:
723 description: Value is the value of HTTP
724 Header to be matched.
725 maxLength: 4096
726 minLength: 1
727 type: string
728 required:
729 - name
730 - value
731 type: object
732 maxItems: 16
733 type: array
734 x-kubernetes-list-map-keys:
735 - name
736 x-kubernetes-list-type: map
737 type: object
738 type:
739 description: "Type identifies the type of filter
740 to apply. As with other API fields, types are
741 classified into three conformance levels: \n -
742 Core: Filter types and their corresponding configuration
743 defined by \"Support: Core\" in this package,
744 e.g. \"RequestHeaderModifier\". All implementations
745 supporting GRPCRoute MUST support core filters.
746 \n - Extended: Filter types and their corresponding
747 configuration defined by \"Support: Extended\"
748 in this package, e.g. \"RequestMirror\". Implementers
749 are encouraged to support extended filters. \n
750 - Implementation-specific: Filters that are defined
751 and supported by specific vendors. In the future,
752 filters showing convergence in behavior across
753 multiple implementations will be considered for
754 inclusion in extended or core conformance levels.
755 Filter-specific configuration for such filters
756 is specified using the ExtensionRef field. `Type`
757 MUST be set to \"ExtensionRef\" for custom filters.
758 \n Implementers are encouraged to define custom
759 implementation types to extend the core API with
760 implementation-specific behavior. \n If a reference
761 to a custom filter type cannot be resolved, the
762 filter MUST NOT be skipped. Instead, requests
763 that would have been processed by that filter
764 MUST receive a HTTP error response. \n "
765 enum:
766 - ResponseHeaderModifier
767 - RequestHeaderModifier
768 - RequestMirror
769 - ExtensionRef
770 type: string
771 required:
772 - type
773 type: object
774 x-kubernetes-validations:
775 - message: filter.requestHeaderModifier must be nil
776 if the filter.type is not RequestHeaderModifier
777 rule: '!(has(self.requestHeaderModifier) && self.type
778 != ''RequestHeaderModifier'')'
779 - message: filter.requestHeaderModifier must be specified
780 for RequestHeaderModifier filter.type
781 rule: '!(!has(self.requestHeaderModifier) && self.type
782 == ''RequestHeaderModifier'')'
783 - message: filter.responseHeaderModifier must be nil
784 if the filter.type is not ResponseHeaderModifier
785 rule: '!(has(self.responseHeaderModifier) && self.type
786 != ''ResponseHeaderModifier'')'
787 - message: filter.responseHeaderModifier must be specified
788 for ResponseHeaderModifier filter.type
789 rule: '!(!has(self.responseHeaderModifier) && self.type
790 == ''ResponseHeaderModifier'')'
791 - message: filter.requestMirror must be nil if the filter.type
792 is not RequestMirror
793 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
794 - message: filter.requestMirror must be specified for
795 RequestMirror filter.type
796 rule: '!(!has(self.requestMirror) && self.type ==
797 ''RequestMirror'')'
798 - message: filter.extensionRef must be nil if the filter.type
799 is not ExtensionRef
800 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
801 - message: filter.extensionRef must be specified for
802 ExtensionRef filter.type
803 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
804 maxItems: 16
805 type: array
806 x-kubernetes-validations:
807 - message: RequestHeaderModifier filter cannot be repeated
808 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
809 <= 1
810 - message: ResponseHeaderModifier filter cannot be repeated
811 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
812 <= 1
813 group:
814 default: ""
815 description: Group is the group of the referent. For example,
816 "gateway.networking.k8s.io". When unspecified or empty
817 string, core API group is inferred.
818 maxLength: 253
819 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
820 type: string
821 kind:
822 default: Service
823 description: "Kind is the Kubernetes resource kind of
824 the referent. For example \"Service\". \n Defaults to
825 \"Service\" when not specified. \n ExternalName services
826 can refer to CNAME DNS records that may live outside
827 of the cluster and as such are difficult to reason about
828 in terms of conformance. They also may not be safe to
829 forward to (see CVE-2021-25740 for more information).
830 Implementations SHOULD NOT support ExternalName Services.
831 \n Support: Core (Services with a type other than ExternalName)
832 \n Support: Implementation-specific (Services with type
833 ExternalName)"
834 maxLength: 63
835 minLength: 1
836 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
837 type: string
838 name:
839 description: Name is the name of the referent.
840 maxLength: 253
841 minLength: 1
842 type: string
843 namespace:
844 description: "Namespace is the namespace of the backend.
845 When unspecified, the local namespace is inferred. \n
846 Note that when a namespace different than the local
847 namespace is specified, a ReferenceGrant object is required
848 in the referent namespace to allow that namespace's
849 owner to accept the reference. See the ReferenceGrant
850 documentation for details. \n Support: Core"
851 maxLength: 63
852 minLength: 1
853 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
854 type: string
855 port:
856 description: Port specifies the destination port number
857 to use for this resource. Port is required when the
858 referent is a Kubernetes Service. In this case, the
859 port number is the service port number, not the target
860 port. For other resources, destination port might be
861 derived from the referent resource or this field.
862 format: int32
863 maximum: 65535
864 minimum: 1
865 type: integer
866 weight:
867 default: 1
868 description: "Weight specifies the proportion of requests
869 forwarded to the referenced backend. This is computed
870 as weight/(sum of all weights in this BackendRefs list).
871 For non-zero values, there may be some epsilon from
872 the exact proportion defined here depending on the precision
873 an implementation supports. Weight is not a percentage
874 and the sum of weights does not need to equal 100. \n
875 If only one backend is specified and it has a weight
876 greater than 0, 100% of the traffic is forwarded to
877 that backend. If weight is set to 0, no traffic should
878 be forwarded for this entry. If unspecified, weight
879 defaults to 1. \n Support for this field varies based
880 on the context where used."
881 format: int32
882 maximum: 1000000
883 minimum: 0
884 type: integer
885 required:
886 - name
887 type: object
888 x-kubernetes-validations:
889 - message: Must have port for Service reference
890 rule: '(size(self.group) == 0 && self.kind == ''Service'')
891 ? has(self.port) : true'
892 maxItems: 16
893 type: array
894 filters:
895 description: "Filters define the filters that are applied to
896 requests that match this rule. \n The effects of ordering
897 of multiple behaviors are currently unspecified. This can
898 change in the future based on feedback during the alpha stage.
899 \n Conformance-levels at this level are defined based on the
900 type of filter: \n - ALL core filters MUST be supported by
901 all implementations that support GRPCRoute. - Implementers
902 are encouraged to support extended filters. - Implementation-specific
903 custom filters have no API guarantees across implementations.
904 \n Specifying the same filter multiple times is not supported
905 unless explicitly indicated in the filter. \n If an implementation
906 can not support a combination of filters, it must clearly
907 document that limitation. In cases where incompatible or unsupported
908 filters are specified and cause the `Accepted` condition to
909 be set to status `False`, implementations may use the `IncompatibleFilters`
910 reason to specify this configuration error. \n Support: Core"
911 items:
912 description: GRPCRouteFilter defines processing steps that
913 must be completed during the request or response lifecycle.
914 GRPCRouteFilters are meant as an extension point to express
915 processing that may be done in Gateway implementations.
916 Some examples include request or response modification,
917 implementing authentication strategies, rate-limiting, and
918 traffic shaping. API guarantee/conformance is defined based
919 on the type of the filter.
920 properties:
921 extensionRef:
922 description: "ExtensionRef is an optional, implementation-specific
923 extension to the \"filter\" behavior. For example,
924 resource \"myroutefilter\" in group \"networking.example.net\").
925 ExtensionRef MUST NOT be used for core and extended
926 filters. \n Support: Implementation-specific \n This
927 filter can be used multiple times within the same rule."
928 properties:
929 group:
930 description: Group is the group of the referent. For
931 example, "gateway.networking.k8s.io". When unspecified
932 or empty string, core API group is inferred.
933 maxLength: 253
934 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
935 type: string
936 kind:
937 description: Kind is kind of the referent. For example
938 "HTTPRoute" or "Service".
939 maxLength: 63
940 minLength: 1
941 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
942 type: string
943 name:
944 description: Name is the name of the referent.
945 maxLength: 253
946 minLength: 1
947 type: string
948 required:
949 - group
950 - kind
951 - name
952 type: object
953 requestHeaderModifier:
954 description: "RequestHeaderModifier defines a schema for
955 a filter that modifies request headers. \n Support:
956 Core"
957 properties:
958 add:
959 description: "Add adds the given header(s) (name,
960 value) to the request before the action. It appends
961 to any existing values associated with the header
962 name. \n Input: GET /foo HTTP/1.1 my-header: foo
963 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
964 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
965 items:
966 description: HTTPHeader represents an HTTP Header
967 name and value as defined by RFC 7230.
968 properties:
969 name:
970 description: "Name is the name of the HTTP Header
971 to be matched. Name matching MUST be case
972 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
973 \n If multiple entries specify equivalent
974 header names, the first entry with an equivalent
975 name MUST be considered for a match. Subsequent
976 entries with an equivalent header name MUST
977 be ignored. Due to the case-insensitivity
978 of header names, \"foo\" and \"Foo\" are considered
979 equivalent."
980 maxLength: 256
981 minLength: 1
982 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
983 type: string
984 value:
985 description: Value is the value of HTTP Header
986 to be matched.
987 maxLength: 4096
988 minLength: 1
989 type: string
990 required:
991 - name
992 - value
993 type: object
994 maxItems: 16
995 type: array
996 x-kubernetes-list-map-keys:
997 - name
998 x-kubernetes-list-type: map
999 remove:
1000 description: "Remove the given header(s) from the
1001 HTTP request before the action. The value of Remove
1002 is a list of HTTP header names. Note that the header
1003 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1004 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
1005 bar my-header3: baz \n Config: remove: [\"my-header1\",
1006 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
1007 bar"
1008 items:
1009 type: string
1010 maxItems: 16
1011 type: array
1012 x-kubernetes-list-type: set
1013 set:
1014 description: "Set overwrites the request with the
1015 given header (name, value) before the action. \n
1016 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
1017 set: - name: \"my-header\" value: \"bar\" \n Output:
1018 GET /foo HTTP/1.1 my-header: bar"
1019 items:
1020 description: HTTPHeader represents an HTTP Header
1021 name and value as defined by RFC 7230.
1022 properties:
1023 name:
1024 description: "Name is the name of the HTTP Header
1025 to be matched. Name matching MUST be case
1026 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1027 \n If multiple entries specify equivalent
1028 header names, the first entry with an equivalent
1029 name MUST be considered for a match. Subsequent
1030 entries with an equivalent header name MUST
1031 be ignored. Due to the case-insensitivity
1032 of header names, \"foo\" and \"Foo\" are considered
1033 equivalent."
1034 maxLength: 256
1035 minLength: 1
1036 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1037 type: string
1038 value:
1039 description: Value is the value of HTTP Header
1040 to be matched.
1041 maxLength: 4096
1042 minLength: 1
1043 type: string
1044 required:
1045 - name
1046 - value
1047 type: object
1048 maxItems: 16
1049 type: array
1050 x-kubernetes-list-map-keys:
1051 - name
1052 x-kubernetes-list-type: map
1053 type: object
1054 requestMirror:
1055 description: "RequestMirror defines a schema for a filter
1056 that mirrors requests. Requests are sent to the specified
1057 destination, but responses from that destination are
1058 ignored. \n This filter can be used multiple times within
1059 the same rule. Note that not all implementations will
1060 be able to support mirroring to multiple backends. \n
1061 Support: Extended"
1062 properties:
1063 backendRef:
1064 description: "BackendRef references a resource where
1065 mirrored requests are sent. \n Mirrored requests
1066 must be sent only to a single destination endpoint
1067 within this BackendRef, irrespective of how many
1068 endpoints are present within this BackendRef. \n
1069 If the referent cannot be found, this BackendRef
1070 is invalid and must be dropped from the Gateway.
1071 The controller must ensure the \"ResolvedRefs\"
1072 condition on the Route status is set to `status:
1073 False` and not configure this backend in the underlying
1074 implementation. \n If there is a cross-namespace
1075 reference to an *existing* object that is not allowed
1076 by a ReferenceGrant, the controller must ensure
1077 the \"ResolvedRefs\" condition on the Route is
1078 set to `status: False`, with the \"RefNotPermitted\"
1079 reason and not configure this backend in the underlying
1080 implementation. \n In either error case, the Message
1081 of the `ResolvedRefs` Condition should be used to
1082 provide more detail about the problem. \n Support:
1083 Extended for Kubernetes Service \n Support: Implementation-specific
1084 for any other resource"
1085 properties:
1086 group:
1087 default: ""
1088 description: Group is the group of the referent.
1089 For example, "gateway.networking.k8s.io". When
1090 unspecified or empty string, core API group
1091 is inferred.
1092 maxLength: 253
1093 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1094 type: string
1095 kind:
1096 default: Service
1097 description: "Kind is the Kubernetes resource
1098 kind of the referent. For example \"Service\".
1099 \n Defaults to \"Service\" when not specified.
1100 \n ExternalName services can refer to CNAME
1101 DNS records that may live outside of the cluster
1102 and as such are difficult to reason about in
1103 terms of conformance. They also may not be safe
1104 to forward to (see CVE-2021-25740 for more information).
1105 Implementations SHOULD NOT support ExternalName
1106 Services. \n Support: Core (Services with a
1107 type other than ExternalName) \n Support: Implementation-specific
1108 (Services with type ExternalName)"
1109 maxLength: 63
1110 minLength: 1
1111 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1112 type: string
1113 name:
1114 description: Name is the name of the referent.
1115 maxLength: 253
1116 minLength: 1
1117 type: string
1118 namespace:
1119 description: "Namespace is the namespace of the
1120 backend. When unspecified, the local namespace
1121 is inferred. \n Note that when a namespace different
1122 than the local namespace is specified, a ReferenceGrant
1123 object is required in the referent namespace
1124 to allow that namespace's owner to accept the
1125 reference. See the ReferenceGrant documentation
1126 for details. \n Support: Core"
1127 maxLength: 63
1128 minLength: 1
1129 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1130 type: string
1131 port:
1132 description: Port specifies the destination port
1133 number to use for this resource. Port is required
1134 when the referent is a Kubernetes Service. In
1135 this case, the port number is the service port
1136 number, not the target port. For other resources,
1137 destination port might be derived from the referent
1138 resource or this field.
1139 format: int32
1140 maximum: 65535
1141 minimum: 1
1142 type: integer
1143 required:
1144 - name
1145 type: object
1146 x-kubernetes-validations:
1147 - message: Must have port for Service reference
1148 rule: '(size(self.group) == 0 && self.kind == ''Service'')
1149 ? has(self.port) : true'
1150 required:
1151 - backendRef
1152 type: object
1153 responseHeaderModifier:
1154 description: "ResponseHeaderModifier defines a schema
1155 for a filter that modifies response headers. \n Support:
1156 Extended"
1157 properties:
1158 add:
1159 description: "Add adds the given header(s) (name,
1160 value) to the request before the action. It appends
1161 to any existing values associated with the header
1162 name. \n Input: GET /foo HTTP/1.1 my-header: foo
1163 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
1164 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
1165 items:
1166 description: HTTPHeader represents an HTTP Header
1167 name and value as defined by RFC 7230.
1168 properties:
1169 name:
1170 description: "Name is the name of the HTTP Header
1171 to be matched. Name matching MUST be case
1172 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1173 \n If multiple entries specify equivalent
1174 header names, the first entry with an equivalent
1175 name MUST be considered for a match. Subsequent
1176 entries with an equivalent header name MUST
1177 be ignored. Due to the case-insensitivity
1178 of header names, \"foo\" and \"Foo\" are considered
1179 equivalent."
1180 maxLength: 256
1181 minLength: 1
1182 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1183 type: string
1184 value:
1185 description: Value is the value of HTTP Header
1186 to be matched.
1187 maxLength: 4096
1188 minLength: 1
1189 type: string
1190 required:
1191 - name
1192 - value
1193 type: object
1194 maxItems: 16
1195 type: array
1196 x-kubernetes-list-map-keys:
1197 - name
1198 x-kubernetes-list-type: map
1199 remove:
1200 description: "Remove the given header(s) from the
1201 HTTP request before the action. The value of Remove
1202 is a list of HTTP header names. Note that the header
1203 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1204 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
1205 bar my-header3: baz \n Config: remove: [\"my-header1\",
1206 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
1207 bar"
1208 items:
1209 type: string
1210 maxItems: 16
1211 type: array
1212 x-kubernetes-list-type: set
1213 set:
1214 description: "Set overwrites the request with the
1215 given header (name, value) before the action. \n
1216 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
1217 set: - name: \"my-header\" value: \"bar\" \n Output:
1218 GET /foo HTTP/1.1 my-header: bar"
1219 items:
1220 description: HTTPHeader represents an HTTP Header
1221 name and value as defined by RFC 7230.
1222 properties:
1223 name:
1224 description: "Name is the name of the HTTP Header
1225 to be matched. Name matching MUST be case
1226 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1227 \n If multiple entries specify equivalent
1228 header names, the first entry with an equivalent
1229 name MUST be considered for a match. Subsequent
1230 entries with an equivalent header name MUST
1231 be ignored. Due to the case-insensitivity
1232 of header names, \"foo\" and \"Foo\" are considered
1233 equivalent."
1234 maxLength: 256
1235 minLength: 1
1236 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1237 type: string
1238 value:
1239 description: Value is the value of HTTP Header
1240 to be matched.
1241 maxLength: 4096
1242 minLength: 1
1243 type: string
1244 required:
1245 - name
1246 - value
1247 type: object
1248 maxItems: 16
1249 type: array
1250 x-kubernetes-list-map-keys:
1251 - name
1252 x-kubernetes-list-type: map
1253 type: object
1254 type:
1255 description: "Type identifies the type of filter to apply.
1256 As with other API fields, types are classified into
1257 three conformance levels: \n - Core: Filter types and
1258 their corresponding configuration defined by \"Support:
1259 Core\" in this package, e.g. \"RequestHeaderModifier\".
1260 All implementations supporting GRPCRoute MUST support
1261 core filters. \n - Extended: Filter types and their
1262 corresponding configuration defined by \"Support: Extended\"
1263 in this package, e.g. \"RequestMirror\". Implementers
1264 are encouraged to support extended filters. \n - Implementation-specific:
1265 Filters that are defined and supported by specific vendors.
1266 In the future, filters showing convergence in behavior
1267 across multiple implementations will be considered for
1268 inclusion in extended or core conformance levels. Filter-specific
1269 configuration for such filters is specified using the
1270 ExtensionRef field. `Type` MUST be set to \"ExtensionRef\"
1271 for custom filters. \n Implementers are encouraged to
1272 define custom implementation types to extend the core
1273 API with implementation-specific behavior. \n If a reference
1274 to a custom filter type cannot be resolved, the filter
1275 MUST NOT be skipped. Instead, requests that would have
1276 been processed by that filter MUST receive a HTTP error
1277 response. \n "
1278 enum:
1279 - ResponseHeaderModifier
1280 - RequestHeaderModifier
1281 - RequestMirror
1282 - ExtensionRef
1283 type: string
1284 required:
1285 - type
1286 type: object
1287 x-kubernetes-validations:
1288 - message: filter.requestHeaderModifier must be nil if the
1289 filter.type is not RequestHeaderModifier
1290 rule: '!(has(self.requestHeaderModifier) && self.type !=
1291 ''RequestHeaderModifier'')'
1292 - message: filter.requestHeaderModifier must be specified
1293 for RequestHeaderModifier filter.type
1294 rule: '!(!has(self.requestHeaderModifier) && self.type ==
1295 ''RequestHeaderModifier'')'
1296 - message: filter.responseHeaderModifier must be nil if the
1297 filter.type is not ResponseHeaderModifier
1298 rule: '!(has(self.responseHeaderModifier) && self.type !=
1299 ''ResponseHeaderModifier'')'
1300 - message: filter.responseHeaderModifier must be specified
1301 for ResponseHeaderModifier filter.type
1302 rule: '!(!has(self.responseHeaderModifier) && self.type
1303 == ''ResponseHeaderModifier'')'
1304 - message: filter.requestMirror must be nil if the filter.type
1305 is not RequestMirror
1306 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
1307 - message: filter.requestMirror must be specified for RequestMirror
1308 filter.type
1309 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')'
1310 - message: filter.extensionRef must be nil if the filter.type
1311 is not ExtensionRef
1312 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
1313 - message: filter.extensionRef must be specified for ExtensionRef
1314 filter.type
1315 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
1316 maxItems: 16
1317 type: array
1318 x-kubernetes-validations:
1319 - message: RequestHeaderModifier filter cannot be repeated
1320 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
1321 <= 1
1322 - message: ResponseHeaderModifier filter cannot be repeated
1323 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
1324 <= 1
1325 matches:
1326 description: "Matches define conditions used for matching the
1327 rule against incoming gRPC requests. Each match is independent,
1328 i.e. this rule will be matched if **any** one of the matches
1329 is satisfied. \n For example, take the following matches configuration:
1330 \n ``` matches: - method: service: foo.bar headers: values:
1331 version: 2 - method: service: foo.bar.v2 ``` \n For a request
1332 to match against this rule, it MUST satisfy EITHER of the
1333 two conditions: \n - service of foo.bar AND contains the header
1334 `version: 2` - service of foo.bar.v2 \n See the documentation
1335 for GRPCRouteMatch on how to specify multiple match conditions
1336 to be ANDed together. \n If no matches are specified, the
1337 implementation MUST match every gRPC request. \n Proxy or
1338 Load Balancer routing configuration generated from GRPCRoutes
1339 MUST prioritize rules based on the following criteria, continuing
1340 on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.
1341 Precedence MUST be given to the rule with the largest number
1342 of: \n * Characters in a matching non-wildcard hostname. *
1343 Characters in a matching hostname. * Characters in a matching
1344 service. * Characters in a matching method. * Header matches.
1345 \n If ties still exist across multiple Routes, matching precedence
1346 MUST be determined in order of the following criteria, continuing
1347 on ties: \n * The oldest Route based on creation timestamp.
1348 * The Route appearing first in alphabetical order by \"{namespace}/{name}\".
1349 \n If ties still exist within the Route that has been given
1350 precedence, matching precedence MUST be granted to the first
1351 matching rule meeting the above criteria."
1352 items:
1353 description: "GRPCRouteMatch defines the predicate used to
1354 match requests to a given action. Multiple match types are
1355 ANDed together, i.e. the match will evaluate to true only
1356 if all conditions are satisfied. \n For example, the match
1357 below will match a gRPC request only if its service is `foo`
1358 AND it contains the `version: v1` header: \n ``` matches:
1359 - method: type: Exact service: \"foo\" headers: - name:
1360 \"version\" value \"v1\" \n ```"
1361 properties:
1362 headers:
1363 description: Headers specifies gRPC request header matchers.
1364 Multiple match values are ANDed together, meaning, a
1365 request MUST match all the specified headers to select
1366 the route.
1367 items:
1368 description: GRPCHeaderMatch describes how to select
1369 a gRPC route by matching gRPC request headers.
1370 properties:
1371 name:
1372 description: "Name is the name of the gRPC Header
1373 to be matched. \n If multiple entries specify
1374 equivalent header names, only the first entry
1375 with an equivalent name MUST be considered for
1376 a match. Subsequent entries with an equivalent
1377 header name MUST be ignored. Due to the case-insensitivity
1378 of header names, \"foo\" and \"Foo\" are considered
1379 equivalent."
1380 maxLength: 256
1381 minLength: 1
1382 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1383 type: string
1384 type:
1385 default: Exact
1386 description: Type specifies how to match against
1387 the value of the header.
1388 enum:
1389 - Exact
1390 - RegularExpression
1391 type: string
1392 value:
1393 description: Value is the value of the gRPC Header
1394 to be matched.
1395 maxLength: 4096
1396 minLength: 1
1397 type: string
1398 required:
1399 - name
1400 - value
1401 type: object
1402 maxItems: 16
1403 type: array
1404 x-kubernetes-list-map-keys:
1405 - name
1406 x-kubernetes-list-type: map
1407 method:
1408 description: Method specifies a gRPC request service/method
1409 matcher. If this field is not specified, all services
1410 and methods will match.
1411 properties:
1412 method:
1413 description: "Value of the method to match against.
1414 If left empty or omitted, will match all services.
1415 \n At least one of Service and Method MUST be a
1416 non-empty string."
1417 maxLength: 1024
1418 type: string
1419 service:
1420 description: "Value of the service to match against.
1421 If left empty or omitted, will match any service.
1422 \n At least one of Service and Method MUST be a
1423 non-empty string."
1424 maxLength: 1024
1425 type: string
1426 type:
1427 default: Exact
1428 description: "Type specifies how to match against
1429 the service and/or method. Support: Core (Exact
1430 with service and method specified) \n Support: Implementation-specific
1431 (Exact with method specified but no service specified)
1432 \n Support: Implementation-specific (RegularExpression)"
1433 enum:
1434 - Exact
1435 - RegularExpression
1436 type: string
1437 type: object
1438 x-kubernetes-validations:
1439 - message: One or both of 'service' or 'method' must be
1440 specified
1441 rule: 'has(self.type) ? has(self.service) || has(self.method)
1442 : true'
1443 - message: service must only contain valid characters
1444 (matching ^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$)
1445 rule: '(!has(self.type) || self.type == ''Exact'') &&
1446 has(self.service) ? self.service.matches(r"""^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$"""):
1447 true'
1448 - message: method must only contain valid characters (matching
1449 ^[A-Za-z_][A-Za-z_0-9]*$)
1450 rule: '(!has(self.type) || self.type == ''Exact'') &&
1451 has(self.method) ? self.method.matches(r"""^[A-Za-z_][A-Za-z_0-9]*$"""):
1452 true'
1453 type: object
1454 maxItems: 8
1455 type: array
1456 type: object
1457 maxItems: 16
1458 type: array
1459 type: object
1460 status:
1461 description: Status defines the current state of GRPCRoute.
1462 properties:
1463 parents:
1464 description: "Parents is a list of parent resources (usually Gateways)
1465 that are associated with the route, and the status of the route
1466 with respect to each parent. When this route attaches to a parent,
1467 the controller that manages the parent must add an entry to this
1468 list when the controller first sees the route and should update
1469 the entry as appropriate when the route or gateway is modified.
1470 \n Note that parent references that cannot be resolved by an implementation
1471 of this API will not be added to this list. Implementations of this
1472 API can only populate Route status for the Gateways/parent resources
1473 they are responsible for. \n A maximum of 32 Gateways will be represented
1474 in this list. An empty list means the route has not been attached
1475 to any Gateway."
1476 items:
1477 description: RouteParentStatus describes the status of a route with
1478 respect to an associated Parent.
1479 properties:
1480 conditions:
1481 description: "Conditions describes the status of the route with
1482 respect to the Gateway. Note that the route's availability
1483 is also subject to the Gateway's own status conditions and
1484 listener status. \n If the Route's ParentRef specifies an
1485 existing Gateway that supports Routes of this kind AND that
1486 Gateway's controller has sufficient access, then that Gateway's
1487 controller MUST set the \"Accepted\" condition on the Route,
1488 to indicate whether the route has been accepted or rejected
1489 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
1490 if at least one of the Route's rules is implemented by the
1491 Gateway. \n There are a number of cases where the \"Accepted\"
1492 condition may not be set due to lack of controller visibility,
1493 that includes when: \n * The Route refers to a non-existent
1494 parent. * The Route is of a type that the controller does
1495 not support. * The Route is in a namespace the controller
1496 does not have access to."
1497 items:
1498 description: "Condition contains details for one aspect of
1499 the current state of this API Resource. --- This struct
1500 is intended for direct use as an array at the field path
1501 .status.conditions. For example, \n type FooStatus struct{
1502 // Represents the observations of a foo's current state.
1503 // Known .status.conditions.type are: \"Available\", \"Progressing\",
1504 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
1505 // +listType=map // +listMapKey=type Conditions []metav1.Condition
1506 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
1507 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
1508 }"
1509 properties:
1510 lastTransitionTime:
1511 description: lastTransitionTime is the last time the condition
1512 transitioned from one status to another. This should
1513 be when the underlying condition changed. If that is
1514 not known, then using the time when the API field changed
1515 is acceptable.
1516 format: date-time
1517 type: string
1518 message:
1519 description: message is a human readable message indicating
1520 details about the transition. This may be an empty string.
1521 maxLength: 32768
1522 type: string
1523 observedGeneration:
1524 description: observedGeneration represents the .metadata.generation
1525 that the condition was set based upon. For instance,
1526 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
1527 is 9, the condition is out of date with respect to the
1528 current state of the instance.
1529 format: int64
1530 minimum: 0
1531 type: integer
1532 reason:
1533 description: reason contains a programmatic identifier
1534 indicating the reason for the condition's last transition.
1535 Producers of specific condition types may define expected
1536 values and meanings for this field, and whether the
1537 values are considered a guaranteed API. The value should
1538 be a CamelCase string. This field may not be empty.
1539 maxLength: 1024
1540 minLength: 1
1541 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1542 type: string
1543 status:
1544 description: status of the condition, one of True, False,
1545 Unknown.
1546 enum:
1547 - "True"
1548 - "False"
1549 - Unknown
1550 type: string
1551 type:
1552 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1553 --- Many .condition.type values are consistent across
1554 resources like Available, but because arbitrary conditions
1555 can be useful (see .node.status.conditions), the ability
1556 to deconflict is important. The regex it matches is
1557 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
1558 maxLength: 316
1559 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1560 type: string
1561 required:
1562 - lastTransitionTime
1563 - message
1564 - reason
1565 - status
1566 - type
1567 type: object
1568 maxItems: 8
1569 minItems: 1
1570 type: array
1571 x-kubernetes-list-map-keys:
1572 - type
1573 x-kubernetes-list-type: map
1574 controllerName:
1575 description: "ControllerName is a domain/path string that indicates
1576 the name of the controller that wrote this status. This corresponds
1577 with the controllerName field on GatewayClass. \n Example:
1578 \"example.net/gateway-controller\". \n The format of this
1579 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
1580 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
1581 \n Controllers MUST populate this field when writing status.
1582 Controllers should ensure that entries to status populated
1583 with their ControllerName are cleaned up when they are no
1584 longer necessary."
1585 maxLength: 253
1586 minLength: 1
1587 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
1588 type: string
1589 parentRef:
1590 description: ParentRef corresponds with a ParentRef in the spec
1591 that this RouteParentStatus struct describes the status of.
1592 properties:
1593 group:
1594 default: gateway.networking.k8s.io
1595 description: "Group is the group of the referent. When unspecified,
1596 \"gateway.networking.k8s.io\" is inferred. To set the
1597 core API group (such as for a \"Service\" kind referent),
1598 Group must be explicitly set to \"\" (empty string). \n
1599 Support: Core"
1600 maxLength: 253
1601 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1602 type: string
1603 kind:
1604 default: Gateway
1605 description: "Kind is kind of the referent. \n There are
1606 two kinds of parent resources with \"Core\" support: \n
1607 * Gateway (Gateway conformance profile) * Service (Mesh
1608 conformance profile, experimental, ClusterIP Services
1609 only) \n Support for other resources is Implementation-Specific."
1610 maxLength: 63
1611 minLength: 1
1612 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1613 type: string
1614 name:
1615 description: "Name is the name of the referent. \n Support:
1616 Core"
1617 maxLength: 253
1618 minLength: 1
1619 type: string
1620 namespace:
1621 description: "Namespace is the namespace of the referent.
1622 When unspecified, this refers to the local namespace of
1623 the Route. \n Note that there are specific rules for ParentRefs
1624 which cross namespace boundaries. Cross-namespace references
1625 are only valid if they are explicitly allowed by something
1626 in the namespace they are referring to. For example: Gateway
1627 has the AllowedRoutes field, and ReferenceGrant provides
1628 a generic way to enable any other kind of cross-namespace
1629 reference. \n ParentRefs from a Route to a Service in
1630 the same namespace are \"producer\" routes, which apply
1631 default routing rules to inbound connections from any
1632 namespace to the Service. \n ParentRefs from a Route to
1633 a Service in a different namespace are \"consumer\" routes,
1634 and these routing rules are only applied to outbound connections
1635 originating from the same namespace as the Route, for
1636 which the intended destination of the connections are
1637 a Service targeted as a ParentRef of the Route. \n Support:
1638 Core"
1639 maxLength: 63
1640 minLength: 1
1641 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1642 type: string
1643 port:
1644 description: "Port is the network port this Route targets.
1645 It can be interpreted differently based on the type of
1646 parent resource. \n When the parent resource is a Gateway,
1647 this targets all listeners listening on the specified
1648 port that also support this kind of Route(and select this
1649 Route). It's not recommended to set `Port` unless the
1650 networking behaviors specified in a Route must apply to
1651 a specific port as opposed to a listener(s) whose port(s)
1652 may be changed. When both Port and SectionName are specified,
1653 the name and port of the selected listener must match
1654 both specified values. \n When the parent resource is
1655 a Service, this targets a specific port in the Service
1656 spec. When both Port (experimental) and SectionName are
1657 specified, the name and port of the selected port must
1658 match both specified values. \n Implementations MAY choose
1659 to support other parent resources. Implementations supporting
1660 other types of parent resources MUST clearly document
1661 how/if Port is interpreted. \n For the purpose of status,
1662 an attachment is considered successful as long as the
1663 parent resource accepts it partially. For example, Gateway
1664 listeners can restrict which Routes can attach to them
1665 by Route kind, namespace, or hostname. If 1 of 2 Gateway
1666 listeners accept attachment from the referencing Route,
1667 the Route MUST be considered successfully attached. If
1668 no Gateway listeners accept attachment from this Route,
1669 the Route MUST be considered detached from the Gateway.
1670 \n Support: Extended \n "
1671 format: int32
1672 maximum: 65535
1673 minimum: 1
1674 type: integer
1675 sectionName:
1676 description: "SectionName is the name of a section within
1677 the target resource. In the following resources, SectionName
1678 is interpreted as the following: \n * Gateway: Listener
1679 Name. When both Port (experimental) and SectionName are
1680 specified, the name and port of the selected listener
1681 must match both specified values. * Service: Port Name.
1682 When both Port (experimental) and SectionName are specified,
1683 the name and port of the selected listener must match
1684 both specified values. Note that attaching Routes to Services
1685 as Parents is part of experimental Mesh support and is
1686 not supported for any other purpose. \n Implementations
1687 MAY choose to support attaching Routes to other resources.
1688 If that is the case, they MUST clearly document how SectionName
1689 is interpreted. \n When unspecified (empty string), this
1690 will reference the entire resource. For the purpose of
1691 status, an attachment is considered successful if at least
1692 one section in the parent resource accepts it. For example,
1693 Gateway listeners can restrict which Routes can attach
1694 to them by Route kind, namespace, or hostname. If 1 of
1695 2 Gateway listeners accept attachment from the referencing
1696 Route, the Route MUST be considered successfully attached.
1697 If no Gateway listeners accept attachment from this Route,
1698 the Route MUST be considered detached from the Gateway.
1699 \n Support: Core"
1700 maxLength: 253
1701 minLength: 1
1702 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1703 type: string
1704 required:
1705 - name
1706 type: object
1707 required:
1708 - controllerName
1709 - parentRef
1710 type: object
1711 maxItems: 32
1712 type: array
1713 required:
1714 - parents
1715 type: object
1716 type: object
1717 served: true
1718 storage: true
1719 subresources:
1720 status: {}
1721status:
1722 acceptedNames:
1723 kind: ""
1724 plural: ""
1725 conditions: null
1726 storedVersions: null
View as plain text