1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
6 gateway.networking.k8s.io/bundle-version: v1.0.0
7 gateway.networking.k8s.io/channel: experimental
8 creationTimestamp: null
9 name: httproutes.gateway.networking.k8s.io
10spec:
11 group: gateway.networking.k8s.io
12 names:
13 categories:
14 - gateway-api
15 kind: HTTPRoute
16 listKind: HTTPRouteList
17 plural: httproutes
18 singular: httproute
19 scope: Namespaced
20 versions:
21 - additionalPrinterColumns:
22 - jsonPath: .spec.hostnames
23 name: Hostnames
24 type: string
25 - jsonPath: .metadata.creationTimestamp
26 name: Age
27 type: date
28 name: v1
29 schema:
30 openAPIV3Schema:
31 description: HTTPRoute provides a way to route HTTP requests. This includes
32 the capability to match requests by hostname, path, header, or query param.
33 Filters can be used to specify additional processing steps. Backends specify
34 where matching requests should be routed.
35 properties:
36 apiVersion:
37 description: 'APIVersion defines the versioned schema of this representation
38 of an object. Servers should convert recognized schemas to the latest
39 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
40 type: string
41 kind:
42 description: 'Kind is a string value representing the REST resource this
43 object represents. Servers may infer this from the endpoint the client
44 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
45 type: string
46 metadata:
47 type: object
48 spec:
49 description: Spec defines the desired state of HTTPRoute.
50 properties:
51 hostnames:
52 description: "Hostnames defines a set of hostnames that should match
53 against the HTTP Host header to select a HTTPRoute used to process
54 the request. Implementations MUST ignore any port value specified
55 in the HTTP Host header while performing a match and (absent of
56 any applicable header modification configuration) MUST forward this
57 header unmodified to the backend. \n Valid values for Hostnames
58 are determined by RFC 1123 definition of a hostname with 2 notable
59 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
60 with a wildcard label (`*.`). The wildcard label must appear by
61 itself as the first label. \n If a hostname is specified by both
62 the Listener and HTTPRoute, there must be at least one intersecting
63 hostname for the HTTPRoute to be attached to the Listener. For example:
64 \n * A Listener with `test.example.com` as the hostname matches
65 HTTPRoutes that have either not specified any hostnames, or have
66 specified at least one of `test.example.com` or `*.example.com`.
67 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
68 that have either not specified any hostnames or have specified at
69 least one hostname that matches the Listener hostname. For example,
70 `*.example.com`, `test.example.com`, and `foo.test.example.com`
71 would all match. On the other hand, `example.com` and `test.example.net`
72 would not match. \n Hostnames that are prefixed with a wildcard
73 label (`*.`) are interpreted as a suffix match. That means that
74 a match for `*.example.com` would match both `test.example.com`,
75 and `foo.test.example.com`, but not `example.com`. \n If both the
76 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
77 that do not match the Listener hostname MUST be ignored. For example,
78 if a Listener specified `*.example.com`, and the HTTPRoute specified
79 `test.example.com` and `test.example.net`, `test.example.net` must
80 not be considered for a match. \n If both the Listener and HTTPRoute
81 have specified hostnames, and none match with the criteria above,
82 then the HTTPRoute is not accepted. The implementation must raise
83 an 'Accepted' Condition with a status of `False` in the corresponding
84 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
85 intersecting hostnames (e.g. overlapping wildcard matching and exact
86 matching hostnames), precedence must be given to rules from the
87 HTTPRoute with the largest number of: \n * Characters in a matching
88 non-wildcard hostname. * Characters in a matching hostname. \n If
89 ties exist across multiple Routes, the matching precedence rules
90 for HTTPRouteMatches takes over. \n Support: Core"
91 items:
92 description: "Hostname is the fully qualified domain name of a network
93 host. This matches the RFC 1123 definition of a hostname with
94 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
95 may be prefixed with a wildcard label (`*.`). The wildcard label
96 must appear by itself as the first label. \n Hostname can be \"precise\"
97 which is a domain name without the terminating dot of a network
98 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
99 name prefixed with a single wildcard label (e.g. `*.example.com`).
100 \n Note that as per RFC1035 and RFC1123, a *label* must consist
101 of lower case alphanumeric characters or '-', and must start and
102 end with an alphanumeric character. No other punctuation is allowed."
103 maxLength: 253
104 minLength: 1
105 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
106 type: string
107 maxItems: 16
108 type: array
109 parentRefs:
110 description: "ParentRefs references the resources (usually Gateways)
111 that a Route wants to be attached to. Note that the referenced parent
112 resource needs to allow this for the attachment to be complete.
113 For Gateways, that means the Gateway needs to allow attachment from
114 Routes of this kind and namespace. For Services, that means the
115 Service must either be in the same namespace for a \"producer\"
116 route, or the mesh implementation must support and allow \"consumer\"
117 routes for the referenced Service. ReferenceGrant is not applicable
118 for governing ParentRefs to Services - it is not possible to create
119 a \"producer\" route for a Service in a different namespace from
120 the Route. \n There are two kinds of parent resources with \"Core\"
121 support: \n * Gateway (Gateway conformance profile) * Service (Mesh
122 conformance profile, experimental, ClusterIP Services only) This
123 API may be extended in the future to support additional kinds of
124 parent resources. \n ParentRefs must be _distinct_. This means either
125 that: \n * They select different objects. If this is the case,
126 then parentRef entries are distinct. In terms of fields, this means
127 that the multi-part key defined by `group`, `kind`, `namespace`,
128 and `name` must be unique across all parentRef entries in the Route.
129 * They do not select different objects, but for each optional field
130 used, each ParentRef that selects the same object must set the same
131 set of optional fields to different values. If one ParentRef sets
132 a combination of optional fields, all must set the same combination.
133 \n Some examples: \n * If one ParentRef sets `sectionName`, all
134 ParentRefs referencing the same object must also set `sectionName`.
135 * If one ParentRef sets `port`, all ParentRefs referencing the same
136 object must also set `port`. * If one ParentRef sets `sectionName`
137 and `port`, all ParentRefs referencing the same object must also
138 set `sectionName` and `port`. \n It is possible to separately reference
139 multiple distinct objects that may be collapsed by an implementation.
140 For example, some implementations may choose to merge compatible
141 Gateway Listeners together. If that is the case, the list of routes
142 attached to those resources should also be merged. \n Note that
143 for ParentRefs that cross namespace boundaries, there are specific
144 rules. Cross-namespace references are only valid if they are explicitly
145 allowed by something in the namespace they are referring to. For
146 example, Gateway has the AllowedRoutes field, and ReferenceGrant
147 provides a generic way to enable other kinds of cross-namespace
148 reference. \n ParentRefs from a Route to a Service in the same
149 namespace are \"producer\" routes, which apply default routing rules
150 to inbound connections from any namespace to the Service. \n ParentRefs
151 from a Route to a Service in a different namespace are \"consumer\"
152 routes, and these routing rules are only applied to outbound connections
153 originating from the same namespace as the Route, for which the
154 intended destination of the connections are a Service targeted as
155 a ParentRef of the Route. \n "
156 items:
157 description: "ParentReference identifies an API object (usually
158 a Gateway) that can be considered a parent of this resource (usually
159 a route). There are two kinds of parent resources with \"Core\"
160 support: \n * Gateway (Gateway conformance profile) * Service
161 (Mesh conformance profile, experimental, ClusterIP Services only)
162 \n This API may be extended in the future to support additional
163 kinds of parent resources. \n The API object must be valid in
164 the cluster; the Group and Kind must be registered in the cluster
165 for this reference to be valid."
166 properties:
167 group:
168 default: gateway.networking.k8s.io
169 description: "Group is the group of the referent. When unspecified,
170 \"gateway.networking.k8s.io\" is inferred. To set the core
171 API group (such as for a \"Service\" kind referent), Group
172 must be explicitly set to \"\" (empty string). \n Support:
173 Core"
174 maxLength: 253
175 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
176 type: string
177 kind:
178 default: Gateway
179 description: "Kind is kind of the referent. \n There are two
180 kinds of parent resources with \"Core\" support: \n * Gateway
181 (Gateway conformance profile) * Service (Mesh conformance
182 profile, experimental, ClusterIP Services only) \n Support
183 for other resources is Implementation-Specific."
184 maxLength: 63
185 minLength: 1
186 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
187 type: string
188 name:
189 description: "Name is the name of the referent. \n Support:
190 Core"
191 maxLength: 253
192 minLength: 1
193 type: string
194 namespace:
195 description: "Namespace is the namespace of the referent. When
196 unspecified, this refers to the local namespace of the Route.
197 \n Note that there are specific rules for ParentRefs which
198 cross namespace boundaries. Cross-namespace references are
199 only valid if they are explicitly allowed by something in
200 the namespace they are referring to. For example: Gateway
201 has the AllowedRoutes field, and ReferenceGrant provides a
202 generic way to enable any other kind of cross-namespace reference.
203 \n ParentRefs from a Route to a Service in the same namespace
204 are \"producer\" routes, which apply default routing rules
205 to inbound connections from any namespace to the Service.
206 \n ParentRefs from a Route to a Service in a different namespace
207 are \"consumer\" routes, and these routing rules are only
208 applied to outbound connections originating from the same
209 namespace as the Route, for which the intended destination
210 of the connections are a Service targeted as a ParentRef of
211 the Route. \n Support: Core"
212 maxLength: 63
213 minLength: 1
214 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
215 type: string
216 port:
217 description: "Port is the network port this Route targets. It
218 can be interpreted differently based on the type of parent
219 resource. \n When the parent resource is a Gateway, this targets
220 all listeners listening on the specified port that also support
221 this kind of Route(and select this Route). It's not recommended
222 to set `Port` unless the networking behaviors specified in
223 a Route must apply to a specific port as opposed to a listener(s)
224 whose port(s) may be changed. When both Port and SectionName
225 are specified, the name and port of the selected listener
226 must match both specified values. \n When the parent resource
227 is a Service, this targets a specific port in the Service
228 spec. When both Port (experimental) and SectionName are specified,
229 the name and port of the selected port must match both specified
230 values. \n Implementations MAY choose to support other parent
231 resources. Implementations supporting other types of parent
232 resources MUST clearly document how/if Port is interpreted.
233 \n For the purpose of status, an attachment is considered
234 successful as long as the parent resource accepts it partially.
235 For example, Gateway listeners can restrict which Routes can
236 attach to them by Route kind, namespace, or hostname. If 1
237 of 2 Gateway listeners accept attachment from the referencing
238 Route, the Route MUST be considered successfully attached.
239 If no Gateway listeners accept attachment from this Route,
240 the Route MUST be considered detached from the Gateway. \n
241 Support: Extended \n "
242 format: int32
243 maximum: 65535
244 minimum: 1
245 type: integer
246 sectionName:
247 description: "SectionName is the name of a section within the
248 target resource. In the following resources, SectionName is
249 interpreted as the following: \n * Gateway: Listener Name.
250 When both Port (experimental) and SectionName are specified,
251 the name and port of the selected listener must match both
252 specified values. * Service: Port Name. When both Port (experimental)
253 and SectionName are specified, the name and port of the selected
254 listener must match both specified values. Note that attaching
255 Routes to Services as Parents is part of experimental Mesh
256 support and is not supported for any other purpose. \n Implementations
257 MAY choose to support attaching Routes to other resources.
258 If that is the case, they MUST clearly document how SectionName
259 is interpreted. \n When unspecified (empty string), this will
260 reference the entire resource. For the purpose of status,
261 an attachment is considered successful if at least one section
262 in the parent resource accepts it. For example, Gateway listeners
263 can restrict which Routes can attach to them by Route kind,
264 namespace, or hostname. If 1 of 2 Gateway listeners accept
265 attachment from the referencing Route, the Route MUST be considered
266 successfully attached. If no Gateway listeners accept attachment
267 from this Route, the Route MUST be considered detached from
268 the Gateway. \n Support: Core"
269 maxLength: 253
270 minLength: 1
271 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
272 type: string
273 required:
274 - name
275 type: object
276 maxItems: 32
277 type: array
278 x-kubernetes-validations:
279 - message: sectionName or port must be specified when parentRefs includes
280 2 or more references to the same parent
281 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind
282 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
283 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__
284 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
285 p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName)
286 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName
287 == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port)
288 || p2.port == 0)): true))'
289 - message: sectionName or port must be unique when parentRefs includes
290 2 or more references to the same parent
291 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind
292 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
293 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__
294 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
295 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName)
296 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName
297 == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName
298 == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port)
299 || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port
300 == p2.port))))
301 rules:
302 default:
303 - matches:
304 - path:
305 type: PathPrefix
306 value: /
307 description: Rules are a list of HTTP matchers, filters and actions.
308 items:
309 description: HTTPRouteRule defines semantics for matching an HTTP
310 request based on conditions (matches), processing it (filters),
311 and forwarding the request to an API object (backendRefs).
312 properties:
313 backendRefs:
314 description: "BackendRefs defines the backend(s) where matching
315 requests should be sent. \n Failure behavior here depends
316 on how many BackendRefs are specified and how many are invalid.
317 \n If *all* entries in BackendRefs are invalid, and there
318 are also no filters specified in this route rule, *all* traffic
319 which matches this rule MUST receive a 500 status code. \n
320 See the HTTPBackendRef definition for the rules about what
321 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
322 is invalid, 500 status codes MUST be returned for requests
323 that would have otherwise been routed to an invalid backend.
324 If multiple backends are specified, and some are invalid,
325 the proportion of requests that would otherwise have been
326 routed to an invalid backend MUST receive a 500 status code.
327 \n For example, if two backends are specified with equal weights,
328 and one is invalid, 50 percent of traffic must receive a 500.
329 Implementations may choose how that 50 percent is determined.
330 \n Support: Core for Kubernetes Service \n Support: Extended
331 for Kubernetes ServiceImport \n Support: Implementation-specific
332 for any other resource \n Support for weight: Core"
333 items:
334 description: "HTTPBackendRef defines how a HTTPRoute forwards
335 a HTTP request. \n Note that when a namespace different
336 than the local namespace is specified, a ReferenceGrant
337 object is required in the referent namespace to allow that
338 namespace's owner to accept the reference. See the ReferenceGrant
339 documentation for details. \n <gateway:experimental:description>
340 \n When the BackendRef points to a Kubernetes Service, implementations
341 SHOULD honor the appProtocol field if it is set for the
342 target Service Port. \n Implementations supporting appProtocol
343 SHOULD recognize the Kubernetes Standard Application Protocols
344 defined in KEP-3726. \n If a Service appProtocol isn't specified,
345 an implementation MAY infer the backend protocol through
346 its own means. Implementations MAY infer the protocol from
347 the Route type referring to the backend Service. \n If a
348 Route is not able to send traffic to the backend using the
349 specified protocol then the backend is considered invalid.
350 Implementations MUST set the \"ResolvedRefs\" condition
351 to \"False\" with the \"UnsupportedProtocol\" reason. \n
352 </gateway:experimental:description>"
353 properties:
354 filters:
355 description: "Filters defined at this level should be
356 executed if and only if the request is being forwarded
357 to the backend defined here. \n Support: Implementation-specific
358 (For broader support of filters, use the Filters field
359 in HTTPRouteRule.)"
360 items:
361 description: HTTPRouteFilter defines processing steps
362 that must be completed during the request or response
363 lifecycle. HTTPRouteFilters are meant as an extension
364 point to express processing that may be done in Gateway
365 implementations. Some examples include request or
366 response modification, implementing authentication
367 strategies, rate-limiting, and traffic shaping. API
368 guarantee/conformance is defined based on the type
369 of the filter.
370 properties:
371 extensionRef:
372 description: "ExtensionRef is an optional, implementation-specific
373 extension to the \"filter\" behavior. For example,
374 resource \"myroutefilter\" in group \"networking.example.net\").
375 ExtensionRef MUST NOT be used for core and extended
376 filters. \n This filter can be used multiple times
377 within the same rule. \n Support: Implementation-specific"
378 properties:
379 group:
380 description: Group is the group of the referent.
381 For example, "gateway.networking.k8s.io".
382 When unspecified or empty string, core API
383 group is inferred.
384 maxLength: 253
385 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
386 type: string
387 kind:
388 description: Kind is kind of the referent. For
389 example "HTTPRoute" or "Service".
390 maxLength: 63
391 minLength: 1
392 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
393 type: string
394 name:
395 description: Name is the name of the referent.
396 maxLength: 253
397 minLength: 1
398 type: string
399 required:
400 - group
401 - kind
402 - name
403 type: object
404 requestHeaderModifier:
405 description: "RequestHeaderModifier defines a schema
406 for a filter that modifies request headers. \n
407 Support: Core"
408 properties:
409 add:
410 description: "Add adds the given header(s) (name,
411 value) to the request before the action. It
412 appends to any existing values associated
413 with the header name. \n Input: GET /foo HTTP/1.1
414 my-header: foo \n Config: add: - name: \"my-header\"
415 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
416 my-header: foo,bar,baz"
417 items:
418 description: HTTPHeader represents an HTTP
419 Header name and value as defined by RFC
420 7230.
421 properties:
422 name:
423 description: "Name is the name of the
424 HTTP Header to be matched. Name matching
425 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
426 \n If multiple entries specify equivalent
427 header names, the first entry with an
428 equivalent name MUST be considered for
429 a match. Subsequent entries with an
430 equivalent header name MUST be ignored.
431 Due to the case-insensitivity of header
432 names, \"foo\" and \"Foo\" are considered
433 equivalent."
434 maxLength: 256
435 minLength: 1
436 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
437 type: string
438 value:
439 description: Value is the value of HTTP
440 Header to be matched.
441 maxLength: 4096
442 minLength: 1
443 type: string
444 required:
445 - name
446 - value
447 type: object
448 maxItems: 16
449 type: array
450 x-kubernetes-list-map-keys:
451 - name
452 x-kubernetes-list-type: map
453 remove:
454 description: "Remove the given header(s) from
455 the HTTP request before the action. The value
456 of Remove is a list of HTTP header names.
457 Note that the header names are case-insensitive
458 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
459 \n Input: GET /foo HTTP/1.1 my-header1: foo
460 my-header2: bar my-header3: baz \n Config:
461 remove: [\"my-header1\", \"my-header3\"] \n
462 Output: GET /foo HTTP/1.1 my-header2: bar"
463 items:
464 type: string
465 maxItems: 16
466 type: array
467 x-kubernetes-list-type: set
468 set:
469 description: "Set overwrites the request with
470 the given header (name, value) before the
471 action. \n Input: GET /foo HTTP/1.1 my-header:
472 foo \n Config: set: - name: \"my-header\"
473 value: \"bar\" \n Output: GET /foo HTTP/1.1
474 my-header: bar"
475 items:
476 description: HTTPHeader represents an HTTP
477 Header name and value as defined by RFC
478 7230.
479 properties:
480 name:
481 description: "Name is the name of the
482 HTTP Header to be matched. Name matching
483 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
484 \n If multiple entries specify equivalent
485 header names, the first entry with an
486 equivalent name MUST be considered for
487 a match. Subsequent entries with an
488 equivalent header name MUST be ignored.
489 Due to the case-insensitivity of header
490 names, \"foo\" and \"Foo\" are considered
491 equivalent."
492 maxLength: 256
493 minLength: 1
494 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
495 type: string
496 value:
497 description: Value is the value of HTTP
498 Header to be matched.
499 maxLength: 4096
500 minLength: 1
501 type: string
502 required:
503 - name
504 - value
505 type: object
506 maxItems: 16
507 type: array
508 x-kubernetes-list-map-keys:
509 - name
510 x-kubernetes-list-type: map
511 type: object
512 requestMirror:
513 description: "RequestMirror defines a schema for
514 a filter that mirrors requests. Requests are sent
515 to the specified destination, but responses from
516 that destination are ignored. \n This filter can
517 be used multiple times within the same rule. Note
518 that not all implementations will be able to support
519 mirroring to multiple backends. \n Support: Extended"
520 properties:
521 backendRef:
522 description: "BackendRef references a resource
523 where mirrored requests are sent. \n Mirrored
524 requests must be sent only to a single destination
525 endpoint within this BackendRef, irrespective
526 of how many endpoints are present within this
527 BackendRef. \n If the referent cannot be found,
528 this BackendRef is invalid and must be dropped
529 from the Gateway. The controller must ensure
530 the \"ResolvedRefs\" condition on the Route
531 status is set to `status: False` and not configure
532 this backend in the underlying implementation.
533 \n If there is a cross-namespace reference
534 to an *existing* object that is not allowed
535 by a ReferenceGrant, the controller must ensure
536 the \"ResolvedRefs\" condition on the Route
537 is set to `status: False`, with the \"RefNotPermitted\"
538 reason and not configure this backend in the
539 underlying implementation. \n In either error
540 case, the Message of the `ResolvedRefs` Condition
541 should be used to provide more detail about
542 the problem. \n Support: Extended for Kubernetes
543 Service \n Support: Implementation-specific
544 for any other resource"
545 properties:
546 group:
547 default: ""
548 description: Group is the group of the referent.
549 For example, "gateway.networking.k8s.io".
550 When unspecified or empty string, core
551 API group is inferred.
552 maxLength: 253
553 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
554 type: string
555 kind:
556 default: Service
557 description: "Kind is the Kubernetes resource
558 kind of the referent. For example \"Service\".
559 \n Defaults to \"Service\" when not specified.
560 \n ExternalName services can refer to
561 CNAME DNS records that may live outside
562 of the cluster and as such are difficult
563 to reason about in terms of conformance.
564 They also may not be safe to forward to
565 (see CVE-2021-25740 for more information).
566 Implementations SHOULD NOT support ExternalName
567 Services. \n Support: Core (Services with
568 a type other than ExternalName) \n Support:
569 Implementation-specific (Services with
570 type ExternalName)"
571 maxLength: 63
572 minLength: 1
573 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
574 type: string
575 name:
576 description: Name is the name of the referent.
577 maxLength: 253
578 minLength: 1
579 type: string
580 namespace:
581 description: "Namespace is the namespace
582 of the backend. When unspecified, the
583 local namespace is inferred. \n Note that
584 when a namespace different than the local
585 namespace is specified, a ReferenceGrant
586 object is required in the referent namespace
587 to allow that namespace's owner to accept
588 the reference. See the ReferenceGrant
589 documentation for details. \n Support:
590 Core"
591 maxLength: 63
592 minLength: 1
593 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
594 type: string
595 port:
596 description: Port specifies the destination
597 port number to use for this resource.
598 Port is required when the referent is
599 a Kubernetes Service. In this case, the
600 port number is the service port number,
601 not the target port. For other resources,
602 destination port might be derived from
603 the referent resource or this field.
604 format: int32
605 maximum: 65535
606 minimum: 1
607 type: integer
608 required:
609 - name
610 type: object
611 x-kubernetes-validations:
612 - message: Must have port for Service reference
613 rule: '(size(self.group) == 0 && self.kind
614 == ''Service'') ? has(self.port) : true'
615 required:
616 - backendRef
617 type: object
618 requestRedirect:
619 description: "RequestRedirect defines a schema for
620 a filter that responds to the request with an
621 HTTP redirection. \n Support: Core"
622 properties:
623 hostname:
624 description: "Hostname is the hostname to be
625 used in the value of the `Location` header
626 in the response. When empty, the hostname
627 in the `Host` header of the request is used.
628 \n Support: Core"
629 maxLength: 253
630 minLength: 1
631 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
632 type: string
633 path:
634 description: "Path defines parameters used to
635 modify the path of the incoming request. The
636 modified path is then used to construct the
637 `Location` header. When empty, the request
638 path is used as-is. \n Support: Extended"
639 properties:
640 replaceFullPath:
641 description: ReplaceFullPath specifies the
642 value with which to replace the full path
643 of a request during a rewrite or redirect.
644 maxLength: 1024
645 type: string
646 replacePrefixMatch:
647 description: "ReplacePrefixMatch specifies
648 the value with which to replace the prefix
649 match of a request during a rewrite or
650 redirect. For example, a request to \"/foo/bar\"
651 with a prefix match of \"/foo\" and a
652 ReplacePrefixMatch of \"/xyz\" would be
653 modified to \"/xyz/bar\". \n Note that
654 this matches the behavior of the PathPrefix
655 match type. This matches full path elements.
656 A path element refers to the list of labels
657 in the path split by the `/` separator.
658 When specified, a trailing `/` is ignored.
659 For example, the paths `/abc`, `/abc/`,
660 and `/abc/def` would all match the prefix
661 `/abc`, but the path `/abcd` would not.
662 \n ReplacePrefixMatch is only compatible
663 with a `PathPrefix` HTTPRouteMatch. Using
664 any other HTTPRouteMatch type on the same
665 HTTPRouteRule will result in the implementation
666 setting the Accepted Condition for the
667 Route to `status: False`. \n Request Path
668 | Prefix Match | Replace Prefix | Modified
669 Path -------------|--------------|----------------|----------
670 /foo/bar | /foo | /xyz |
671 /xyz/bar /foo/bar | /foo |
672 /xyz/ | /xyz/bar /foo/bar |
673 /foo/ | /xyz | /xyz/bar
674 /foo/bar | /foo/ | /xyz/ |
675 /xyz/bar /foo | /foo |
676 /xyz | /xyz /foo/ | /foo
677 \ | /xyz | /xyz/ /foo/bar
678 \ | /foo | <empty string> |
679 /bar /foo/ | /foo | <empty
680 string> | / /foo | /foo |
681 <empty string> | / /foo/ | /foo
682 \ | / | / /foo |
683 /foo | / | /"
684 maxLength: 1024
685 type: string
686 type:
687 description: "Type defines the type of path
688 modifier. Additional types may be added
689 in a future release of the API. \n Note
690 that values may be added to this enum,
691 implementations must ensure that unknown
692 values will not cause a crash. \n Unknown
693 values here must result in the implementation
694 setting the Accepted Condition for the
695 Route to `status: False`, with a Reason
696 of `UnsupportedValue`."
697 enum:
698 - ReplaceFullPath
699 - ReplacePrefixMatch
700 type: string
701 required:
702 - type
703 type: object
704 x-kubernetes-validations:
705 - message: replaceFullPath must be specified
706 when type is set to 'ReplaceFullPath'
707 rule: 'self.type == ''ReplaceFullPath'' ?
708 has(self.replaceFullPath) : true'
709 - message: type must be 'ReplaceFullPath' when
710 replaceFullPath is set
711 rule: 'has(self.replaceFullPath) ? self.type
712 == ''ReplaceFullPath'' : true'
713 - message: replacePrefixMatch must be specified
714 when type is set to 'ReplacePrefixMatch'
715 rule: 'self.type == ''ReplacePrefixMatch''
716 ? has(self.replacePrefixMatch) : true'
717 - message: type must be 'ReplacePrefixMatch'
718 when replacePrefixMatch is set
719 rule: 'has(self.replacePrefixMatch) ? self.type
720 == ''ReplacePrefixMatch'' : true'
721 port:
722 description: "Port is the port to be used in
723 the value of the `Location` header in the
724 response. \n If no port is specified, the
725 redirect port MUST be derived using the following
726 rules: \n * If redirect scheme is not-empty,
727 the redirect port MUST be the well-known port
728 associated with the redirect scheme. Specifically
729 \"http\" to port 80 and \"https\" to port
730 443. If the redirect scheme does not have
731 a well-known port, the listener port of the
732 Gateway SHOULD be used. * If redirect scheme
733 is empty, the redirect port MUST be the Gateway
734 Listener port. \n Implementations SHOULD NOT
735 add the port number in the 'Location' header
736 in the following cases: \n * A Location header
737 that will use HTTP (whether that is determined
738 via the Listener protocol or the Scheme field)
739 _and_ use port 80. * A Location header that
740 will use HTTPS (whether that is determined
741 via the Listener protocol or the Scheme field)
742 _and_ use port 443. \n Support: Extended"
743 format: int32
744 maximum: 65535
745 minimum: 1
746 type: integer
747 scheme:
748 description: "Scheme is the scheme to be used
749 in the value of the `Location` header in the
750 response. When empty, the scheme of the request
751 is used. \n Scheme redirects can affect the
752 port of the redirect, for more information,
753 refer to the documentation for the port field
754 of this filter. \n Note that values may be
755 added to this enum, implementations must ensure
756 that unknown values will not cause a crash.
757 \n Unknown values here must result in the
758 implementation setting the Accepted Condition
759 for the Route to `status: False`, with a Reason
760 of `UnsupportedValue`. \n Support: Extended"
761 enum:
762 - http
763 - https
764 type: string
765 statusCode:
766 default: 302
767 description: "StatusCode is the HTTP status
768 code to be used in response. \n Note that
769 values may be added to this enum, implementations
770 must ensure that unknown values will not cause
771 a crash. \n Unknown values here must result
772 in the implementation setting the Accepted
773 Condition for the Route to `status: False`,
774 with a Reason of `UnsupportedValue`. \n Support:
775 Core"
776 enum:
777 - 301
778 - 302
779 type: integer
780 type: object
781 responseHeaderModifier:
782 description: "ResponseHeaderModifier defines a schema
783 for a filter that modifies response headers. \n
784 Support: Extended"
785 properties:
786 add:
787 description: "Add adds the given header(s) (name,
788 value) to the request before the action. It
789 appends to any existing values associated
790 with the header name. \n Input: GET /foo HTTP/1.1
791 my-header: foo \n Config: add: - name: \"my-header\"
792 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
793 my-header: foo,bar,baz"
794 items:
795 description: HTTPHeader represents an HTTP
796 Header name and value as defined by RFC
797 7230.
798 properties:
799 name:
800 description: "Name is the name of the
801 HTTP Header to be matched. Name matching
802 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
803 \n If multiple entries specify equivalent
804 header names, the first entry with an
805 equivalent name MUST be considered for
806 a match. Subsequent entries with an
807 equivalent header name MUST be ignored.
808 Due to the case-insensitivity of header
809 names, \"foo\" and \"Foo\" are considered
810 equivalent."
811 maxLength: 256
812 minLength: 1
813 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
814 type: string
815 value:
816 description: Value is the value of HTTP
817 Header to be matched.
818 maxLength: 4096
819 minLength: 1
820 type: string
821 required:
822 - name
823 - value
824 type: object
825 maxItems: 16
826 type: array
827 x-kubernetes-list-map-keys:
828 - name
829 x-kubernetes-list-type: map
830 remove:
831 description: "Remove the given header(s) from
832 the HTTP request before the action. The value
833 of Remove is a list of HTTP header names.
834 Note that the header names are case-insensitive
835 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
836 \n Input: GET /foo HTTP/1.1 my-header1: foo
837 my-header2: bar my-header3: baz \n Config:
838 remove: [\"my-header1\", \"my-header3\"] \n
839 Output: GET /foo HTTP/1.1 my-header2: bar"
840 items:
841 type: string
842 maxItems: 16
843 type: array
844 x-kubernetes-list-type: set
845 set:
846 description: "Set overwrites the request with
847 the given header (name, value) before the
848 action. \n Input: GET /foo HTTP/1.1 my-header:
849 foo \n Config: set: - name: \"my-header\"
850 value: \"bar\" \n Output: GET /foo HTTP/1.1
851 my-header: bar"
852 items:
853 description: HTTPHeader represents an HTTP
854 Header name and value as defined by RFC
855 7230.
856 properties:
857 name:
858 description: "Name is the name of the
859 HTTP Header to be matched. Name matching
860 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
861 \n If multiple entries specify equivalent
862 header names, the first entry with an
863 equivalent name MUST be considered for
864 a match. Subsequent entries with an
865 equivalent header name MUST be ignored.
866 Due to the case-insensitivity of header
867 names, \"foo\" and \"Foo\" are considered
868 equivalent."
869 maxLength: 256
870 minLength: 1
871 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
872 type: string
873 value:
874 description: Value is the value of HTTP
875 Header to be matched.
876 maxLength: 4096
877 minLength: 1
878 type: string
879 required:
880 - name
881 - value
882 type: object
883 maxItems: 16
884 type: array
885 x-kubernetes-list-map-keys:
886 - name
887 x-kubernetes-list-type: map
888 type: object
889 type:
890 description: "Type identifies the type of filter
891 to apply. As with other API fields, types are
892 classified into three conformance levels: \n -
893 Core: Filter types and their corresponding configuration
894 defined by \"Support: Core\" in this package,
895 e.g. \"RequestHeaderModifier\". All implementations
896 must support core filters. \n - Extended: Filter
897 types and their corresponding configuration defined
898 by \"Support: Extended\" in this package, e.g.
899 \"RequestMirror\". Implementers are encouraged
900 to support extended filters. \n - Implementation-specific:
901 Filters that are defined and supported by specific
902 vendors. In the future, filters showing convergence
903 in behavior across multiple implementations will
904 be considered for inclusion in extended or core
905 conformance levels. Filter-specific configuration
906 for such filters is specified using the ExtensionRef
907 field. `Type` should be set to \"ExtensionRef\"
908 for custom filters. \n Implementers are encouraged
909 to define custom implementation types to extend
910 the core API with implementation-specific behavior.
911 \n If a reference to a custom filter type cannot
912 be resolved, the filter MUST NOT be skipped. Instead,
913 requests that would have been processed by that
914 filter MUST receive a HTTP error response. \n
915 Note that values may be added to this enum, implementations
916 must ensure that unknown values will not cause
917 a crash. \n Unknown values here must result in
918 the implementation setting the Accepted Condition
919 for the Route to `status: False`, with a Reason
920 of `UnsupportedValue`."
921 enum:
922 - RequestHeaderModifier
923 - ResponseHeaderModifier
924 - RequestMirror
925 - RequestRedirect
926 - URLRewrite
927 - ExtensionRef
928 type: string
929 urlRewrite:
930 description: "URLRewrite defines a schema for a
931 filter that modifies a request during forwarding.
932 \n Support: Extended"
933 properties:
934 hostname:
935 description: "Hostname is the value to be used
936 to replace the Host header value during forwarding.
937 \n Support: Extended"
938 maxLength: 253
939 minLength: 1
940 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
941 type: string
942 path:
943 description: "Path defines a path rewrite. \n
944 Support: Extended"
945 properties:
946 replaceFullPath:
947 description: ReplaceFullPath specifies the
948 value with which to replace the full path
949 of a request during a rewrite or redirect.
950 maxLength: 1024
951 type: string
952 replacePrefixMatch:
953 description: "ReplacePrefixMatch specifies
954 the value with which to replace the prefix
955 match of a request during a rewrite or
956 redirect. For example, a request to \"/foo/bar\"
957 with a prefix match of \"/foo\" and a
958 ReplacePrefixMatch of \"/xyz\" would be
959 modified to \"/xyz/bar\". \n Note that
960 this matches the behavior of the PathPrefix
961 match type. This matches full path elements.
962 A path element refers to the list of labels
963 in the path split by the `/` separator.
964 When specified, a trailing `/` is ignored.
965 For example, the paths `/abc`, `/abc/`,
966 and `/abc/def` would all match the prefix
967 `/abc`, but the path `/abcd` would not.
968 \n ReplacePrefixMatch is only compatible
969 with a `PathPrefix` HTTPRouteMatch. Using
970 any other HTTPRouteMatch type on the same
971 HTTPRouteRule will result in the implementation
972 setting the Accepted Condition for the
973 Route to `status: False`. \n Request Path
974 | Prefix Match | Replace Prefix | Modified
975 Path -------------|--------------|----------------|----------
976 /foo/bar | /foo | /xyz |
977 /xyz/bar /foo/bar | /foo |
978 /xyz/ | /xyz/bar /foo/bar |
979 /foo/ | /xyz | /xyz/bar
980 /foo/bar | /foo/ | /xyz/ |
981 /xyz/bar /foo | /foo |
982 /xyz | /xyz /foo/ | /foo
983 \ | /xyz | /xyz/ /foo/bar
984 \ | /foo | <empty string> |
985 /bar /foo/ | /foo | <empty
986 string> | / /foo | /foo |
987 <empty string> | / /foo/ | /foo
988 \ | / | / /foo |
989 /foo | / | /"
990 maxLength: 1024
991 type: string
992 type:
993 description: "Type defines the type of path
994 modifier. Additional types may be added
995 in a future release of the API. \n Note
996 that values may be added to this enum,
997 implementations must ensure that unknown
998 values will not cause a crash. \n Unknown
999 values here must result in the implementation
1000 setting the Accepted Condition for the
1001 Route to `status: False`, with a Reason
1002 of `UnsupportedValue`."
1003 enum:
1004 - ReplaceFullPath
1005 - ReplacePrefixMatch
1006 type: string
1007 required:
1008 - type
1009 type: object
1010 x-kubernetes-validations:
1011 - message: replaceFullPath must be specified
1012 when type is set to 'ReplaceFullPath'
1013 rule: 'self.type == ''ReplaceFullPath'' ?
1014 has(self.replaceFullPath) : true'
1015 - message: type must be 'ReplaceFullPath' when
1016 replaceFullPath is set
1017 rule: 'has(self.replaceFullPath) ? self.type
1018 == ''ReplaceFullPath'' : true'
1019 - message: replacePrefixMatch must be specified
1020 when type is set to 'ReplacePrefixMatch'
1021 rule: 'self.type == ''ReplacePrefixMatch''
1022 ? has(self.replacePrefixMatch) : true'
1023 - message: type must be 'ReplacePrefixMatch'
1024 when replacePrefixMatch is set
1025 rule: 'has(self.replacePrefixMatch) ? self.type
1026 == ''ReplacePrefixMatch'' : true'
1027 type: object
1028 required:
1029 - type
1030 type: object
1031 x-kubernetes-validations:
1032 - message: filter.requestHeaderModifier must be nil
1033 if the filter.type is not RequestHeaderModifier
1034 rule: '!(has(self.requestHeaderModifier) && self.type
1035 != ''RequestHeaderModifier'')'
1036 - message: filter.requestHeaderModifier must be specified
1037 for RequestHeaderModifier filter.type
1038 rule: '!(!has(self.requestHeaderModifier) && self.type
1039 == ''RequestHeaderModifier'')'
1040 - message: filter.responseHeaderModifier must be nil
1041 if the filter.type is not ResponseHeaderModifier
1042 rule: '!(has(self.responseHeaderModifier) && self.type
1043 != ''ResponseHeaderModifier'')'
1044 - message: filter.responseHeaderModifier must be specified
1045 for ResponseHeaderModifier filter.type
1046 rule: '!(!has(self.responseHeaderModifier) && self.type
1047 == ''ResponseHeaderModifier'')'
1048 - message: filter.requestMirror must be nil if the filter.type
1049 is not RequestMirror
1050 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
1051 - message: filter.requestMirror must be specified for
1052 RequestMirror filter.type
1053 rule: '!(!has(self.requestMirror) && self.type ==
1054 ''RequestMirror'')'
1055 - message: filter.requestRedirect must be nil if the
1056 filter.type is not RequestRedirect
1057 rule: '!(has(self.requestRedirect) && self.type !=
1058 ''RequestRedirect'')'
1059 - message: filter.requestRedirect must be specified
1060 for RequestRedirect filter.type
1061 rule: '!(!has(self.requestRedirect) && self.type ==
1062 ''RequestRedirect'')'
1063 - message: filter.urlRewrite must be nil if the filter.type
1064 is not URLRewrite
1065 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
1066 - message: filter.urlRewrite must be specified for URLRewrite
1067 filter.type
1068 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
1069 - message: filter.extensionRef must be nil if the filter.type
1070 is not ExtensionRef
1071 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
1072 - message: filter.extensionRef must be specified for
1073 ExtensionRef filter.type
1074 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
1075 maxItems: 16
1076 type: array
1077 x-kubernetes-validations:
1078 - message: May specify either httpRouteFilterRequestRedirect
1079 or httpRouteFilterRequestRewrite, but not both
1080 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
1081 && self.exists(f, f.type == ''URLRewrite''))'
1082 - message: May specify either httpRouteFilterRequestRedirect
1083 or httpRouteFilterRequestRewrite, but not both
1084 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
1085 && self.exists(f, f.type == ''URLRewrite''))'
1086 - message: RequestHeaderModifier filter cannot be repeated
1087 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
1088 <= 1
1089 - message: ResponseHeaderModifier filter cannot be repeated
1090 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
1091 <= 1
1092 - message: RequestRedirect filter cannot be repeated
1093 rule: self.filter(f, f.type == 'RequestRedirect').size()
1094 <= 1
1095 - message: URLRewrite filter cannot be repeated
1096 rule: self.filter(f, f.type == 'URLRewrite').size()
1097 <= 1
1098 group:
1099 default: ""
1100 description: Group is the group of the referent. For example,
1101 "gateway.networking.k8s.io". When unspecified or empty
1102 string, core API group is inferred.
1103 maxLength: 253
1104 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1105 type: string
1106 kind:
1107 default: Service
1108 description: "Kind is the Kubernetes resource kind of
1109 the referent. For example \"Service\". \n Defaults to
1110 \"Service\" when not specified. \n ExternalName services
1111 can refer to CNAME DNS records that may live outside
1112 of the cluster and as such are difficult to reason about
1113 in terms of conformance. They also may not be safe to
1114 forward to (see CVE-2021-25740 for more information).
1115 Implementations SHOULD NOT support ExternalName Services.
1116 \n Support: Core (Services with a type other than ExternalName)
1117 \n Support: Implementation-specific (Services with type
1118 ExternalName)"
1119 maxLength: 63
1120 minLength: 1
1121 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1122 type: string
1123 name:
1124 description: Name is the name of the referent.
1125 maxLength: 253
1126 minLength: 1
1127 type: string
1128 namespace:
1129 description: "Namespace is the namespace of the backend.
1130 When unspecified, the local namespace is inferred. \n
1131 Note that when a namespace different than the local
1132 namespace is specified, a ReferenceGrant object is required
1133 in the referent namespace to allow that namespace's
1134 owner to accept the reference. See the ReferenceGrant
1135 documentation for details. \n Support: Core"
1136 maxLength: 63
1137 minLength: 1
1138 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1139 type: string
1140 port:
1141 description: Port specifies the destination port number
1142 to use for this resource. Port is required when the
1143 referent is a Kubernetes Service. In this case, the
1144 port number is the service port number, not the target
1145 port. For other resources, destination port might be
1146 derived from the referent resource or this field.
1147 format: int32
1148 maximum: 65535
1149 minimum: 1
1150 type: integer
1151 weight:
1152 default: 1
1153 description: "Weight specifies the proportion of requests
1154 forwarded to the referenced backend. This is computed
1155 as weight/(sum of all weights in this BackendRefs list).
1156 For non-zero values, there may be some epsilon from
1157 the exact proportion defined here depending on the precision
1158 an implementation supports. Weight is not a percentage
1159 and the sum of weights does not need to equal 100. \n
1160 If only one backend is specified and it has a weight
1161 greater than 0, 100% of the traffic is forwarded to
1162 that backend. If weight is set to 0, no traffic should
1163 be forwarded for this entry. If unspecified, weight
1164 defaults to 1. \n Support for this field varies based
1165 on the context where used."
1166 format: int32
1167 maximum: 1000000
1168 minimum: 0
1169 type: integer
1170 required:
1171 - name
1172 type: object
1173 x-kubernetes-validations:
1174 - message: Must have port for Service reference
1175 rule: '(size(self.group) == 0 && self.kind == ''Service'')
1176 ? has(self.port) : true'
1177 maxItems: 16
1178 type: array
1179 filters:
1180 description: "Filters define the filters that are applied to
1181 requests that match this rule. \n The effects of ordering
1182 of multiple behaviors are currently unspecified. This can
1183 change in the future based on feedback during the alpha stage.
1184 \n Conformance-levels at this level are defined based on the
1185 type of filter: \n - ALL core filters MUST be supported by
1186 all implementations. - Implementers are encouraged to support
1187 extended filters. - Implementation-specific custom filters
1188 have no API guarantees across implementations. \n Specifying
1189 the same filter multiple times is not supported unless explicitly
1190 indicated in the filter. \n All filters are expected to be
1191 compatible with each other except for the URLRewrite and RequestRedirect
1192 filters, which may not be combined. If an implementation can
1193 not support other combinations of filters, they must clearly
1194 document that limitation. In cases where incompatible or unsupported
1195 filters are specified and cause the `Accepted` condition to
1196 be set to status `False`, implementations may use the `IncompatibleFilters`
1197 reason to specify this configuration error. \n Support: Core"
1198 items:
1199 description: HTTPRouteFilter defines processing steps that
1200 must be completed during the request or response lifecycle.
1201 HTTPRouteFilters are meant as an extension point to express
1202 processing that may be done in Gateway implementations.
1203 Some examples include request or response modification,
1204 implementing authentication strategies, rate-limiting, and
1205 traffic shaping. API guarantee/conformance is defined based
1206 on the type of the filter.
1207 properties:
1208 extensionRef:
1209 description: "ExtensionRef is an optional, implementation-specific
1210 extension to the \"filter\" behavior. For example,
1211 resource \"myroutefilter\" in group \"networking.example.net\").
1212 ExtensionRef MUST NOT be used for core and extended
1213 filters. \n This filter can be used multiple times within
1214 the same rule. \n Support: Implementation-specific"
1215 properties:
1216 group:
1217 description: Group is the group of the referent. For
1218 example, "gateway.networking.k8s.io". When unspecified
1219 or empty string, core API group is inferred.
1220 maxLength: 253
1221 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1222 type: string
1223 kind:
1224 description: Kind is kind of the referent. For example
1225 "HTTPRoute" or "Service".
1226 maxLength: 63
1227 minLength: 1
1228 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1229 type: string
1230 name:
1231 description: Name is the name of the referent.
1232 maxLength: 253
1233 minLength: 1
1234 type: string
1235 required:
1236 - group
1237 - kind
1238 - name
1239 type: object
1240 requestHeaderModifier:
1241 description: "RequestHeaderModifier defines a schema for
1242 a filter that modifies request headers. \n Support:
1243 Core"
1244 properties:
1245 add:
1246 description: "Add adds the given header(s) (name,
1247 value) to the request before the action. It appends
1248 to any existing values associated with the header
1249 name. \n Input: GET /foo HTTP/1.1 my-header: foo
1250 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
1251 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
1252 items:
1253 description: HTTPHeader represents an HTTP Header
1254 name and value as defined by RFC 7230.
1255 properties:
1256 name:
1257 description: "Name is the name of the HTTP Header
1258 to be matched. Name matching MUST be case
1259 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1260 \n If multiple entries specify equivalent
1261 header names, the first entry with an equivalent
1262 name MUST be considered for a match. Subsequent
1263 entries with an equivalent header name MUST
1264 be ignored. Due to the case-insensitivity
1265 of header names, \"foo\" and \"Foo\" are considered
1266 equivalent."
1267 maxLength: 256
1268 minLength: 1
1269 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1270 type: string
1271 value:
1272 description: Value is the value of HTTP Header
1273 to be matched.
1274 maxLength: 4096
1275 minLength: 1
1276 type: string
1277 required:
1278 - name
1279 - value
1280 type: object
1281 maxItems: 16
1282 type: array
1283 x-kubernetes-list-map-keys:
1284 - name
1285 x-kubernetes-list-type: map
1286 remove:
1287 description: "Remove the given header(s) from the
1288 HTTP request before the action. The value of Remove
1289 is a list of HTTP header names. Note that the header
1290 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1291 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
1292 bar my-header3: baz \n Config: remove: [\"my-header1\",
1293 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
1294 bar"
1295 items:
1296 type: string
1297 maxItems: 16
1298 type: array
1299 x-kubernetes-list-type: set
1300 set:
1301 description: "Set overwrites the request with the
1302 given header (name, value) before the action. \n
1303 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
1304 set: - name: \"my-header\" value: \"bar\" \n Output:
1305 GET /foo HTTP/1.1 my-header: bar"
1306 items:
1307 description: HTTPHeader represents an HTTP Header
1308 name and value as defined by RFC 7230.
1309 properties:
1310 name:
1311 description: "Name is the name of the HTTP Header
1312 to be matched. Name matching MUST be case
1313 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1314 \n If multiple entries specify equivalent
1315 header names, the first entry with an equivalent
1316 name MUST be considered for a match. Subsequent
1317 entries with an equivalent header name MUST
1318 be ignored. Due to the case-insensitivity
1319 of header names, \"foo\" and \"Foo\" are considered
1320 equivalent."
1321 maxLength: 256
1322 minLength: 1
1323 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1324 type: string
1325 value:
1326 description: Value is the value of HTTP Header
1327 to be matched.
1328 maxLength: 4096
1329 minLength: 1
1330 type: string
1331 required:
1332 - name
1333 - value
1334 type: object
1335 maxItems: 16
1336 type: array
1337 x-kubernetes-list-map-keys:
1338 - name
1339 x-kubernetes-list-type: map
1340 type: object
1341 requestMirror:
1342 description: "RequestMirror defines a schema for a filter
1343 that mirrors requests. Requests are sent to the specified
1344 destination, but responses from that destination are
1345 ignored. \n This filter can be used multiple times within
1346 the same rule. Note that not all implementations will
1347 be able to support mirroring to multiple backends. \n
1348 Support: Extended"
1349 properties:
1350 backendRef:
1351 description: "BackendRef references a resource where
1352 mirrored requests are sent. \n Mirrored requests
1353 must be sent only to a single destination endpoint
1354 within this BackendRef, irrespective of how many
1355 endpoints are present within this BackendRef. \n
1356 If the referent cannot be found, this BackendRef
1357 is invalid and must be dropped from the Gateway.
1358 The controller must ensure the \"ResolvedRefs\"
1359 condition on the Route status is set to `status:
1360 False` and not configure this backend in the underlying
1361 implementation. \n If there is a cross-namespace
1362 reference to an *existing* object that is not allowed
1363 by a ReferenceGrant, the controller must ensure
1364 the \"ResolvedRefs\" condition on the Route is
1365 set to `status: False`, with the \"RefNotPermitted\"
1366 reason and not configure this backend in the underlying
1367 implementation. \n In either error case, the Message
1368 of the `ResolvedRefs` Condition should be used to
1369 provide more detail about the problem. \n Support:
1370 Extended for Kubernetes Service \n Support: Implementation-specific
1371 for any other resource"
1372 properties:
1373 group:
1374 default: ""
1375 description: Group is the group of the referent.
1376 For example, "gateway.networking.k8s.io". When
1377 unspecified or empty string, core API group
1378 is inferred.
1379 maxLength: 253
1380 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1381 type: string
1382 kind:
1383 default: Service
1384 description: "Kind is the Kubernetes resource
1385 kind of the referent. For example \"Service\".
1386 \n Defaults to \"Service\" when not specified.
1387 \n ExternalName services can refer to CNAME
1388 DNS records that may live outside of the cluster
1389 and as such are difficult to reason about in
1390 terms of conformance. They also may not be safe
1391 to forward to (see CVE-2021-25740 for more information).
1392 Implementations SHOULD NOT support ExternalName
1393 Services. \n Support: Core (Services with a
1394 type other than ExternalName) \n Support: Implementation-specific
1395 (Services with type ExternalName)"
1396 maxLength: 63
1397 minLength: 1
1398 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1399 type: string
1400 name:
1401 description: Name is the name of the referent.
1402 maxLength: 253
1403 minLength: 1
1404 type: string
1405 namespace:
1406 description: "Namespace is the namespace of the
1407 backend. When unspecified, the local namespace
1408 is inferred. \n Note that when a namespace different
1409 than the local namespace is specified, a ReferenceGrant
1410 object is required in the referent namespace
1411 to allow that namespace's owner to accept the
1412 reference. See the ReferenceGrant documentation
1413 for details. \n Support: Core"
1414 maxLength: 63
1415 minLength: 1
1416 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1417 type: string
1418 port:
1419 description: Port specifies the destination port
1420 number to use for this resource. Port is required
1421 when the referent is a Kubernetes Service. In
1422 this case, the port number is the service port
1423 number, not the target port. For other resources,
1424 destination port might be derived from the referent
1425 resource or this field.
1426 format: int32
1427 maximum: 65535
1428 minimum: 1
1429 type: integer
1430 required:
1431 - name
1432 type: object
1433 x-kubernetes-validations:
1434 - message: Must have port for Service reference
1435 rule: '(size(self.group) == 0 && self.kind == ''Service'')
1436 ? has(self.port) : true'
1437 required:
1438 - backendRef
1439 type: object
1440 requestRedirect:
1441 description: "RequestRedirect defines a schema for a filter
1442 that responds to the request with an HTTP redirection.
1443 \n Support: Core"
1444 properties:
1445 hostname:
1446 description: "Hostname is the hostname to be used
1447 in the value of the `Location` header in the response.
1448 When empty, the hostname in the `Host` header of
1449 the request is used. \n Support: Core"
1450 maxLength: 253
1451 minLength: 1
1452 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1453 type: string
1454 path:
1455 description: "Path defines parameters used to modify
1456 the path of the incoming request. The modified path
1457 is then used to construct the `Location` header.
1458 When empty, the request path is used as-is. \n Support:
1459 Extended"
1460 properties:
1461 replaceFullPath:
1462 description: ReplaceFullPath specifies the value
1463 with which to replace the full path of a request
1464 during a rewrite or redirect.
1465 maxLength: 1024
1466 type: string
1467 replacePrefixMatch:
1468 description: "ReplacePrefixMatch specifies the
1469 value with which to replace the prefix match
1470 of a request during a rewrite or redirect. For
1471 example, a request to \"/foo/bar\" with a prefix
1472 match of \"/foo\" and a ReplacePrefixMatch of
1473 \"/xyz\" would be modified to \"/xyz/bar\".
1474 \n Note that this matches the behavior of the
1475 PathPrefix match type. This matches full path
1476 elements. A path element refers to the list
1477 of labels in the path split by the `/` separator.
1478 When specified, a trailing `/` is ignored. For
1479 example, the paths `/abc`, `/abc/`, and `/abc/def`
1480 would all match the prefix `/abc`, but the path
1481 `/abcd` would not. \n ReplacePrefixMatch is
1482 only compatible with a `PathPrefix` HTTPRouteMatch.
1483 Using any other HTTPRouteMatch type on the same
1484 HTTPRouteRule will result in the implementation
1485 setting the Accepted Condition for the Route
1486 to `status: False`. \n Request Path | Prefix
1487 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
1488 /foo/bar | /foo | /xyz |
1489 /xyz/bar /foo/bar | /foo | /xyz/
1490 \ | /xyz/bar /foo/bar | /foo/ |
1491 /xyz | /xyz/bar /foo/bar | /foo/
1492 \ | /xyz/ | /xyz/bar /foo |
1493 /foo | /xyz | /xyz /foo/ |
1494 /foo | /xyz | /xyz/ /foo/bar
1495 \ | /foo | <empty string> | /bar
1496 /foo/ | /foo | <empty string>
1497 | / /foo | /foo | <empty string>
1498 | / /foo/ | /foo | / |
1499 / /foo | /foo | / |
1500 /"
1501 maxLength: 1024
1502 type: string
1503 type:
1504 description: "Type defines the type of path modifier.
1505 Additional types may be added in a future release
1506 of the API. \n Note that values may be added
1507 to this enum, implementations must ensure that
1508 unknown values will not cause a crash. \n Unknown
1509 values here must result in the implementation
1510 setting the Accepted Condition for the Route
1511 to `status: False`, with a Reason of `UnsupportedValue`."
1512 enum:
1513 - ReplaceFullPath
1514 - ReplacePrefixMatch
1515 type: string
1516 required:
1517 - type
1518 type: object
1519 x-kubernetes-validations:
1520 - message: replaceFullPath must be specified when
1521 type is set to 'ReplaceFullPath'
1522 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
1523 : true'
1524 - message: type must be 'ReplaceFullPath' when replaceFullPath
1525 is set
1526 rule: 'has(self.replaceFullPath) ? self.type ==
1527 ''ReplaceFullPath'' : true'
1528 - message: replacePrefixMatch must be specified when
1529 type is set to 'ReplacePrefixMatch'
1530 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
1531 : true'
1532 - message: type must be 'ReplacePrefixMatch' when
1533 replacePrefixMatch is set
1534 rule: 'has(self.replacePrefixMatch) ? self.type
1535 == ''ReplacePrefixMatch'' : true'
1536 port:
1537 description: "Port is the port to be used in the value
1538 of the `Location` header in the response. \n If
1539 no port is specified, the redirect port MUST be
1540 derived using the following rules: \n * If redirect
1541 scheme is not-empty, the redirect port MUST be the
1542 well-known port associated with the redirect scheme.
1543 Specifically \"http\" to port 80 and \"https\" to
1544 port 443. If the redirect scheme does not have a
1545 well-known port, the listener port of the Gateway
1546 SHOULD be used. * If redirect scheme is empty, the
1547 redirect port MUST be the Gateway Listener port.
1548 \n Implementations SHOULD NOT add the port number
1549 in the 'Location' header in the following cases:
1550 \n * A Location header that will use HTTP (whether
1551 that is determined via the Listener protocol or
1552 the Scheme field) _and_ use port 80. * A Location
1553 header that will use HTTPS (whether that is determined
1554 via the Listener protocol or the Scheme field) _and_
1555 use port 443. \n Support: Extended"
1556 format: int32
1557 maximum: 65535
1558 minimum: 1
1559 type: integer
1560 scheme:
1561 description: "Scheme is the scheme to be used in the
1562 value of the `Location` header in the response.
1563 When empty, the scheme of the request is used. \n
1564 Scheme redirects can affect the port of the redirect,
1565 for more information, refer to the documentation
1566 for the port field of this filter. \n Note that
1567 values may be added to this enum, implementations
1568 must ensure that unknown values will not cause a
1569 crash. \n Unknown values here must result in the
1570 implementation setting the Accepted Condition for
1571 the Route to `status: False`, with a Reason of `UnsupportedValue`.
1572 \n Support: Extended"
1573 enum:
1574 - http
1575 - https
1576 type: string
1577 statusCode:
1578 default: 302
1579 description: "StatusCode is the HTTP status code to
1580 be used in response. \n Note that values may be
1581 added to this enum, implementations must ensure
1582 that unknown values will not cause a crash. \n Unknown
1583 values here must result in the implementation setting
1584 the Accepted Condition for the Route to `status:
1585 False`, with a Reason of `UnsupportedValue`. \n
1586 Support: Core"
1587 enum:
1588 - 301
1589 - 302
1590 type: integer
1591 type: object
1592 responseHeaderModifier:
1593 description: "ResponseHeaderModifier defines a schema
1594 for a filter that modifies response headers. \n Support:
1595 Extended"
1596 properties:
1597 add:
1598 description: "Add adds the given header(s) (name,
1599 value) to the request before the action. It appends
1600 to any existing values associated with the header
1601 name. \n Input: GET /foo HTTP/1.1 my-header: foo
1602 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
1603 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
1604 items:
1605 description: HTTPHeader represents an HTTP Header
1606 name and value as defined by RFC 7230.
1607 properties:
1608 name:
1609 description: "Name is the name of the HTTP Header
1610 to be matched. Name matching MUST be case
1611 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1612 \n If multiple entries specify equivalent
1613 header names, the first entry with an equivalent
1614 name MUST be considered for a match. Subsequent
1615 entries with an equivalent header name MUST
1616 be ignored. Due to the case-insensitivity
1617 of header names, \"foo\" and \"Foo\" are considered
1618 equivalent."
1619 maxLength: 256
1620 minLength: 1
1621 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1622 type: string
1623 value:
1624 description: Value is the value of HTTP Header
1625 to be matched.
1626 maxLength: 4096
1627 minLength: 1
1628 type: string
1629 required:
1630 - name
1631 - value
1632 type: object
1633 maxItems: 16
1634 type: array
1635 x-kubernetes-list-map-keys:
1636 - name
1637 x-kubernetes-list-type: map
1638 remove:
1639 description: "Remove the given header(s) from the
1640 HTTP request before the action. The value of Remove
1641 is a list of HTTP header names. Note that the header
1642 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1643 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
1644 bar my-header3: baz \n Config: remove: [\"my-header1\",
1645 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
1646 bar"
1647 items:
1648 type: string
1649 maxItems: 16
1650 type: array
1651 x-kubernetes-list-type: set
1652 set:
1653 description: "Set overwrites the request with the
1654 given header (name, value) before the action. \n
1655 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
1656 set: - name: \"my-header\" value: \"bar\" \n Output:
1657 GET /foo HTTP/1.1 my-header: bar"
1658 items:
1659 description: HTTPHeader represents an HTTP Header
1660 name and value as defined by RFC 7230.
1661 properties:
1662 name:
1663 description: "Name is the name of the HTTP Header
1664 to be matched. Name matching MUST be case
1665 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1666 \n If multiple entries specify equivalent
1667 header names, the first entry with an equivalent
1668 name MUST be considered for a match. Subsequent
1669 entries with an equivalent header name MUST
1670 be ignored. Due to the case-insensitivity
1671 of header names, \"foo\" and \"Foo\" are considered
1672 equivalent."
1673 maxLength: 256
1674 minLength: 1
1675 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1676 type: string
1677 value:
1678 description: Value is the value of HTTP Header
1679 to be matched.
1680 maxLength: 4096
1681 minLength: 1
1682 type: string
1683 required:
1684 - name
1685 - value
1686 type: object
1687 maxItems: 16
1688 type: array
1689 x-kubernetes-list-map-keys:
1690 - name
1691 x-kubernetes-list-type: map
1692 type: object
1693 type:
1694 description: "Type identifies the type of filter to apply.
1695 As with other API fields, types are classified into
1696 three conformance levels: \n - Core: Filter types and
1697 their corresponding configuration defined by \"Support:
1698 Core\" in this package, e.g. \"RequestHeaderModifier\".
1699 All implementations must support core filters. \n -
1700 Extended: Filter types and their corresponding configuration
1701 defined by \"Support: Extended\" in this package, e.g.
1702 \"RequestMirror\". Implementers are encouraged to support
1703 extended filters. \n - Implementation-specific: Filters
1704 that are defined and supported by specific vendors.
1705 In the future, filters showing convergence in behavior
1706 across multiple implementations will be considered for
1707 inclusion in extended or core conformance levels. Filter-specific
1708 configuration for such filters is specified using the
1709 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
1710 for custom filters. \n Implementers are encouraged to
1711 define custom implementation types to extend the core
1712 API with implementation-specific behavior. \n If a reference
1713 to a custom filter type cannot be resolved, the filter
1714 MUST NOT be skipped. Instead, requests that would have
1715 been processed by that filter MUST receive a HTTP error
1716 response. \n Note that values may be added to this enum,
1717 implementations must ensure that unknown values will
1718 not cause a crash. \n Unknown values here must result
1719 in the implementation setting the Accepted Condition
1720 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
1721 enum:
1722 - RequestHeaderModifier
1723 - ResponseHeaderModifier
1724 - RequestMirror
1725 - RequestRedirect
1726 - URLRewrite
1727 - ExtensionRef
1728 type: string
1729 urlRewrite:
1730 description: "URLRewrite defines a schema for a filter
1731 that modifies a request during forwarding. \n Support:
1732 Extended"
1733 properties:
1734 hostname:
1735 description: "Hostname is the value to be used to
1736 replace the Host header value during forwarding.
1737 \n Support: Extended"
1738 maxLength: 253
1739 minLength: 1
1740 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1741 type: string
1742 path:
1743 description: "Path defines a path rewrite. \n Support:
1744 Extended"
1745 properties:
1746 replaceFullPath:
1747 description: ReplaceFullPath specifies the value
1748 with which to replace the full path of a request
1749 during a rewrite or redirect.
1750 maxLength: 1024
1751 type: string
1752 replacePrefixMatch:
1753 description: "ReplacePrefixMatch specifies the
1754 value with which to replace the prefix match
1755 of a request during a rewrite or redirect. For
1756 example, a request to \"/foo/bar\" with a prefix
1757 match of \"/foo\" and a ReplacePrefixMatch of
1758 \"/xyz\" would be modified to \"/xyz/bar\".
1759 \n Note that this matches the behavior of the
1760 PathPrefix match type. This matches full path
1761 elements. A path element refers to the list
1762 of labels in the path split by the `/` separator.
1763 When specified, a trailing `/` is ignored. For
1764 example, the paths `/abc`, `/abc/`, and `/abc/def`
1765 would all match the prefix `/abc`, but the path
1766 `/abcd` would not. \n ReplacePrefixMatch is
1767 only compatible with a `PathPrefix` HTTPRouteMatch.
1768 Using any other HTTPRouteMatch type on the same
1769 HTTPRouteRule will result in the implementation
1770 setting the Accepted Condition for the Route
1771 to `status: False`. \n Request Path | Prefix
1772 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
1773 /foo/bar | /foo | /xyz |
1774 /xyz/bar /foo/bar | /foo | /xyz/
1775 \ | /xyz/bar /foo/bar | /foo/ |
1776 /xyz | /xyz/bar /foo/bar | /foo/
1777 \ | /xyz/ | /xyz/bar /foo |
1778 /foo | /xyz | /xyz /foo/ |
1779 /foo | /xyz | /xyz/ /foo/bar
1780 \ | /foo | <empty string> | /bar
1781 /foo/ | /foo | <empty string>
1782 | / /foo | /foo | <empty string>
1783 | / /foo/ | /foo | / |
1784 / /foo | /foo | / |
1785 /"
1786 maxLength: 1024
1787 type: string
1788 type:
1789 description: "Type defines the type of path modifier.
1790 Additional types may be added in a future release
1791 of the API. \n Note that values may be added
1792 to this enum, implementations must ensure that
1793 unknown values will not cause a crash. \n Unknown
1794 values here must result in the implementation
1795 setting the Accepted Condition for the Route
1796 to `status: False`, with a Reason of `UnsupportedValue`."
1797 enum:
1798 - ReplaceFullPath
1799 - ReplacePrefixMatch
1800 type: string
1801 required:
1802 - type
1803 type: object
1804 x-kubernetes-validations:
1805 - message: replaceFullPath must be specified when
1806 type is set to 'ReplaceFullPath'
1807 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
1808 : true'
1809 - message: type must be 'ReplaceFullPath' when replaceFullPath
1810 is set
1811 rule: 'has(self.replaceFullPath) ? self.type ==
1812 ''ReplaceFullPath'' : true'
1813 - message: replacePrefixMatch must be specified when
1814 type is set to 'ReplacePrefixMatch'
1815 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
1816 : true'
1817 - message: type must be 'ReplacePrefixMatch' when
1818 replacePrefixMatch is set
1819 rule: 'has(self.replacePrefixMatch) ? self.type
1820 == ''ReplacePrefixMatch'' : true'
1821 type: object
1822 required:
1823 - type
1824 type: object
1825 x-kubernetes-validations:
1826 - message: filter.requestHeaderModifier must be nil if the
1827 filter.type is not RequestHeaderModifier
1828 rule: '!(has(self.requestHeaderModifier) && self.type !=
1829 ''RequestHeaderModifier'')'
1830 - message: filter.requestHeaderModifier must be specified
1831 for RequestHeaderModifier filter.type
1832 rule: '!(!has(self.requestHeaderModifier) && self.type ==
1833 ''RequestHeaderModifier'')'
1834 - message: filter.responseHeaderModifier must be nil if the
1835 filter.type is not ResponseHeaderModifier
1836 rule: '!(has(self.responseHeaderModifier) && self.type !=
1837 ''ResponseHeaderModifier'')'
1838 - message: filter.responseHeaderModifier must be specified
1839 for ResponseHeaderModifier filter.type
1840 rule: '!(!has(self.responseHeaderModifier) && self.type
1841 == ''ResponseHeaderModifier'')'
1842 - message: filter.requestMirror must be nil if the filter.type
1843 is not RequestMirror
1844 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
1845 - message: filter.requestMirror must be specified for RequestMirror
1846 filter.type
1847 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')'
1848 - message: filter.requestRedirect must be nil if the filter.type
1849 is not RequestRedirect
1850 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')'
1851 - message: filter.requestRedirect must be specified for RequestRedirect
1852 filter.type
1853 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')'
1854 - message: filter.urlRewrite must be nil if the filter.type
1855 is not URLRewrite
1856 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
1857 - message: filter.urlRewrite must be specified for URLRewrite
1858 filter.type
1859 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
1860 - message: filter.extensionRef must be nil if the filter.type
1861 is not ExtensionRef
1862 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
1863 - message: filter.extensionRef must be specified for ExtensionRef
1864 filter.type
1865 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
1866 maxItems: 16
1867 type: array
1868 x-kubernetes-validations:
1869 - message: May specify either httpRouteFilterRequestRedirect
1870 or httpRouteFilterRequestRewrite, but not both
1871 rule: '!(self.exists(f, f.type == ''RequestRedirect'') &&
1872 self.exists(f, f.type == ''URLRewrite''))'
1873 - message: RequestHeaderModifier filter cannot be repeated
1874 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
1875 <= 1
1876 - message: ResponseHeaderModifier filter cannot be repeated
1877 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
1878 <= 1
1879 - message: RequestRedirect filter cannot be repeated
1880 rule: self.filter(f, f.type == 'RequestRedirect').size() <=
1881 1
1882 - message: URLRewrite filter cannot be repeated
1883 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1
1884 matches:
1885 default:
1886 - path:
1887 type: PathPrefix
1888 value: /
1889 description: "Matches define conditions used for matching the
1890 rule against incoming HTTP requests. Each match is independent,
1891 i.e. this rule will be matched if **any** one of the matches
1892 is satisfied. \n For example, take the following matches configuration:
1893 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
1894 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
1895 to match against this rule, a request must satisfy EITHER
1896 of the two conditions: \n - path prefixed with `/foo` AND
1897 contains the header `version: v2` - path prefix of `/v2/foo`
1898 \n See the documentation for HTTPRouteMatch on how to specify
1899 multiple match conditions that should be ANDed together. \n
1900 If no matches are specified, the default is a prefix path
1901 match on \"/\", which has the effect of matching every HTTP
1902 request. \n Proxy or Load Balancer routing configuration generated
1903 from HTTPRoutes MUST prioritize matches based on the following
1904 criteria, continuing on ties. Across all rules specified on
1905 applicable Routes, precedence must be given to the match having:
1906 \n * \"Exact\" path match. * \"Prefix\" path match with largest
1907 number of characters. * Method match. * Largest number of
1908 header matches. * Largest number of query param matches. \n
1909 Note: The precedence of RegularExpression path matches are
1910 implementation-specific. \n If ties still exist across multiple
1911 Routes, matching precedence MUST be determined in order of
1912 the following criteria, continuing on ties: \n * The oldest
1913 Route based on creation timestamp. * The Route appearing first
1914 in alphabetical order by \"{namespace}/{name}\". \n If ties
1915 still exist within an HTTPRoute, matching precedence MUST
1916 be granted to the FIRST matching rule (in list order) with
1917 a match meeting the above criteria. \n When no rules matching
1918 a request have been successfully attached to the parent a
1919 request is coming from, a HTTP 404 status code MUST be returned."
1920 items:
1921 description: "HTTPRouteMatch defines the predicate used to
1922 match requests to a given action. Multiple match types are
1923 ANDed together, i.e. the match will evaluate to true only
1924 if all conditions are satisfied. \n For example, the match
1925 below will match a HTTP request only if its path starts
1926 with `/foo` AND it contains the `version: v1` header: \n
1927 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
1928 value \"v1\" \n ```"
1929 properties:
1930 headers:
1931 description: Headers specifies HTTP request header matchers.
1932 Multiple match values are ANDed together, meaning, a
1933 request must match all the specified headers to select
1934 the route.
1935 items:
1936 description: HTTPHeaderMatch describes how to select
1937 a HTTP route by matching HTTP request headers.
1938 properties:
1939 name:
1940 description: "Name is the name of the HTTP Header
1941 to be matched. Name matching MUST be case insensitive.
1942 (See https://tools.ietf.org/html/rfc7230#section-3.2).
1943 \n If multiple entries specify equivalent header
1944 names, only the first entry with an equivalent
1945 name MUST be considered for a match. Subsequent
1946 entries with an equivalent header name MUST be
1947 ignored. Due to the case-insensitivity of header
1948 names, \"foo\" and \"Foo\" are considered equivalent.
1949 \n When a header is repeated in an HTTP request,
1950 it is implementation-specific behavior as to how
1951 this is represented. Generally, proxies should
1952 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
1953 regarding processing a repeated header, with special
1954 handling for \"Set-Cookie\"."
1955 maxLength: 256
1956 minLength: 1
1957 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1958 type: string
1959 type:
1960 default: Exact
1961 description: "Type specifies how to match against
1962 the value of the header. \n Support: Core (Exact)
1963 \n Support: Implementation-specific (RegularExpression)
1964 \n Since RegularExpression HeaderMatchType has
1965 implementation-specific conformance, implementations
1966 can support POSIX, PCRE or any other dialects
1967 of regular expressions. Please read the implementation's
1968 documentation to determine the supported dialect."
1969 enum:
1970 - Exact
1971 - RegularExpression
1972 type: string
1973 value:
1974 description: Value is the value of HTTP Header to
1975 be matched.
1976 maxLength: 4096
1977 minLength: 1
1978 type: string
1979 required:
1980 - name
1981 - value
1982 type: object
1983 maxItems: 16
1984 type: array
1985 x-kubernetes-list-map-keys:
1986 - name
1987 x-kubernetes-list-type: map
1988 method:
1989 description: "Method specifies HTTP method matcher. When
1990 specified, this route will be matched only if the request
1991 has the specified method. \n Support: Extended"
1992 enum:
1993 - GET
1994 - HEAD
1995 - POST
1996 - PUT
1997 - DELETE
1998 - CONNECT
1999 - OPTIONS
2000 - TRACE
2001 - PATCH
2002 type: string
2003 path:
2004 default:
2005 type: PathPrefix
2006 value: /
2007 description: Path specifies a HTTP request path matcher.
2008 If this field is not specified, a default prefix match
2009 on the "/" path is provided.
2010 properties:
2011 type:
2012 default: PathPrefix
2013 description: "Type specifies how to match against
2014 the path Value. \n Support: Core (Exact, PathPrefix)
2015 \n Support: Implementation-specific (RegularExpression)"
2016 enum:
2017 - Exact
2018 - PathPrefix
2019 - RegularExpression
2020 type: string
2021 value:
2022 default: /
2023 description: Value of the HTTP path to match against.
2024 maxLength: 1024
2025 type: string
2026 type: object
2027 x-kubernetes-validations:
2028 - message: value must be an absolute path and start with
2029 '/' when type one of ['Exact', 'PathPrefix']
2030 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'')
2031 : true'
2032 - message: must not contain '//' when type one of ['Exact',
2033 'PathPrefix']
2034 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'')
2035 : true'
2036 - message: must not contain '/./' when type one of ['Exact',
2037 'PathPrefix']
2038 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'')
2039 : true'
2040 - message: must not contain '/../' when type one of ['Exact',
2041 'PathPrefix']
2042 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'')
2043 : true'
2044 - message: must not contain '%2f' when type one of ['Exact',
2045 'PathPrefix']
2046 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'')
2047 : true'
2048 - message: must not contain '%2F' when type one of ['Exact',
2049 'PathPrefix']
2050 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'')
2051 : true'
2052 - message: must not contain '#' when type one of ['Exact',
2053 'PathPrefix']
2054 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'')
2055 : true'
2056 - message: must not end with '/..' when type one of ['Exact',
2057 'PathPrefix']
2058 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'')
2059 : true'
2060 - message: must not end with '/.' when type one of ['Exact',
2061 'PathPrefix']
2062 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'')
2063 : true'
2064 - message: type must be one of ['Exact', 'PathPrefix',
2065 'RegularExpression']
2066 rule: self.type in ['Exact','PathPrefix'] || self.type
2067 == 'RegularExpression'
2068 - message: must only contain valid characters (matching
2069 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$)
2070 for types ['Exact', 'PathPrefix']
2071 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""")
2072 : true'
2073 queryParams:
2074 description: "QueryParams specifies HTTP query parameter
2075 matchers. Multiple match values are ANDed together,
2076 meaning, a request must match all the specified query
2077 parameters to select the route. \n Support: Extended"
2078 items:
2079 description: HTTPQueryParamMatch describes how to select
2080 a HTTP route by matching HTTP query parameters.
2081 properties:
2082 name:
2083 description: "Name is the name of the HTTP query
2084 param to be matched. This must be an exact string
2085 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
2086 \n If multiple entries specify equivalent query
2087 param names, only the first entry with an equivalent
2088 name MUST be considered for a match. Subsequent
2089 entries with an equivalent query param name MUST
2090 be ignored. \n If a query param is repeated in
2091 an HTTP request, the behavior is purposely left
2092 undefined, since different data planes have different
2093 capabilities. However, it is *recommended* that
2094 implementations should match against the first
2095 value of the param if the data plane supports
2096 it, as this behavior is expected in other load
2097 balancing contexts outside of the Gateway API.
2098 \n Users SHOULD NOT route traffic based on repeated
2099 query params to guard themselves against potential
2100 differences in the implementations."
2101 maxLength: 256
2102 minLength: 1
2103 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2104 type: string
2105 type:
2106 default: Exact
2107 description: "Type specifies how to match against
2108 the value of the query parameter. \n Support:
2109 Extended (Exact) \n Support: Implementation-specific
2110 (RegularExpression) \n Since RegularExpression
2111 QueryParamMatchType has Implementation-specific
2112 conformance, implementations can support POSIX,
2113 PCRE or any other dialects of regular expressions.
2114 Please read the implementation's documentation
2115 to determine the supported dialect."
2116 enum:
2117 - Exact
2118 - RegularExpression
2119 type: string
2120 value:
2121 description: Value is the value of HTTP query param
2122 to be matched.
2123 maxLength: 1024
2124 minLength: 1
2125 type: string
2126 required:
2127 - name
2128 - value
2129 type: object
2130 maxItems: 16
2131 type: array
2132 x-kubernetes-list-map-keys:
2133 - name
2134 x-kubernetes-list-type: map
2135 type: object
2136 maxItems: 8
2137 type: array
2138 timeouts:
2139 description: "Timeouts defines the timeouts that can be configured
2140 for an HTTP request. \n Support: Extended \n "
2141 properties:
2142 backendRequest:
2143 description: "BackendRequest specifies a timeout for an
2144 individual request from the gateway to a backend. This
2145 covers the time from when the request first starts being
2146 sent from the gateway to when the full response has been
2147 received from the backend. \n An entire client HTTP transaction
2148 with a gateway, covered by the Request timeout, may result
2149 in more than one call from the gateway to the destination
2150 backend, for example, if automatic retries are supported.
2151 \n Because the Request timeout encompasses the BackendRequest
2152 timeout, the value of BackendRequest must be <= the value
2153 of Request timeout. \n Support: Extended"
2154 pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
2155 type: string
2156 request:
2157 description: "Request specifies the maximum duration for
2158 a gateway to respond to an HTTP request. If the gateway
2159 has not been able to respond before this deadline is met,
2160 the gateway MUST return a timeout error. \n For example,
2161 setting the `rules.timeouts.request` field to the value
2162 `10s` in an `HTTPRoute` will cause a timeout if a client
2163 request is taking longer than 10 seconds to complete.
2164 \n This timeout is intended to cover as close to the whole
2165 request-response transaction as possible although an implementation
2166 MAY choose to start the timeout after the entire request
2167 stream has been received instead of immediately after
2168 the transaction is initiated by the client. \n When this
2169 field is unspecified, request timeout behavior is implementation-specific.
2170 \n Support: Extended"
2171 pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
2172 type: string
2173 type: object
2174 x-kubernetes-validations:
2175 - message: backendRequest timeout cannot be longer than request
2176 timeout
2177 rule: '!(has(self.request) && has(self.backendRequest) &&
2178 duration(self.request) != duration(''0s'') && duration(self.backendRequest)
2179 > duration(self.request))'
2180 type: object
2181 x-kubernetes-validations:
2182 - message: RequestRedirect filter must not be used together with
2183 backendRefs
2184 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ?
2185 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))):
2186 true'
2187 - message: When using RequestRedirect filter with path.replacePrefixMatch,
2188 exactly one PathPrefix match must be specified
2189 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect)
2190 && has(f.requestRedirect.path) && f.requestRedirect.path.type
2191 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
2192 ? ((size(self.matches) != 1 || !has(self.matches[0].path) ||
2193 self.matches[0].path.type != ''PathPrefix'') ? false : true)
2194 : true'
2195 - message: When using URLRewrite filter with path.replacePrefixMatch,
2196 exactly one PathPrefix match must be specified
2197 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite)
2198 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
2199 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches)
2200 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
2201 != ''PathPrefix'') ? false : true) : true'
2202 - message: Within backendRefs, when using RequestRedirect filter
2203 with path.replacePrefixMatch, exactly one PathPrefix match must
2204 be specified
2205 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
2206 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect)
2207 && has(f.requestRedirect.path) && f.requestRedirect.path.type
2208 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
2209 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path)
2210 || self.matches[0].path.type != ''PathPrefix'') ? false : true)
2211 : true'
2212 - message: Within backendRefs, When using URLRewrite filter with
2213 path.replacePrefixMatch, exactly one PathPrefix match must be
2214 specified
2215 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
2216 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite)
2217 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
2218 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches)
2219 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
2220 != ''PathPrefix'') ? false : true) : true'
2221 maxItems: 16
2222 type: array
2223 type: object
2224 status:
2225 description: Status defines the current state of HTTPRoute.
2226 properties:
2227 parents:
2228 description: "Parents is a list of parent resources (usually Gateways)
2229 that are associated with the route, and the status of the route
2230 with respect to each parent. When this route attaches to a parent,
2231 the controller that manages the parent must add an entry to this
2232 list when the controller first sees the route and should update
2233 the entry as appropriate when the route or gateway is modified.
2234 \n Note that parent references that cannot be resolved by an implementation
2235 of this API will not be added to this list. Implementations of this
2236 API can only populate Route status for the Gateways/parent resources
2237 they are responsible for. \n A maximum of 32 Gateways will be represented
2238 in this list. An empty list means the route has not been attached
2239 to any Gateway."
2240 items:
2241 description: RouteParentStatus describes the status of a route with
2242 respect to an associated Parent.
2243 properties:
2244 conditions:
2245 description: "Conditions describes the status of the route with
2246 respect to the Gateway. Note that the route's availability
2247 is also subject to the Gateway's own status conditions and
2248 listener status. \n If the Route's ParentRef specifies an
2249 existing Gateway that supports Routes of this kind AND that
2250 Gateway's controller has sufficient access, then that Gateway's
2251 controller MUST set the \"Accepted\" condition on the Route,
2252 to indicate whether the route has been accepted or rejected
2253 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
2254 if at least one of the Route's rules is implemented by the
2255 Gateway. \n There are a number of cases where the \"Accepted\"
2256 condition may not be set due to lack of controller visibility,
2257 that includes when: \n * The Route refers to a non-existent
2258 parent. * The Route is of a type that the controller does
2259 not support. * The Route is in a namespace the controller
2260 does not have access to."
2261 items:
2262 description: "Condition contains details for one aspect of
2263 the current state of this API Resource. --- This struct
2264 is intended for direct use as an array at the field path
2265 .status.conditions. For example, \n type FooStatus struct{
2266 // Represents the observations of a foo's current state.
2267 // Known .status.conditions.type are: \"Available\", \"Progressing\",
2268 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
2269 // +listType=map // +listMapKey=type Conditions []metav1.Condition
2270 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
2271 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
2272 }"
2273 properties:
2274 lastTransitionTime:
2275 description: lastTransitionTime is the last time the condition
2276 transitioned from one status to another. This should
2277 be when the underlying condition changed. If that is
2278 not known, then using the time when the API field changed
2279 is acceptable.
2280 format: date-time
2281 type: string
2282 message:
2283 description: message is a human readable message indicating
2284 details about the transition. This may be an empty string.
2285 maxLength: 32768
2286 type: string
2287 observedGeneration:
2288 description: observedGeneration represents the .metadata.generation
2289 that the condition was set based upon. For instance,
2290 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
2291 is 9, the condition is out of date with respect to the
2292 current state of the instance.
2293 format: int64
2294 minimum: 0
2295 type: integer
2296 reason:
2297 description: reason contains a programmatic identifier
2298 indicating the reason for the condition's last transition.
2299 Producers of specific condition types may define expected
2300 values and meanings for this field, and whether the
2301 values are considered a guaranteed API. The value should
2302 be a CamelCase string. This field may not be empty.
2303 maxLength: 1024
2304 minLength: 1
2305 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2306 type: string
2307 status:
2308 description: status of the condition, one of True, False,
2309 Unknown.
2310 enum:
2311 - "True"
2312 - "False"
2313 - Unknown
2314 type: string
2315 type:
2316 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2317 --- Many .condition.type values are consistent across
2318 resources like Available, but because arbitrary conditions
2319 can be useful (see .node.status.conditions), the ability
2320 to deconflict is important. The regex it matches is
2321 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2322 maxLength: 316
2323 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2324 type: string
2325 required:
2326 - lastTransitionTime
2327 - message
2328 - reason
2329 - status
2330 - type
2331 type: object
2332 maxItems: 8
2333 minItems: 1
2334 type: array
2335 x-kubernetes-list-map-keys:
2336 - type
2337 x-kubernetes-list-type: map
2338 controllerName:
2339 description: "ControllerName is a domain/path string that indicates
2340 the name of the controller that wrote this status. This corresponds
2341 with the controllerName field on GatewayClass. \n Example:
2342 \"example.net/gateway-controller\". \n The format of this
2343 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
2344 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
2345 \n Controllers MUST populate this field when writing status.
2346 Controllers should ensure that entries to status populated
2347 with their ControllerName are cleaned up when they are no
2348 longer necessary."
2349 maxLength: 253
2350 minLength: 1
2351 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
2352 type: string
2353 parentRef:
2354 description: ParentRef corresponds with a ParentRef in the spec
2355 that this RouteParentStatus struct describes the status of.
2356 properties:
2357 group:
2358 default: gateway.networking.k8s.io
2359 description: "Group is the group of the referent. When unspecified,
2360 \"gateway.networking.k8s.io\" is inferred. To set the
2361 core API group (such as for a \"Service\" kind referent),
2362 Group must be explicitly set to \"\" (empty string). \n
2363 Support: Core"
2364 maxLength: 253
2365 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2366 type: string
2367 kind:
2368 default: Gateway
2369 description: "Kind is kind of the referent. \n There are
2370 two kinds of parent resources with \"Core\" support: \n
2371 * Gateway (Gateway conformance profile) * Service (Mesh
2372 conformance profile, experimental, ClusterIP Services
2373 only) \n Support for other resources is Implementation-Specific."
2374 maxLength: 63
2375 minLength: 1
2376 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2377 type: string
2378 name:
2379 description: "Name is the name of the referent. \n Support:
2380 Core"
2381 maxLength: 253
2382 minLength: 1
2383 type: string
2384 namespace:
2385 description: "Namespace is the namespace of the referent.
2386 When unspecified, this refers to the local namespace of
2387 the Route. \n Note that there are specific rules for ParentRefs
2388 which cross namespace boundaries. Cross-namespace references
2389 are only valid if they are explicitly allowed by something
2390 in the namespace they are referring to. For example: Gateway
2391 has the AllowedRoutes field, and ReferenceGrant provides
2392 a generic way to enable any other kind of cross-namespace
2393 reference. \n ParentRefs from a Route to a Service in
2394 the same namespace are \"producer\" routes, which apply
2395 default routing rules to inbound connections from any
2396 namespace to the Service. \n ParentRefs from a Route to
2397 a Service in a different namespace are \"consumer\" routes,
2398 and these routing rules are only applied to outbound connections
2399 originating from the same namespace as the Route, for
2400 which the intended destination of the connections are
2401 a Service targeted as a ParentRef of the Route. \n Support:
2402 Core"
2403 maxLength: 63
2404 minLength: 1
2405 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2406 type: string
2407 port:
2408 description: "Port is the network port this Route targets.
2409 It can be interpreted differently based on the type of
2410 parent resource. \n When the parent resource is a Gateway,
2411 this targets all listeners listening on the specified
2412 port that also support this kind of Route(and select this
2413 Route). It's not recommended to set `Port` unless the
2414 networking behaviors specified in a Route must apply to
2415 a specific port as opposed to a listener(s) whose port(s)
2416 may be changed. When both Port and SectionName are specified,
2417 the name and port of the selected listener must match
2418 both specified values. \n When the parent resource is
2419 a Service, this targets a specific port in the Service
2420 spec. When both Port (experimental) and SectionName are
2421 specified, the name and port of the selected port must
2422 match both specified values. \n Implementations MAY choose
2423 to support other parent resources. Implementations supporting
2424 other types of parent resources MUST clearly document
2425 how/if Port is interpreted. \n For the purpose of status,
2426 an attachment is considered successful as long as the
2427 parent resource accepts it partially. For example, Gateway
2428 listeners can restrict which Routes can attach to them
2429 by Route kind, namespace, or hostname. If 1 of 2 Gateway
2430 listeners accept attachment from the referencing Route,
2431 the Route MUST be considered successfully attached. If
2432 no Gateway listeners accept attachment from this Route,
2433 the Route MUST be considered detached from the Gateway.
2434 \n Support: Extended \n "
2435 format: int32
2436 maximum: 65535
2437 minimum: 1
2438 type: integer
2439 sectionName:
2440 description: "SectionName is the name of a section within
2441 the target resource. In the following resources, SectionName
2442 is interpreted as the following: \n * Gateway: Listener
2443 Name. When both Port (experimental) and SectionName are
2444 specified, the name and port of the selected listener
2445 must match both specified values. * Service: Port Name.
2446 When both Port (experimental) and SectionName are specified,
2447 the name and port of the selected listener must match
2448 both specified values. Note that attaching Routes to Services
2449 as Parents is part of experimental Mesh support and is
2450 not supported for any other purpose. \n Implementations
2451 MAY choose to support attaching Routes to other resources.
2452 If that is the case, they MUST clearly document how SectionName
2453 is interpreted. \n When unspecified (empty string), this
2454 will reference the entire resource. For the purpose of
2455 status, an attachment is considered successful if at least
2456 one section in the parent resource accepts it. For example,
2457 Gateway listeners can restrict which Routes can attach
2458 to them by Route kind, namespace, or hostname. If 1 of
2459 2 Gateway listeners accept attachment from the referencing
2460 Route, the Route MUST be considered successfully attached.
2461 If no Gateway listeners accept attachment from this Route,
2462 the Route MUST be considered detached from the Gateway.
2463 \n Support: Core"
2464 maxLength: 253
2465 minLength: 1
2466 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2467 type: string
2468 required:
2469 - name
2470 type: object
2471 required:
2472 - controllerName
2473 - parentRef
2474 type: object
2475 maxItems: 32
2476 type: array
2477 required:
2478 - parents
2479 type: object
2480 required:
2481 - spec
2482 type: object
2483 served: true
2484 storage: false
2485 subresources:
2486 status: {}
2487 - additionalPrinterColumns:
2488 - jsonPath: .spec.hostnames
2489 name: Hostnames
2490 type: string
2491 - jsonPath: .metadata.creationTimestamp
2492 name: Age
2493 type: date
2494 name: v1beta1
2495 schema:
2496 openAPIV3Schema:
2497 description: HTTPRoute provides a way to route HTTP requests. This includes
2498 the capability to match requests by hostname, path, header, or query param.
2499 Filters can be used to specify additional processing steps. Backends specify
2500 where matching requests should be routed.
2501 properties:
2502 apiVersion:
2503 description: 'APIVersion defines the versioned schema of this representation
2504 of an object. Servers should convert recognized schemas to the latest
2505 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2506 type: string
2507 kind:
2508 description: 'Kind is a string value representing the REST resource this
2509 object represents. Servers may infer this from the endpoint the client
2510 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2511 type: string
2512 metadata:
2513 type: object
2514 spec:
2515 description: Spec defines the desired state of HTTPRoute.
2516 properties:
2517 hostnames:
2518 description: "Hostnames defines a set of hostnames that should match
2519 against the HTTP Host header to select a HTTPRoute used to process
2520 the request. Implementations MUST ignore any port value specified
2521 in the HTTP Host header while performing a match and (absent of
2522 any applicable header modification configuration) MUST forward this
2523 header unmodified to the backend. \n Valid values for Hostnames
2524 are determined by RFC 1123 definition of a hostname with 2 notable
2525 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
2526 with a wildcard label (`*.`). The wildcard label must appear by
2527 itself as the first label. \n If a hostname is specified by both
2528 the Listener and HTTPRoute, there must be at least one intersecting
2529 hostname for the HTTPRoute to be attached to the Listener. For example:
2530 \n * A Listener with `test.example.com` as the hostname matches
2531 HTTPRoutes that have either not specified any hostnames, or have
2532 specified at least one of `test.example.com` or `*.example.com`.
2533 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
2534 that have either not specified any hostnames or have specified at
2535 least one hostname that matches the Listener hostname. For example,
2536 `*.example.com`, `test.example.com`, and `foo.test.example.com`
2537 would all match. On the other hand, `example.com` and `test.example.net`
2538 would not match. \n Hostnames that are prefixed with a wildcard
2539 label (`*.`) are interpreted as a suffix match. That means that
2540 a match for `*.example.com` would match both `test.example.com`,
2541 and `foo.test.example.com`, but not `example.com`. \n If both the
2542 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
2543 that do not match the Listener hostname MUST be ignored. For example,
2544 if a Listener specified `*.example.com`, and the HTTPRoute specified
2545 `test.example.com` and `test.example.net`, `test.example.net` must
2546 not be considered for a match. \n If both the Listener and HTTPRoute
2547 have specified hostnames, and none match with the criteria above,
2548 then the HTTPRoute is not accepted. The implementation must raise
2549 an 'Accepted' Condition with a status of `False` in the corresponding
2550 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
2551 intersecting hostnames (e.g. overlapping wildcard matching and exact
2552 matching hostnames), precedence must be given to rules from the
2553 HTTPRoute with the largest number of: \n * Characters in a matching
2554 non-wildcard hostname. * Characters in a matching hostname. \n If
2555 ties exist across multiple Routes, the matching precedence rules
2556 for HTTPRouteMatches takes over. \n Support: Core"
2557 items:
2558 description: "Hostname is the fully qualified domain name of a network
2559 host. This matches the RFC 1123 definition of a hostname with
2560 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
2561 may be prefixed with a wildcard label (`*.`). The wildcard label
2562 must appear by itself as the first label. \n Hostname can be \"precise\"
2563 which is a domain name without the terminating dot of a network
2564 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
2565 name prefixed with a single wildcard label (e.g. `*.example.com`).
2566 \n Note that as per RFC1035 and RFC1123, a *label* must consist
2567 of lower case alphanumeric characters or '-', and must start and
2568 end with an alphanumeric character. No other punctuation is allowed."
2569 maxLength: 253
2570 minLength: 1
2571 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2572 type: string
2573 maxItems: 16
2574 type: array
2575 parentRefs:
2576 description: "ParentRefs references the resources (usually Gateways)
2577 that a Route wants to be attached to. Note that the referenced parent
2578 resource needs to allow this for the attachment to be complete.
2579 For Gateways, that means the Gateway needs to allow attachment from
2580 Routes of this kind and namespace. For Services, that means the
2581 Service must either be in the same namespace for a \"producer\"
2582 route, or the mesh implementation must support and allow \"consumer\"
2583 routes for the referenced Service. ReferenceGrant is not applicable
2584 for governing ParentRefs to Services - it is not possible to create
2585 a \"producer\" route for a Service in a different namespace from
2586 the Route. \n There are two kinds of parent resources with \"Core\"
2587 support: \n * Gateway (Gateway conformance profile) * Service (Mesh
2588 conformance profile, experimental, ClusterIP Services only) This
2589 API may be extended in the future to support additional kinds of
2590 parent resources. \n ParentRefs must be _distinct_. This means either
2591 that: \n * They select different objects. If this is the case,
2592 then parentRef entries are distinct. In terms of fields, this means
2593 that the multi-part key defined by `group`, `kind`, `namespace`,
2594 and `name` must be unique across all parentRef entries in the Route.
2595 * They do not select different objects, but for each optional field
2596 used, each ParentRef that selects the same object must set the same
2597 set of optional fields to different values. If one ParentRef sets
2598 a combination of optional fields, all must set the same combination.
2599 \n Some examples: \n * If one ParentRef sets `sectionName`, all
2600 ParentRefs referencing the same object must also set `sectionName`.
2601 * If one ParentRef sets `port`, all ParentRefs referencing the same
2602 object must also set `port`. * If one ParentRef sets `sectionName`
2603 and `port`, all ParentRefs referencing the same object must also
2604 set `sectionName` and `port`. \n It is possible to separately reference
2605 multiple distinct objects that may be collapsed by an implementation.
2606 For example, some implementations may choose to merge compatible
2607 Gateway Listeners together. If that is the case, the list of routes
2608 attached to those resources should also be merged. \n Note that
2609 for ParentRefs that cross namespace boundaries, there are specific
2610 rules. Cross-namespace references are only valid if they are explicitly
2611 allowed by something in the namespace they are referring to. For
2612 example, Gateway has the AllowedRoutes field, and ReferenceGrant
2613 provides a generic way to enable other kinds of cross-namespace
2614 reference. \n ParentRefs from a Route to a Service in the same
2615 namespace are \"producer\" routes, which apply default routing rules
2616 to inbound connections from any namespace to the Service. \n ParentRefs
2617 from a Route to a Service in a different namespace are \"consumer\"
2618 routes, and these routing rules are only applied to outbound connections
2619 originating from the same namespace as the Route, for which the
2620 intended destination of the connections are a Service targeted as
2621 a ParentRef of the Route. \n "
2622 items:
2623 description: "ParentReference identifies an API object (usually
2624 a Gateway) that can be considered a parent of this resource (usually
2625 a route). There are two kinds of parent resources with \"Core\"
2626 support: \n * Gateway (Gateway conformance profile) * Service
2627 (Mesh conformance profile, experimental, ClusterIP Services only)
2628 \n This API may be extended in the future to support additional
2629 kinds of parent resources. \n The API object must be valid in
2630 the cluster; the Group and Kind must be registered in the cluster
2631 for this reference to be valid."
2632 properties:
2633 group:
2634 default: gateway.networking.k8s.io
2635 description: "Group is the group of the referent. When unspecified,
2636 \"gateway.networking.k8s.io\" is inferred. To set the core
2637 API group (such as for a \"Service\" kind referent), Group
2638 must be explicitly set to \"\" (empty string). \n Support:
2639 Core"
2640 maxLength: 253
2641 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2642 type: string
2643 kind:
2644 default: Gateway
2645 description: "Kind is kind of the referent. \n There are two
2646 kinds of parent resources with \"Core\" support: \n * Gateway
2647 (Gateway conformance profile) * Service (Mesh conformance
2648 profile, experimental, ClusterIP Services only) \n Support
2649 for other resources is Implementation-Specific."
2650 maxLength: 63
2651 minLength: 1
2652 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2653 type: string
2654 name:
2655 description: "Name is the name of the referent. \n Support:
2656 Core"
2657 maxLength: 253
2658 minLength: 1
2659 type: string
2660 namespace:
2661 description: "Namespace is the namespace of the referent. When
2662 unspecified, this refers to the local namespace of the Route.
2663 \n Note that there are specific rules for ParentRefs which
2664 cross namespace boundaries. Cross-namespace references are
2665 only valid if they are explicitly allowed by something in
2666 the namespace they are referring to. For example: Gateway
2667 has the AllowedRoutes field, and ReferenceGrant provides a
2668 generic way to enable any other kind of cross-namespace reference.
2669 \n ParentRefs from a Route to a Service in the same namespace
2670 are \"producer\" routes, which apply default routing rules
2671 to inbound connections from any namespace to the Service.
2672 \n ParentRefs from a Route to a Service in a different namespace
2673 are \"consumer\" routes, and these routing rules are only
2674 applied to outbound connections originating from the same
2675 namespace as the Route, for which the intended destination
2676 of the connections are a Service targeted as a ParentRef of
2677 the Route. \n Support: Core"
2678 maxLength: 63
2679 minLength: 1
2680 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2681 type: string
2682 port:
2683 description: "Port is the network port this Route targets. It
2684 can be interpreted differently based on the type of parent
2685 resource. \n When the parent resource is a Gateway, this targets
2686 all listeners listening on the specified port that also support
2687 this kind of Route(and select this Route). It's not recommended
2688 to set `Port` unless the networking behaviors specified in
2689 a Route must apply to a specific port as opposed to a listener(s)
2690 whose port(s) may be changed. When both Port and SectionName
2691 are specified, the name and port of the selected listener
2692 must match both specified values. \n When the parent resource
2693 is a Service, this targets a specific port in the Service
2694 spec. When both Port (experimental) and SectionName are specified,
2695 the name and port of the selected port must match both specified
2696 values. \n Implementations MAY choose to support other parent
2697 resources. Implementations supporting other types of parent
2698 resources MUST clearly document how/if Port is interpreted.
2699 \n For the purpose of status, an attachment is considered
2700 successful as long as the parent resource accepts it partially.
2701 For example, Gateway listeners can restrict which Routes can
2702 attach to them by Route kind, namespace, or hostname. If 1
2703 of 2 Gateway listeners accept attachment from the referencing
2704 Route, the Route MUST be considered successfully attached.
2705 If no Gateway listeners accept attachment from this Route,
2706 the Route MUST be considered detached from the Gateway. \n
2707 Support: Extended \n "
2708 format: int32
2709 maximum: 65535
2710 minimum: 1
2711 type: integer
2712 sectionName:
2713 description: "SectionName is the name of a section within the
2714 target resource. In the following resources, SectionName is
2715 interpreted as the following: \n * Gateway: Listener Name.
2716 When both Port (experimental) and SectionName are specified,
2717 the name and port of the selected listener must match both
2718 specified values. * Service: Port Name. When both Port (experimental)
2719 and SectionName are specified, the name and port of the selected
2720 listener must match both specified values. Note that attaching
2721 Routes to Services as Parents is part of experimental Mesh
2722 support and is not supported for any other purpose. \n Implementations
2723 MAY choose to support attaching Routes to other resources.
2724 If that is the case, they MUST clearly document how SectionName
2725 is interpreted. \n When unspecified (empty string), this will
2726 reference the entire resource. For the purpose of status,
2727 an attachment is considered successful if at least one section
2728 in the parent resource accepts it. For example, Gateway listeners
2729 can restrict which Routes can attach to them by Route kind,
2730 namespace, or hostname. If 1 of 2 Gateway listeners accept
2731 attachment from the referencing Route, the Route MUST be considered
2732 successfully attached. If no Gateway listeners accept attachment
2733 from this Route, the Route MUST be considered detached from
2734 the Gateway. \n Support: Core"
2735 maxLength: 253
2736 minLength: 1
2737 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2738 type: string
2739 required:
2740 - name
2741 type: object
2742 maxItems: 32
2743 type: array
2744 x-kubernetes-validations:
2745 - message: sectionName or port must be specified when parentRefs includes
2746 2 or more references to the same parent
2747 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind
2748 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
2749 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__
2750 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
2751 p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName)
2752 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName
2753 == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port)
2754 || p2.port == 0)): true))'
2755 - message: sectionName or port must be unique when parentRefs includes
2756 2 or more references to the same parent
2757 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind
2758 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
2759 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__
2760 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
2761 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName)
2762 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName
2763 == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName
2764 == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port)
2765 || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port
2766 == p2.port))))
2767 rules:
2768 default:
2769 - matches:
2770 - path:
2771 type: PathPrefix
2772 value: /
2773 description: Rules are a list of HTTP matchers, filters and actions.
2774 items:
2775 description: HTTPRouteRule defines semantics for matching an HTTP
2776 request based on conditions (matches), processing it (filters),
2777 and forwarding the request to an API object (backendRefs).
2778 properties:
2779 backendRefs:
2780 description: "BackendRefs defines the backend(s) where matching
2781 requests should be sent. \n Failure behavior here depends
2782 on how many BackendRefs are specified and how many are invalid.
2783 \n If *all* entries in BackendRefs are invalid, and there
2784 are also no filters specified in this route rule, *all* traffic
2785 which matches this rule MUST receive a 500 status code. \n
2786 See the HTTPBackendRef definition for the rules about what
2787 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
2788 is invalid, 500 status codes MUST be returned for requests
2789 that would have otherwise been routed to an invalid backend.
2790 If multiple backends are specified, and some are invalid,
2791 the proportion of requests that would otherwise have been
2792 routed to an invalid backend MUST receive a 500 status code.
2793 \n For example, if two backends are specified with equal weights,
2794 and one is invalid, 50 percent of traffic must receive a 500.
2795 Implementations may choose how that 50 percent is determined.
2796 \n Support: Core for Kubernetes Service \n Support: Extended
2797 for Kubernetes ServiceImport \n Support: Implementation-specific
2798 for any other resource \n Support for weight: Core"
2799 items:
2800 description: "HTTPBackendRef defines how a HTTPRoute forwards
2801 a HTTP request. \n Note that when a namespace different
2802 than the local namespace is specified, a ReferenceGrant
2803 object is required in the referent namespace to allow that
2804 namespace's owner to accept the reference. See the ReferenceGrant
2805 documentation for details. \n <gateway:experimental:description>
2806 \n When the BackendRef points to a Kubernetes Service, implementations
2807 SHOULD honor the appProtocol field if it is set for the
2808 target Service Port. \n Implementations supporting appProtocol
2809 SHOULD recognize the Kubernetes Standard Application Protocols
2810 defined in KEP-3726. \n If a Service appProtocol isn't specified,
2811 an implementation MAY infer the backend protocol through
2812 its own means. Implementations MAY infer the protocol from
2813 the Route type referring to the backend Service. \n If a
2814 Route is not able to send traffic to the backend using the
2815 specified protocol then the backend is considered invalid.
2816 Implementations MUST set the \"ResolvedRefs\" condition
2817 to \"False\" with the \"UnsupportedProtocol\" reason. \n
2818 </gateway:experimental:description>"
2819 properties:
2820 filters:
2821 description: "Filters defined at this level should be
2822 executed if and only if the request is being forwarded
2823 to the backend defined here. \n Support: Implementation-specific
2824 (For broader support of filters, use the Filters field
2825 in HTTPRouteRule.)"
2826 items:
2827 description: HTTPRouteFilter defines processing steps
2828 that must be completed during the request or response
2829 lifecycle. HTTPRouteFilters are meant as an extension
2830 point to express processing that may be done in Gateway
2831 implementations. Some examples include request or
2832 response modification, implementing authentication
2833 strategies, rate-limiting, and traffic shaping. API
2834 guarantee/conformance is defined based on the type
2835 of the filter.
2836 properties:
2837 extensionRef:
2838 description: "ExtensionRef is an optional, implementation-specific
2839 extension to the \"filter\" behavior. For example,
2840 resource \"myroutefilter\" in group \"networking.example.net\").
2841 ExtensionRef MUST NOT be used for core and extended
2842 filters. \n This filter can be used multiple times
2843 within the same rule. \n Support: Implementation-specific"
2844 properties:
2845 group:
2846 description: Group is the group of the referent.
2847 For example, "gateway.networking.k8s.io".
2848 When unspecified or empty string, core API
2849 group is inferred.
2850 maxLength: 253
2851 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2852 type: string
2853 kind:
2854 description: Kind is kind of the referent. For
2855 example "HTTPRoute" or "Service".
2856 maxLength: 63
2857 minLength: 1
2858 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2859 type: string
2860 name:
2861 description: Name is the name of the referent.
2862 maxLength: 253
2863 minLength: 1
2864 type: string
2865 required:
2866 - group
2867 - kind
2868 - name
2869 type: object
2870 requestHeaderModifier:
2871 description: "RequestHeaderModifier defines a schema
2872 for a filter that modifies request headers. \n
2873 Support: Core"
2874 properties:
2875 add:
2876 description: "Add adds the given header(s) (name,
2877 value) to the request before the action. It
2878 appends to any existing values associated
2879 with the header name. \n Input: GET /foo HTTP/1.1
2880 my-header: foo \n Config: add: - name: \"my-header\"
2881 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
2882 my-header: foo,bar,baz"
2883 items:
2884 description: HTTPHeader represents an HTTP
2885 Header name and value as defined by RFC
2886 7230.
2887 properties:
2888 name:
2889 description: "Name is the name of the
2890 HTTP Header to be matched. Name matching
2891 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2892 \n If multiple entries specify equivalent
2893 header names, the first entry with an
2894 equivalent name MUST be considered for
2895 a match. Subsequent entries with an
2896 equivalent header name MUST be ignored.
2897 Due to the case-insensitivity of header
2898 names, \"foo\" and \"Foo\" are considered
2899 equivalent."
2900 maxLength: 256
2901 minLength: 1
2902 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2903 type: string
2904 value:
2905 description: Value is the value of HTTP
2906 Header to be matched.
2907 maxLength: 4096
2908 minLength: 1
2909 type: string
2910 required:
2911 - name
2912 - value
2913 type: object
2914 maxItems: 16
2915 type: array
2916 x-kubernetes-list-map-keys:
2917 - name
2918 x-kubernetes-list-type: map
2919 remove:
2920 description: "Remove the given header(s) from
2921 the HTTP request before the action. The value
2922 of Remove is a list of HTTP header names.
2923 Note that the header names are case-insensitive
2924 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
2925 \n Input: GET /foo HTTP/1.1 my-header1: foo
2926 my-header2: bar my-header3: baz \n Config:
2927 remove: [\"my-header1\", \"my-header3\"] \n
2928 Output: GET /foo HTTP/1.1 my-header2: bar"
2929 items:
2930 type: string
2931 maxItems: 16
2932 type: array
2933 x-kubernetes-list-type: set
2934 set:
2935 description: "Set overwrites the request with
2936 the given header (name, value) before the
2937 action. \n Input: GET /foo HTTP/1.1 my-header:
2938 foo \n Config: set: - name: \"my-header\"
2939 value: \"bar\" \n Output: GET /foo HTTP/1.1
2940 my-header: bar"
2941 items:
2942 description: HTTPHeader represents an HTTP
2943 Header name and value as defined by RFC
2944 7230.
2945 properties:
2946 name:
2947 description: "Name is the name of the
2948 HTTP Header to be matched. Name matching
2949 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2950 \n If multiple entries specify equivalent
2951 header names, the first entry with an
2952 equivalent name MUST be considered for
2953 a match. Subsequent entries with an
2954 equivalent header name MUST be ignored.
2955 Due to the case-insensitivity of header
2956 names, \"foo\" and \"Foo\" are considered
2957 equivalent."
2958 maxLength: 256
2959 minLength: 1
2960 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2961 type: string
2962 value:
2963 description: Value is the value of HTTP
2964 Header to be matched.
2965 maxLength: 4096
2966 minLength: 1
2967 type: string
2968 required:
2969 - name
2970 - value
2971 type: object
2972 maxItems: 16
2973 type: array
2974 x-kubernetes-list-map-keys:
2975 - name
2976 x-kubernetes-list-type: map
2977 type: object
2978 requestMirror:
2979 description: "RequestMirror defines a schema for
2980 a filter that mirrors requests. Requests are sent
2981 to the specified destination, but responses from
2982 that destination are ignored. \n This filter can
2983 be used multiple times within the same rule. Note
2984 that not all implementations will be able to support
2985 mirroring to multiple backends. \n Support: Extended"
2986 properties:
2987 backendRef:
2988 description: "BackendRef references a resource
2989 where mirrored requests are sent. \n Mirrored
2990 requests must be sent only to a single destination
2991 endpoint within this BackendRef, irrespective
2992 of how many endpoints are present within this
2993 BackendRef. \n If the referent cannot be found,
2994 this BackendRef is invalid and must be dropped
2995 from the Gateway. The controller must ensure
2996 the \"ResolvedRefs\" condition on the Route
2997 status is set to `status: False` and not configure
2998 this backend in the underlying implementation.
2999 \n If there is a cross-namespace reference
3000 to an *existing* object that is not allowed
3001 by a ReferenceGrant, the controller must ensure
3002 the \"ResolvedRefs\" condition on the Route
3003 is set to `status: False`, with the \"RefNotPermitted\"
3004 reason and not configure this backend in the
3005 underlying implementation. \n In either error
3006 case, the Message of the `ResolvedRefs` Condition
3007 should be used to provide more detail about
3008 the problem. \n Support: Extended for Kubernetes
3009 Service \n Support: Implementation-specific
3010 for any other resource"
3011 properties:
3012 group:
3013 default: ""
3014 description: Group is the group of the referent.
3015 For example, "gateway.networking.k8s.io".
3016 When unspecified or empty string, core
3017 API group is inferred.
3018 maxLength: 253
3019 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3020 type: string
3021 kind:
3022 default: Service
3023 description: "Kind is the Kubernetes resource
3024 kind of the referent. For example \"Service\".
3025 \n Defaults to \"Service\" when not specified.
3026 \n ExternalName services can refer to
3027 CNAME DNS records that may live outside
3028 of the cluster and as such are difficult
3029 to reason about in terms of conformance.
3030 They also may not be safe to forward to
3031 (see CVE-2021-25740 for more information).
3032 Implementations SHOULD NOT support ExternalName
3033 Services. \n Support: Core (Services with
3034 a type other than ExternalName) \n Support:
3035 Implementation-specific (Services with
3036 type ExternalName)"
3037 maxLength: 63
3038 minLength: 1
3039 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3040 type: string
3041 name:
3042 description: Name is the name of the referent.
3043 maxLength: 253
3044 minLength: 1
3045 type: string
3046 namespace:
3047 description: "Namespace is the namespace
3048 of the backend. When unspecified, the
3049 local namespace is inferred. \n Note that
3050 when a namespace different than the local
3051 namespace is specified, a ReferenceGrant
3052 object is required in the referent namespace
3053 to allow that namespace's owner to accept
3054 the reference. See the ReferenceGrant
3055 documentation for details. \n Support:
3056 Core"
3057 maxLength: 63
3058 minLength: 1
3059 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3060 type: string
3061 port:
3062 description: Port specifies the destination
3063 port number to use for this resource.
3064 Port is required when the referent is
3065 a Kubernetes Service. In this case, the
3066 port number is the service port number,
3067 not the target port. For other resources,
3068 destination port might be derived from
3069 the referent resource or this field.
3070 format: int32
3071 maximum: 65535
3072 minimum: 1
3073 type: integer
3074 required:
3075 - name
3076 type: object
3077 x-kubernetes-validations:
3078 - message: Must have port for Service reference
3079 rule: '(size(self.group) == 0 && self.kind
3080 == ''Service'') ? has(self.port) : true'
3081 required:
3082 - backendRef
3083 type: object
3084 requestRedirect:
3085 description: "RequestRedirect defines a schema for
3086 a filter that responds to the request with an
3087 HTTP redirection. \n Support: Core"
3088 properties:
3089 hostname:
3090 description: "Hostname is the hostname to be
3091 used in the value of the `Location` header
3092 in the response. When empty, the hostname
3093 in the `Host` header of the request is used.
3094 \n Support: Core"
3095 maxLength: 253
3096 minLength: 1
3097 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3098 type: string
3099 path:
3100 description: "Path defines parameters used to
3101 modify the path of the incoming request. The
3102 modified path is then used to construct the
3103 `Location` header. When empty, the request
3104 path is used as-is. \n Support: Extended"
3105 properties:
3106 replaceFullPath:
3107 description: ReplaceFullPath specifies the
3108 value with which to replace the full path
3109 of a request during a rewrite or redirect.
3110 maxLength: 1024
3111 type: string
3112 replacePrefixMatch:
3113 description: "ReplacePrefixMatch specifies
3114 the value with which to replace the prefix
3115 match of a request during a rewrite or
3116 redirect. For example, a request to \"/foo/bar\"
3117 with a prefix match of \"/foo\" and a
3118 ReplacePrefixMatch of \"/xyz\" would be
3119 modified to \"/xyz/bar\". \n Note that
3120 this matches the behavior of the PathPrefix
3121 match type. This matches full path elements.
3122 A path element refers to the list of labels
3123 in the path split by the `/` separator.
3124 When specified, a trailing `/` is ignored.
3125 For example, the paths `/abc`, `/abc/`,
3126 and `/abc/def` would all match the prefix
3127 `/abc`, but the path `/abcd` would not.
3128 \n ReplacePrefixMatch is only compatible
3129 with a `PathPrefix` HTTPRouteMatch. Using
3130 any other HTTPRouteMatch type on the same
3131 HTTPRouteRule will result in the implementation
3132 setting the Accepted Condition for the
3133 Route to `status: False`. \n Request Path
3134 | Prefix Match | Replace Prefix | Modified
3135 Path -------------|--------------|----------------|----------
3136 /foo/bar | /foo | /xyz |
3137 /xyz/bar /foo/bar | /foo |
3138 /xyz/ | /xyz/bar /foo/bar |
3139 /foo/ | /xyz | /xyz/bar
3140 /foo/bar | /foo/ | /xyz/ |
3141 /xyz/bar /foo | /foo |
3142 /xyz | /xyz /foo/ | /foo
3143 \ | /xyz | /xyz/ /foo/bar
3144 \ | /foo | <empty string> |
3145 /bar /foo/ | /foo | <empty
3146 string> | / /foo | /foo |
3147 <empty string> | / /foo/ | /foo
3148 \ | / | / /foo |
3149 /foo | / | /"
3150 maxLength: 1024
3151 type: string
3152 type:
3153 description: "Type defines the type of path
3154 modifier. Additional types may be added
3155 in a future release of the API. \n Note
3156 that values may be added to this enum,
3157 implementations must ensure that unknown
3158 values will not cause a crash. \n Unknown
3159 values here must result in the implementation
3160 setting the Accepted Condition for the
3161 Route to `status: False`, with a Reason
3162 of `UnsupportedValue`."
3163 enum:
3164 - ReplaceFullPath
3165 - ReplacePrefixMatch
3166 type: string
3167 required:
3168 - type
3169 type: object
3170 x-kubernetes-validations:
3171 - message: replaceFullPath must be specified
3172 when type is set to 'ReplaceFullPath'
3173 rule: 'self.type == ''ReplaceFullPath'' ?
3174 has(self.replaceFullPath) : true'
3175 - message: type must be 'ReplaceFullPath' when
3176 replaceFullPath is set
3177 rule: 'has(self.replaceFullPath) ? self.type
3178 == ''ReplaceFullPath'' : true'
3179 - message: replacePrefixMatch must be specified
3180 when type is set to 'ReplacePrefixMatch'
3181 rule: 'self.type == ''ReplacePrefixMatch''
3182 ? has(self.replacePrefixMatch) : true'
3183 - message: type must be 'ReplacePrefixMatch'
3184 when replacePrefixMatch is set
3185 rule: 'has(self.replacePrefixMatch) ? self.type
3186 == ''ReplacePrefixMatch'' : true'
3187 port:
3188 description: "Port is the port to be used in
3189 the value of the `Location` header in the
3190 response. \n If no port is specified, the
3191 redirect port MUST be derived using the following
3192 rules: \n * If redirect scheme is not-empty,
3193 the redirect port MUST be the well-known port
3194 associated with the redirect scheme. Specifically
3195 \"http\" to port 80 and \"https\" to port
3196 443. If the redirect scheme does not have
3197 a well-known port, the listener port of the
3198 Gateway SHOULD be used. * If redirect scheme
3199 is empty, the redirect port MUST be the Gateway
3200 Listener port. \n Implementations SHOULD NOT
3201 add the port number in the 'Location' header
3202 in the following cases: \n * A Location header
3203 that will use HTTP (whether that is determined
3204 via the Listener protocol or the Scheme field)
3205 _and_ use port 80. * A Location header that
3206 will use HTTPS (whether that is determined
3207 via the Listener protocol or the Scheme field)
3208 _and_ use port 443. \n Support: Extended"
3209 format: int32
3210 maximum: 65535
3211 minimum: 1
3212 type: integer
3213 scheme:
3214 description: "Scheme is the scheme to be used
3215 in the value of the `Location` header in the
3216 response. When empty, the scheme of the request
3217 is used. \n Scheme redirects can affect the
3218 port of the redirect, for more information,
3219 refer to the documentation for the port field
3220 of this filter. \n Note that values may be
3221 added to this enum, implementations must ensure
3222 that unknown values will not cause a crash.
3223 \n Unknown values here must result in the
3224 implementation setting the Accepted Condition
3225 for the Route to `status: False`, with a Reason
3226 of `UnsupportedValue`. \n Support: Extended"
3227 enum:
3228 - http
3229 - https
3230 type: string
3231 statusCode:
3232 default: 302
3233 description: "StatusCode is the HTTP status
3234 code to be used in response. \n Note that
3235 values may be added to this enum, implementations
3236 must ensure that unknown values will not cause
3237 a crash. \n Unknown values here must result
3238 in the implementation setting the Accepted
3239 Condition for the Route to `status: False`,
3240 with a Reason of `UnsupportedValue`. \n Support:
3241 Core"
3242 enum:
3243 - 301
3244 - 302
3245 type: integer
3246 type: object
3247 responseHeaderModifier:
3248 description: "ResponseHeaderModifier defines a schema
3249 for a filter that modifies response headers. \n
3250 Support: Extended"
3251 properties:
3252 add:
3253 description: "Add adds the given header(s) (name,
3254 value) to the request before the action. It
3255 appends to any existing values associated
3256 with the header name. \n Input: GET /foo HTTP/1.1
3257 my-header: foo \n Config: add: - name: \"my-header\"
3258 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
3259 my-header: foo,bar,baz"
3260 items:
3261 description: HTTPHeader represents an HTTP
3262 Header name and value as defined by RFC
3263 7230.
3264 properties:
3265 name:
3266 description: "Name is the name of the
3267 HTTP Header to be matched. Name matching
3268 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3269 \n If multiple entries specify equivalent
3270 header names, the first entry with an
3271 equivalent name MUST be considered for
3272 a match. Subsequent entries with an
3273 equivalent header name MUST be ignored.
3274 Due to the case-insensitivity of header
3275 names, \"foo\" and \"Foo\" are considered
3276 equivalent."
3277 maxLength: 256
3278 minLength: 1
3279 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3280 type: string
3281 value:
3282 description: Value is the value of HTTP
3283 Header to be matched.
3284 maxLength: 4096
3285 minLength: 1
3286 type: string
3287 required:
3288 - name
3289 - value
3290 type: object
3291 maxItems: 16
3292 type: array
3293 x-kubernetes-list-map-keys:
3294 - name
3295 x-kubernetes-list-type: map
3296 remove:
3297 description: "Remove the given header(s) from
3298 the HTTP request before the action. The value
3299 of Remove is a list of HTTP header names.
3300 Note that the header names are case-insensitive
3301 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3302 \n Input: GET /foo HTTP/1.1 my-header1: foo
3303 my-header2: bar my-header3: baz \n Config:
3304 remove: [\"my-header1\", \"my-header3\"] \n
3305 Output: GET /foo HTTP/1.1 my-header2: bar"
3306 items:
3307 type: string
3308 maxItems: 16
3309 type: array
3310 x-kubernetes-list-type: set
3311 set:
3312 description: "Set overwrites the request with
3313 the given header (name, value) before the
3314 action. \n Input: GET /foo HTTP/1.1 my-header:
3315 foo \n Config: set: - name: \"my-header\"
3316 value: \"bar\" \n Output: GET /foo HTTP/1.1
3317 my-header: bar"
3318 items:
3319 description: HTTPHeader represents an HTTP
3320 Header name and value as defined by RFC
3321 7230.
3322 properties:
3323 name:
3324 description: "Name is the name of the
3325 HTTP Header to be matched. Name matching
3326 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3327 \n If multiple entries specify equivalent
3328 header names, the first entry with an
3329 equivalent name MUST be considered for
3330 a match. Subsequent entries with an
3331 equivalent header name MUST be ignored.
3332 Due to the case-insensitivity of header
3333 names, \"foo\" and \"Foo\" are considered
3334 equivalent."
3335 maxLength: 256
3336 minLength: 1
3337 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3338 type: string
3339 value:
3340 description: Value is the value of HTTP
3341 Header to be matched.
3342 maxLength: 4096
3343 minLength: 1
3344 type: string
3345 required:
3346 - name
3347 - value
3348 type: object
3349 maxItems: 16
3350 type: array
3351 x-kubernetes-list-map-keys:
3352 - name
3353 x-kubernetes-list-type: map
3354 type: object
3355 type:
3356 description: "Type identifies the type of filter
3357 to apply. As with other API fields, types are
3358 classified into three conformance levels: \n -
3359 Core: Filter types and their corresponding configuration
3360 defined by \"Support: Core\" in this package,
3361 e.g. \"RequestHeaderModifier\". All implementations
3362 must support core filters. \n - Extended: Filter
3363 types and their corresponding configuration defined
3364 by \"Support: Extended\" in this package, e.g.
3365 \"RequestMirror\". Implementers are encouraged
3366 to support extended filters. \n - Implementation-specific:
3367 Filters that are defined and supported by specific
3368 vendors. In the future, filters showing convergence
3369 in behavior across multiple implementations will
3370 be considered for inclusion in extended or core
3371 conformance levels. Filter-specific configuration
3372 for such filters is specified using the ExtensionRef
3373 field. `Type` should be set to \"ExtensionRef\"
3374 for custom filters. \n Implementers are encouraged
3375 to define custom implementation types to extend
3376 the core API with implementation-specific behavior.
3377 \n If a reference to a custom filter type cannot
3378 be resolved, the filter MUST NOT be skipped. Instead,
3379 requests that would have been processed by that
3380 filter MUST receive a HTTP error response. \n
3381 Note that values may be added to this enum, implementations
3382 must ensure that unknown values will not cause
3383 a crash. \n Unknown values here must result in
3384 the implementation setting the Accepted Condition
3385 for the Route to `status: False`, with a Reason
3386 of `UnsupportedValue`."
3387 enum:
3388 - RequestHeaderModifier
3389 - ResponseHeaderModifier
3390 - RequestMirror
3391 - RequestRedirect
3392 - URLRewrite
3393 - ExtensionRef
3394 type: string
3395 urlRewrite:
3396 description: "URLRewrite defines a schema for a
3397 filter that modifies a request during forwarding.
3398 \n Support: Extended"
3399 properties:
3400 hostname:
3401 description: "Hostname is the value to be used
3402 to replace the Host header value during forwarding.
3403 \n Support: Extended"
3404 maxLength: 253
3405 minLength: 1
3406 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3407 type: string
3408 path:
3409 description: "Path defines a path rewrite. \n
3410 Support: Extended"
3411 properties:
3412 replaceFullPath:
3413 description: ReplaceFullPath specifies the
3414 value with which to replace the full path
3415 of a request during a rewrite or redirect.
3416 maxLength: 1024
3417 type: string
3418 replacePrefixMatch:
3419 description: "ReplacePrefixMatch specifies
3420 the value with which to replace the prefix
3421 match of a request during a rewrite or
3422 redirect. For example, a request to \"/foo/bar\"
3423 with a prefix match of \"/foo\" and a
3424 ReplacePrefixMatch of \"/xyz\" would be
3425 modified to \"/xyz/bar\". \n Note that
3426 this matches the behavior of the PathPrefix
3427 match type. This matches full path elements.
3428 A path element refers to the list of labels
3429 in the path split by the `/` separator.
3430 When specified, a trailing `/` is ignored.
3431 For example, the paths `/abc`, `/abc/`,
3432 and `/abc/def` would all match the prefix
3433 `/abc`, but the path `/abcd` would not.
3434 \n ReplacePrefixMatch is only compatible
3435 with a `PathPrefix` HTTPRouteMatch. Using
3436 any other HTTPRouteMatch type on the same
3437 HTTPRouteRule will result in the implementation
3438 setting the Accepted Condition for the
3439 Route to `status: False`. \n Request Path
3440 | Prefix Match | Replace Prefix | Modified
3441 Path -------------|--------------|----------------|----------
3442 /foo/bar | /foo | /xyz |
3443 /xyz/bar /foo/bar | /foo |
3444 /xyz/ | /xyz/bar /foo/bar |
3445 /foo/ | /xyz | /xyz/bar
3446 /foo/bar | /foo/ | /xyz/ |
3447 /xyz/bar /foo | /foo |
3448 /xyz | /xyz /foo/ | /foo
3449 \ | /xyz | /xyz/ /foo/bar
3450 \ | /foo | <empty string> |
3451 /bar /foo/ | /foo | <empty
3452 string> | / /foo | /foo |
3453 <empty string> | / /foo/ | /foo
3454 \ | / | / /foo |
3455 /foo | / | /"
3456 maxLength: 1024
3457 type: string
3458 type:
3459 description: "Type defines the type of path
3460 modifier. Additional types may be added
3461 in a future release of the API. \n Note
3462 that values may be added to this enum,
3463 implementations must ensure that unknown
3464 values will not cause a crash. \n Unknown
3465 values here must result in the implementation
3466 setting the Accepted Condition for the
3467 Route to `status: False`, with a Reason
3468 of `UnsupportedValue`."
3469 enum:
3470 - ReplaceFullPath
3471 - ReplacePrefixMatch
3472 type: string
3473 required:
3474 - type
3475 type: object
3476 x-kubernetes-validations:
3477 - message: replaceFullPath must be specified
3478 when type is set to 'ReplaceFullPath'
3479 rule: 'self.type == ''ReplaceFullPath'' ?
3480 has(self.replaceFullPath) : true'
3481 - message: type must be 'ReplaceFullPath' when
3482 replaceFullPath is set
3483 rule: 'has(self.replaceFullPath) ? self.type
3484 == ''ReplaceFullPath'' : true'
3485 - message: replacePrefixMatch must be specified
3486 when type is set to 'ReplacePrefixMatch'
3487 rule: 'self.type == ''ReplacePrefixMatch''
3488 ? has(self.replacePrefixMatch) : true'
3489 - message: type must be 'ReplacePrefixMatch'
3490 when replacePrefixMatch is set
3491 rule: 'has(self.replacePrefixMatch) ? self.type
3492 == ''ReplacePrefixMatch'' : true'
3493 type: object
3494 required:
3495 - type
3496 type: object
3497 x-kubernetes-validations:
3498 - message: filter.requestHeaderModifier must be nil
3499 if the filter.type is not RequestHeaderModifier
3500 rule: '!(has(self.requestHeaderModifier) && self.type
3501 != ''RequestHeaderModifier'')'
3502 - message: filter.requestHeaderModifier must be specified
3503 for RequestHeaderModifier filter.type
3504 rule: '!(!has(self.requestHeaderModifier) && self.type
3505 == ''RequestHeaderModifier'')'
3506 - message: filter.responseHeaderModifier must be nil
3507 if the filter.type is not ResponseHeaderModifier
3508 rule: '!(has(self.responseHeaderModifier) && self.type
3509 != ''ResponseHeaderModifier'')'
3510 - message: filter.responseHeaderModifier must be specified
3511 for ResponseHeaderModifier filter.type
3512 rule: '!(!has(self.responseHeaderModifier) && self.type
3513 == ''ResponseHeaderModifier'')'
3514 - message: filter.requestMirror must be nil if the filter.type
3515 is not RequestMirror
3516 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
3517 - message: filter.requestMirror must be specified for
3518 RequestMirror filter.type
3519 rule: '!(!has(self.requestMirror) && self.type ==
3520 ''RequestMirror'')'
3521 - message: filter.requestRedirect must be nil if the
3522 filter.type is not RequestRedirect
3523 rule: '!(has(self.requestRedirect) && self.type !=
3524 ''RequestRedirect'')'
3525 - message: filter.requestRedirect must be specified
3526 for RequestRedirect filter.type
3527 rule: '!(!has(self.requestRedirect) && self.type ==
3528 ''RequestRedirect'')'
3529 - message: filter.urlRewrite must be nil if the filter.type
3530 is not URLRewrite
3531 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
3532 - message: filter.urlRewrite must be specified for URLRewrite
3533 filter.type
3534 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
3535 - message: filter.extensionRef must be nil if the filter.type
3536 is not ExtensionRef
3537 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
3538 - message: filter.extensionRef must be specified for
3539 ExtensionRef filter.type
3540 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
3541 maxItems: 16
3542 type: array
3543 x-kubernetes-validations:
3544 - message: May specify either httpRouteFilterRequestRedirect
3545 or httpRouteFilterRequestRewrite, but not both
3546 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
3547 && self.exists(f, f.type == ''URLRewrite''))'
3548 - message: May specify either httpRouteFilterRequestRedirect
3549 or httpRouteFilterRequestRewrite, but not both
3550 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
3551 && self.exists(f, f.type == ''URLRewrite''))'
3552 - message: RequestHeaderModifier filter cannot be repeated
3553 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
3554 <= 1
3555 - message: ResponseHeaderModifier filter cannot be repeated
3556 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
3557 <= 1
3558 - message: RequestRedirect filter cannot be repeated
3559 rule: self.filter(f, f.type == 'RequestRedirect').size()
3560 <= 1
3561 - message: URLRewrite filter cannot be repeated
3562 rule: self.filter(f, f.type == 'URLRewrite').size()
3563 <= 1
3564 group:
3565 default: ""
3566 description: Group is the group of the referent. For example,
3567 "gateway.networking.k8s.io". When unspecified or empty
3568 string, core API group is inferred.
3569 maxLength: 253
3570 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3571 type: string
3572 kind:
3573 default: Service
3574 description: "Kind is the Kubernetes resource kind of
3575 the referent. For example \"Service\". \n Defaults to
3576 \"Service\" when not specified. \n ExternalName services
3577 can refer to CNAME DNS records that may live outside
3578 of the cluster and as such are difficult to reason about
3579 in terms of conformance. They also may not be safe to
3580 forward to (see CVE-2021-25740 for more information).
3581 Implementations SHOULD NOT support ExternalName Services.
3582 \n Support: Core (Services with a type other than ExternalName)
3583 \n Support: Implementation-specific (Services with type
3584 ExternalName)"
3585 maxLength: 63
3586 minLength: 1
3587 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3588 type: string
3589 name:
3590 description: Name is the name of the referent.
3591 maxLength: 253
3592 minLength: 1
3593 type: string
3594 namespace:
3595 description: "Namespace is the namespace of the backend.
3596 When unspecified, the local namespace is inferred. \n
3597 Note that when a namespace different than the local
3598 namespace is specified, a ReferenceGrant object is required
3599 in the referent namespace to allow that namespace's
3600 owner to accept the reference. See the ReferenceGrant
3601 documentation for details. \n Support: Core"
3602 maxLength: 63
3603 minLength: 1
3604 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3605 type: string
3606 port:
3607 description: Port specifies the destination port number
3608 to use for this resource. Port is required when the
3609 referent is a Kubernetes Service. In this case, the
3610 port number is the service port number, not the target
3611 port. For other resources, destination port might be
3612 derived from the referent resource or this field.
3613 format: int32
3614 maximum: 65535
3615 minimum: 1
3616 type: integer
3617 weight:
3618 default: 1
3619 description: "Weight specifies the proportion of requests
3620 forwarded to the referenced backend. This is computed
3621 as weight/(sum of all weights in this BackendRefs list).
3622 For non-zero values, there may be some epsilon from
3623 the exact proportion defined here depending on the precision
3624 an implementation supports. Weight is not a percentage
3625 and the sum of weights does not need to equal 100. \n
3626 If only one backend is specified and it has a weight
3627 greater than 0, 100% of the traffic is forwarded to
3628 that backend. If weight is set to 0, no traffic should
3629 be forwarded for this entry. If unspecified, weight
3630 defaults to 1. \n Support for this field varies based
3631 on the context where used."
3632 format: int32
3633 maximum: 1000000
3634 minimum: 0
3635 type: integer
3636 required:
3637 - name
3638 type: object
3639 x-kubernetes-validations:
3640 - message: Must have port for Service reference
3641 rule: '(size(self.group) == 0 && self.kind == ''Service'')
3642 ? has(self.port) : true'
3643 maxItems: 16
3644 type: array
3645 filters:
3646 description: "Filters define the filters that are applied to
3647 requests that match this rule. \n The effects of ordering
3648 of multiple behaviors are currently unspecified. This can
3649 change in the future based on feedback during the alpha stage.
3650 \n Conformance-levels at this level are defined based on the
3651 type of filter: \n - ALL core filters MUST be supported by
3652 all implementations. - Implementers are encouraged to support
3653 extended filters. - Implementation-specific custom filters
3654 have no API guarantees across implementations. \n Specifying
3655 the same filter multiple times is not supported unless explicitly
3656 indicated in the filter. \n All filters are expected to be
3657 compatible with each other except for the URLRewrite and RequestRedirect
3658 filters, which may not be combined. If an implementation can
3659 not support other combinations of filters, they must clearly
3660 document that limitation. In cases where incompatible or unsupported
3661 filters are specified and cause the `Accepted` condition to
3662 be set to status `False`, implementations may use the `IncompatibleFilters`
3663 reason to specify this configuration error. \n Support: Core"
3664 items:
3665 description: HTTPRouteFilter defines processing steps that
3666 must be completed during the request or response lifecycle.
3667 HTTPRouteFilters are meant as an extension point to express
3668 processing that may be done in Gateway implementations.
3669 Some examples include request or response modification,
3670 implementing authentication strategies, rate-limiting, and
3671 traffic shaping. API guarantee/conformance is defined based
3672 on the type of the filter.
3673 properties:
3674 extensionRef:
3675 description: "ExtensionRef is an optional, implementation-specific
3676 extension to the \"filter\" behavior. For example,
3677 resource \"myroutefilter\" in group \"networking.example.net\").
3678 ExtensionRef MUST NOT be used for core and extended
3679 filters. \n This filter can be used multiple times within
3680 the same rule. \n Support: Implementation-specific"
3681 properties:
3682 group:
3683 description: Group is the group of the referent. For
3684 example, "gateway.networking.k8s.io". When unspecified
3685 or empty string, core API group is inferred.
3686 maxLength: 253
3687 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3688 type: string
3689 kind:
3690 description: Kind is kind of the referent. For example
3691 "HTTPRoute" or "Service".
3692 maxLength: 63
3693 minLength: 1
3694 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3695 type: string
3696 name:
3697 description: Name is the name of the referent.
3698 maxLength: 253
3699 minLength: 1
3700 type: string
3701 required:
3702 - group
3703 - kind
3704 - name
3705 type: object
3706 requestHeaderModifier:
3707 description: "RequestHeaderModifier defines a schema for
3708 a filter that modifies request headers. \n Support:
3709 Core"
3710 properties:
3711 add:
3712 description: "Add adds the given header(s) (name,
3713 value) to the request before the action. It appends
3714 to any existing values associated with the header
3715 name. \n Input: GET /foo HTTP/1.1 my-header: foo
3716 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
3717 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
3718 items:
3719 description: HTTPHeader represents an HTTP Header
3720 name and value as defined by RFC 7230.
3721 properties:
3722 name:
3723 description: "Name is the name of the HTTP Header
3724 to be matched. Name matching MUST be case
3725 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3726 \n If multiple entries specify equivalent
3727 header names, the first entry with an equivalent
3728 name MUST be considered for a match. Subsequent
3729 entries with an equivalent header name MUST
3730 be ignored. Due to the case-insensitivity
3731 of header names, \"foo\" and \"Foo\" are considered
3732 equivalent."
3733 maxLength: 256
3734 minLength: 1
3735 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3736 type: string
3737 value:
3738 description: Value is the value of HTTP Header
3739 to be matched.
3740 maxLength: 4096
3741 minLength: 1
3742 type: string
3743 required:
3744 - name
3745 - value
3746 type: object
3747 maxItems: 16
3748 type: array
3749 x-kubernetes-list-map-keys:
3750 - name
3751 x-kubernetes-list-type: map
3752 remove:
3753 description: "Remove the given header(s) from the
3754 HTTP request before the action. The value of Remove
3755 is a list of HTTP header names. Note that the header
3756 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3757 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
3758 bar my-header3: baz \n Config: remove: [\"my-header1\",
3759 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
3760 bar"
3761 items:
3762 type: string
3763 maxItems: 16
3764 type: array
3765 x-kubernetes-list-type: set
3766 set:
3767 description: "Set overwrites the request with the
3768 given header (name, value) before the action. \n
3769 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
3770 set: - name: \"my-header\" value: \"bar\" \n Output:
3771 GET /foo HTTP/1.1 my-header: bar"
3772 items:
3773 description: HTTPHeader represents an HTTP Header
3774 name and value as defined by RFC 7230.
3775 properties:
3776 name:
3777 description: "Name is the name of the HTTP Header
3778 to be matched. Name matching MUST be case
3779 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3780 \n If multiple entries specify equivalent
3781 header names, the first entry with an equivalent
3782 name MUST be considered for a match. Subsequent
3783 entries with an equivalent header name MUST
3784 be ignored. Due to the case-insensitivity
3785 of header names, \"foo\" and \"Foo\" are considered
3786 equivalent."
3787 maxLength: 256
3788 minLength: 1
3789 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3790 type: string
3791 value:
3792 description: Value is the value of HTTP Header
3793 to be matched.
3794 maxLength: 4096
3795 minLength: 1
3796 type: string
3797 required:
3798 - name
3799 - value
3800 type: object
3801 maxItems: 16
3802 type: array
3803 x-kubernetes-list-map-keys:
3804 - name
3805 x-kubernetes-list-type: map
3806 type: object
3807 requestMirror:
3808 description: "RequestMirror defines a schema for a filter
3809 that mirrors requests. Requests are sent to the specified
3810 destination, but responses from that destination are
3811 ignored. \n This filter can be used multiple times within
3812 the same rule. Note that not all implementations will
3813 be able to support mirroring to multiple backends. \n
3814 Support: Extended"
3815 properties:
3816 backendRef:
3817 description: "BackendRef references a resource where
3818 mirrored requests are sent. \n Mirrored requests
3819 must be sent only to a single destination endpoint
3820 within this BackendRef, irrespective of how many
3821 endpoints are present within this BackendRef. \n
3822 If the referent cannot be found, this BackendRef
3823 is invalid and must be dropped from the Gateway.
3824 The controller must ensure the \"ResolvedRefs\"
3825 condition on the Route status is set to `status:
3826 False` and not configure this backend in the underlying
3827 implementation. \n If there is a cross-namespace
3828 reference to an *existing* object that is not allowed
3829 by a ReferenceGrant, the controller must ensure
3830 the \"ResolvedRefs\" condition on the Route is
3831 set to `status: False`, with the \"RefNotPermitted\"
3832 reason and not configure this backend in the underlying
3833 implementation. \n In either error case, the Message
3834 of the `ResolvedRefs` Condition should be used to
3835 provide more detail about the problem. \n Support:
3836 Extended for Kubernetes Service \n Support: Implementation-specific
3837 for any other resource"
3838 properties:
3839 group:
3840 default: ""
3841 description: Group is the group of the referent.
3842 For example, "gateway.networking.k8s.io". When
3843 unspecified or empty string, core API group
3844 is inferred.
3845 maxLength: 253
3846 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3847 type: string
3848 kind:
3849 default: Service
3850 description: "Kind is the Kubernetes resource
3851 kind of the referent. For example \"Service\".
3852 \n Defaults to \"Service\" when not specified.
3853 \n ExternalName services can refer to CNAME
3854 DNS records that may live outside of the cluster
3855 and as such are difficult to reason about in
3856 terms of conformance. They also may not be safe
3857 to forward to (see CVE-2021-25740 for more information).
3858 Implementations SHOULD NOT support ExternalName
3859 Services. \n Support: Core (Services with a
3860 type other than ExternalName) \n Support: Implementation-specific
3861 (Services with type ExternalName)"
3862 maxLength: 63
3863 minLength: 1
3864 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3865 type: string
3866 name:
3867 description: Name is the name of the referent.
3868 maxLength: 253
3869 minLength: 1
3870 type: string
3871 namespace:
3872 description: "Namespace is the namespace of the
3873 backend. When unspecified, the local namespace
3874 is inferred. \n Note that when a namespace different
3875 than the local namespace is specified, a ReferenceGrant
3876 object is required in the referent namespace
3877 to allow that namespace's owner to accept the
3878 reference. See the ReferenceGrant documentation
3879 for details. \n Support: Core"
3880 maxLength: 63
3881 minLength: 1
3882 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3883 type: string
3884 port:
3885 description: Port specifies the destination port
3886 number to use for this resource. Port is required
3887 when the referent is a Kubernetes Service. In
3888 this case, the port number is the service port
3889 number, not the target port. For other resources,
3890 destination port might be derived from the referent
3891 resource or this field.
3892 format: int32
3893 maximum: 65535
3894 minimum: 1
3895 type: integer
3896 required:
3897 - name
3898 type: object
3899 x-kubernetes-validations:
3900 - message: Must have port for Service reference
3901 rule: '(size(self.group) == 0 && self.kind == ''Service'')
3902 ? has(self.port) : true'
3903 required:
3904 - backendRef
3905 type: object
3906 requestRedirect:
3907 description: "RequestRedirect defines a schema for a filter
3908 that responds to the request with an HTTP redirection.
3909 \n Support: Core"
3910 properties:
3911 hostname:
3912 description: "Hostname is the hostname to be used
3913 in the value of the `Location` header in the response.
3914 When empty, the hostname in the `Host` header of
3915 the request is used. \n Support: Core"
3916 maxLength: 253
3917 minLength: 1
3918 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3919 type: string
3920 path:
3921 description: "Path defines parameters used to modify
3922 the path of the incoming request. The modified path
3923 is then used to construct the `Location` header.
3924 When empty, the request path is used as-is. \n Support:
3925 Extended"
3926 properties:
3927 replaceFullPath:
3928 description: ReplaceFullPath specifies the value
3929 with which to replace the full path of a request
3930 during a rewrite or redirect.
3931 maxLength: 1024
3932 type: string
3933 replacePrefixMatch:
3934 description: "ReplacePrefixMatch specifies the
3935 value with which to replace the prefix match
3936 of a request during a rewrite or redirect. For
3937 example, a request to \"/foo/bar\" with a prefix
3938 match of \"/foo\" and a ReplacePrefixMatch of
3939 \"/xyz\" would be modified to \"/xyz/bar\".
3940 \n Note that this matches the behavior of the
3941 PathPrefix match type. This matches full path
3942 elements. A path element refers to the list
3943 of labels in the path split by the `/` separator.
3944 When specified, a trailing `/` is ignored. For
3945 example, the paths `/abc`, `/abc/`, and `/abc/def`
3946 would all match the prefix `/abc`, but the path
3947 `/abcd` would not. \n ReplacePrefixMatch is
3948 only compatible with a `PathPrefix` HTTPRouteMatch.
3949 Using any other HTTPRouteMatch type on the same
3950 HTTPRouteRule will result in the implementation
3951 setting the Accepted Condition for the Route
3952 to `status: False`. \n Request Path | Prefix
3953 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
3954 /foo/bar | /foo | /xyz |
3955 /xyz/bar /foo/bar | /foo | /xyz/
3956 \ | /xyz/bar /foo/bar | /foo/ |
3957 /xyz | /xyz/bar /foo/bar | /foo/
3958 \ | /xyz/ | /xyz/bar /foo |
3959 /foo | /xyz | /xyz /foo/ |
3960 /foo | /xyz | /xyz/ /foo/bar
3961 \ | /foo | <empty string> | /bar
3962 /foo/ | /foo | <empty string>
3963 | / /foo | /foo | <empty string>
3964 | / /foo/ | /foo | / |
3965 / /foo | /foo | / |
3966 /"
3967 maxLength: 1024
3968 type: string
3969 type:
3970 description: "Type defines the type of path modifier.
3971 Additional types may be added in a future release
3972 of the API. \n Note that values may be added
3973 to this enum, implementations must ensure that
3974 unknown values will not cause a crash. \n Unknown
3975 values here must result in the implementation
3976 setting the Accepted Condition for the Route
3977 to `status: False`, with a Reason of `UnsupportedValue`."
3978 enum:
3979 - ReplaceFullPath
3980 - ReplacePrefixMatch
3981 type: string
3982 required:
3983 - type
3984 type: object
3985 x-kubernetes-validations:
3986 - message: replaceFullPath must be specified when
3987 type is set to 'ReplaceFullPath'
3988 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
3989 : true'
3990 - message: type must be 'ReplaceFullPath' when replaceFullPath
3991 is set
3992 rule: 'has(self.replaceFullPath) ? self.type ==
3993 ''ReplaceFullPath'' : true'
3994 - message: replacePrefixMatch must be specified when
3995 type is set to 'ReplacePrefixMatch'
3996 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
3997 : true'
3998 - message: type must be 'ReplacePrefixMatch' when
3999 replacePrefixMatch is set
4000 rule: 'has(self.replacePrefixMatch) ? self.type
4001 == ''ReplacePrefixMatch'' : true'
4002 port:
4003 description: "Port is the port to be used in the value
4004 of the `Location` header in the response. \n If
4005 no port is specified, the redirect port MUST be
4006 derived using the following rules: \n * If redirect
4007 scheme is not-empty, the redirect port MUST be the
4008 well-known port associated with the redirect scheme.
4009 Specifically \"http\" to port 80 and \"https\" to
4010 port 443. If the redirect scheme does not have a
4011 well-known port, the listener port of the Gateway
4012 SHOULD be used. * If redirect scheme is empty, the
4013 redirect port MUST be the Gateway Listener port.
4014 \n Implementations SHOULD NOT add the port number
4015 in the 'Location' header in the following cases:
4016 \n * A Location header that will use HTTP (whether
4017 that is determined via the Listener protocol or
4018 the Scheme field) _and_ use port 80. * A Location
4019 header that will use HTTPS (whether that is determined
4020 via the Listener protocol or the Scheme field) _and_
4021 use port 443. \n Support: Extended"
4022 format: int32
4023 maximum: 65535
4024 minimum: 1
4025 type: integer
4026 scheme:
4027 description: "Scheme is the scheme to be used in the
4028 value of the `Location` header in the response.
4029 When empty, the scheme of the request is used. \n
4030 Scheme redirects can affect the port of the redirect,
4031 for more information, refer to the documentation
4032 for the port field of this filter. \n Note that
4033 values may be added to this enum, implementations
4034 must ensure that unknown values will not cause a
4035 crash. \n Unknown values here must result in the
4036 implementation setting the Accepted Condition for
4037 the Route to `status: False`, with a Reason of `UnsupportedValue`.
4038 \n Support: Extended"
4039 enum:
4040 - http
4041 - https
4042 type: string
4043 statusCode:
4044 default: 302
4045 description: "StatusCode is the HTTP status code to
4046 be used in response. \n Note that values may be
4047 added to this enum, implementations must ensure
4048 that unknown values will not cause a crash. \n Unknown
4049 values here must result in the implementation setting
4050 the Accepted Condition for the Route to `status:
4051 False`, with a Reason of `UnsupportedValue`. \n
4052 Support: Core"
4053 enum:
4054 - 301
4055 - 302
4056 type: integer
4057 type: object
4058 responseHeaderModifier:
4059 description: "ResponseHeaderModifier defines a schema
4060 for a filter that modifies response headers. \n Support:
4061 Extended"
4062 properties:
4063 add:
4064 description: "Add adds the given header(s) (name,
4065 value) to the request before the action. It appends
4066 to any existing values associated with the header
4067 name. \n Input: GET /foo HTTP/1.1 my-header: foo
4068 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
4069 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
4070 items:
4071 description: HTTPHeader represents an HTTP Header
4072 name and value as defined by RFC 7230.
4073 properties:
4074 name:
4075 description: "Name is the name of the HTTP Header
4076 to be matched. Name matching MUST be case
4077 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4078 \n If multiple entries specify equivalent
4079 header names, the first entry with an equivalent
4080 name MUST be considered for a match. Subsequent
4081 entries with an equivalent header name MUST
4082 be ignored. Due to the case-insensitivity
4083 of header names, \"foo\" and \"Foo\" are considered
4084 equivalent."
4085 maxLength: 256
4086 minLength: 1
4087 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4088 type: string
4089 value:
4090 description: Value is the value of HTTP Header
4091 to be matched.
4092 maxLength: 4096
4093 minLength: 1
4094 type: string
4095 required:
4096 - name
4097 - value
4098 type: object
4099 maxItems: 16
4100 type: array
4101 x-kubernetes-list-map-keys:
4102 - name
4103 x-kubernetes-list-type: map
4104 remove:
4105 description: "Remove the given header(s) from the
4106 HTTP request before the action. The value of Remove
4107 is a list of HTTP header names. Note that the header
4108 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
4109 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
4110 bar my-header3: baz \n Config: remove: [\"my-header1\",
4111 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
4112 bar"
4113 items:
4114 type: string
4115 maxItems: 16
4116 type: array
4117 x-kubernetes-list-type: set
4118 set:
4119 description: "Set overwrites the request with the
4120 given header (name, value) before the action. \n
4121 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
4122 set: - name: \"my-header\" value: \"bar\" \n Output:
4123 GET /foo HTTP/1.1 my-header: bar"
4124 items:
4125 description: HTTPHeader represents an HTTP Header
4126 name and value as defined by RFC 7230.
4127 properties:
4128 name:
4129 description: "Name is the name of the HTTP Header
4130 to be matched. Name matching MUST be case
4131 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
4132 \n If multiple entries specify equivalent
4133 header names, the first entry with an equivalent
4134 name MUST be considered for a match. Subsequent
4135 entries with an equivalent header name MUST
4136 be ignored. Due to the case-insensitivity
4137 of header names, \"foo\" and \"Foo\" are considered
4138 equivalent."
4139 maxLength: 256
4140 minLength: 1
4141 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4142 type: string
4143 value:
4144 description: Value is the value of HTTP Header
4145 to be matched.
4146 maxLength: 4096
4147 minLength: 1
4148 type: string
4149 required:
4150 - name
4151 - value
4152 type: object
4153 maxItems: 16
4154 type: array
4155 x-kubernetes-list-map-keys:
4156 - name
4157 x-kubernetes-list-type: map
4158 type: object
4159 type:
4160 description: "Type identifies the type of filter to apply.
4161 As with other API fields, types are classified into
4162 three conformance levels: \n - Core: Filter types and
4163 their corresponding configuration defined by \"Support:
4164 Core\" in this package, e.g. \"RequestHeaderModifier\".
4165 All implementations must support core filters. \n -
4166 Extended: Filter types and their corresponding configuration
4167 defined by \"Support: Extended\" in this package, e.g.
4168 \"RequestMirror\". Implementers are encouraged to support
4169 extended filters. \n - Implementation-specific: Filters
4170 that are defined and supported by specific vendors.
4171 In the future, filters showing convergence in behavior
4172 across multiple implementations will be considered for
4173 inclusion in extended or core conformance levels. Filter-specific
4174 configuration for such filters is specified using the
4175 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
4176 for custom filters. \n Implementers are encouraged to
4177 define custom implementation types to extend the core
4178 API with implementation-specific behavior. \n If a reference
4179 to a custom filter type cannot be resolved, the filter
4180 MUST NOT be skipped. Instead, requests that would have
4181 been processed by that filter MUST receive a HTTP error
4182 response. \n Note that values may be added to this enum,
4183 implementations must ensure that unknown values will
4184 not cause a crash. \n Unknown values here must result
4185 in the implementation setting the Accepted Condition
4186 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
4187 enum:
4188 - RequestHeaderModifier
4189 - ResponseHeaderModifier
4190 - RequestMirror
4191 - RequestRedirect
4192 - URLRewrite
4193 - ExtensionRef
4194 type: string
4195 urlRewrite:
4196 description: "URLRewrite defines a schema for a filter
4197 that modifies a request during forwarding. \n Support:
4198 Extended"
4199 properties:
4200 hostname:
4201 description: "Hostname is the value to be used to
4202 replace the Host header value during forwarding.
4203 \n Support: Extended"
4204 maxLength: 253
4205 minLength: 1
4206 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4207 type: string
4208 path:
4209 description: "Path defines a path rewrite. \n Support:
4210 Extended"
4211 properties:
4212 replaceFullPath:
4213 description: ReplaceFullPath specifies the value
4214 with which to replace the full path of a request
4215 during a rewrite or redirect.
4216 maxLength: 1024
4217 type: string
4218 replacePrefixMatch:
4219 description: "ReplacePrefixMatch specifies the
4220 value with which to replace the prefix match
4221 of a request during a rewrite or redirect. For
4222 example, a request to \"/foo/bar\" with a prefix
4223 match of \"/foo\" and a ReplacePrefixMatch of
4224 \"/xyz\" would be modified to \"/xyz/bar\".
4225 \n Note that this matches the behavior of the
4226 PathPrefix match type. This matches full path
4227 elements. A path element refers to the list
4228 of labels in the path split by the `/` separator.
4229 When specified, a trailing `/` is ignored. For
4230 example, the paths `/abc`, `/abc/`, and `/abc/def`
4231 would all match the prefix `/abc`, but the path
4232 `/abcd` would not. \n ReplacePrefixMatch is
4233 only compatible with a `PathPrefix` HTTPRouteMatch.
4234 Using any other HTTPRouteMatch type on the same
4235 HTTPRouteRule will result in the implementation
4236 setting the Accepted Condition for the Route
4237 to `status: False`. \n Request Path | Prefix
4238 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
4239 /foo/bar | /foo | /xyz |
4240 /xyz/bar /foo/bar | /foo | /xyz/
4241 \ | /xyz/bar /foo/bar | /foo/ |
4242 /xyz | /xyz/bar /foo/bar | /foo/
4243 \ | /xyz/ | /xyz/bar /foo |
4244 /foo | /xyz | /xyz /foo/ |
4245 /foo | /xyz | /xyz/ /foo/bar
4246 \ | /foo | <empty string> | /bar
4247 /foo/ | /foo | <empty string>
4248 | / /foo | /foo | <empty string>
4249 | / /foo/ | /foo | / |
4250 / /foo | /foo | / |
4251 /"
4252 maxLength: 1024
4253 type: string
4254 type:
4255 description: "Type defines the type of path modifier.
4256 Additional types may be added in a future release
4257 of the API. \n Note that values may be added
4258 to this enum, implementations must ensure that
4259 unknown values will not cause a crash. \n Unknown
4260 values here must result in the implementation
4261 setting the Accepted Condition for the Route
4262 to `status: False`, with a Reason of `UnsupportedValue`."
4263 enum:
4264 - ReplaceFullPath
4265 - ReplacePrefixMatch
4266 type: string
4267 required:
4268 - type
4269 type: object
4270 x-kubernetes-validations:
4271 - message: replaceFullPath must be specified when
4272 type is set to 'ReplaceFullPath'
4273 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
4274 : true'
4275 - message: type must be 'ReplaceFullPath' when replaceFullPath
4276 is set
4277 rule: 'has(self.replaceFullPath) ? self.type ==
4278 ''ReplaceFullPath'' : true'
4279 - message: replacePrefixMatch must be specified when
4280 type is set to 'ReplacePrefixMatch'
4281 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
4282 : true'
4283 - message: type must be 'ReplacePrefixMatch' when
4284 replacePrefixMatch is set
4285 rule: 'has(self.replacePrefixMatch) ? self.type
4286 == ''ReplacePrefixMatch'' : true'
4287 type: object
4288 required:
4289 - type
4290 type: object
4291 x-kubernetes-validations:
4292 - message: filter.requestHeaderModifier must be nil if the
4293 filter.type is not RequestHeaderModifier
4294 rule: '!(has(self.requestHeaderModifier) && self.type !=
4295 ''RequestHeaderModifier'')'
4296 - message: filter.requestHeaderModifier must be specified
4297 for RequestHeaderModifier filter.type
4298 rule: '!(!has(self.requestHeaderModifier) && self.type ==
4299 ''RequestHeaderModifier'')'
4300 - message: filter.responseHeaderModifier must be nil if the
4301 filter.type is not ResponseHeaderModifier
4302 rule: '!(has(self.responseHeaderModifier) && self.type !=
4303 ''ResponseHeaderModifier'')'
4304 - message: filter.responseHeaderModifier must be specified
4305 for ResponseHeaderModifier filter.type
4306 rule: '!(!has(self.responseHeaderModifier) && self.type
4307 == ''ResponseHeaderModifier'')'
4308 - message: filter.requestMirror must be nil if the filter.type
4309 is not RequestMirror
4310 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
4311 - message: filter.requestMirror must be specified for RequestMirror
4312 filter.type
4313 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')'
4314 - message: filter.requestRedirect must be nil if the filter.type
4315 is not RequestRedirect
4316 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')'
4317 - message: filter.requestRedirect must be specified for RequestRedirect
4318 filter.type
4319 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')'
4320 - message: filter.urlRewrite must be nil if the filter.type
4321 is not URLRewrite
4322 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
4323 - message: filter.urlRewrite must be specified for URLRewrite
4324 filter.type
4325 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
4326 - message: filter.extensionRef must be nil if the filter.type
4327 is not ExtensionRef
4328 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
4329 - message: filter.extensionRef must be specified for ExtensionRef
4330 filter.type
4331 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
4332 maxItems: 16
4333 type: array
4334 x-kubernetes-validations:
4335 - message: May specify either httpRouteFilterRequestRedirect
4336 or httpRouteFilterRequestRewrite, but not both
4337 rule: '!(self.exists(f, f.type == ''RequestRedirect'') &&
4338 self.exists(f, f.type == ''URLRewrite''))'
4339 - message: RequestHeaderModifier filter cannot be repeated
4340 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
4341 <= 1
4342 - message: ResponseHeaderModifier filter cannot be repeated
4343 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
4344 <= 1
4345 - message: RequestRedirect filter cannot be repeated
4346 rule: self.filter(f, f.type == 'RequestRedirect').size() <=
4347 1
4348 - message: URLRewrite filter cannot be repeated
4349 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1
4350 matches:
4351 default:
4352 - path:
4353 type: PathPrefix
4354 value: /
4355 description: "Matches define conditions used for matching the
4356 rule against incoming HTTP requests. Each match is independent,
4357 i.e. this rule will be matched if **any** one of the matches
4358 is satisfied. \n For example, take the following matches configuration:
4359 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
4360 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
4361 to match against this rule, a request must satisfy EITHER
4362 of the two conditions: \n - path prefixed with `/foo` AND
4363 contains the header `version: v2` - path prefix of `/v2/foo`
4364 \n See the documentation for HTTPRouteMatch on how to specify
4365 multiple match conditions that should be ANDed together. \n
4366 If no matches are specified, the default is a prefix path
4367 match on \"/\", which has the effect of matching every HTTP
4368 request. \n Proxy or Load Balancer routing configuration generated
4369 from HTTPRoutes MUST prioritize matches based on the following
4370 criteria, continuing on ties. Across all rules specified on
4371 applicable Routes, precedence must be given to the match having:
4372 \n * \"Exact\" path match. * \"Prefix\" path match with largest
4373 number of characters. * Method match. * Largest number of
4374 header matches. * Largest number of query param matches. \n
4375 Note: The precedence of RegularExpression path matches are
4376 implementation-specific. \n If ties still exist across multiple
4377 Routes, matching precedence MUST be determined in order of
4378 the following criteria, continuing on ties: \n * The oldest
4379 Route based on creation timestamp. * The Route appearing first
4380 in alphabetical order by \"{namespace}/{name}\". \n If ties
4381 still exist within an HTTPRoute, matching precedence MUST
4382 be granted to the FIRST matching rule (in list order) with
4383 a match meeting the above criteria. \n When no rules matching
4384 a request have been successfully attached to the parent a
4385 request is coming from, a HTTP 404 status code MUST be returned."
4386 items:
4387 description: "HTTPRouteMatch defines the predicate used to
4388 match requests to a given action. Multiple match types are
4389 ANDed together, i.e. the match will evaluate to true only
4390 if all conditions are satisfied. \n For example, the match
4391 below will match a HTTP request only if its path starts
4392 with `/foo` AND it contains the `version: v1` header: \n
4393 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
4394 value \"v1\" \n ```"
4395 properties:
4396 headers:
4397 description: Headers specifies HTTP request header matchers.
4398 Multiple match values are ANDed together, meaning, a
4399 request must match all the specified headers to select
4400 the route.
4401 items:
4402 description: HTTPHeaderMatch describes how to select
4403 a HTTP route by matching HTTP request headers.
4404 properties:
4405 name:
4406 description: "Name is the name of the HTTP Header
4407 to be matched. Name matching MUST be case insensitive.
4408 (See https://tools.ietf.org/html/rfc7230#section-3.2).
4409 \n If multiple entries specify equivalent header
4410 names, only the first entry with an equivalent
4411 name MUST be considered for a match. Subsequent
4412 entries with an equivalent header name MUST be
4413 ignored. Due to the case-insensitivity of header
4414 names, \"foo\" and \"Foo\" are considered equivalent.
4415 \n When a header is repeated in an HTTP request,
4416 it is implementation-specific behavior as to how
4417 this is represented. Generally, proxies should
4418 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
4419 regarding processing a repeated header, with special
4420 handling for \"Set-Cookie\"."
4421 maxLength: 256
4422 minLength: 1
4423 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4424 type: string
4425 type:
4426 default: Exact
4427 description: "Type specifies how to match against
4428 the value of the header. \n Support: Core (Exact)
4429 \n Support: Implementation-specific (RegularExpression)
4430 \n Since RegularExpression HeaderMatchType has
4431 implementation-specific conformance, implementations
4432 can support POSIX, PCRE or any other dialects
4433 of regular expressions. Please read the implementation's
4434 documentation to determine the supported dialect."
4435 enum:
4436 - Exact
4437 - RegularExpression
4438 type: string
4439 value:
4440 description: Value is the value of HTTP Header to
4441 be matched.
4442 maxLength: 4096
4443 minLength: 1
4444 type: string
4445 required:
4446 - name
4447 - value
4448 type: object
4449 maxItems: 16
4450 type: array
4451 x-kubernetes-list-map-keys:
4452 - name
4453 x-kubernetes-list-type: map
4454 method:
4455 description: "Method specifies HTTP method matcher. When
4456 specified, this route will be matched only if the request
4457 has the specified method. \n Support: Extended"
4458 enum:
4459 - GET
4460 - HEAD
4461 - POST
4462 - PUT
4463 - DELETE
4464 - CONNECT
4465 - OPTIONS
4466 - TRACE
4467 - PATCH
4468 type: string
4469 path:
4470 default:
4471 type: PathPrefix
4472 value: /
4473 description: Path specifies a HTTP request path matcher.
4474 If this field is not specified, a default prefix match
4475 on the "/" path is provided.
4476 properties:
4477 type:
4478 default: PathPrefix
4479 description: "Type specifies how to match against
4480 the path Value. \n Support: Core (Exact, PathPrefix)
4481 \n Support: Implementation-specific (RegularExpression)"
4482 enum:
4483 - Exact
4484 - PathPrefix
4485 - RegularExpression
4486 type: string
4487 value:
4488 default: /
4489 description: Value of the HTTP path to match against.
4490 maxLength: 1024
4491 type: string
4492 type: object
4493 x-kubernetes-validations:
4494 - message: value must be an absolute path and start with
4495 '/' when type one of ['Exact', 'PathPrefix']
4496 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'')
4497 : true'
4498 - message: must not contain '//' when type one of ['Exact',
4499 'PathPrefix']
4500 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'')
4501 : true'
4502 - message: must not contain '/./' when type one of ['Exact',
4503 'PathPrefix']
4504 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'')
4505 : true'
4506 - message: must not contain '/../' when type one of ['Exact',
4507 'PathPrefix']
4508 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'')
4509 : true'
4510 - message: must not contain '%2f' when type one of ['Exact',
4511 'PathPrefix']
4512 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'')
4513 : true'
4514 - message: must not contain '%2F' when type one of ['Exact',
4515 'PathPrefix']
4516 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'')
4517 : true'
4518 - message: must not contain '#' when type one of ['Exact',
4519 'PathPrefix']
4520 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'')
4521 : true'
4522 - message: must not end with '/..' when type one of ['Exact',
4523 'PathPrefix']
4524 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'')
4525 : true'
4526 - message: must not end with '/.' when type one of ['Exact',
4527 'PathPrefix']
4528 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'')
4529 : true'
4530 - message: type must be one of ['Exact', 'PathPrefix',
4531 'RegularExpression']
4532 rule: self.type in ['Exact','PathPrefix'] || self.type
4533 == 'RegularExpression'
4534 - message: must only contain valid characters (matching
4535 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$)
4536 for types ['Exact', 'PathPrefix']
4537 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""")
4538 : true'
4539 queryParams:
4540 description: "QueryParams specifies HTTP query parameter
4541 matchers. Multiple match values are ANDed together,
4542 meaning, a request must match all the specified query
4543 parameters to select the route. \n Support: Extended"
4544 items:
4545 description: HTTPQueryParamMatch describes how to select
4546 a HTTP route by matching HTTP query parameters.
4547 properties:
4548 name:
4549 description: "Name is the name of the HTTP query
4550 param to be matched. This must be an exact string
4551 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
4552 \n If multiple entries specify equivalent query
4553 param names, only the first entry with an equivalent
4554 name MUST be considered for a match. Subsequent
4555 entries with an equivalent query param name MUST
4556 be ignored. \n If a query param is repeated in
4557 an HTTP request, the behavior is purposely left
4558 undefined, since different data planes have different
4559 capabilities. However, it is *recommended* that
4560 implementations should match against the first
4561 value of the param if the data plane supports
4562 it, as this behavior is expected in other load
4563 balancing contexts outside of the Gateway API.
4564 \n Users SHOULD NOT route traffic based on repeated
4565 query params to guard themselves against potential
4566 differences in the implementations."
4567 maxLength: 256
4568 minLength: 1
4569 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4570 type: string
4571 type:
4572 default: Exact
4573 description: "Type specifies how to match against
4574 the value of the query parameter. \n Support:
4575 Extended (Exact) \n Support: Implementation-specific
4576 (RegularExpression) \n Since RegularExpression
4577 QueryParamMatchType has Implementation-specific
4578 conformance, implementations can support POSIX,
4579 PCRE or any other dialects of regular expressions.
4580 Please read the implementation's documentation
4581 to determine the supported dialect."
4582 enum:
4583 - Exact
4584 - RegularExpression
4585 type: string
4586 value:
4587 description: Value is the value of HTTP query param
4588 to be matched.
4589 maxLength: 1024
4590 minLength: 1
4591 type: string
4592 required:
4593 - name
4594 - value
4595 type: object
4596 maxItems: 16
4597 type: array
4598 x-kubernetes-list-map-keys:
4599 - name
4600 x-kubernetes-list-type: map
4601 type: object
4602 maxItems: 8
4603 type: array
4604 timeouts:
4605 description: "Timeouts defines the timeouts that can be configured
4606 for an HTTP request. \n Support: Extended \n "
4607 properties:
4608 backendRequest:
4609 description: "BackendRequest specifies a timeout for an
4610 individual request from the gateway to a backend. This
4611 covers the time from when the request first starts being
4612 sent from the gateway to when the full response has been
4613 received from the backend. \n An entire client HTTP transaction
4614 with a gateway, covered by the Request timeout, may result
4615 in more than one call from the gateway to the destination
4616 backend, for example, if automatic retries are supported.
4617 \n Because the Request timeout encompasses the BackendRequest
4618 timeout, the value of BackendRequest must be <= the value
4619 of Request timeout. \n Support: Extended"
4620 pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
4621 type: string
4622 request:
4623 description: "Request specifies the maximum duration for
4624 a gateway to respond to an HTTP request. If the gateway
4625 has not been able to respond before this deadline is met,
4626 the gateway MUST return a timeout error. \n For example,
4627 setting the `rules.timeouts.request` field to the value
4628 `10s` in an `HTTPRoute` will cause a timeout if a client
4629 request is taking longer than 10 seconds to complete.
4630 \n This timeout is intended to cover as close to the whole
4631 request-response transaction as possible although an implementation
4632 MAY choose to start the timeout after the entire request
4633 stream has been received instead of immediately after
4634 the transaction is initiated by the client. \n When this
4635 field is unspecified, request timeout behavior is implementation-specific.
4636 \n Support: Extended"
4637 pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
4638 type: string
4639 type: object
4640 x-kubernetes-validations:
4641 - message: backendRequest timeout cannot be longer than request
4642 timeout
4643 rule: '!(has(self.request) && has(self.backendRequest) &&
4644 duration(self.request) != duration(''0s'') && duration(self.backendRequest)
4645 > duration(self.request))'
4646 type: object
4647 x-kubernetes-validations:
4648 - message: RequestRedirect filter must not be used together with
4649 backendRefs
4650 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ?
4651 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))):
4652 true'
4653 - message: When using RequestRedirect filter with path.replacePrefixMatch,
4654 exactly one PathPrefix match must be specified
4655 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect)
4656 && has(f.requestRedirect.path) && f.requestRedirect.path.type
4657 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
4658 ? ((size(self.matches) != 1 || !has(self.matches[0].path) ||
4659 self.matches[0].path.type != ''PathPrefix'') ? false : true)
4660 : true'
4661 - message: When using URLRewrite filter with path.replacePrefixMatch,
4662 exactly one PathPrefix match must be specified
4663 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite)
4664 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
4665 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches)
4666 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
4667 != ''PathPrefix'') ? false : true) : true'
4668 - message: Within backendRefs, when using RequestRedirect filter
4669 with path.replacePrefixMatch, exactly one PathPrefix match must
4670 be specified
4671 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
4672 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect)
4673 && has(f.requestRedirect.path) && f.requestRedirect.path.type
4674 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
4675 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path)
4676 || self.matches[0].path.type != ''PathPrefix'') ? false : true)
4677 : true'
4678 - message: Within backendRefs, When using URLRewrite filter with
4679 path.replacePrefixMatch, exactly one PathPrefix match must be
4680 specified
4681 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
4682 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite)
4683 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
4684 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches)
4685 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
4686 != ''PathPrefix'') ? false : true) : true'
4687 maxItems: 16
4688 type: array
4689 type: object
4690 status:
4691 description: Status defines the current state of HTTPRoute.
4692 properties:
4693 parents:
4694 description: "Parents is a list of parent resources (usually Gateways)
4695 that are associated with the route, and the status of the route
4696 with respect to each parent. When this route attaches to a parent,
4697 the controller that manages the parent must add an entry to this
4698 list when the controller first sees the route and should update
4699 the entry as appropriate when the route or gateway is modified.
4700 \n Note that parent references that cannot be resolved by an implementation
4701 of this API will not be added to this list. Implementations of this
4702 API can only populate Route status for the Gateways/parent resources
4703 they are responsible for. \n A maximum of 32 Gateways will be represented
4704 in this list. An empty list means the route has not been attached
4705 to any Gateway."
4706 items:
4707 description: RouteParentStatus describes the status of a route with
4708 respect to an associated Parent.
4709 properties:
4710 conditions:
4711 description: "Conditions describes the status of the route with
4712 respect to the Gateway. Note that the route's availability
4713 is also subject to the Gateway's own status conditions and
4714 listener status. \n If the Route's ParentRef specifies an
4715 existing Gateway that supports Routes of this kind AND that
4716 Gateway's controller has sufficient access, then that Gateway's
4717 controller MUST set the \"Accepted\" condition on the Route,
4718 to indicate whether the route has been accepted or rejected
4719 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
4720 if at least one of the Route's rules is implemented by the
4721 Gateway. \n There are a number of cases where the \"Accepted\"
4722 condition may not be set due to lack of controller visibility,
4723 that includes when: \n * The Route refers to a non-existent
4724 parent. * The Route is of a type that the controller does
4725 not support. * The Route is in a namespace the controller
4726 does not have access to."
4727 items:
4728 description: "Condition contains details for one aspect of
4729 the current state of this API Resource. --- This struct
4730 is intended for direct use as an array at the field path
4731 .status.conditions. For example, \n type FooStatus struct{
4732 // Represents the observations of a foo's current state.
4733 // Known .status.conditions.type are: \"Available\", \"Progressing\",
4734 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
4735 // +listType=map // +listMapKey=type Conditions []metav1.Condition
4736 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
4737 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
4738 }"
4739 properties:
4740 lastTransitionTime:
4741 description: lastTransitionTime is the last time the condition
4742 transitioned from one status to another. This should
4743 be when the underlying condition changed. If that is
4744 not known, then using the time when the API field changed
4745 is acceptable.
4746 format: date-time
4747 type: string
4748 message:
4749 description: message is a human readable message indicating
4750 details about the transition. This may be an empty string.
4751 maxLength: 32768
4752 type: string
4753 observedGeneration:
4754 description: observedGeneration represents the .metadata.generation
4755 that the condition was set based upon. For instance,
4756 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
4757 is 9, the condition is out of date with respect to the
4758 current state of the instance.
4759 format: int64
4760 minimum: 0
4761 type: integer
4762 reason:
4763 description: reason contains a programmatic identifier
4764 indicating the reason for the condition's last transition.
4765 Producers of specific condition types may define expected
4766 values and meanings for this field, and whether the
4767 values are considered a guaranteed API. The value should
4768 be a CamelCase string. This field may not be empty.
4769 maxLength: 1024
4770 minLength: 1
4771 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4772 type: string
4773 status:
4774 description: status of the condition, one of True, False,
4775 Unknown.
4776 enum:
4777 - "True"
4778 - "False"
4779 - Unknown
4780 type: string
4781 type:
4782 description: type of condition in CamelCase or in foo.example.com/CamelCase.
4783 --- Many .condition.type values are consistent across
4784 resources like Available, but because arbitrary conditions
4785 can be useful (see .node.status.conditions), the ability
4786 to deconflict is important. The regex it matches is
4787 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
4788 maxLength: 316
4789 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4790 type: string
4791 required:
4792 - lastTransitionTime
4793 - message
4794 - reason
4795 - status
4796 - type
4797 type: object
4798 maxItems: 8
4799 minItems: 1
4800 type: array
4801 x-kubernetes-list-map-keys:
4802 - type
4803 x-kubernetes-list-type: map
4804 controllerName:
4805 description: "ControllerName is a domain/path string that indicates
4806 the name of the controller that wrote this status. This corresponds
4807 with the controllerName field on GatewayClass. \n Example:
4808 \"example.net/gateway-controller\". \n The format of this
4809 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
4810 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
4811 \n Controllers MUST populate this field when writing status.
4812 Controllers should ensure that entries to status populated
4813 with their ControllerName are cleaned up when they are no
4814 longer necessary."
4815 maxLength: 253
4816 minLength: 1
4817 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
4818 type: string
4819 parentRef:
4820 description: ParentRef corresponds with a ParentRef in the spec
4821 that this RouteParentStatus struct describes the status of.
4822 properties:
4823 group:
4824 default: gateway.networking.k8s.io
4825 description: "Group is the group of the referent. When unspecified,
4826 \"gateway.networking.k8s.io\" is inferred. To set the
4827 core API group (such as for a \"Service\" kind referent),
4828 Group must be explicitly set to \"\" (empty string). \n
4829 Support: Core"
4830 maxLength: 253
4831 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4832 type: string
4833 kind:
4834 default: Gateway
4835 description: "Kind is kind of the referent. \n There are
4836 two kinds of parent resources with \"Core\" support: \n
4837 * Gateway (Gateway conformance profile) * Service (Mesh
4838 conformance profile, experimental, ClusterIP Services
4839 only) \n Support for other resources is Implementation-Specific."
4840 maxLength: 63
4841 minLength: 1
4842 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4843 type: string
4844 name:
4845 description: "Name is the name of the referent. \n Support:
4846 Core"
4847 maxLength: 253
4848 minLength: 1
4849 type: string
4850 namespace:
4851 description: "Namespace is the namespace of the referent.
4852 When unspecified, this refers to the local namespace of
4853 the Route. \n Note that there are specific rules for ParentRefs
4854 which cross namespace boundaries. Cross-namespace references
4855 are only valid if they are explicitly allowed by something
4856 in the namespace they are referring to. For example: Gateway
4857 has the AllowedRoutes field, and ReferenceGrant provides
4858 a generic way to enable any other kind of cross-namespace
4859 reference. \n ParentRefs from a Route to a Service in
4860 the same namespace are \"producer\" routes, which apply
4861 default routing rules to inbound connections from any
4862 namespace to the Service. \n ParentRefs from a Route to
4863 a Service in a different namespace are \"consumer\" routes,
4864 and these routing rules are only applied to outbound connections
4865 originating from the same namespace as the Route, for
4866 which the intended destination of the connections are
4867 a Service targeted as a ParentRef of the Route. \n Support:
4868 Core"
4869 maxLength: 63
4870 minLength: 1
4871 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4872 type: string
4873 port:
4874 description: "Port is the network port this Route targets.
4875 It can be interpreted differently based on the type of
4876 parent resource. \n When the parent resource is a Gateway,
4877 this targets all listeners listening on the specified
4878 port that also support this kind of Route(and select this
4879 Route). It's not recommended to set `Port` unless the
4880 networking behaviors specified in a Route must apply to
4881 a specific port as opposed to a listener(s) whose port(s)
4882 may be changed. When both Port and SectionName are specified,
4883 the name and port of the selected listener must match
4884 both specified values. \n When the parent resource is
4885 a Service, this targets a specific port in the Service
4886 spec. When both Port (experimental) and SectionName are
4887 specified, the name and port of the selected port must
4888 match both specified values. \n Implementations MAY choose
4889 to support other parent resources. Implementations supporting
4890 other types of parent resources MUST clearly document
4891 how/if Port is interpreted. \n For the purpose of status,
4892 an attachment is considered successful as long as the
4893 parent resource accepts it partially. For example, Gateway
4894 listeners can restrict which Routes can attach to them
4895 by Route kind, namespace, or hostname. If 1 of 2 Gateway
4896 listeners accept attachment from the referencing Route,
4897 the Route MUST be considered successfully attached. If
4898 no Gateway listeners accept attachment from this Route,
4899 the Route MUST be considered detached from the Gateway.
4900 \n Support: Extended \n "
4901 format: int32
4902 maximum: 65535
4903 minimum: 1
4904 type: integer
4905 sectionName:
4906 description: "SectionName is the name of a section within
4907 the target resource. In the following resources, SectionName
4908 is interpreted as the following: \n * Gateway: Listener
4909 Name. When both Port (experimental) and SectionName are
4910 specified, the name and port of the selected listener
4911 must match both specified values. * Service: Port Name.
4912 When both Port (experimental) and SectionName are specified,
4913 the name and port of the selected listener must match
4914 both specified values. Note that attaching Routes to Services
4915 as Parents is part of experimental Mesh support and is
4916 not supported for any other purpose. \n Implementations
4917 MAY choose to support attaching Routes to other resources.
4918 If that is the case, they MUST clearly document how SectionName
4919 is interpreted. \n When unspecified (empty string), this
4920 will reference the entire resource. For the purpose of
4921 status, an attachment is considered successful if at least
4922 one section in the parent resource accepts it. For example,
4923 Gateway listeners can restrict which Routes can attach
4924 to them by Route kind, namespace, or hostname. If 1 of
4925 2 Gateway listeners accept attachment from the referencing
4926 Route, the Route MUST be considered successfully attached.
4927 If no Gateway listeners accept attachment from this Route,
4928 the Route MUST be considered detached from the Gateway.
4929 \n Support: Core"
4930 maxLength: 253
4931 minLength: 1
4932 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4933 type: string
4934 required:
4935 - name
4936 type: object
4937 required:
4938 - controllerName
4939 - parentRef
4940 type: object
4941 maxItems: 32
4942 type: array
4943 required:
4944 - parents
4945 type: object
4946 required:
4947 - spec
4948 type: object
4949 served: true
4950 storage: true
4951 subresources:
4952 status: {}
4953status:
4954 acceptedNames:
4955 kind: ""
4956 plural: ""
4957 conditions: null
4958 storedVersions: null
View as plain text