1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
6 gateway.networking.k8s.io/bundle-version: v1.0.0
7 gateway.networking.k8s.io/channel: experimental
8 creationTimestamp: null
9 name: tlsroutes.gateway.networking.k8s.io
10spec:
11 group: gateway.networking.k8s.io
12 names:
13 categories:
14 - gateway-api
15 kind: TLSRoute
16 listKind: TLSRouteList
17 plural: tlsroutes
18 singular: tlsroute
19 scope: Namespaced
20 versions:
21 - additionalPrinterColumns:
22 - jsonPath: .metadata.creationTimestamp
23 name: Age
24 type: date
25 name: v1alpha2
26 schema:
27 openAPIV3Schema:
28 description: "The TLSRoute resource is similar to TCPRoute, but can be configured
29 to match against TLS-specific metadata. This allows more flexibility in
30 matching streams for a given TLS listener. \n If you need to forward traffic
31 to a single target for a TLS listener, you could choose to use a TCPRoute
32 with a TLS listener."
33 properties:
34 apiVersion:
35 description: 'APIVersion defines the versioned schema of this representation
36 of an object. Servers should convert recognized schemas to the latest
37 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
38 type: string
39 kind:
40 description: 'Kind is a string value representing the REST resource this
41 object represents. Servers may infer this from the endpoint the client
42 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
43 type: string
44 metadata:
45 type: object
46 spec:
47 description: Spec defines the desired state of TLSRoute.
48 properties:
49 hostnames:
50 description: "Hostnames defines a set of SNI names that should match
51 against the SNI attribute of TLS ClientHello message in TLS handshake.
52 This matches the RFC 1123 definition of a hostname with 2 notable
53 exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066.
54 2. A hostname may be prefixed with a wildcard label (`*.`). The
55 wildcard label must appear by itself as the first label. \n If a
56 hostname is specified by both the Listener and TLSRoute, there must
57 be at least one intersecting hostname for the TLSRoute to be attached
58 to the Listener. For example: \n * A Listener with `test.example.com`
59 as the hostname matches TLSRoutes that have either not specified
60 any hostnames, or have specified at least one of `test.example.com`
61 or `*.example.com`. * A Listener with `*.example.com` as the hostname
62 matches TLSRoutes that have either not specified any hostnames or
63 have specified at least one hostname that matches the Listener hostname.
64 For example, `test.example.com` and `*.example.com` would both match.
65 On the other hand, `example.com` and `test.example.net` would not
66 match. \n If both the Listener and TLSRoute have specified hostnames,
67 any TLSRoute hostnames that do not match the Listener hostname MUST
68 be ignored. For example, if a Listener specified `*.example.com`,
69 and the TLSRoute specified `test.example.com` and `test.example.net`,
70 `test.example.net` must not be considered for a match. \n If both
71 the Listener and TLSRoute have specified hostnames, and none match
72 with the criteria above, then the TLSRoute is not accepted. The
73 implementation must raise an 'Accepted' Condition with a status
74 of `False` in the corresponding RouteParentStatus. \n Support: Core"
75 items:
76 description: "Hostname is the fully qualified domain name of a network
77 host. This matches the RFC 1123 definition of a hostname with
78 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
79 may be prefixed with a wildcard label (`*.`). The wildcard label
80 must appear by itself as the first label. \n Hostname can be \"precise\"
81 which is a domain name without the terminating dot of a network
82 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
83 name prefixed with a single wildcard label (e.g. `*.example.com`).
84 \n Note that as per RFC1035 and RFC1123, a *label* must consist
85 of lower case alphanumeric characters or '-', and must start and
86 end with an alphanumeric character. No other punctuation is allowed."
87 maxLength: 253
88 minLength: 1
89 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
90 type: string
91 maxItems: 16
92 type: array
93 parentRefs:
94 description: "ParentRefs references the resources (usually Gateways)
95 that a Route wants to be attached to. Note that the referenced parent
96 resource needs to allow this for the attachment to be complete.
97 For Gateways, that means the Gateway needs to allow attachment from
98 Routes of this kind and namespace. For Services, that means the
99 Service must either be in the same namespace for a \"producer\"
100 route, or the mesh implementation must support and allow \"consumer\"
101 routes for the referenced Service. ReferenceGrant is not applicable
102 for governing ParentRefs to Services - it is not possible to create
103 a \"producer\" route for a Service in a different namespace from
104 the Route. \n There are two kinds of parent resources with \"Core\"
105 support: \n * Gateway (Gateway conformance profile) * Service (Mesh
106 conformance profile, experimental, ClusterIP Services only) This
107 API may be extended in the future to support additional kinds of
108 parent resources. \n ParentRefs must be _distinct_. This means either
109 that: \n * They select different objects. If this is the case,
110 then parentRef entries are distinct. In terms of fields, this means
111 that the multi-part key defined by `group`, `kind`, `namespace`,
112 and `name` must be unique across all parentRef entries in the Route.
113 * They do not select different objects, but for each optional field
114 used, each ParentRef that selects the same object must set the same
115 set of optional fields to different values. If one ParentRef sets
116 a combination of optional fields, all must set the same combination.
117 \n Some examples: \n * If one ParentRef sets `sectionName`, all
118 ParentRefs referencing the same object must also set `sectionName`.
119 * If one ParentRef sets `port`, all ParentRefs referencing the same
120 object must also set `port`. * If one ParentRef sets `sectionName`
121 and `port`, all ParentRefs referencing the same object must also
122 set `sectionName` and `port`. \n It is possible to separately reference
123 multiple distinct objects that may be collapsed by an implementation.
124 For example, some implementations may choose to merge compatible
125 Gateway Listeners together. If that is the case, the list of routes
126 attached to those resources should also be merged. \n Note that
127 for ParentRefs that cross namespace boundaries, there are specific
128 rules. Cross-namespace references are only valid if they are explicitly
129 allowed by something in the namespace they are referring to. For
130 example, Gateway has the AllowedRoutes field, and ReferenceGrant
131 provides a generic way to enable other kinds of cross-namespace
132 reference. \n ParentRefs from a Route to a Service in the same
133 namespace are \"producer\" routes, which apply default routing rules
134 to inbound connections from any namespace to the Service. \n ParentRefs
135 from a Route to a Service in a different namespace are \"consumer\"
136 routes, and these routing rules are only applied to outbound connections
137 originating from the same namespace as the Route, for which the
138 intended destination of the connections are a Service targeted as
139 a ParentRef of the Route. \n "
140 items:
141 description: "ParentReference identifies an API object (usually
142 a Gateway) that can be considered a parent of this resource (usually
143 a route). There are two kinds of parent resources with \"Core\"
144 support: \n * Gateway (Gateway conformance profile) * Service
145 (Mesh conformance profile, experimental, ClusterIP Services only)
146 \n This API may be extended in the future to support additional
147 kinds of parent resources. \n The API object must be valid in
148 the cluster; the Group and Kind must be registered in the cluster
149 for this reference to be valid."
150 properties:
151 group:
152 default: gateway.networking.k8s.io
153 description: "Group is the group of the referent. When unspecified,
154 \"gateway.networking.k8s.io\" is inferred. To set the core
155 API group (such as for a \"Service\" kind referent), Group
156 must be explicitly set to \"\" (empty string). \n Support:
157 Core"
158 maxLength: 253
159 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
160 type: string
161 kind:
162 default: Gateway
163 description: "Kind is kind of the referent. \n There are two
164 kinds of parent resources with \"Core\" support: \n * Gateway
165 (Gateway conformance profile) * Service (Mesh conformance
166 profile, experimental, ClusterIP Services only) \n Support
167 for other resources is Implementation-Specific."
168 maxLength: 63
169 minLength: 1
170 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
171 type: string
172 name:
173 description: "Name is the name of the referent. \n Support:
174 Core"
175 maxLength: 253
176 minLength: 1
177 type: string
178 namespace:
179 description: "Namespace is the namespace of the referent. When
180 unspecified, this refers to the local namespace of the Route.
181 \n Note that there are specific rules for ParentRefs which
182 cross namespace boundaries. Cross-namespace references are
183 only valid if they are explicitly allowed by something in
184 the namespace they are referring to. For example: Gateway
185 has the AllowedRoutes field, and ReferenceGrant provides a
186 generic way to enable any other kind of cross-namespace reference.
187 \n ParentRefs from a Route to a Service in the same namespace
188 are \"producer\" routes, which apply default routing rules
189 to inbound connections from any namespace to the Service.
190 \n ParentRefs from a Route to a Service in a different namespace
191 are \"consumer\" routes, and these routing rules are only
192 applied to outbound connections originating from the same
193 namespace as the Route, for which the intended destination
194 of the connections are a Service targeted as a ParentRef of
195 the Route. \n Support: Core"
196 maxLength: 63
197 minLength: 1
198 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
199 type: string
200 port:
201 description: "Port is the network port this Route targets. It
202 can be interpreted differently based on the type of parent
203 resource. \n When the parent resource is a Gateway, this targets
204 all listeners listening on the specified port that also support
205 this kind of Route(and select this Route). It's not recommended
206 to set `Port` unless the networking behaviors specified in
207 a Route must apply to a specific port as opposed to a listener(s)
208 whose port(s) may be changed. When both Port and SectionName
209 are specified, the name and port of the selected listener
210 must match both specified values. \n When the parent resource
211 is a Service, this targets a specific port in the Service
212 spec. When both Port (experimental) and SectionName are specified,
213 the name and port of the selected port must match both specified
214 values. \n Implementations MAY choose to support other parent
215 resources. Implementations supporting other types of parent
216 resources MUST clearly document how/if Port is interpreted.
217 \n For the purpose of status, an attachment is considered
218 successful as long as the parent resource accepts it partially.
219 For example, Gateway listeners can restrict which Routes can
220 attach to them by Route kind, namespace, or hostname. If 1
221 of 2 Gateway listeners accept attachment from the referencing
222 Route, the Route MUST be considered successfully attached.
223 If no Gateway listeners accept attachment from this Route,
224 the Route MUST be considered detached from the Gateway. \n
225 Support: Extended \n "
226 format: int32
227 maximum: 65535
228 minimum: 1
229 type: integer
230 sectionName:
231 description: "SectionName is the name of a section within the
232 target resource. In the following resources, SectionName is
233 interpreted as the following: \n * Gateway: Listener Name.
234 When both Port (experimental) and SectionName are specified,
235 the name and port of the selected listener must match both
236 specified values. * Service: Port Name. When both Port (experimental)
237 and SectionName are specified, the name and port of the selected
238 listener must match both specified values. Note that attaching
239 Routes to Services as Parents is part of experimental Mesh
240 support and is not supported for any other purpose. \n Implementations
241 MAY choose to support attaching Routes to other resources.
242 If that is the case, they MUST clearly document how SectionName
243 is interpreted. \n When unspecified (empty string), this will
244 reference the entire resource. For the purpose of status,
245 an attachment is considered successful if at least one section
246 in the parent resource accepts it. For example, Gateway listeners
247 can restrict which Routes can attach to them by Route kind,
248 namespace, or hostname. If 1 of 2 Gateway listeners accept
249 attachment from the referencing Route, the Route MUST be considered
250 successfully attached. If no Gateway listeners accept attachment
251 from this Route, the Route MUST be considered detached from
252 the Gateway. \n Support: Core"
253 maxLength: 253
254 minLength: 1
255 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
256 type: string
257 required:
258 - name
259 type: object
260 maxItems: 32
261 type: array
262 x-kubernetes-validations:
263 - message: sectionName or port must be specified when parentRefs includes
264 2 or more references to the same parent
265 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind
266 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
267 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__
268 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
269 p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName)
270 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName
271 == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port)
272 || p2.port == 0)): true))'
273 - message: sectionName or port must be unique when parentRefs includes
274 2 or more references to the same parent
275 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind
276 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
277 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__
278 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
279 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName)
280 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName
281 == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName
282 == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port)
283 || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port
284 == p2.port))))
285 rules:
286 description: Rules are a list of TLS matchers and actions.
287 items:
288 description: TLSRouteRule is the configuration for a given rule.
289 properties:
290 backendRefs:
291 description: "BackendRefs defines the backend(s) where matching
292 requests should be sent. If unspecified or invalid (refers
293 to a non-existent resource or a Service with no endpoints),
294 the rule performs no forwarding; if no filters are specified
295 that would result in a response being sent, the underlying
296 implementation must actively reject request attempts to this
297 backend, by rejecting the connection or returning a 500 status
298 code. Request rejections must respect weight; if an invalid
299 backend is requested to have 80% of requests, then 80% of
300 requests must be rejected instead. \n Support: Core for Kubernetes
301 Service \n Support: Extended for Kubernetes ServiceImport
302 \n Support: Implementation-specific for any other resource
303 \n Support for weight: Extended"
304 items:
305 description: "BackendRef defines how a Route should forward
306 a request to a Kubernetes resource. \n Note that when a
307 namespace different than the local namespace is specified,
308 a ReferenceGrant object is required in the referent namespace
309 to allow that namespace's owner to accept the reference.
310 See the ReferenceGrant documentation for details. \n <gateway:experimental:description>
311 \n When the BackendRef points to a Kubernetes Service, implementations
312 SHOULD honor the appProtocol field if it is set for the
313 target Service Port. \n Implementations supporting appProtocol
314 SHOULD recognize the Kubernetes Standard Application Protocols
315 defined in KEP-3726. \n If a Service appProtocol isn't specified,
316 an implementation MAY infer the backend protocol through
317 its own means. Implementations MAY infer the protocol from
318 the Route type referring to the backend Service. \n If a
319 Route is not able to send traffic to the backend using the
320 specified protocol then the backend is considered invalid.
321 Implementations MUST set the \"ResolvedRefs\" condition
322 to \"False\" with the \"UnsupportedProtocol\" reason. \n
323 </gateway:experimental:description> \n Note that when the
324 BackendTLSPolicy object is enabled by the implementation,
325 there are some extra rules about validity to consider here.
326 See the fields where this struct is used for more information
327 about the exact behavior."
328 properties:
329 group:
330 default: ""
331 description: Group is the group of the referent. For example,
332 "gateway.networking.k8s.io". When unspecified or empty
333 string, core API group is inferred.
334 maxLength: 253
335 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
336 type: string
337 kind:
338 default: Service
339 description: "Kind is the Kubernetes resource kind of
340 the referent. For example \"Service\". \n Defaults to
341 \"Service\" when not specified. \n ExternalName services
342 can refer to CNAME DNS records that may live outside
343 of the cluster and as such are difficult to reason about
344 in terms of conformance. They also may not be safe to
345 forward to (see CVE-2021-25740 for more information).
346 Implementations SHOULD NOT support ExternalName Services.
347 \n Support: Core (Services with a type other than ExternalName)
348 \n Support: Implementation-specific (Services with type
349 ExternalName)"
350 maxLength: 63
351 minLength: 1
352 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
353 type: string
354 name:
355 description: Name is the name of the referent.
356 maxLength: 253
357 minLength: 1
358 type: string
359 namespace:
360 description: "Namespace is the namespace of the backend.
361 When unspecified, the local namespace is inferred. \n
362 Note that when a namespace different than the local
363 namespace is specified, a ReferenceGrant object is required
364 in the referent namespace to allow that namespace's
365 owner to accept the reference. See the ReferenceGrant
366 documentation for details. \n Support: Core"
367 maxLength: 63
368 minLength: 1
369 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
370 type: string
371 port:
372 description: Port specifies the destination port number
373 to use for this resource. Port is required when the
374 referent is a Kubernetes Service. In this case, the
375 port number is the service port number, not the target
376 port. For other resources, destination port might be
377 derived from the referent resource or this field.
378 format: int32
379 maximum: 65535
380 minimum: 1
381 type: integer
382 weight:
383 default: 1
384 description: "Weight specifies the proportion of requests
385 forwarded to the referenced backend. This is computed
386 as weight/(sum of all weights in this BackendRefs list).
387 For non-zero values, there may be some epsilon from
388 the exact proportion defined here depending on the precision
389 an implementation supports. Weight is not a percentage
390 and the sum of weights does not need to equal 100. \n
391 If only one backend is specified and it has a weight
392 greater than 0, 100% of the traffic is forwarded to
393 that backend. If weight is set to 0, no traffic should
394 be forwarded for this entry. If unspecified, weight
395 defaults to 1. \n Support for this field varies based
396 on the context where used."
397 format: int32
398 maximum: 1000000
399 minimum: 0
400 type: integer
401 required:
402 - name
403 type: object
404 x-kubernetes-validations:
405 - message: Must have port for Service reference
406 rule: '(size(self.group) == 0 && self.kind == ''Service'')
407 ? has(self.port) : true'
408 maxItems: 16
409 minItems: 1
410 type: array
411 type: object
412 maxItems: 16
413 minItems: 1
414 type: array
415 required:
416 - rules
417 type: object
418 status:
419 description: Status defines the current state of TLSRoute.
420 properties:
421 parents:
422 description: "Parents is a list of parent resources (usually Gateways)
423 that are associated with the route, and the status of the route
424 with respect to each parent. When this route attaches to a parent,
425 the controller that manages the parent must add an entry to this
426 list when the controller first sees the route and should update
427 the entry as appropriate when the route or gateway is modified.
428 \n Note that parent references that cannot be resolved by an implementation
429 of this API will not be added to this list. Implementations of this
430 API can only populate Route status for the Gateways/parent resources
431 they are responsible for. \n A maximum of 32 Gateways will be represented
432 in this list. An empty list means the route has not been attached
433 to any Gateway."
434 items:
435 description: RouteParentStatus describes the status of a route with
436 respect to an associated Parent.
437 properties:
438 conditions:
439 description: "Conditions describes the status of the route with
440 respect to the Gateway. Note that the route's availability
441 is also subject to the Gateway's own status conditions and
442 listener status. \n If the Route's ParentRef specifies an
443 existing Gateway that supports Routes of this kind AND that
444 Gateway's controller has sufficient access, then that Gateway's
445 controller MUST set the \"Accepted\" condition on the Route,
446 to indicate whether the route has been accepted or rejected
447 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
448 if at least one of the Route's rules is implemented by the
449 Gateway. \n There are a number of cases where the \"Accepted\"
450 condition may not be set due to lack of controller visibility,
451 that includes when: \n * The Route refers to a non-existent
452 parent. * The Route is of a type that the controller does
453 not support. * The Route is in a namespace the controller
454 does not have access to."
455 items:
456 description: "Condition contains details for one aspect of
457 the current state of this API Resource. --- This struct
458 is intended for direct use as an array at the field path
459 .status.conditions. For example, \n type FooStatus struct{
460 // Represents the observations of a foo's current state.
461 // Known .status.conditions.type are: \"Available\", \"Progressing\",
462 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
463 // +listType=map // +listMapKey=type Conditions []metav1.Condition
464 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
465 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
466 }"
467 properties:
468 lastTransitionTime:
469 description: lastTransitionTime is the last time the condition
470 transitioned from one status to another. This should
471 be when the underlying condition changed. If that is
472 not known, then using the time when the API field changed
473 is acceptable.
474 format: date-time
475 type: string
476 message:
477 description: message is a human readable message indicating
478 details about the transition. This may be an empty string.
479 maxLength: 32768
480 type: string
481 observedGeneration:
482 description: observedGeneration represents the .metadata.generation
483 that the condition was set based upon. For instance,
484 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
485 is 9, the condition is out of date with respect to the
486 current state of the instance.
487 format: int64
488 minimum: 0
489 type: integer
490 reason:
491 description: reason contains a programmatic identifier
492 indicating the reason for the condition's last transition.
493 Producers of specific condition types may define expected
494 values and meanings for this field, and whether the
495 values are considered a guaranteed API. The value should
496 be a CamelCase string. This field may not be empty.
497 maxLength: 1024
498 minLength: 1
499 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
500 type: string
501 status:
502 description: status of the condition, one of True, False,
503 Unknown.
504 enum:
505 - "True"
506 - "False"
507 - Unknown
508 type: string
509 type:
510 description: type of condition in CamelCase or in foo.example.com/CamelCase.
511 --- Many .condition.type values are consistent across
512 resources like Available, but because arbitrary conditions
513 can be useful (see .node.status.conditions), the ability
514 to deconflict is important. The regex it matches is
515 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
516 maxLength: 316
517 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
518 type: string
519 required:
520 - lastTransitionTime
521 - message
522 - reason
523 - status
524 - type
525 type: object
526 maxItems: 8
527 minItems: 1
528 type: array
529 x-kubernetes-list-map-keys:
530 - type
531 x-kubernetes-list-type: map
532 controllerName:
533 description: "ControllerName is a domain/path string that indicates
534 the name of the controller that wrote this status. This corresponds
535 with the controllerName field on GatewayClass. \n Example:
536 \"example.net/gateway-controller\". \n The format of this
537 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
538 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
539 \n Controllers MUST populate this field when writing status.
540 Controllers should ensure that entries to status populated
541 with their ControllerName are cleaned up when they are no
542 longer necessary."
543 maxLength: 253
544 minLength: 1
545 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
546 type: string
547 parentRef:
548 description: ParentRef corresponds with a ParentRef in the spec
549 that this RouteParentStatus struct describes the status of.
550 properties:
551 group:
552 default: gateway.networking.k8s.io
553 description: "Group is the group of the referent. When unspecified,
554 \"gateway.networking.k8s.io\" is inferred. To set the
555 core API group (such as for a \"Service\" kind referent),
556 Group must be explicitly set to \"\" (empty string). \n
557 Support: Core"
558 maxLength: 253
559 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
560 type: string
561 kind:
562 default: Gateway
563 description: "Kind is kind of the referent. \n There are
564 two kinds of parent resources with \"Core\" support: \n
565 * Gateway (Gateway conformance profile) * Service (Mesh
566 conformance profile, experimental, ClusterIP Services
567 only) \n Support for other resources is Implementation-Specific."
568 maxLength: 63
569 minLength: 1
570 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
571 type: string
572 name:
573 description: "Name is the name of the referent. \n Support:
574 Core"
575 maxLength: 253
576 minLength: 1
577 type: string
578 namespace:
579 description: "Namespace is the namespace of the referent.
580 When unspecified, this refers to the local namespace of
581 the Route. \n Note that there are specific rules for ParentRefs
582 which cross namespace boundaries. Cross-namespace references
583 are only valid if they are explicitly allowed by something
584 in the namespace they are referring to. For example: Gateway
585 has the AllowedRoutes field, and ReferenceGrant provides
586 a generic way to enable any other kind of cross-namespace
587 reference. \n ParentRefs from a Route to a Service in
588 the same namespace are \"producer\" routes, which apply
589 default routing rules to inbound connections from any
590 namespace to the Service. \n ParentRefs from a Route to
591 a Service in a different namespace are \"consumer\" routes,
592 and these routing rules are only applied to outbound connections
593 originating from the same namespace as the Route, for
594 which the intended destination of the connections are
595 a Service targeted as a ParentRef of the Route. \n Support:
596 Core"
597 maxLength: 63
598 minLength: 1
599 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
600 type: string
601 port:
602 description: "Port is the network port this Route targets.
603 It can be interpreted differently based on the type of
604 parent resource. \n When the parent resource is a Gateway,
605 this targets all listeners listening on the specified
606 port that also support this kind of Route(and select this
607 Route). It's not recommended to set `Port` unless the
608 networking behaviors specified in a Route must apply to
609 a specific port as opposed to a listener(s) whose port(s)
610 may be changed. When both Port and SectionName are specified,
611 the name and port of the selected listener must match
612 both specified values. \n When the parent resource is
613 a Service, this targets a specific port in the Service
614 spec. When both Port (experimental) and SectionName are
615 specified, the name and port of the selected port must
616 match both specified values. \n Implementations MAY choose
617 to support other parent resources. Implementations supporting
618 other types of parent resources MUST clearly document
619 how/if Port is interpreted. \n For the purpose of status,
620 an attachment is considered successful as long as the
621 parent resource accepts it partially. For example, Gateway
622 listeners can restrict which Routes can attach to them
623 by Route kind, namespace, or hostname. If 1 of 2 Gateway
624 listeners accept attachment from the referencing Route,
625 the Route MUST be considered successfully attached. If
626 no Gateway listeners accept attachment from this Route,
627 the Route MUST be considered detached from the Gateway.
628 \n Support: Extended \n "
629 format: int32
630 maximum: 65535
631 minimum: 1
632 type: integer
633 sectionName:
634 description: "SectionName is the name of a section within
635 the target resource. In the following resources, SectionName
636 is interpreted as the following: \n * Gateway: Listener
637 Name. When both Port (experimental) and SectionName are
638 specified, the name and port of the selected listener
639 must match both specified values. * Service: Port Name.
640 When both Port (experimental) and SectionName are specified,
641 the name and port of the selected listener must match
642 both specified values. Note that attaching Routes to Services
643 as Parents is part of experimental Mesh support and is
644 not supported for any other purpose. \n Implementations
645 MAY choose to support attaching Routes to other resources.
646 If that is the case, they MUST clearly document how SectionName
647 is interpreted. \n When unspecified (empty string), this
648 will reference the entire resource. For the purpose of
649 status, an attachment is considered successful if at least
650 one section in the parent resource accepts it. For example,
651 Gateway listeners can restrict which Routes can attach
652 to them by Route kind, namespace, or hostname. If 1 of
653 2 Gateway listeners accept attachment from the referencing
654 Route, the Route MUST be considered successfully attached.
655 If no Gateway listeners accept attachment from this Route,
656 the Route MUST be considered detached from the Gateway.
657 \n Support: Core"
658 maxLength: 253
659 minLength: 1
660 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
661 type: string
662 required:
663 - name
664 type: object
665 required:
666 - controllerName
667 - parentRef
668 type: object
669 maxItems: 32
670 type: array
671 required:
672 - parents
673 type: object
674 required:
675 - spec
676 type: object
677 served: true
678 storage: true
679 subresources:
680 status: {}
681status:
682 acceptedNames:
683 kind: ""
684 plural: ""
685 conditions: null
686 storedVersions: null
View as plain text