1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
6 gateway.networking.k8s.io/bundle-version: v1.0.0
7 gateway.networking.k8s.io/channel: standard
8 creationTimestamp: null
9 name: httproutes.gateway.networking.k8s.io
10spec:
11 group: gateway.networking.k8s.io
12 names:
13 categories:
14 - gateway-api
15 kind: HTTPRoute
16 listKind: HTTPRouteList
17 plural: httproutes
18 singular: httproute
19 scope: Namespaced
20 versions:
21 - additionalPrinterColumns:
22 - jsonPath: .spec.hostnames
23 name: Hostnames
24 type: string
25 - jsonPath: .metadata.creationTimestamp
26 name: Age
27 type: date
28 name: v1
29 schema:
30 openAPIV3Schema:
31 description: HTTPRoute provides a way to route HTTP requests. This includes
32 the capability to match requests by hostname, path, header, or query param.
33 Filters can be used to specify additional processing steps. Backends specify
34 where matching requests should be routed.
35 properties:
36 apiVersion:
37 description: 'APIVersion defines the versioned schema of this representation
38 of an object. Servers should convert recognized schemas to the latest
39 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
40 type: string
41 kind:
42 description: 'Kind is a string value representing the REST resource this
43 object represents. Servers may infer this from the endpoint the client
44 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
45 type: string
46 metadata:
47 type: object
48 spec:
49 description: Spec defines the desired state of HTTPRoute.
50 properties:
51 hostnames:
52 description: "Hostnames defines a set of hostnames that should match
53 against the HTTP Host header to select a HTTPRoute used to process
54 the request. Implementations MUST ignore any port value specified
55 in the HTTP Host header while performing a match and (absent of
56 any applicable header modification configuration) MUST forward this
57 header unmodified to the backend. \n Valid values for Hostnames
58 are determined by RFC 1123 definition of a hostname with 2 notable
59 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
60 with a wildcard label (`*.`). The wildcard label must appear by
61 itself as the first label. \n If a hostname is specified by both
62 the Listener and HTTPRoute, there must be at least one intersecting
63 hostname for the HTTPRoute to be attached to the Listener. For example:
64 \n * A Listener with `test.example.com` as the hostname matches
65 HTTPRoutes that have either not specified any hostnames, or have
66 specified at least one of `test.example.com` or `*.example.com`.
67 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
68 that have either not specified any hostnames or have specified at
69 least one hostname that matches the Listener hostname. For example,
70 `*.example.com`, `test.example.com`, and `foo.test.example.com`
71 would all match. On the other hand, `example.com` and `test.example.net`
72 would not match. \n Hostnames that are prefixed with a wildcard
73 label (`*.`) are interpreted as a suffix match. That means that
74 a match for `*.example.com` would match both `test.example.com`,
75 and `foo.test.example.com`, but not `example.com`. \n If both the
76 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
77 that do not match the Listener hostname MUST be ignored. For example,
78 if a Listener specified `*.example.com`, and the HTTPRoute specified
79 `test.example.com` and `test.example.net`, `test.example.net` must
80 not be considered for a match. \n If both the Listener and HTTPRoute
81 have specified hostnames, and none match with the criteria above,
82 then the HTTPRoute is not accepted. The implementation must raise
83 an 'Accepted' Condition with a status of `False` in the corresponding
84 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
85 intersecting hostnames (e.g. overlapping wildcard matching and exact
86 matching hostnames), precedence must be given to rules from the
87 HTTPRoute with the largest number of: \n * Characters in a matching
88 non-wildcard hostname. * Characters in a matching hostname. \n If
89 ties exist across multiple Routes, the matching precedence rules
90 for HTTPRouteMatches takes over. \n Support: Core"
91 items:
92 description: "Hostname is the fully qualified domain name of a network
93 host. This matches the RFC 1123 definition of a hostname with
94 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
95 may be prefixed with a wildcard label (`*.`). The wildcard label
96 must appear by itself as the first label. \n Hostname can be \"precise\"
97 which is a domain name without the terminating dot of a network
98 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
99 name prefixed with a single wildcard label (e.g. `*.example.com`).
100 \n Note that as per RFC1035 and RFC1123, a *label* must consist
101 of lower case alphanumeric characters or '-', and must start and
102 end with an alphanumeric character. No other punctuation is allowed."
103 maxLength: 253
104 minLength: 1
105 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
106 type: string
107 maxItems: 16
108 type: array
109 parentRefs:
110 description: "ParentRefs references the resources (usually Gateways)
111 that a Route wants to be attached to. Note that the referenced parent
112 resource needs to allow this for the attachment to be complete.
113 For Gateways, that means the Gateway needs to allow attachment from
114 Routes of this kind and namespace. For Services, that means the
115 Service must either be in the same namespace for a \"producer\"
116 route, or the mesh implementation must support and allow \"consumer\"
117 routes for the referenced Service. ReferenceGrant is not applicable
118 for governing ParentRefs to Services - it is not possible to create
119 a \"producer\" route for a Service in a different namespace from
120 the Route. \n There are two kinds of parent resources with \"Core\"
121 support: \n * Gateway (Gateway conformance profile) This API may
122 be extended in the future to support additional kinds of parent
123 resources. \n ParentRefs must be _distinct_. This means either that:
124 \n * They select different objects. If this is the case, then parentRef
125 entries are distinct. In terms of fields, this means that the multi-part
126 key defined by `group`, `kind`, `namespace`, and `name` must be
127 unique across all parentRef entries in the Route. * They do not
128 select different objects, but for each optional field used, each
129 ParentRef that selects the same object must set the same set of
130 optional fields to different values. If one ParentRef sets a combination
131 of optional fields, all must set the same combination. \n Some examples:
132 \n * If one ParentRef sets `sectionName`, all ParentRefs referencing
133 the same object must also set `sectionName`. * If one ParentRef
134 sets `port`, all ParentRefs referencing the same object must also
135 set `port`. * If one ParentRef sets `sectionName` and `port`, all
136 ParentRefs referencing the same object must also set `sectionName`
137 and `port`. \n It is possible to separately reference multiple distinct
138 objects that may be collapsed by an implementation. For example,
139 some implementations may choose to merge compatible Gateway Listeners
140 together. If that is the case, the list of routes attached to those
141 resources should also be merged. \n Note that for ParentRefs that
142 cross namespace boundaries, there are specific rules. Cross-namespace
143 references are only valid if they are explicitly allowed by something
144 in the namespace they are referring to. For example, Gateway has
145 the AllowedRoutes field, and ReferenceGrant provides a generic way
146 to enable other kinds of cross-namespace reference. \n \n "
147 items:
148 description: "ParentReference identifies an API object (usually
149 a Gateway) that can be considered a parent of this resource (usually
150 a route). There are two kinds of parent resources with \"Core\"
151 support: \n * Gateway (Gateway conformance profile) * Service
152 (Mesh conformance profile, experimental, ClusterIP Services only)
153 \n This API may be extended in the future to support additional
154 kinds of parent resources. \n The API object must be valid in
155 the cluster; the Group and Kind must be registered in the cluster
156 for this reference to be valid."
157 properties:
158 group:
159 default: gateway.networking.k8s.io
160 description: "Group is the group of the referent. When unspecified,
161 \"gateway.networking.k8s.io\" is inferred. To set the core
162 API group (such as for a \"Service\" kind referent), Group
163 must be explicitly set to \"\" (empty string). \n Support:
164 Core"
165 maxLength: 253
166 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
167 type: string
168 kind:
169 default: Gateway
170 description: "Kind is kind of the referent. \n There are two
171 kinds of parent resources with \"Core\" support: \n * Gateway
172 (Gateway conformance profile) * Service (Mesh conformance
173 profile, experimental, ClusterIP Services only) \n Support
174 for other resources is Implementation-Specific."
175 maxLength: 63
176 minLength: 1
177 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
178 type: string
179 name:
180 description: "Name is the name of the referent. \n Support:
181 Core"
182 maxLength: 253
183 minLength: 1
184 type: string
185 namespace:
186 description: "Namespace is the namespace of the referent. When
187 unspecified, this refers to the local namespace of the Route.
188 \n Note that there are specific rules for ParentRefs which
189 cross namespace boundaries. Cross-namespace references are
190 only valid if they are explicitly allowed by something in
191 the namespace they are referring to. For example: Gateway
192 has the AllowedRoutes field, and ReferenceGrant provides a
193 generic way to enable any other kind of cross-namespace reference.
194 \n \n Support: Core"
195 maxLength: 63
196 minLength: 1
197 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
198 type: string
199 sectionName:
200 description: "SectionName is the name of a section within the
201 target resource. In the following resources, SectionName is
202 interpreted as the following: \n * Gateway: Listener Name.
203 When both Port (experimental) and SectionName are specified,
204 the name and port of the selected listener must match both
205 specified values. * Service: Port Name. When both Port (experimental)
206 and SectionName are specified, the name and port of the selected
207 listener must match both specified values. Note that attaching
208 Routes to Services as Parents is part of experimental Mesh
209 support and is not supported for any other purpose. \n Implementations
210 MAY choose to support attaching Routes to other resources.
211 If that is the case, they MUST clearly document how SectionName
212 is interpreted. \n When unspecified (empty string), this will
213 reference the entire resource. For the purpose of status,
214 an attachment is considered successful if at least one section
215 in the parent resource accepts it. For example, Gateway listeners
216 can restrict which Routes can attach to them by Route kind,
217 namespace, or hostname. If 1 of 2 Gateway listeners accept
218 attachment from the referencing Route, the Route MUST be considered
219 successfully attached. If no Gateway listeners accept attachment
220 from this Route, the Route MUST be considered detached from
221 the Gateway. \n Support: Core"
222 maxLength: 253
223 minLength: 1
224 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
225 type: string
226 required:
227 - name
228 type: object
229 maxItems: 32
230 type: array
231 x-kubernetes-validations:
232 - message: sectionName must be specified when parentRefs includes
233 2 or more references to the same parent
234 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind
235 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
236 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__
237 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
238 p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName)
239 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName
240 == '''')) : true))'
241 - message: sectionName must be unique when parentRefs includes 2 or
242 more references to the same parent
243 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind
244 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
245 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__
246 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
247 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName)
248 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName
249 == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName
250 == p2.sectionName))))
251 rules:
252 default:
253 - matches:
254 - path:
255 type: PathPrefix
256 value: /
257 description: Rules are a list of HTTP matchers, filters and actions.
258 items:
259 description: HTTPRouteRule defines semantics for matching an HTTP
260 request based on conditions (matches), processing it (filters),
261 and forwarding the request to an API object (backendRefs).
262 properties:
263 backendRefs:
264 description: "BackendRefs defines the backend(s) where matching
265 requests should be sent. \n Failure behavior here depends
266 on how many BackendRefs are specified and how many are invalid.
267 \n If *all* entries in BackendRefs are invalid, and there
268 are also no filters specified in this route rule, *all* traffic
269 which matches this rule MUST receive a 500 status code. \n
270 See the HTTPBackendRef definition for the rules about what
271 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
272 is invalid, 500 status codes MUST be returned for requests
273 that would have otherwise been routed to an invalid backend.
274 If multiple backends are specified, and some are invalid,
275 the proportion of requests that would otherwise have been
276 routed to an invalid backend MUST receive a 500 status code.
277 \n For example, if two backends are specified with equal weights,
278 and one is invalid, 50 percent of traffic must receive a 500.
279 Implementations may choose how that 50 percent is determined.
280 \n Support: Core for Kubernetes Service \n Support: Extended
281 for Kubernetes ServiceImport \n Support: Implementation-specific
282 for any other resource \n Support for weight: Core"
283 items:
284 description: "HTTPBackendRef defines how a HTTPRoute forwards
285 a HTTP request. \n Note that when a namespace different
286 than the local namespace is specified, a ReferenceGrant
287 object is required in the referent namespace to allow that
288 namespace's owner to accept the reference. See the ReferenceGrant
289 documentation for details. \n <gateway:experimental:description>
290 \n When the BackendRef points to a Kubernetes Service, implementations
291 SHOULD honor the appProtocol field if it is set for the
292 target Service Port. \n Implementations supporting appProtocol
293 SHOULD recognize the Kubernetes Standard Application Protocols
294 defined in KEP-3726. \n If a Service appProtocol isn't specified,
295 an implementation MAY infer the backend protocol through
296 its own means. Implementations MAY infer the protocol from
297 the Route type referring to the backend Service. \n If a
298 Route is not able to send traffic to the backend using the
299 specified protocol then the backend is considered invalid.
300 Implementations MUST set the \"ResolvedRefs\" condition
301 to \"False\" with the \"UnsupportedProtocol\" reason. \n
302 </gateway:experimental:description>"
303 properties:
304 filters:
305 description: "Filters defined at this level should be
306 executed if and only if the request is being forwarded
307 to the backend defined here. \n Support: Implementation-specific
308 (For broader support of filters, use the Filters field
309 in HTTPRouteRule.)"
310 items:
311 description: HTTPRouteFilter defines processing steps
312 that must be completed during the request or response
313 lifecycle. HTTPRouteFilters are meant as an extension
314 point to express processing that may be done in Gateway
315 implementations. Some examples include request or
316 response modification, implementing authentication
317 strategies, rate-limiting, and traffic shaping. API
318 guarantee/conformance is defined based on the type
319 of the filter.
320 properties:
321 extensionRef:
322 description: "ExtensionRef is an optional, implementation-specific
323 extension to the \"filter\" behavior. For example,
324 resource \"myroutefilter\" in group \"networking.example.net\").
325 ExtensionRef MUST NOT be used for core and extended
326 filters. \n This filter can be used multiple times
327 within the same rule. \n Support: Implementation-specific"
328 properties:
329 group:
330 description: Group is the group of the referent.
331 For example, "gateway.networking.k8s.io".
332 When unspecified or empty string, core API
333 group is inferred.
334 maxLength: 253
335 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
336 type: string
337 kind:
338 description: Kind is kind of the referent. For
339 example "HTTPRoute" or "Service".
340 maxLength: 63
341 minLength: 1
342 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
343 type: string
344 name:
345 description: Name is the name of the referent.
346 maxLength: 253
347 minLength: 1
348 type: string
349 required:
350 - group
351 - kind
352 - name
353 type: object
354 requestHeaderModifier:
355 description: "RequestHeaderModifier defines a schema
356 for a filter that modifies request headers. \n
357 Support: Core"
358 properties:
359 add:
360 description: "Add adds the given header(s) (name,
361 value) to the request before the action. It
362 appends to any existing values associated
363 with the header name. \n Input: GET /foo HTTP/1.1
364 my-header: foo \n Config: add: - name: \"my-header\"
365 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
366 my-header: foo,bar,baz"
367 items:
368 description: HTTPHeader represents an HTTP
369 Header name and value as defined by RFC
370 7230.
371 properties:
372 name:
373 description: "Name is the name of the
374 HTTP Header to be matched. Name matching
375 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
376 \n If multiple entries specify equivalent
377 header names, the first entry with an
378 equivalent name MUST be considered for
379 a match. Subsequent entries with an
380 equivalent header name MUST be ignored.
381 Due to the case-insensitivity of header
382 names, \"foo\" and \"Foo\" are considered
383 equivalent."
384 maxLength: 256
385 minLength: 1
386 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
387 type: string
388 value:
389 description: Value is the value of HTTP
390 Header to be matched.
391 maxLength: 4096
392 minLength: 1
393 type: string
394 required:
395 - name
396 - value
397 type: object
398 maxItems: 16
399 type: array
400 x-kubernetes-list-map-keys:
401 - name
402 x-kubernetes-list-type: map
403 remove:
404 description: "Remove the given header(s) from
405 the HTTP request before the action. The value
406 of Remove is a list of HTTP header names.
407 Note that the header names are case-insensitive
408 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
409 \n Input: GET /foo HTTP/1.1 my-header1: foo
410 my-header2: bar my-header3: baz \n Config:
411 remove: [\"my-header1\", \"my-header3\"] \n
412 Output: GET /foo HTTP/1.1 my-header2: bar"
413 items:
414 type: string
415 maxItems: 16
416 type: array
417 x-kubernetes-list-type: set
418 set:
419 description: "Set overwrites the request with
420 the given header (name, value) before the
421 action. \n Input: GET /foo HTTP/1.1 my-header:
422 foo \n Config: set: - name: \"my-header\"
423 value: \"bar\" \n Output: GET /foo HTTP/1.1
424 my-header: bar"
425 items:
426 description: HTTPHeader represents an HTTP
427 Header name and value as defined by RFC
428 7230.
429 properties:
430 name:
431 description: "Name is the name of the
432 HTTP Header to be matched. Name matching
433 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
434 \n If multiple entries specify equivalent
435 header names, the first entry with an
436 equivalent name MUST be considered for
437 a match. Subsequent entries with an
438 equivalent header name MUST be ignored.
439 Due to the case-insensitivity of header
440 names, \"foo\" and \"Foo\" are considered
441 equivalent."
442 maxLength: 256
443 minLength: 1
444 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
445 type: string
446 value:
447 description: Value is the value of HTTP
448 Header to be matched.
449 maxLength: 4096
450 minLength: 1
451 type: string
452 required:
453 - name
454 - value
455 type: object
456 maxItems: 16
457 type: array
458 x-kubernetes-list-map-keys:
459 - name
460 x-kubernetes-list-type: map
461 type: object
462 requestMirror:
463 description: "RequestMirror defines a schema for
464 a filter that mirrors requests. Requests are sent
465 to the specified destination, but responses from
466 that destination are ignored. \n This filter can
467 be used multiple times within the same rule. Note
468 that not all implementations will be able to support
469 mirroring to multiple backends. \n Support: Extended"
470 properties:
471 backendRef:
472 description: "BackendRef references a resource
473 where mirrored requests are sent. \n Mirrored
474 requests must be sent only to a single destination
475 endpoint within this BackendRef, irrespective
476 of how many endpoints are present within this
477 BackendRef. \n If the referent cannot be found,
478 this BackendRef is invalid and must be dropped
479 from the Gateway. The controller must ensure
480 the \"ResolvedRefs\" condition on the Route
481 status is set to `status: False` and not configure
482 this backend in the underlying implementation.
483 \n If there is a cross-namespace reference
484 to an *existing* object that is not allowed
485 by a ReferenceGrant, the controller must ensure
486 the \"ResolvedRefs\" condition on the Route
487 is set to `status: False`, with the \"RefNotPermitted\"
488 reason and not configure this backend in the
489 underlying implementation. \n In either error
490 case, the Message of the `ResolvedRefs` Condition
491 should be used to provide more detail about
492 the problem. \n Support: Extended for Kubernetes
493 Service \n Support: Implementation-specific
494 for any other resource"
495 properties:
496 group:
497 default: ""
498 description: Group is the group of the referent.
499 For example, "gateway.networking.k8s.io".
500 When unspecified or empty string, core
501 API group is inferred.
502 maxLength: 253
503 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
504 type: string
505 kind:
506 default: Service
507 description: "Kind is the Kubernetes resource
508 kind of the referent. For example \"Service\".
509 \n Defaults to \"Service\" when not specified.
510 \n ExternalName services can refer to
511 CNAME DNS records that may live outside
512 of the cluster and as such are difficult
513 to reason about in terms of conformance.
514 They also may not be safe to forward to
515 (see CVE-2021-25740 for more information).
516 Implementations SHOULD NOT support ExternalName
517 Services. \n Support: Core (Services with
518 a type other than ExternalName) \n Support:
519 Implementation-specific (Services with
520 type ExternalName)"
521 maxLength: 63
522 minLength: 1
523 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
524 type: string
525 name:
526 description: Name is the name of the referent.
527 maxLength: 253
528 minLength: 1
529 type: string
530 namespace:
531 description: "Namespace is the namespace
532 of the backend. When unspecified, the
533 local namespace is inferred. \n Note that
534 when a namespace different than the local
535 namespace is specified, a ReferenceGrant
536 object is required in the referent namespace
537 to allow that namespace's owner to accept
538 the reference. See the ReferenceGrant
539 documentation for details. \n Support:
540 Core"
541 maxLength: 63
542 minLength: 1
543 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
544 type: string
545 port:
546 description: Port specifies the destination
547 port number to use for this resource.
548 Port is required when the referent is
549 a Kubernetes Service. In this case, the
550 port number is the service port number,
551 not the target port. For other resources,
552 destination port might be derived from
553 the referent resource or this field.
554 format: int32
555 maximum: 65535
556 minimum: 1
557 type: integer
558 required:
559 - name
560 type: object
561 x-kubernetes-validations:
562 - message: Must have port for Service reference
563 rule: '(size(self.group) == 0 && self.kind
564 == ''Service'') ? has(self.port) : true'
565 required:
566 - backendRef
567 type: object
568 requestRedirect:
569 description: "RequestRedirect defines a schema for
570 a filter that responds to the request with an
571 HTTP redirection. \n Support: Core"
572 properties:
573 hostname:
574 description: "Hostname is the hostname to be
575 used in the value of the `Location` header
576 in the response. When empty, the hostname
577 in the `Host` header of the request is used.
578 \n Support: Core"
579 maxLength: 253
580 minLength: 1
581 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
582 type: string
583 path:
584 description: "Path defines parameters used to
585 modify the path of the incoming request. The
586 modified path is then used to construct the
587 `Location` header. When empty, the request
588 path is used as-is. \n Support: Extended"
589 properties:
590 replaceFullPath:
591 description: ReplaceFullPath specifies the
592 value with which to replace the full path
593 of a request during a rewrite or redirect.
594 maxLength: 1024
595 type: string
596 replacePrefixMatch:
597 description: "ReplacePrefixMatch specifies
598 the value with which to replace the prefix
599 match of a request during a rewrite or
600 redirect. For example, a request to \"/foo/bar\"
601 with a prefix match of \"/foo\" and a
602 ReplacePrefixMatch of \"/xyz\" would be
603 modified to \"/xyz/bar\". \n Note that
604 this matches the behavior of the PathPrefix
605 match type. This matches full path elements.
606 A path element refers to the list of labels
607 in the path split by the `/` separator.
608 When specified, a trailing `/` is ignored.
609 For example, the paths `/abc`, `/abc/`,
610 and `/abc/def` would all match the prefix
611 `/abc`, but the path `/abcd` would not.
612 \n ReplacePrefixMatch is only compatible
613 with a `PathPrefix` HTTPRouteMatch. Using
614 any other HTTPRouteMatch type on the same
615 HTTPRouteRule will result in the implementation
616 setting the Accepted Condition for the
617 Route to `status: False`. \n Request Path
618 | Prefix Match | Replace Prefix | Modified
619 Path -------------|--------------|----------------|----------
620 /foo/bar | /foo | /xyz |
621 /xyz/bar /foo/bar | /foo |
622 /xyz/ | /xyz/bar /foo/bar |
623 /foo/ | /xyz | /xyz/bar
624 /foo/bar | /foo/ | /xyz/ |
625 /xyz/bar /foo | /foo |
626 /xyz | /xyz /foo/ | /foo
627 \ | /xyz | /xyz/ /foo/bar
628 \ | /foo | <empty string> |
629 /bar /foo/ | /foo | <empty
630 string> | / /foo | /foo |
631 <empty string> | / /foo/ | /foo
632 \ | / | / /foo |
633 /foo | / | /"
634 maxLength: 1024
635 type: string
636 type:
637 description: "Type defines the type of path
638 modifier. Additional types may be added
639 in a future release of the API. \n Note
640 that values may be added to this enum,
641 implementations must ensure that unknown
642 values will not cause a crash. \n Unknown
643 values here must result in the implementation
644 setting the Accepted Condition for the
645 Route to `status: False`, with a Reason
646 of `UnsupportedValue`."
647 enum:
648 - ReplaceFullPath
649 - ReplacePrefixMatch
650 type: string
651 required:
652 - type
653 type: object
654 x-kubernetes-validations:
655 - message: replaceFullPath must be specified
656 when type is set to 'ReplaceFullPath'
657 rule: 'self.type == ''ReplaceFullPath'' ?
658 has(self.replaceFullPath) : true'
659 - message: type must be 'ReplaceFullPath' when
660 replaceFullPath is set
661 rule: 'has(self.replaceFullPath) ? self.type
662 == ''ReplaceFullPath'' : true'
663 - message: replacePrefixMatch must be specified
664 when type is set to 'ReplacePrefixMatch'
665 rule: 'self.type == ''ReplacePrefixMatch''
666 ? has(self.replacePrefixMatch) : true'
667 - message: type must be 'ReplacePrefixMatch'
668 when replacePrefixMatch is set
669 rule: 'has(self.replacePrefixMatch) ? self.type
670 == ''ReplacePrefixMatch'' : true'
671 port:
672 description: "Port is the port to be used in
673 the value of the `Location` header in the
674 response. \n If no port is specified, the
675 redirect port MUST be derived using the following
676 rules: \n * If redirect scheme is not-empty,
677 the redirect port MUST be the well-known port
678 associated with the redirect scheme. Specifically
679 \"http\" to port 80 and \"https\" to port
680 443. If the redirect scheme does not have
681 a well-known port, the listener port of the
682 Gateway SHOULD be used. * If redirect scheme
683 is empty, the redirect port MUST be the Gateway
684 Listener port. \n Implementations SHOULD NOT
685 add the port number in the 'Location' header
686 in the following cases: \n * A Location header
687 that will use HTTP (whether that is determined
688 via the Listener protocol or the Scheme field)
689 _and_ use port 80. * A Location header that
690 will use HTTPS (whether that is determined
691 via the Listener protocol or the Scheme field)
692 _and_ use port 443. \n Support: Extended"
693 format: int32
694 maximum: 65535
695 minimum: 1
696 type: integer
697 scheme:
698 description: "Scheme is the scheme to be used
699 in the value of the `Location` header in the
700 response. When empty, the scheme of the request
701 is used. \n Scheme redirects can affect the
702 port of the redirect, for more information,
703 refer to the documentation for the port field
704 of this filter. \n Note that values may be
705 added to this enum, implementations must ensure
706 that unknown values will not cause a crash.
707 \n Unknown values here must result in the
708 implementation setting the Accepted Condition
709 for the Route to `status: False`, with a Reason
710 of `UnsupportedValue`. \n Support: Extended"
711 enum:
712 - http
713 - https
714 type: string
715 statusCode:
716 default: 302
717 description: "StatusCode is the HTTP status
718 code to be used in response. \n Note that
719 values may be added to this enum, implementations
720 must ensure that unknown values will not cause
721 a crash. \n Unknown values here must result
722 in the implementation setting the Accepted
723 Condition for the Route to `status: False`,
724 with a Reason of `UnsupportedValue`. \n Support:
725 Core"
726 enum:
727 - 301
728 - 302
729 type: integer
730 type: object
731 responseHeaderModifier:
732 description: "ResponseHeaderModifier defines a schema
733 for a filter that modifies response headers. \n
734 Support: Extended"
735 properties:
736 add:
737 description: "Add adds the given header(s) (name,
738 value) to the request before the action. It
739 appends to any existing values associated
740 with the header name. \n Input: GET /foo HTTP/1.1
741 my-header: foo \n Config: add: - name: \"my-header\"
742 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
743 my-header: foo,bar,baz"
744 items:
745 description: HTTPHeader represents an HTTP
746 Header name and value as defined by RFC
747 7230.
748 properties:
749 name:
750 description: "Name is the name of the
751 HTTP Header to be matched. Name matching
752 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
753 \n If multiple entries specify equivalent
754 header names, the first entry with an
755 equivalent name MUST be considered for
756 a match. Subsequent entries with an
757 equivalent header name MUST be ignored.
758 Due to the case-insensitivity of header
759 names, \"foo\" and \"Foo\" are considered
760 equivalent."
761 maxLength: 256
762 minLength: 1
763 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
764 type: string
765 value:
766 description: Value is the value of HTTP
767 Header to be matched.
768 maxLength: 4096
769 minLength: 1
770 type: string
771 required:
772 - name
773 - value
774 type: object
775 maxItems: 16
776 type: array
777 x-kubernetes-list-map-keys:
778 - name
779 x-kubernetes-list-type: map
780 remove:
781 description: "Remove the given header(s) from
782 the HTTP request before the action. The value
783 of Remove is a list of HTTP header names.
784 Note that the header names are case-insensitive
785 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
786 \n Input: GET /foo HTTP/1.1 my-header1: foo
787 my-header2: bar my-header3: baz \n Config:
788 remove: [\"my-header1\", \"my-header3\"] \n
789 Output: GET /foo HTTP/1.1 my-header2: bar"
790 items:
791 type: string
792 maxItems: 16
793 type: array
794 x-kubernetes-list-type: set
795 set:
796 description: "Set overwrites the request with
797 the given header (name, value) before the
798 action. \n Input: GET /foo HTTP/1.1 my-header:
799 foo \n Config: set: - name: \"my-header\"
800 value: \"bar\" \n Output: GET /foo HTTP/1.1
801 my-header: bar"
802 items:
803 description: HTTPHeader represents an HTTP
804 Header name and value as defined by RFC
805 7230.
806 properties:
807 name:
808 description: "Name is the name of the
809 HTTP Header to be matched. Name matching
810 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
811 \n If multiple entries specify equivalent
812 header names, the first entry with an
813 equivalent name MUST be considered for
814 a match. Subsequent entries with an
815 equivalent header name MUST be ignored.
816 Due to the case-insensitivity of header
817 names, \"foo\" and \"Foo\" are considered
818 equivalent."
819 maxLength: 256
820 minLength: 1
821 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
822 type: string
823 value:
824 description: Value is the value of HTTP
825 Header to be matched.
826 maxLength: 4096
827 minLength: 1
828 type: string
829 required:
830 - name
831 - value
832 type: object
833 maxItems: 16
834 type: array
835 x-kubernetes-list-map-keys:
836 - name
837 x-kubernetes-list-type: map
838 type: object
839 type:
840 description: "Type identifies the type of filter
841 to apply. As with other API fields, types are
842 classified into three conformance levels: \n -
843 Core: Filter types and their corresponding configuration
844 defined by \"Support: Core\" in this package,
845 e.g. \"RequestHeaderModifier\". All implementations
846 must support core filters. \n - Extended: Filter
847 types and their corresponding configuration defined
848 by \"Support: Extended\" in this package, e.g.
849 \"RequestMirror\". Implementers are encouraged
850 to support extended filters. \n - Implementation-specific:
851 Filters that are defined and supported by specific
852 vendors. In the future, filters showing convergence
853 in behavior across multiple implementations will
854 be considered for inclusion in extended or core
855 conformance levels. Filter-specific configuration
856 for such filters is specified using the ExtensionRef
857 field. `Type` should be set to \"ExtensionRef\"
858 for custom filters. \n Implementers are encouraged
859 to define custom implementation types to extend
860 the core API with implementation-specific behavior.
861 \n If a reference to a custom filter type cannot
862 be resolved, the filter MUST NOT be skipped. Instead,
863 requests that would have been processed by that
864 filter MUST receive a HTTP error response. \n
865 Note that values may be added to this enum, implementations
866 must ensure that unknown values will not cause
867 a crash. \n Unknown values here must result in
868 the implementation setting the Accepted Condition
869 for the Route to `status: False`, with a Reason
870 of `UnsupportedValue`."
871 enum:
872 - RequestHeaderModifier
873 - ResponseHeaderModifier
874 - RequestMirror
875 - RequestRedirect
876 - URLRewrite
877 - ExtensionRef
878 type: string
879 urlRewrite:
880 description: "URLRewrite defines a schema for a
881 filter that modifies a request during forwarding.
882 \n Support: Extended"
883 properties:
884 hostname:
885 description: "Hostname is the value to be used
886 to replace the Host header value during forwarding.
887 \n Support: Extended"
888 maxLength: 253
889 minLength: 1
890 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
891 type: string
892 path:
893 description: "Path defines a path rewrite. \n
894 Support: Extended"
895 properties:
896 replaceFullPath:
897 description: ReplaceFullPath specifies the
898 value with which to replace the full path
899 of a request during a rewrite or redirect.
900 maxLength: 1024
901 type: string
902 replacePrefixMatch:
903 description: "ReplacePrefixMatch specifies
904 the value with which to replace the prefix
905 match of a request during a rewrite or
906 redirect. For example, a request to \"/foo/bar\"
907 with a prefix match of \"/foo\" and a
908 ReplacePrefixMatch of \"/xyz\" would be
909 modified to \"/xyz/bar\". \n Note that
910 this matches the behavior of the PathPrefix
911 match type. This matches full path elements.
912 A path element refers to the list of labels
913 in the path split by the `/` separator.
914 When specified, a trailing `/` is ignored.
915 For example, the paths `/abc`, `/abc/`,
916 and `/abc/def` would all match the prefix
917 `/abc`, but the path `/abcd` would not.
918 \n ReplacePrefixMatch is only compatible
919 with a `PathPrefix` HTTPRouteMatch. Using
920 any other HTTPRouteMatch type on the same
921 HTTPRouteRule will result in the implementation
922 setting the Accepted Condition for the
923 Route to `status: False`. \n Request Path
924 | Prefix Match | Replace Prefix | Modified
925 Path -------------|--------------|----------------|----------
926 /foo/bar | /foo | /xyz |
927 /xyz/bar /foo/bar | /foo |
928 /xyz/ | /xyz/bar /foo/bar |
929 /foo/ | /xyz | /xyz/bar
930 /foo/bar | /foo/ | /xyz/ |
931 /xyz/bar /foo | /foo |
932 /xyz | /xyz /foo/ | /foo
933 \ | /xyz | /xyz/ /foo/bar
934 \ | /foo | <empty string> |
935 /bar /foo/ | /foo | <empty
936 string> | / /foo | /foo |
937 <empty string> | / /foo/ | /foo
938 \ | / | / /foo |
939 /foo | / | /"
940 maxLength: 1024
941 type: string
942 type:
943 description: "Type defines the type of path
944 modifier. Additional types may be added
945 in a future release of the API. \n Note
946 that values may be added to this enum,
947 implementations must ensure that unknown
948 values will not cause a crash. \n Unknown
949 values here must result in the implementation
950 setting the Accepted Condition for the
951 Route to `status: False`, with a Reason
952 of `UnsupportedValue`."
953 enum:
954 - ReplaceFullPath
955 - ReplacePrefixMatch
956 type: string
957 required:
958 - type
959 type: object
960 x-kubernetes-validations:
961 - message: replaceFullPath must be specified
962 when type is set to 'ReplaceFullPath'
963 rule: 'self.type == ''ReplaceFullPath'' ?
964 has(self.replaceFullPath) : true'
965 - message: type must be 'ReplaceFullPath' when
966 replaceFullPath is set
967 rule: 'has(self.replaceFullPath) ? self.type
968 == ''ReplaceFullPath'' : true'
969 - message: replacePrefixMatch must be specified
970 when type is set to 'ReplacePrefixMatch'
971 rule: 'self.type == ''ReplacePrefixMatch''
972 ? has(self.replacePrefixMatch) : true'
973 - message: type must be 'ReplacePrefixMatch'
974 when replacePrefixMatch is set
975 rule: 'has(self.replacePrefixMatch) ? self.type
976 == ''ReplacePrefixMatch'' : true'
977 type: object
978 required:
979 - type
980 type: object
981 x-kubernetes-validations:
982 - message: filter.requestHeaderModifier must be nil
983 if the filter.type is not RequestHeaderModifier
984 rule: '!(has(self.requestHeaderModifier) && self.type
985 != ''RequestHeaderModifier'')'
986 - message: filter.requestHeaderModifier must be specified
987 for RequestHeaderModifier filter.type
988 rule: '!(!has(self.requestHeaderModifier) && self.type
989 == ''RequestHeaderModifier'')'
990 - message: filter.responseHeaderModifier must be nil
991 if the filter.type is not ResponseHeaderModifier
992 rule: '!(has(self.responseHeaderModifier) && self.type
993 != ''ResponseHeaderModifier'')'
994 - message: filter.responseHeaderModifier must be specified
995 for ResponseHeaderModifier filter.type
996 rule: '!(!has(self.responseHeaderModifier) && self.type
997 == ''ResponseHeaderModifier'')'
998 - message: filter.requestMirror must be nil if the filter.type
999 is not RequestMirror
1000 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
1001 - message: filter.requestMirror must be specified for
1002 RequestMirror filter.type
1003 rule: '!(!has(self.requestMirror) && self.type ==
1004 ''RequestMirror'')'
1005 - message: filter.requestRedirect must be nil if the
1006 filter.type is not RequestRedirect
1007 rule: '!(has(self.requestRedirect) && self.type !=
1008 ''RequestRedirect'')'
1009 - message: filter.requestRedirect must be specified
1010 for RequestRedirect filter.type
1011 rule: '!(!has(self.requestRedirect) && self.type ==
1012 ''RequestRedirect'')'
1013 - message: filter.urlRewrite must be nil if the filter.type
1014 is not URLRewrite
1015 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
1016 - message: filter.urlRewrite must be specified for URLRewrite
1017 filter.type
1018 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
1019 - message: filter.extensionRef must be nil if the filter.type
1020 is not ExtensionRef
1021 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
1022 - message: filter.extensionRef must be specified for
1023 ExtensionRef filter.type
1024 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
1025 maxItems: 16
1026 type: array
1027 x-kubernetes-validations:
1028 - message: May specify either httpRouteFilterRequestRedirect
1029 or httpRouteFilterRequestRewrite, but not both
1030 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
1031 && self.exists(f, f.type == ''URLRewrite''))'
1032 - message: May specify either httpRouteFilterRequestRedirect
1033 or httpRouteFilterRequestRewrite, but not both
1034 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
1035 && self.exists(f, f.type == ''URLRewrite''))'
1036 - message: RequestHeaderModifier filter cannot be repeated
1037 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
1038 <= 1
1039 - message: ResponseHeaderModifier filter cannot be repeated
1040 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
1041 <= 1
1042 - message: RequestRedirect filter cannot be repeated
1043 rule: self.filter(f, f.type == 'RequestRedirect').size()
1044 <= 1
1045 - message: URLRewrite filter cannot be repeated
1046 rule: self.filter(f, f.type == 'URLRewrite').size()
1047 <= 1
1048 group:
1049 default: ""
1050 description: Group is the group of the referent. For example,
1051 "gateway.networking.k8s.io". When unspecified or empty
1052 string, core API group is inferred.
1053 maxLength: 253
1054 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1055 type: string
1056 kind:
1057 default: Service
1058 description: "Kind is the Kubernetes resource kind of
1059 the referent. For example \"Service\". \n Defaults to
1060 \"Service\" when not specified. \n ExternalName services
1061 can refer to CNAME DNS records that may live outside
1062 of the cluster and as such are difficult to reason about
1063 in terms of conformance. They also may not be safe to
1064 forward to (see CVE-2021-25740 for more information).
1065 Implementations SHOULD NOT support ExternalName Services.
1066 \n Support: Core (Services with a type other than ExternalName)
1067 \n Support: Implementation-specific (Services with type
1068 ExternalName)"
1069 maxLength: 63
1070 minLength: 1
1071 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1072 type: string
1073 name:
1074 description: Name is the name of the referent.
1075 maxLength: 253
1076 minLength: 1
1077 type: string
1078 namespace:
1079 description: "Namespace is the namespace of the backend.
1080 When unspecified, the local namespace is inferred. \n
1081 Note that when a namespace different than the local
1082 namespace is specified, a ReferenceGrant object is required
1083 in the referent namespace to allow that namespace's
1084 owner to accept the reference. See the ReferenceGrant
1085 documentation for details. \n Support: Core"
1086 maxLength: 63
1087 minLength: 1
1088 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1089 type: string
1090 port:
1091 description: Port specifies the destination port number
1092 to use for this resource. Port is required when the
1093 referent is a Kubernetes Service. In this case, the
1094 port number is the service port number, not the target
1095 port. For other resources, destination port might be
1096 derived from the referent resource or this field.
1097 format: int32
1098 maximum: 65535
1099 minimum: 1
1100 type: integer
1101 weight:
1102 default: 1
1103 description: "Weight specifies the proportion of requests
1104 forwarded to the referenced backend. This is computed
1105 as weight/(sum of all weights in this BackendRefs list).
1106 For non-zero values, there may be some epsilon from
1107 the exact proportion defined here depending on the precision
1108 an implementation supports. Weight is not a percentage
1109 and the sum of weights does not need to equal 100. \n
1110 If only one backend is specified and it has a weight
1111 greater than 0, 100% of the traffic is forwarded to
1112 that backend. If weight is set to 0, no traffic should
1113 be forwarded for this entry. If unspecified, weight
1114 defaults to 1. \n Support for this field varies based
1115 on the context where used."
1116 format: int32
1117 maximum: 1000000
1118 minimum: 0
1119 type: integer
1120 required:
1121 - name
1122 type: object
1123 x-kubernetes-validations:
1124 - message: Must have port for Service reference
1125 rule: '(size(self.group) == 0 && self.kind == ''Service'')
1126 ? has(self.port) : true'
1127 maxItems: 16
1128 type: array
1129 filters:
1130 description: "Filters define the filters that are applied to
1131 requests that match this rule. \n The effects of ordering
1132 of multiple behaviors are currently unspecified. This can
1133 change in the future based on feedback during the alpha stage.
1134 \n Conformance-levels at this level are defined based on the
1135 type of filter: \n - ALL core filters MUST be supported by
1136 all implementations. - Implementers are encouraged to support
1137 extended filters. - Implementation-specific custom filters
1138 have no API guarantees across implementations. \n Specifying
1139 the same filter multiple times is not supported unless explicitly
1140 indicated in the filter. \n All filters are expected to be
1141 compatible with each other except for the URLRewrite and RequestRedirect
1142 filters, which may not be combined. If an implementation can
1143 not support other combinations of filters, they must clearly
1144 document that limitation. In cases where incompatible or unsupported
1145 filters are specified and cause the `Accepted` condition to
1146 be set to status `False`, implementations may use the `IncompatibleFilters`
1147 reason to specify this configuration error. \n Support: Core"
1148 items:
1149 description: HTTPRouteFilter defines processing steps that
1150 must be completed during the request or response lifecycle.
1151 HTTPRouteFilters are meant as an extension point to express
1152 processing that may be done in Gateway implementations.
1153 Some examples include request or response modification,
1154 implementing authentication strategies, rate-limiting, and
1155 traffic shaping. API guarantee/conformance is defined based
1156 on the type of the filter.
1157 properties:
1158 extensionRef:
1159 description: "ExtensionRef is an optional, implementation-specific
1160 extension to the \"filter\" behavior. For example,
1161 resource \"myroutefilter\" in group \"networking.example.net\").
1162 ExtensionRef MUST NOT be used for core and extended
1163 filters. \n This filter can be used multiple times within
1164 the same rule. \n Support: Implementation-specific"
1165 properties:
1166 group:
1167 description: Group is the group of the referent. For
1168 example, "gateway.networking.k8s.io". When unspecified
1169 or empty string, core API group is inferred.
1170 maxLength: 253
1171 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1172 type: string
1173 kind:
1174 description: Kind is kind of the referent. For example
1175 "HTTPRoute" or "Service".
1176 maxLength: 63
1177 minLength: 1
1178 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1179 type: string
1180 name:
1181 description: Name is the name of the referent.
1182 maxLength: 253
1183 minLength: 1
1184 type: string
1185 required:
1186 - group
1187 - kind
1188 - name
1189 type: object
1190 requestHeaderModifier:
1191 description: "RequestHeaderModifier defines a schema for
1192 a filter that modifies request headers. \n Support:
1193 Core"
1194 properties:
1195 add:
1196 description: "Add adds the given header(s) (name,
1197 value) to the request before the action. It appends
1198 to any existing values associated with the header
1199 name. \n Input: GET /foo HTTP/1.1 my-header: foo
1200 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
1201 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
1202 items:
1203 description: HTTPHeader represents an HTTP Header
1204 name and value as defined by RFC 7230.
1205 properties:
1206 name:
1207 description: "Name is the name of the HTTP Header
1208 to be matched. Name matching MUST be case
1209 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1210 \n If multiple entries specify equivalent
1211 header names, the first entry with an equivalent
1212 name MUST be considered for a match. Subsequent
1213 entries with an equivalent header name MUST
1214 be ignored. Due to the case-insensitivity
1215 of header names, \"foo\" and \"Foo\" are considered
1216 equivalent."
1217 maxLength: 256
1218 minLength: 1
1219 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1220 type: string
1221 value:
1222 description: Value is the value of HTTP Header
1223 to be matched.
1224 maxLength: 4096
1225 minLength: 1
1226 type: string
1227 required:
1228 - name
1229 - value
1230 type: object
1231 maxItems: 16
1232 type: array
1233 x-kubernetes-list-map-keys:
1234 - name
1235 x-kubernetes-list-type: map
1236 remove:
1237 description: "Remove the given header(s) from the
1238 HTTP request before the action. The value of Remove
1239 is a list of HTTP header names. Note that the header
1240 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1241 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
1242 bar my-header3: baz \n Config: remove: [\"my-header1\",
1243 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
1244 bar"
1245 items:
1246 type: string
1247 maxItems: 16
1248 type: array
1249 x-kubernetes-list-type: set
1250 set:
1251 description: "Set overwrites the request with the
1252 given header (name, value) before the action. \n
1253 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
1254 set: - name: \"my-header\" value: \"bar\" \n Output:
1255 GET /foo HTTP/1.1 my-header: bar"
1256 items:
1257 description: HTTPHeader represents an HTTP Header
1258 name and value as defined by RFC 7230.
1259 properties:
1260 name:
1261 description: "Name is the name of the HTTP Header
1262 to be matched. Name matching MUST be case
1263 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1264 \n If multiple entries specify equivalent
1265 header names, the first entry with an equivalent
1266 name MUST be considered for a match. Subsequent
1267 entries with an equivalent header name MUST
1268 be ignored. Due to the case-insensitivity
1269 of header names, \"foo\" and \"Foo\" are considered
1270 equivalent."
1271 maxLength: 256
1272 minLength: 1
1273 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1274 type: string
1275 value:
1276 description: Value is the value of HTTP Header
1277 to be matched.
1278 maxLength: 4096
1279 minLength: 1
1280 type: string
1281 required:
1282 - name
1283 - value
1284 type: object
1285 maxItems: 16
1286 type: array
1287 x-kubernetes-list-map-keys:
1288 - name
1289 x-kubernetes-list-type: map
1290 type: object
1291 requestMirror:
1292 description: "RequestMirror defines a schema for a filter
1293 that mirrors requests. Requests are sent to the specified
1294 destination, but responses from that destination are
1295 ignored. \n This filter can be used multiple times within
1296 the same rule. Note that not all implementations will
1297 be able to support mirroring to multiple backends. \n
1298 Support: Extended"
1299 properties:
1300 backendRef:
1301 description: "BackendRef references a resource where
1302 mirrored requests are sent. \n Mirrored requests
1303 must be sent only to a single destination endpoint
1304 within this BackendRef, irrespective of how many
1305 endpoints are present within this BackendRef. \n
1306 If the referent cannot be found, this BackendRef
1307 is invalid and must be dropped from the Gateway.
1308 The controller must ensure the \"ResolvedRefs\"
1309 condition on the Route status is set to `status:
1310 False` and not configure this backend in the underlying
1311 implementation. \n If there is a cross-namespace
1312 reference to an *existing* object that is not allowed
1313 by a ReferenceGrant, the controller must ensure
1314 the \"ResolvedRefs\" condition on the Route is
1315 set to `status: False`, with the \"RefNotPermitted\"
1316 reason and not configure this backend in the underlying
1317 implementation. \n In either error case, the Message
1318 of the `ResolvedRefs` Condition should be used to
1319 provide more detail about the problem. \n Support:
1320 Extended for Kubernetes Service \n Support: Implementation-specific
1321 for any other resource"
1322 properties:
1323 group:
1324 default: ""
1325 description: Group is the group of the referent.
1326 For example, "gateway.networking.k8s.io". When
1327 unspecified or empty string, core API group
1328 is inferred.
1329 maxLength: 253
1330 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1331 type: string
1332 kind:
1333 default: Service
1334 description: "Kind is the Kubernetes resource
1335 kind of the referent. For example \"Service\".
1336 \n Defaults to \"Service\" when not specified.
1337 \n ExternalName services can refer to CNAME
1338 DNS records that may live outside of the cluster
1339 and as such are difficult to reason about in
1340 terms of conformance. They also may not be safe
1341 to forward to (see CVE-2021-25740 for more information).
1342 Implementations SHOULD NOT support ExternalName
1343 Services. \n Support: Core (Services with a
1344 type other than ExternalName) \n Support: Implementation-specific
1345 (Services with type ExternalName)"
1346 maxLength: 63
1347 minLength: 1
1348 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
1349 type: string
1350 name:
1351 description: Name is the name of the referent.
1352 maxLength: 253
1353 minLength: 1
1354 type: string
1355 namespace:
1356 description: "Namespace is the namespace of the
1357 backend. When unspecified, the local namespace
1358 is inferred. \n Note that when a namespace different
1359 than the local namespace is specified, a ReferenceGrant
1360 object is required in the referent namespace
1361 to allow that namespace's owner to accept the
1362 reference. See the ReferenceGrant documentation
1363 for details. \n Support: Core"
1364 maxLength: 63
1365 minLength: 1
1366 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
1367 type: string
1368 port:
1369 description: Port specifies the destination port
1370 number to use for this resource. Port is required
1371 when the referent is a Kubernetes Service. In
1372 this case, the port number is the service port
1373 number, not the target port. For other resources,
1374 destination port might be derived from the referent
1375 resource or this field.
1376 format: int32
1377 maximum: 65535
1378 minimum: 1
1379 type: integer
1380 required:
1381 - name
1382 type: object
1383 x-kubernetes-validations:
1384 - message: Must have port for Service reference
1385 rule: '(size(self.group) == 0 && self.kind == ''Service'')
1386 ? has(self.port) : true'
1387 required:
1388 - backendRef
1389 type: object
1390 requestRedirect:
1391 description: "RequestRedirect defines a schema for a filter
1392 that responds to the request with an HTTP redirection.
1393 \n Support: Core"
1394 properties:
1395 hostname:
1396 description: "Hostname is the hostname to be used
1397 in the value of the `Location` header in the response.
1398 When empty, the hostname in the `Host` header of
1399 the request is used. \n Support: Core"
1400 maxLength: 253
1401 minLength: 1
1402 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1403 type: string
1404 path:
1405 description: "Path defines parameters used to modify
1406 the path of the incoming request. The modified path
1407 is then used to construct the `Location` header.
1408 When empty, the request path is used as-is. \n Support:
1409 Extended"
1410 properties:
1411 replaceFullPath:
1412 description: ReplaceFullPath specifies the value
1413 with which to replace the full path of a request
1414 during a rewrite or redirect.
1415 maxLength: 1024
1416 type: string
1417 replacePrefixMatch:
1418 description: "ReplacePrefixMatch specifies the
1419 value with which to replace the prefix match
1420 of a request during a rewrite or redirect. For
1421 example, a request to \"/foo/bar\" with a prefix
1422 match of \"/foo\" and a ReplacePrefixMatch of
1423 \"/xyz\" would be modified to \"/xyz/bar\".
1424 \n Note that this matches the behavior of the
1425 PathPrefix match type. This matches full path
1426 elements. A path element refers to the list
1427 of labels in the path split by the `/` separator.
1428 When specified, a trailing `/` is ignored. For
1429 example, the paths `/abc`, `/abc/`, and `/abc/def`
1430 would all match the prefix `/abc`, but the path
1431 `/abcd` would not. \n ReplacePrefixMatch is
1432 only compatible with a `PathPrefix` HTTPRouteMatch.
1433 Using any other HTTPRouteMatch type on the same
1434 HTTPRouteRule will result in the implementation
1435 setting the Accepted Condition for the Route
1436 to `status: False`. \n Request Path | Prefix
1437 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
1438 /foo/bar | /foo | /xyz |
1439 /xyz/bar /foo/bar | /foo | /xyz/
1440 \ | /xyz/bar /foo/bar | /foo/ |
1441 /xyz | /xyz/bar /foo/bar | /foo/
1442 \ | /xyz/ | /xyz/bar /foo |
1443 /foo | /xyz | /xyz /foo/ |
1444 /foo | /xyz | /xyz/ /foo/bar
1445 \ | /foo | <empty string> | /bar
1446 /foo/ | /foo | <empty string>
1447 | / /foo | /foo | <empty string>
1448 | / /foo/ | /foo | / |
1449 / /foo | /foo | / |
1450 /"
1451 maxLength: 1024
1452 type: string
1453 type:
1454 description: "Type defines the type of path modifier.
1455 Additional types may be added in a future release
1456 of the API. \n Note that values may be added
1457 to this enum, implementations must ensure that
1458 unknown values will not cause a crash. \n Unknown
1459 values here must result in the implementation
1460 setting the Accepted Condition for the Route
1461 to `status: False`, with a Reason of `UnsupportedValue`."
1462 enum:
1463 - ReplaceFullPath
1464 - ReplacePrefixMatch
1465 type: string
1466 required:
1467 - type
1468 type: object
1469 x-kubernetes-validations:
1470 - message: replaceFullPath must be specified when
1471 type is set to 'ReplaceFullPath'
1472 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
1473 : true'
1474 - message: type must be 'ReplaceFullPath' when replaceFullPath
1475 is set
1476 rule: 'has(self.replaceFullPath) ? self.type ==
1477 ''ReplaceFullPath'' : true'
1478 - message: replacePrefixMatch must be specified when
1479 type is set to 'ReplacePrefixMatch'
1480 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
1481 : true'
1482 - message: type must be 'ReplacePrefixMatch' when
1483 replacePrefixMatch is set
1484 rule: 'has(self.replacePrefixMatch) ? self.type
1485 == ''ReplacePrefixMatch'' : true'
1486 port:
1487 description: "Port is the port to be used in the value
1488 of the `Location` header in the response. \n If
1489 no port is specified, the redirect port MUST be
1490 derived using the following rules: \n * If redirect
1491 scheme is not-empty, the redirect port MUST be the
1492 well-known port associated with the redirect scheme.
1493 Specifically \"http\" to port 80 and \"https\" to
1494 port 443. If the redirect scheme does not have a
1495 well-known port, the listener port of the Gateway
1496 SHOULD be used. * If redirect scheme is empty, the
1497 redirect port MUST be the Gateway Listener port.
1498 \n Implementations SHOULD NOT add the port number
1499 in the 'Location' header in the following cases:
1500 \n * A Location header that will use HTTP (whether
1501 that is determined via the Listener protocol or
1502 the Scheme field) _and_ use port 80. * A Location
1503 header that will use HTTPS (whether that is determined
1504 via the Listener protocol or the Scheme field) _and_
1505 use port 443. \n Support: Extended"
1506 format: int32
1507 maximum: 65535
1508 minimum: 1
1509 type: integer
1510 scheme:
1511 description: "Scheme is the scheme to be used in the
1512 value of the `Location` header in the response.
1513 When empty, the scheme of the request is used. \n
1514 Scheme redirects can affect the port of the redirect,
1515 for more information, refer to the documentation
1516 for the port field of this filter. \n Note that
1517 values may be added to this enum, implementations
1518 must ensure that unknown values will not cause a
1519 crash. \n Unknown values here must result in the
1520 implementation setting the Accepted Condition for
1521 the Route to `status: False`, with a Reason of `UnsupportedValue`.
1522 \n Support: Extended"
1523 enum:
1524 - http
1525 - https
1526 type: string
1527 statusCode:
1528 default: 302
1529 description: "StatusCode is the HTTP status code to
1530 be used in response. \n Note that values may be
1531 added to this enum, implementations must ensure
1532 that unknown values will not cause a crash. \n Unknown
1533 values here must result in the implementation setting
1534 the Accepted Condition for the Route to `status:
1535 False`, with a Reason of `UnsupportedValue`. \n
1536 Support: Core"
1537 enum:
1538 - 301
1539 - 302
1540 type: integer
1541 type: object
1542 responseHeaderModifier:
1543 description: "ResponseHeaderModifier defines a schema
1544 for a filter that modifies response headers. \n Support:
1545 Extended"
1546 properties:
1547 add:
1548 description: "Add adds the given header(s) (name,
1549 value) to the request before the action. It appends
1550 to any existing values associated with the header
1551 name. \n Input: GET /foo HTTP/1.1 my-header: foo
1552 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
1553 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
1554 items:
1555 description: HTTPHeader represents an HTTP Header
1556 name and value as defined by RFC 7230.
1557 properties:
1558 name:
1559 description: "Name is the name of the HTTP Header
1560 to be matched. Name matching MUST be case
1561 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1562 \n If multiple entries specify equivalent
1563 header names, the first entry with an equivalent
1564 name MUST be considered for a match. Subsequent
1565 entries with an equivalent header name MUST
1566 be ignored. Due to the case-insensitivity
1567 of header names, \"foo\" and \"Foo\" are considered
1568 equivalent."
1569 maxLength: 256
1570 minLength: 1
1571 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1572 type: string
1573 value:
1574 description: Value is the value of HTTP Header
1575 to be matched.
1576 maxLength: 4096
1577 minLength: 1
1578 type: string
1579 required:
1580 - name
1581 - value
1582 type: object
1583 maxItems: 16
1584 type: array
1585 x-kubernetes-list-map-keys:
1586 - name
1587 x-kubernetes-list-type: map
1588 remove:
1589 description: "Remove the given header(s) from the
1590 HTTP request before the action. The value of Remove
1591 is a list of HTTP header names. Note that the header
1592 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
1593 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
1594 bar my-header3: baz \n Config: remove: [\"my-header1\",
1595 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
1596 bar"
1597 items:
1598 type: string
1599 maxItems: 16
1600 type: array
1601 x-kubernetes-list-type: set
1602 set:
1603 description: "Set overwrites the request with the
1604 given header (name, value) before the action. \n
1605 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
1606 set: - name: \"my-header\" value: \"bar\" \n Output:
1607 GET /foo HTTP/1.1 my-header: bar"
1608 items:
1609 description: HTTPHeader represents an HTTP Header
1610 name and value as defined by RFC 7230.
1611 properties:
1612 name:
1613 description: "Name is the name of the HTTP Header
1614 to be matched. Name matching MUST be case
1615 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
1616 \n If multiple entries specify equivalent
1617 header names, the first entry with an equivalent
1618 name MUST be considered for a match. Subsequent
1619 entries with an equivalent header name MUST
1620 be ignored. Due to the case-insensitivity
1621 of header names, \"foo\" and \"Foo\" are considered
1622 equivalent."
1623 maxLength: 256
1624 minLength: 1
1625 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1626 type: string
1627 value:
1628 description: Value is the value of HTTP Header
1629 to be matched.
1630 maxLength: 4096
1631 minLength: 1
1632 type: string
1633 required:
1634 - name
1635 - value
1636 type: object
1637 maxItems: 16
1638 type: array
1639 x-kubernetes-list-map-keys:
1640 - name
1641 x-kubernetes-list-type: map
1642 type: object
1643 type:
1644 description: "Type identifies the type of filter to apply.
1645 As with other API fields, types are classified into
1646 three conformance levels: \n - Core: Filter types and
1647 their corresponding configuration defined by \"Support:
1648 Core\" in this package, e.g. \"RequestHeaderModifier\".
1649 All implementations must support core filters. \n -
1650 Extended: Filter types and their corresponding configuration
1651 defined by \"Support: Extended\" in this package, e.g.
1652 \"RequestMirror\". Implementers are encouraged to support
1653 extended filters. \n - Implementation-specific: Filters
1654 that are defined and supported by specific vendors.
1655 In the future, filters showing convergence in behavior
1656 across multiple implementations will be considered for
1657 inclusion in extended or core conformance levels. Filter-specific
1658 configuration for such filters is specified using the
1659 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
1660 for custom filters. \n Implementers are encouraged to
1661 define custom implementation types to extend the core
1662 API with implementation-specific behavior. \n If a reference
1663 to a custom filter type cannot be resolved, the filter
1664 MUST NOT be skipped. Instead, requests that would have
1665 been processed by that filter MUST receive a HTTP error
1666 response. \n Note that values may be added to this enum,
1667 implementations must ensure that unknown values will
1668 not cause a crash. \n Unknown values here must result
1669 in the implementation setting the Accepted Condition
1670 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
1671 enum:
1672 - RequestHeaderModifier
1673 - ResponseHeaderModifier
1674 - RequestMirror
1675 - RequestRedirect
1676 - URLRewrite
1677 - ExtensionRef
1678 type: string
1679 urlRewrite:
1680 description: "URLRewrite defines a schema for a filter
1681 that modifies a request during forwarding. \n Support:
1682 Extended"
1683 properties:
1684 hostname:
1685 description: "Hostname is the value to be used to
1686 replace the Host header value during forwarding.
1687 \n Support: Extended"
1688 maxLength: 253
1689 minLength: 1
1690 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
1691 type: string
1692 path:
1693 description: "Path defines a path rewrite. \n Support:
1694 Extended"
1695 properties:
1696 replaceFullPath:
1697 description: ReplaceFullPath specifies the value
1698 with which to replace the full path of a request
1699 during a rewrite or redirect.
1700 maxLength: 1024
1701 type: string
1702 replacePrefixMatch:
1703 description: "ReplacePrefixMatch specifies the
1704 value with which to replace the prefix match
1705 of a request during a rewrite or redirect. For
1706 example, a request to \"/foo/bar\" with a prefix
1707 match of \"/foo\" and a ReplacePrefixMatch of
1708 \"/xyz\" would be modified to \"/xyz/bar\".
1709 \n Note that this matches the behavior of the
1710 PathPrefix match type. This matches full path
1711 elements. A path element refers to the list
1712 of labels in the path split by the `/` separator.
1713 When specified, a trailing `/` is ignored. For
1714 example, the paths `/abc`, `/abc/`, and `/abc/def`
1715 would all match the prefix `/abc`, but the path
1716 `/abcd` would not. \n ReplacePrefixMatch is
1717 only compatible with a `PathPrefix` HTTPRouteMatch.
1718 Using any other HTTPRouteMatch type on the same
1719 HTTPRouteRule will result in the implementation
1720 setting the Accepted Condition for the Route
1721 to `status: False`. \n Request Path | Prefix
1722 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
1723 /foo/bar | /foo | /xyz |
1724 /xyz/bar /foo/bar | /foo | /xyz/
1725 \ | /xyz/bar /foo/bar | /foo/ |
1726 /xyz | /xyz/bar /foo/bar | /foo/
1727 \ | /xyz/ | /xyz/bar /foo |
1728 /foo | /xyz | /xyz /foo/ |
1729 /foo | /xyz | /xyz/ /foo/bar
1730 \ | /foo | <empty string> | /bar
1731 /foo/ | /foo | <empty string>
1732 | / /foo | /foo | <empty string>
1733 | / /foo/ | /foo | / |
1734 / /foo | /foo | / |
1735 /"
1736 maxLength: 1024
1737 type: string
1738 type:
1739 description: "Type defines the type of path modifier.
1740 Additional types may be added in a future release
1741 of the API. \n Note that values may be added
1742 to this enum, implementations must ensure that
1743 unknown values will not cause a crash. \n Unknown
1744 values here must result in the implementation
1745 setting the Accepted Condition for the Route
1746 to `status: False`, with a Reason of `UnsupportedValue`."
1747 enum:
1748 - ReplaceFullPath
1749 - ReplacePrefixMatch
1750 type: string
1751 required:
1752 - type
1753 type: object
1754 x-kubernetes-validations:
1755 - message: replaceFullPath must be specified when
1756 type is set to 'ReplaceFullPath'
1757 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
1758 : true'
1759 - message: type must be 'ReplaceFullPath' when replaceFullPath
1760 is set
1761 rule: 'has(self.replaceFullPath) ? self.type ==
1762 ''ReplaceFullPath'' : true'
1763 - message: replacePrefixMatch must be specified when
1764 type is set to 'ReplacePrefixMatch'
1765 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
1766 : true'
1767 - message: type must be 'ReplacePrefixMatch' when
1768 replacePrefixMatch is set
1769 rule: 'has(self.replacePrefixMatch) ? self.type
1770 == ''ReplacePrefixMatch'' : true'
1771 type: object
1772 required:
1773 - type
1774 type: object
1775 x-kubernetes-validations:
1776 - message: filter.requestHeaderModifier must be nil if the
1777 filter.type is not RequestHeaderModifier
1778 rule: '!(has(self.requestHeaderModifier) && self.type !=
1779 ''RequestHeaderModifier'')'
1780 - message: filter.requestHeaderModifier must be specified
1781 for RequestHeaderModifier filter.type
1782 rule: '!(!has(self.requestHeaderModifier) && self.type ==
1783 ''RequestHeaderModifier'')'
1784 - message: filter.responseHeaderModifier must be nil if the
1785 filter.type is not ResponseHeaderModifier
1786 rule: '!(has(self.responseHeaderModifier) && self.type !=
1787 ''ResponseHeaderModifier'')'
1788 - message: filter.responseHeaderModifier must be specified
1789 for ResponseHeaderModifier filter.type
1790 rule: '!(!has(self.responseHeaderModifier) && self.type
1791 == ''ResponseHeaderModifier'')'
1792 - message: filter.requestMirror must be nil if the filter.type
1793 is not RequestMirror
1794 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
1795 - message: filter.requestMirror must be specified for RequestMirror
1796 filter.type
1797 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')'
1798 - message: filter.requestRedirect must be nil if the filter.type
1799 is not RequestRedirect
1800 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')'
1801 - message: filter.requestRedirect must be specified for RequestRedirect
1802 filter.type
1803 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')'
1804 - message: filter.urlRewrite must be nil if the filter.type
1805 is not URLRewrite
1806 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
1807 - message: filter.urlRewrite must be specified for URLRewrite
1808 filter.type
1809 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
1810 - message: filter.extensionRef must be nil if the filter.type
1811 is not ExtensionRef
1812 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
1813 - message: filter.extensionRef must be specified for ExtensionRef
1814 filter.type
1815 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
1816 maxItems: 16
1817 type: array
1818 x-kubernetes-validations:
1819 - message: May specify either httpRouteFilterRequestRedirect
1820 or httpRouteFilterRequestRewrite, but not both
1821 rule: '!(self.exists(f, f.type == ''RequestRedirect'') &&
1822 self.exists(f, f.type == ''URLRewrite''))'
1823 - message: RequestHeaderModifier filter cannot be repeated
1824 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
1825 <= 1
1826 - message: ResponseHeaderModifier filter cannot be repeated
1827 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
1828 <= 1
1829 - message: RequestRedirect filter cannot be repeated
1830 rule: self.filter(f, f.type == 'RequestRedirect').size() <=
1831 1
1832 - message: URLRewrite filter cannot be repeated
1833 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1
1834 matches:
1835 default:
1836 - path:
1837 type: PathPrefix
1838 value: /
1839 description: "Matches define conditions used for matching the
1840 rule against incoming HTTP requests. Each match is independent,
1841 i.e. this rule will be matched if **any** one of the matches
1842 is satisfied. \n For example, take the following matches configuration:
1843 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
1844 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
1845 to match against this rule, a request must satisfy EITHER
1846 of the two conditions: \n - path prefixed with `/foo` AND
1847 contains the header `version: v2` - path prefix of `/v2/foo`
1848 \n See the documentation for HTTPRouteMatch on how to specify
1849 multiple match conditions that should be ANDed together. \n
1850 If no matches are specified, the default is a prefix path
1851 match on \"/\", which has the effect of matching every HTTP
1852 request. \n Proxy or Load Balancer routing configuration generated
1853 from HTTPRoutes MUST prioritize matches based on the following
1854 criteria, continuing on ties. Across all rules specified on
1855 applicable Routes, precedence must be given to the match having:
1856 \n * \"Exact\" path match. * \"Prefix\" path match with largest
1857 number of characters. * Method match. * Largest number of
1858 header matches. * Largest number of query param matches. \n
1859 Note: The precedence of RegularExpression path matches are
1860 implementation-specific. \n If ties still exist across multiple
1861 Routes, matching precedence MUST be determined in order of
1862 the following criteria, continuing on ties: \n * The oldest
1863 Route based on creation timestamp. * The Route appearing first
1864 in alphabetical order by \"{namespace}/{name}\". \n If ties
1865 still exist within an HTTPRoute, matching precedence MUST
1866 be granted to the FIRST matching rule (in list order) with
1867 a match meeting the above criteria. \n When no rules matching
1868 a request have been successfully attached to the parent a
1869 request is coming from, a HTTP 404 status code MUST be returned."
1870 items:
1871 description: "HTTPRouteMatch defines the predicate used to
1872 match requests to a given action. Multiple match types are
1873 ANDed together, i.e. the match will evaluate to true only
1874 if all conditions are satisfied. \n For example, the match
1875 below will match a HTTP request only if its path starts
1876 with `/foo` AND it contains the `version: v1` header: \n
1877 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
1878 value \"v1\" \n ```"
1879 properties:
1880 headers:
1881 description: Headers specifies HTTP request header matchers.
1882 Multiple match values are ANDed together, meaning, a
1883 request must match all the specified headers to select
1884 the route.
1885 items:
1886 description: HTTPHeaderMatch describes how to select
1887 a HTTP route by matching HTTP request headers.
1888 properties:
1889 name:
1890 description: "Name is the name of the HTTP Header
1891 to be matched. Name matching MUST be case insensitive.
1892 (See https://tools.ietf.org/html/rfc7230#section-3.2).
1893 \n If multiple entries specify equivalent header
1894 names, only the first entry with an equivalent
1895 name MUST be considered for a match. Subsequent
1896 entries with an equivalent header name MUST be
1897 ignored. Due to the case-insensitivity of header
1898 names, \"foo\" and \"Foo\" are considered equivalent.
1899 \n When a header is repeated in an HTTP request,
1900 it is implementation-specific behavior as to how
1901 this is represented. Generally, proxies should
1902 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
1903 regarding processing a repeated header, with special
1904 handling for \"Set-Cookie\"."
1905 maxLength: 256
1906 minLength: 1
1907 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
1908 type: string
1909 type:
1910 default: Exact
1911 description: "Type specifies how to match against
1912 the value of the header. \n Support: Core (Exact)
1913 \n Support: Implementation-specific (RegularExpression)
1914 \n Since RegularExpression HeaderMatchType has
1915 implementation-specific conformance, implementations
1916 can support POSIX, PCRE or any other dialects
1917 of regular expressions. Please read the implementation's
1918 documentation to determine the supported dialect."
1919 enum:
1920 - Exact
1921 - RegularExpression
1922 type: string
1923 value:
1924 description: Value is the value of HTTP Header to
1925 be matched.
1926 maxLength: 4096
1927 minLength: 1
1928 type: string
1929 required:
1930 - name
1931 - value
1932 type: object
1933 maxItems: 16
1934 type: array
1935 x-kubernetes-list-map-keys:
1936 - name
1937 x-kubernetes-list-type: map
1938 method:
1939 description: "Method specifies HTTP method matcher. When
1940 specified, this route will be matched only if the request
1941 has the specified method. \n Support: Extended"
1942 enum:
1943 - GET
1944 - HEAD
1945 - POST
1946 - PUT
1947 - DELETE
1948 - CONNECT
1949 - OPTIONS
1950 - TRACE
1951 - PATCH
1952 type: string
1953 path:
1954 default:
1955 type: PathPrefix
1956 value: /
1957 description: Path specifies a HTTP request path matcher.
1958 If this field is not specified, a default prefix match
1959 on the "/" path is provided.
1960 properties:
1961 type:
1962 default: PathPrefix
1963 description: "Type specifies how to match against
1964 the path Value. \n Support: Core (Exact, PathPrefix)
1965 \n Support: Implementation-specific (RegularExpression)"
1966 enum:
1967 - Exact
1968 - PathPrefix
1969 - RegularExpression
1970 type: string
1971 value:
1972 default: /
1973 description: Value of the HTTP path to match against.
1974 maxLength: 1024
1975 type: string
1976 type: object
1977 x-kubernetes-validations:
1978 - message: value must be an absolute path and start with
1979 '/' when type one of ['Exact', 'PathPrefix']
1980 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'')
1981 : true'
1982 - message: must not contain '//' when type one of ['Exact',
1983 'PathPrefix']
1984 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'')
1985 : true'
1986 - message: must not contain '/./' when type one of ['Exact',
1987 'PathPrefix']
1988 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'')
1989 : true'
1990 - message: must not contain '/../' when type one of ['Exact',
1991 'PathPrefix']
1992 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'')
1993 : true'
1994 - message: must not contain '%2f' when type one of ['Exact',
1995 'PathPrefix']
1996 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'')
1997 : true'
1998 - message: must not contain '%2F' when type one of ['Exact',
1999 'PathPrefix']
2000 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'')
2001 : true'
2002 - message: must not contain '#' when type one of ['Exact',
2003 'PathPrefix']
2004 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'')
2005 : true'
2006 - message: must not end with '/..' when type one of ['Exact',
2007 'PathPrefix']
2008 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'')
2009 : true'
2010 - message: must not end with '/.' when type one of ['Exact',
2011 'PathPrefix']
2012 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'')
2013 : true'
2014 - message: type must be one of ['Exact', 'PathPrefix',
2015 'RegularExpression']
2016 rule: self.type in ['Exact','PathPrefix'] || self.type
2017 == 'RegularExpression'
2018 - message: must only contain valid characters (matching
2019 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$)
2020 for types ['Exact', 'PathPrefix']
2021 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""")
2022 : true'
2023 queryParams:
2024 description: "QueryParams specifies HTTP query parameter
2025 matchers. Multiple match values are ANDed together,
2026 meaning, a request must match all the specified query
2027 parameters to select the route. \n Support: Extended"
2028 items:
2029 description: HTTPQueryParamMatch describes how to select
2030 a HTTP route by matching HTTP query parameters.
2031 properties:
2032 name:
2033 description: "Name is the name of the HTTP query
2034 param to be matched. This must be an exact string
2035 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
2036 \n If multiple entries specify equivalent query
2037 param names, only the first entry with an equivalent
2038 name MUST be considered for a match. Subsequent
2039 entries with an equivalent query param name MUST
2040 be ignored. \n If a query param is repeated in
2041 an HTTP request, the behavior is purposely left
2042 undefined, since different data planes have different
2043 capabilities. However, it is *recommended* that
2044 implementations should match against the first
2045 value of the param if the data plane supports
2046 it, as this behavior is expected in other load
2047 balancing contexts outside of the Gateway API.
2048 \n Users SHOULD NOT route traffic based on repeated
2049 query params to guard themselves against potential
2050 differences in the implementations."
2051 maxLength: 256
2052 minLength: 1
2053 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2054 type: string
2055 type:
2056 default: Exact
2057 description: "Type specifies how to match against
2058 the value of the query parameter. \n Support:
2059 Extended (Exact) \n Support: Implementation-specific
2060 (RegularExpression) \n Since RegularExpression
2061 QueryParamMatchType has Implementation-specific
2062 conformance, implementations can support POSIX,
2063 PCRE or any other dialects of regular expressions.
2064 Please read the implementation's documentation
2065 to determine the supported dialect."
2066 enum:
2067 - Exact
2068 - RegularExpression
2069 type: string
2070 value:
2071 description: Value is the value of HTTP query param
2072 to be matched.
2073 maxLength: 1024
2074 minLength: 1
2075 type: string
2076 required:
2077 - name
2078 - value
2079 type: object
2080 maxItems: 16
2081 type: array
2082 x-kubernetes-list-map-keys:
2083 - name
2084 x-kubernetes-list-type: map
2085 type: object
2086 maxItems: 8
2087 type: array
2088 type: object
2089 x-kubernetes-validations:
2090 - message: RequestRedirect filter must not be used together with
2091 backendRefs
2092 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ?
2093 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))):
2094 true'
2095 - message: When using RequestRedirect filter with path.replacePrefixMatch,
2096 exactly one PathPrefix match must be specified
2097 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect)
2098 && has(f.requestRedirect.path) && f.requestRedirect.path.type
2099 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
2100 ? ((size(self.matches) != 1 || !has(self.matches[0].path) ||
2101 self.matches[0].path.type != ''PathPrefix'') ? false : true)
2102 : true'
2103 - message: When using URLRewrite filter with path.replacePrefixMatch,
2104 exactly one PathPrefix match must be specified
2105 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite)
2106 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
2107 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches)
2108 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
2109 != ''PathPrefix'') ? false : true) : true'
2110 - message: Within backendRefs, when using RequestRedirect filter
2111 with path.replacePrefixMatch, exactly one PathPrefix match must
2112 be specified
2113 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
2114 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect)
2115 && has(f.requestRedirect.path) && f.requestRedirect.path.type
2116 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
2117 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path)
2118 || self.matches[0].path.type != ''PathPrefix'') ? false : true)
2119 : true'
2120 - message: Within backendRefs, When using URLRewrite filter with
2121 path.replacePrefixMatch, exactly one PathPrefix match must be
2122 specified
2123 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
2124 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite)
2125 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
2126 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches)
2127 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
2128 != ''PathPrefix'') ? false : true) : true'
2129 maxItems: 16
2130 type: array
2131 type: object
2132 status:
2133 description: Status defines the current state of HTTPRoute.
2134 properties:
2135 parents:
2136 description: "Parents is a list of parent resources (usually Gateways)
2137 that are associated with the route, and the status of the route
2138 with respect to each parent. When this route attaches to a parent,
2139 the controller that manages the parent must add an entry to this
2140 list when the controller first sees the route and should update
2141 the entry as appropriate when the route or gateway is modified.
2142 \n Note that parent references that cannot be resolved by an implementation
2143 of this API will not be added to this list. Implementations of this
2144 API can only populate Route status for the Gateways/parent resources
2145 they are responsible for. \n A maximum of 32 Gateways will be represented
2146 in this list. An empty list means the route has not been attached
2147 to any Gateway."
2148 items:
2149 description: RouteParentStatus describes the status of a route with
2150 respect to an associated Parent.
2151 properties:
2152 conditions:
2153 description: "Conditions describes the status of the route with
2154 respect to the Gateway. Note that the route's availability
2155 is also subject to the Gateway's own status conditions and
2156 listener status. \n If the Route's ParentRef specifies an
2157 existing Gateway that supports Routes of this kind AND that
2158 Gateway's controller has sufficient access, then that Gateway's
2159 controller MUST set the \"Accepted\" condition on the Route,
2160 to indicate whether the route has been accepted or rejected
2161 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
2162 if at least one of the Route's rules is implemented by the
2163 Gateway. \n There are a number of cases where the \"Accepted\"
2164 condition may not be set due to lack of controller visibility,
2165 that includes when: \n * The Route refers to a non-existent
2166 parent. * The Route is of a type that the controller does
2167 not support. * The Route is in a namespace the controller
2168 does not have access to."
2169 items:
2170 description: "Condition contains details for one aspect of
2171 the current state of this API Resource. --- This struct
2172 is intended for direct use as an array at the field path
2173 .status.conditions. For example, \n type FooStatus struct{
2174 // Represents the observations of a foo's current state.
2175 // Known .status.conditions.type are: \"Available\", \"Progressing\",
2176 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
2177 // +listType=map // +listMapKey=type Conditions []metav1.Condition
2178 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
2179 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
2180 }"
2181 properties:
2182 lastTransitionTime:
2183 description: lastTransitionTime is the last time the condition
2184 transitioned from one status to another. This should
2185 be when the underlying condition changed. If that is
2186 not known, then using the time when the API field changed
2187 is acceptable.
2188 format: date-time
2189 type: string
2190 message:
2191 description: message is a human readable message indicating
2192 details about the transition. This may be an empty string.
2193 maxLength: 32768
2194 type: string
2195 observedGeneration:
2196 description: observedGeneration represents the .metadata.generation
2197 that the condition was set based upon. For instance,
2198 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
2199 is 9, the condition is out of date with respect to the
2200 current state of the instance.
2201 format: int64
2202 minimum: 0
2203 type: integer
2204 reason:
2205 description: reason contains a programmatic identifier
2206 indicating the reason for the condition's last transition.
2207 Producers of specific condition types may define expected
2208 values and meanings for this field, and whether the
2209 values are considered a guaranteed API. The value should
2210 be a CamelCase string. This field may not be empty.
2211 maxLength: 1024
2212 minLength: 1
2213 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
2214 type: string
2215 status:
2216 description: status of the condition, one of True, False,
2217 Unknown.
2218 enum:
2219 - "True"
2220 - "False"
2221 - Unknown
2222 type: string
2223 type:
2224 description: type of condition in CamelCase or in foo.example.com/CamelCase.
2225 --- Many .condition.type values are consistent across
2226 resources like Available, but because arbitrary conditions
2227 can be useful (see .node.status.conditions), the ability
2228 to deconflict is important. The regex it matches is
2229 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
2230 maxLength: 316
2231 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
2232 type: string
2233 required:
2234 - lastTransitionTime
2235 - message
2236 - reason
2237 - status
2238 - type
2239 type: object
2240 maxItems: 8
2241 minItems: 1
2242 type: array
2243 x-kubernetes-list-map-keys:
2244 - type
2245 x-kubernetes-list-type: map
2246 controllerName:
2247 description: "ControllerName is a domain/path string that indicates
2248 the name of the controller that wrote this status. This corresponds
2249 with the controllerName field on GatewayClass. \n Example:
2250 \"example.net/gateway-controller\". \n The format of this
2251 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
2252 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
2253 \n Controllers MUST populate this field when writing status.
2254 Controllers should ensure that entries to status populated
2255 with their ControllerName are cleaned up when they are no
2256 longer necessary."
2257 maxLength: 253
2258 minLength: 1
2259 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
2260 type: string
2261 parentRef:
2262 description: ParentRef corresponds with a ParentRef in the spec
2263 that this RouteParentStatus struct describes the status of.
2264 properties:
2265 group:
2266 default: gateway.networking.k8s.io
2267 description: "Group is the group of the referent. When unspecified,
2268 \"gateway.networking.k8s.io\" is inferred. To set the
2269 core API group (such as for a \"Service\" kind referent),
2270 Group must be explicitly set to \"\" (empty string). \n
2271 Support: Core"
2272 maxLength: 253
2273 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2274 type: string
2275 kind:
2276 default: Gateway
2277 description: "Kind is kind of the referent. \n There are
2278 two kinds of parent resources with \"Core\" support: \n
2279 * Gateway (Gateway conformance profile) * Service (Mesh
2280 conformance profile, experimental, ClusterIP Services
2281 only) \n Support for other resources is Implementation-Specific."
2282 maxLength: 63
2283 minLength: 1
2284 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2285 type: string
2286 name:
2287 description: "Name is the name of the referent. \n Support:
2288 Core"
2289 maxLength: 253
2290 minLength: 1
2291 type: string
2292 namespace:
2293 description: "Namespace is the namespace of the referent.
2294 When unspecified, this refers to the local namespace of
2295 the Route. \n Note that there are specific rules for ParentRefs
2296 which cross namespace boundaries. Cross-namespace references
2297 are only valid if they are explicitly allowed by something
2298 in the namespace they are referring to. For example: Gateway
2299 has the AllowedRoutes field, and ReferenceGrant provides
2300 a generic way to enable any other kind of cross-namespace
2301 reference. \n \n Support: Core"
2302 maxLength: 63
2303 minLength: 1
2304 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2305 type: string
2306 sectionName:
2307 description: "SectionName is the name of a section within
2308 the target resource. In the following resources, SectionName
2309 is interpreted as the following: \n * Gateway: Listener
2310 Name. When both Port (experimental) and SectionName are
2311 specified, the name and port of the selected listener
2312 must match both specified values. * Service: Port Name.
2313 When both Port (experimental) and SectionName are specified,
2314 the name and port of the selected listener must match
2315 both specified values. Note that attaching Routes to Services
2316 as Parents is part of experimental Mesh support and is
2317 not supported for any other purpose. \n Implementations
2318 MAY choose to support attaching Routes to other resources.
2319 If that is the case, they MUST clearly document how SectionName
2320 is interpreted. \n When unspecified (empty string), this
2321 will reference the entire resource. For the purpose of
2322 status, an attachment is considered successful if at least
2323 one section in the parent resource accepts it. For example,
2324 Gateway listeners can restrict which Routes can attach
2325 to them by Route kind, namespace, or hostname. If 1 of
2326 2 Gateway listeners accept attachment from the referencing
2327 Route, the Route MUST be considered successfully attached.
2328 If no Gateway listeners accept attachment from this Route,
2329 the Route MUST be considered detached from the Gateway.
2330 \n Support: Core"
2331 maxLength: 253
2332 minLength: 1
2333 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2334 type: string
2335 required:
2336 - name
2337 type: object
2338 required:
2339 - controllerName
2340 - parentRef
2341 type: object
2342 maxItems: 32
2343 type: array
2344 required:
2345 - parents
2346 type: object
2347 required:
2348 - spec
2349 type: object
2350 served: true
2351 storage: false
2352 subresources:
2353 status: {}
2354 - additionalPrinterColumns:
2355 - jsonPath: .spec.hostnames
2356 name: Hostnames
2357 type: string
2358 - jsonPath: .metadata.creationTimestamp
2359 name: Age
2360 type: date
2361 name: v1beta1
2362 schema:
2363 openAPIV3Schema:
2364 description: HTTPRoute provides a way to route HTTP requests. This includes
2365 the capability to match requests by hostname, path, header, or query param.
2366 Filters can be used to specify additional processing steps. Backends specify
2367 where matching requests should be routed.
2368 properties:
2369 apiVersion:
2370 description: 'APIVersion defines the versioned schema of this representation
2371 of an object. Servers should convert recognized schemas to the latest
2372 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
2373 type: string
2374 kind:
2375 description: 'Kind is a string value representing the REST resource this
2376 object represents. Servers may infer this from the endpoint the client
2377 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
2378 type: string
2379 metadata:
2380 type: object
2381 spec:
2382 description: Spec defines the desired state of HTTPRoute.
2383 properties:
2384 hostnames:
2385 description: "Hostnames defines a set of hostnames that should match
2386 against the HTTP Host header to select a HTTPRoute used to process
2387 the request. Implementations MUST ignore any port value specified
2388 in the HTTP Host header while performing a match and (absent of
2389 any applicable header modification configuration) MUST forward this
2390 header unmodified to the backend. \n Valid values for Hostnames
2391 are determined by RFC 1123 definition of a hostname with 2 notable
2392 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
2393 with a wildcard label (`*.`). The wildcard label must appear by
2394 itself as the first label. \n If a hostname is specified by both
2395 the Listener and HTTPRoute, there must be at least one intersecting
2396 hostname for the HTTPRoute to be attached to the Listener. For example:
2397 \n * A Listener with `test.example.com` as the hostname matches
2398 HTTPRoutes that have either not specified any hostnames, or have
2399 specified at least one of `test.example.com` or `*.example.com`.
2400 * A Listener with `*.example.com` as the hostname matches HTTPRoutes
2401 that have either not specified any hostnames or have specified at
2402 least one hostname that matches the Listener hostname. For example,
2403 `*.example.com`, `test.example.com`, and `foo.test.example.com`
2404 would all match. On the other hand, `example.com` and `test.example.net`
2405 would not match. \n Hostnames that are prefixed with a wildcard
2406 label (`*.`) are interpreted as a suffix match. That means that
2407 a match for `*.example.com` would match both `test.example.com`,
2408 and `foo.test.example.com`, but not `example.com`. \n If both the
2409 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
2410 that do not match the Listener hostname MUST be ignored. For example,
2411 if a Listener specified `*.example.com`, and the HTTPRoute specified
2412 `test.example.com` and `test.example.net`, `test.example.net` must
2413 not be considered for a match. \n If both the Listener and HTTPRoute
2414 have specified hostnames, and none match with the criteria above,
2415 then the HTTPRoute is not accepted. The implementation must raise
2416 an 'Accepted' Condition with a status of `False` in the corresponding
2417 RouteParentStatus. \n In the event that multiple HTTPRoutes specify
2418 intersecting hostnames (e.g. overlapping wildcard matching and exact
2419 matching hostnames), precedence must be given to rules from the
2420 HTTPRoute with the largest number of: \n * Characters in a matching
2421 non-wildcard hostname. * Characters in a matching hostname. \n If
2422 ties exist across multiple Routes, the matching precedence rules
2423 for HTTPRouteMatches takes over. \n Support: Core"
2424 items:
2425 description: "Hostname is the fully qualified domain name of a network
2426 host. This matches the RFC 1123 definition of a hostname with
2427 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
2428 may be prefixed with a wildcard label (`*.`). The wildcard label
2429 must appear by itself as the first label. \n Hostname can be \"precise\"
2430 which is a domain name without the terminating dot of a network
2431 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
2432 name prefixed with a single wildcard label (e.g. `*.example.com`).
2433 \n Note that as per RFC1035 and RFC1123, a *label* must consist
2434 of lower case alphanumeric characters or '-', and must start and
2435 end with an alphanumeric character. No other punctuation is allowed."
2436 maxLength: 253
2437 minLength: 1
2438 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2439 type: string
2440 maxItems: 16
2441 type: array
2442 parentRefs:
2443 description: "ParentRefs references the resources (usually Gateways)
2444 that a Route wants to be attached to. Note that the referenced parent
2445 resource needs to allow this for the attachment to be complete.
2446 For Gateways, that means the Gateway needs to allow attachment from
2447 Routes of this kind and namespace. For Services, that means the
2448 Service must either be in the same namespace for a \"producer\"
2449 route, or the mesh implementation must support and allow \"consumer\"
2450 routes for the referenced Service. ReferenceGrant is not applicable
2451 for governing ParentRefs to Services - it is not possible to create
2452 a \"producer\" route for a Service in a different namespace from
2453 the Route. \n There are two kinds of parent resources with \"Core\"
2454 support: \n * Gateway (Gateway conformance profile) This API may
2455 be extended in the future to support additional kinds of parent
2456 resources. \n ParentRefs must be _distinct_. This means either that:
2457 \n * They select different objects. If this is the case, then parentRef
2458 entries are distinct. In terms of fields, this means that the multi-part
2459 key defined by `group`, `kind`, `namespace`, and `name` must be
2460 unique across all parentRef entries in the Route. * They do not
2461 select different objects, but for each optional field used, each
2462 ParentRef that selects the same object must set the same set of
2463 optional fields to different values. If one ParentRef sets a combination
2464 of optional fields, all must set the same combination. \n Some examples:
2465 \n * If one ParentRef sets `sectionName`, all ParentRefs referencing
2466 the same object must also set `sectionName`. * If one ParentRef
2467 sets `port`, all ParentRefs referencing the same object must also
2468 set `port`. * If one ParentRef sets `sectionName` and `port`, all
2469 ParentRefs referencing the same object must also set `sectionName`
2470 and `port`. \n It is possible to separately reference multiple distinct
2471 objects that may be collapsed by an implementation. For example,
2472 some implementations may choose to merge compatible Gateway Listeners
2473 together. If that is the case, the list of routes attached to those
2474 resources should also be merged. \n Note that for ParentRefs that
2475 cross namespace boundaries, there are specific rules. Cross-namespace
2476 references are only valid if they are explicitly allowed by something
2477 in the namespace they are referring to. For example, Gateway has
2478 the AllowedRoutes field, and ReferenceGrant provides a generic way
2479 to enable other kinds of cross-namespace reference. \n \n "
2480 items:
2481 description: "ParentReference identifies an API object (usually
2482 a Gateway) that can be considered a parent of this resource (usually
2483 a route). There are two kinds of parent resources with \"Core\"
2484 support: \n * Gateway (Gateway conformance profile) * Service
2485 (Mesh conformance profile, experimental, ClusterIP Services only)
2486 \n This API may be extended in the future to support additional
2487 kinds of parent resources. \n The API object must be valid in
2488 the cluster; the Group and Kind must be registered in the cluster
2489 for this reference to be valid."
2490 properties:
2491 group:
2492 default: gateway.networking.k8s.io
2493 description: "Group is the group of the referent. When unspecified,
2494 \"gateway.networking.k8s.io\" is inferred. To set the core
2495 API group (such as for a \"Service\" kind referent), Group
2496 must be explicitly set to \"\" (empty string). \n Support:
2497 Core"
2498 maxLength: 253
2499 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2500 type: string
2501 kind:
2502 default: Gateway
2503 description: "Kind is kind of the referent. \n There are two
2504 kinds of parent resources with \"Core\" support: \n * Gateway
2505 (Gateway conformance profile) * Service (Mesh conformance
2506 profile, experimental, ClusterIP Services only) \n Support
2507 for other resources is Implementation-Specific."
2508 maxLength: 63
2509 minLength: 1
2510 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2511 type: string
2512 name:
2513 description: "Name is the name of the referent. \n Support:
2514 Core"
2515 maxLength: 253
2516 minLength: 1
2517 type: string
2518 namespace:
2519 description: "Namespace is the namespace of the referent. When
2520 unspecified, this refers to the local namespace of the Route.
2521 \n Note that there are specific rules for ParentRefs which
2522 cross namespace boundaries. Cross-namespace references are
2523 only valid if they are explicitly allowed by something in
2524 the namespace they are referring to. For example: Gateway
2525 has the AllowedRoutes field, and ReferenceGrant provides a
2526 generic way to enable any other kind of cross-namespace reference.
2527 \n \n Support: Core"
2528 maxLength: 63
2529 minLength: 1
2530 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2531 type: string
2532 sectionName:
2533 description: "SectionName is the name of a section within the
2534 target resource. In the following resources, SectionName is
2535 interpreted as the following: \n * Gateway: Listener Name.
2536 When both Port (experimental) and SectionName are specified,
2537 the name and port of the selected listener must match both
2538 specified values. * Service: Port Name. When both Port (experimental)
2539 and SectionName are specified, the name and port of the selected
2540 listener must match both specified values. Note that attaching
2541 Routes to Services as Parents is part of experimental Mesh
2542 support and is not supported for any other purpose. \n Implementations
2543 MAY choose to support attaching Routes to other resources.
2544 If that is the case, they MUST clearly document how SectionName
2545 is interpreted. \n When unspecified (empty string), this will
2546 reference the entire resource. For the purpose of status,
2547 an attachment is considered successful if at least one section
2548 in the parent resource accepts it. For example, Gateway listeners
2549 can restrict which Routes can attach to them by Route kind,
2550 namespace, or hostname. If 1 of 2 Gateway listeners accept
2551 attachment from the referencing Route, the Route MUST be considered
2552 successfully attached. If no Gateway listeners accept attachment
2553 from this Route, the Route MUST be considered detached from
2554 the Gateway. \n Support: Core"
2555 maxLength: 253
2556 minLength: 1
2557 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2558 type: string
2559 required:
2560 - name
2561 type: object
2562 maxItems: 32
2563 type: array
2564 x-kubernetes-validations:
2565 - message: sectionName must be specified when parentRefs includes
2566 2 or more references to the same parent
2567 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind
2568 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
2569 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__
2570 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
2571 p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName)
2572 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName
2573 == '''')) : true))'
2574 - message: sectionName must be unique when parentRefs includes 2 or
2575 more references to the same parent
2576 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind
2577 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
2578 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__
2579 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
2580 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName)
2581 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName
2582 == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName
2583 == p2.sectionName))))
2584 rules:
2585 default:
2586 - matches:
2587 - path:
2588 type: PathPrefix
2589 value: /
2590 description: Rules are a list of HTTP matchers, filters and actions.
2591 items:
2592 description: HTTPRouteRule defines semantics for matching an HTTP
2593 request based on conditions (matches), processing it (filters),
2594 and forwarding the request to an API object (backendRefs).
2595 properties:
2596 backendRefs:
2597 description: "BackendRefs defines the backend(s) where matching
2598 requests should be sent. \n Failure behavior here depends
2599 on how many BackendRefs are specified and how many are invalid.
2600 \n If *all* entries in BackendRefs are invalid, and there
2601 are also no filters specified in this route rule, *all* traffic
2602 which matches this rule MUST receive a 500 status code. \n
2603 See the HTTPBackendRef definition for the rules about what
2604 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
2605 is invalid, 500 status codes MUST be returned for requests
2606 that would have otherwise been routed to an invalid backend.
2607 If multiple backends are specified, and some are invalid,
2608 the proportion of requests that would otherwise have been
2609 routed to an invalid backend MUST receive a 500 status code.
2610 \n For example, if two backends are specified with equal weights,
2611 and one is invalid, 50 percent of traffic must receive a 500.
2612 Implementations may choose how that 50 percent is determined.
2613 \n Support: Core for Kubernetes Service \n Support: Extended
2614 for Kubernetes ServiceImport \n Support: Implementation-specific
2615 for any other resource \n Support for weight: Core"
2616 items:
2617 description: "HTTPBackendRef defines how a HTTPRoute forwards
2618 a HTTP request. \n Note that when a namespace different
2619 than the local namespace is specified, a ReferenceGrant
2620 object is required in the referent namespace to allow that
2621 namespace's owner to accept the reference. See the ReferenceGrant
2622 documentation for details. \n <gateway:experimental:description>
2623 \n When the BackendRef points to a Kubernetes Service, implementations
2624 SHOULD honor the appProtocol field if it is set for the
2625 target Service Port. \n Implementations supporting appProtocol
2626 SHOULD recognize the Kubernetes Standard Application Protocols
2627 defined in KEP-3726. \n If a Service appProtocol isn't specified,
2628 an implementation MAY infer the backend protocol through
2629 its own means. Implementations MAY infer the protocol from
2630 the Route type referring to the backend Service. \n If a
2631 Route is not able to send traffic to the backend using the
2632 specified protocol then the backend is considered invalid.
2633 Implementations MUST set the \"ResolvedRefs\" condition
2634 to \"False\" with the \"UnsupportedProtocol\" reason. \n
2635 </gateway:experimental:description>"
2636 properties:
2637 filters:
2638 description: "Filters defined at this level should be
2639 executed if and only if the request is being forwarded
2640 to the backend defined here. \n Support: Implementation-specific
2641 (For broader support of filters, use the Filters field
2642 in HTTPRouteRule.)"
2643 items:
2644 description: HTTPRouteFilter defines processing steps
2645 that must be completed during the request or response
2646 lifecycle. HTTPRouteFilters are meant as an extension
2647 point to express processing that may be done in Gateway
2648 implementations. Some examples include request or
2649 response modification, implementing authentication
2650 strategies, rate-limiting, and traffic shaping. API
2651 guarantee/conformance is defined based on the type
2652 of the filter.
2653 properties:
2654 extensionRef:
2655 description: "ExtensionRef is an optional, implementation-specific
2656 extension to the \"filter\" behavior. For example,
2657 resource \"myroutefilter\" in group \"networking.example.net\").
2658 ExtensionRef MUST NOT be used for core and extended
2659 filters. \n This filter can be used multiple times
2660 within the same rule. \n Support: Implementation-specific"
2661 properties:
2662 group:
2663 description: Group is the group of the referent.
2664 For example, "gateway.networking.k8s.io".
2665 When unspecified or empty string, core API
2666 group is inferred.
2667 maxLength: 253
2668 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2669 type: string
2670 kind:
2671 description: Kind is kind of the referent. For
2672 example "HTTPRoute" or "Service".
2673 maxLength: 63
2674 minLength: 1
2675 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2676 type: string
2677 name:
2678 description: Name is the name of the referent.
2679 maxLength: 253
2680 minLength: 1
2681 type: string
2682 required:
2683 - group
2684 - kind
2685 - name
2686 type: object
2687 requestHeaderModifier:
2688 description: "RequestHeaderModifier defines a schema
2689 for a filter that modifies request headers. \n
2690 Support: Core"
2691 properties:
2692 add:
2693 description: "Add adds the given header(s) (name,
2694 value) to the request before the action. It
2695 appends to any existing values associated
2696 with the header name. \n Input: GET /foo HTTP/1.1
2697 my-header: foo \n Config: add: - name: \"my-header\"
2698 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
2699 my-header: foo,bar,baz"
2700 items:
2701 description: HTTPHeader represents an HTTP
2702 Header name and value as defined by RFC
2703 7230.
2704 properties:
2705 name:
2706 description: "Name is the name of the
2707 HTTP Header to be matched. Name matching
2708 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2709 \n If multiple entries specify equivalent
2710 header names, the first entry with an
2711 equivalent name MUST be considered for
2712 a match. Subsequent entries with an
2713 equivalent header name MUST be ignored.
2714 Due to the case-insensitivity of header
2715 names, \"foo\" and \"Foo\" are considered
2716 equivalent."
2717 maxLength: 256
2718 minLength: 1
2719 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2720 type: string
2721 value:
2722 description: Value is the value of HTTP
2723 Header to be matched.
2724 maxLength: 4096
2725 minLength: 1
2726 type: string
2727 required:
2728 - name
2729 - value
2730 type: object
2731 maxItems: 16
2732 type: array
2733 x-kubernetes-list-map-keys:
2734 - name
2735 x-kubernetes-list-type: map
2736 remove:
2737 description: "Remove the given header(s) from
2738 the HTTP request before the action. The value
2739 of Remove is a list of HTTP header names.
2740 Note that the header names are case-insensitive
2741 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
2742 \n Input: GET /foo HTTP/1.1 my-header1: foo
2743 my-header2: bar my-header3: baz \n Config:
2744 remove: [\"my-header1\", \"my-header3\"] \n
2745 Output: GET /foo HTTP/1.1 my-header2: bar"
2746 items:
2747 type: string
2748 maxItems: 16
2749 type: array
2750 x-kubernetes-list-type: set
2751 set:
2752 description: "Set overwrites the request with
2753 the given header (name, value) before the
2754 action. \n Input: GET /foo HTTP/1.1 my-header:
2755 foo \n Config: set: - name: \"my-header\"
2756 value: \"bar\" \n Output: GET /foo HTTP/1.1
2757 my-header: bar"
2758 items:
2759 description: HTTPHeader represents an HTTP
2760 Header name and value as defined by RFC
2761 7230.
2762 properties:
2763 name:
2764 description: "Name is the name of the
2765 HTTP Header to be matched. Name matching
2766 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
2767 \n If multiple entries specify equivalent
2768 header names, the first entry with an
2769 equivalent name MUST be considered for
2770 a match. Subsequent entries with an
2771 equivalent header name MUST be ignored.
2772 Due to the case-insensitivity of header
2773 names, \"foo\" and \"Foo\" are considered
2774 equivalent."
2775 maxLength: 256
2776 minLength: 1
2777 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
2778 type: string
2779 value:
2780 description: Value is the value of HTTP
2781 Header to be matched.
2782 maxLength: 4096
2783 minLength: 1
2784 type: string
2785 required:
2786 - name
2787 - value
2788 type: object
2789 maxItems: 16
2790 type: array
2791 x-kubernetes-list-map-keys:
2792 - name
2793 x-kubernetes-list-type: map
2794 type: object
2795 requestMirror:
2796 description: "RequestMirror defines a schema for
2797 a filter that mirrors requests. Requests are sent
2798 to the specified destination, but responses from
2799 that destination are ignored. \n This filter can
2800 be used multiple times within the same rule. Note
2801 that not all implementations will be able to support
2802 mirroring to multiple backends. \n Support: Extended"
2803 properties:
2804 backendRef:
2805 description: "BackendRef references a resource
2806 where mirrored requests are sent. \n Mirrored
2807 requests must be sent only to a single destination
2808 endpoint within this BackendRef, irrespective
2809 of how many endpoints are present within this
2810 BackendRef. \n If the referent cannot be found,
2811 this BackendRef is invalid and must be dropped
2812 from the Gateway. The controller must ensure
2813 the \"ResolvedRefs\" condition on the Route
2814 status is set to `status: False` and not configure
2815 this backend in the underlying implementation.
2816 \n If there is a cross-namespace reference
2817 to an *existing* object that is not allowed
2818 by a ReferenceGrant, the controller must ensure
2819 the \"ResolvedRefs\" condition on the Route
2820 is set to `status: False`, with the \"RefNotPermitted\"
2821 reason and not configure this backend in the
2822 underlying implementation. \n In either error
2823 case, the Message of the `ResolvedRefs` Condition
2824 should be used to provide more detail about
2825 the problem. \n Support: Extended for Kubernetes
2826 Service \n Support: Implementation-specific
2827 for any other resource"
2828 properties:
2829 group:
2830 default: ""
2831 description: Group is the group of the referent.
2832 For example, "gateway.networking.k8s.io".
2833 When unspecified or empty string, core
2834 API group is inferred.
2835 maxLength: 253
2836 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2837 type: string
2838 kind:
2839 default: Service
2840 description: "Kind is the Kubernetes resource
2841 kind of the referent. For example \"Service\".
2842 \n Defaults to \"Service\" when not specified.
2843 \n ExternalName services can refer to
2844 CNAME DNS records that may live outside
2845 of the cluster and as such are difficult
2846 to reason about in terms of conformance.
2847 They also may not be safe to forward to
2848 (see CVE-2021-25740 for more information).
2849 Implementations SHOULD NOT support ExternalName
2850 Services. \n Support: Core (Services with
2851 a type other than ExternalName) \n Support:
2852 Implementation-specific (Services with
2853 type ExternalName)"
2854 maxLength: 63
2855 minLength: 1
2856 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
2857 type: string
2858 name:
2859 description: Name is the name of the referent.
2860 maxLength: 253
2861 minLength: 1
2862 type: string
2863 namespace:
2864 description: "Namespace is the namespace
2865 of the backend. When unspecified, the
2866 local namespace is inferred. \n Note that
2867 when a namespace different than the local
2868 namespace is specified, a ReferenceGrant
2869 object is required in the referent namespace
2870 to allow that namespace's owner to accept
2871 the reference. See the ReferenceGrant
2872 documentation for details. \n Support:
2873 Core"
2874 maxLength: 63
2875 minLength: 1
2876 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
2877 type: string
2878 port:
2879 description: Port specifies the destination
2880 port number to use for this resource.
2881 Port is required when the referent is
2882 a Kubernetes Service. In this case, the
2883 port number is the service port number,
2884 not the target port. For other resources,
2885 destination port might be derived from
2886 the referent resource or this field.
2887 format: int32
2888 maximum: 65535
2889 minimum: 1
2890 type: integer
2891 required:
2892 - name
2893 type: object
2894 x-kubernetes-validations:
2895 - message: Must have port for Service reference
2896 rule: '(size(self.group) == 0 && self.kind
2897 == ''Service'') ? has(self.port) : true'
2898 required:
2899 - backendRef
2900 type: object
2901 requestRedirect:
2902 description: "RequestRedirect defines a schema for
2903 a filter that responds to the request with an
2904 HTTP redirection. \n Support: Core"
2905 properties:
2906 hostname:
2907 description: "Hostname is the hostname to be
2908 used in the value of the `Location` header
2909 in the response. When empty, the hostname
2910 in the `Host` header of the request is used.
2911 \n Support: Core"
2912 maxLength: 253
2913 minLength: 1
2914 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
2915 type: string
2916 path:
2917 description: "Path defines parameters used to
2918 modify the path of the incoming request. The
2919 modified path is then used to construct the
2920 `Location` header. When empty, the request
2921 path is used as-is. \n Support: Extended"
2922 properties:
2923 replaceFullPath:
2924 description: ReplaceFullPath specifies the
2925 value with which to replace the full path
2926 of a request during a rewrite or redirect.
2927 maxLength: 1024
2928 type: string
2929 replacePrefixMatch:
2930 description: "ReplacePrefixMatch specifies
2931 the value with which to replace the prefix
2932 match of a request during a rewrite or
2933 redirect. For example, a request to \"/foo/bar\"
2934 with a prefix match of \"/foo\" and a
2935 ReplacePrefixMatch of \"/xyz\" would be
2936 modified to \"/xyz/bar\". \n Note that
2937 this matches the behavior of the PathPrefix
2938 match type. This matches full path elements.
2939 A path element refers to the list of labels
2940 in the path split by the `/` separator.
2941 When specified, a trailing `/` is ignored.
2942 For example, the paths `/abc`, `/abc/`,
2943 and `/abc/def` would all match the prefix
2944 `/abc`, but the path `/abcd` would not.
2945 \n ReplacePrefixMatch is only compatible
2946 with a `PathPrefix` HTTPRouteMatch. Using
2947 any other HTTPRouteMatch type on the same
2948 HTTPRouteRule will result in the implementation
2949 setting the Accepted Condition for the
2950 Route to `status: False`. \n Request Path
2951 | Prefix Match | Replace Prefix | Modified
2952 Path -------------|--------------|----------------|----------
2953 /foo/bar | /foo | /xyz |
2954 /xyz/bar /foo/bar | /foo |
2955 /xyz/ | /xyz/bar /foo/bar |
2956 /foo/ | /xyz | /xyz/bar
2957 /foo/bar | /foo/ | /xyz/ |
2958 /xyz/bar /foo | /foo |
2959 /xyz | /xyz /foo/ | /foo
2960 \ | /xyz | /xyz/ /foo/bar
2961 \ | /foo | <empty string> |
2962 /bar /foo/ | /foo | <empty
2963 string> | / /foo | /foo |
2964 <empty string> | / /foo/ | /foo
2965 \ | / | / /foo |
2966 /foo | / | /"
2967 maxLength: 1024
2968 type: string
2969 type:
2970 description: "Type defines the type of path
2971 modifier. Additional types may be added
2972 in a future release of the API. \n Note
2973 that values may be added to this enum,
2974 implementations must ensure that unknown
2975 values will not cause a crash. \n Unknown
2976 values here must result in the implementation
2977 setting the Accepted Condition for the
2978 Route to `status: False`, with a Reason
2979 of `UnsupportedValue`."
2980 enum:
2981 - ReplaceFullPath
2982 - ReplacePrefixMatch
2983 type: string
2984 required:
2985 - type
2986 type: object
2987 x-kubernetes-validations:
2988 - message: replaceFullPath must be specified
2989 when type is set to 'ReplaceFullPath'
2990 rule: 'self.type == ''ReplaceFullPath'' ?
2991 has(self.replaceFullPath) : true'
2992 - message: type must be 'ReplaceFullPath' when
2993 replaceFullPath is set
2994 rule: 'has(self.replaceFullPath) ? self.type
2995 == ''ReplaceFullPath'' : true'
2996 - message: replacePrefixMatch must be specified
2997 when type is set to 'ReplacePrefixMatch'
2998 rule: 'self.type == ''ReplacePrefixMatch''
2999 ? has(self.replacePrefixMatch) : true'
3000 - message: type must be 'ReplacePrefixMatch'
3001 when replacePrefixMatch is set
3002 rule: 'has(self.replacePrefixMatch) ? self.type
3003 == ''ReplacePrefixMatch'' : true'
3004 port:
3005 description: "Port is the port to be used in
3006 the value of the `Location` header in the
3007 response. \n If no port is specified, the
3008 redirect port MUST be derived using the following
3009 rules: \n * If redirect scheme is not-empty,
3010 the redirect port MUST be the well-known port
3011 associated with the redirect scheme. Specifically
3012 \"http\" to port 80 and \"https\" to port
3013 443. If the redirect scheme does not have
3014 a well-known port, the listener port of the
3015 Gateway SHOULD be used. * If redirect scheme
3016 is empty, the redirect port MUST be the Gateway
3017 Listener port. \n Implementations SHOULD NOT
3018 add the port number in the 'Location' header
3019 in the following cases: \n * A Location header
3020 that will use HTTP (whether that is determined
3021 via the Listener protocol or the Scheme field)
3022 _and_ use port 80. * A Location header that
3023 will use HTTPS (whether that is determined
3024 via the Listener protocol or the Scheme field)
3025 _and_ use port 443. \n Support: Extended"
3026 format: int32
3027 maximum: 65535
3028 minimum: 1
3029 type: integer
3030 scheme:
3031 description: "Scheme is the scheme to be used
3032 in the value of the `Location` header in the
3033 response. When empty, the scheme of the request
3034 is used. \n Scheme redirects can affect the
3035 port of the redirect, for more information,
3036 refer to the documentation for the port field
3037 of this filter. \n Note that values may be
3038 added to this enum, implementations must ensure
3039 that unknown values will not cause a crash.
3040 \n Unknown values here must result in the
3041 implementation setting the Accepted Condition
3042 for the Route to `status: False`, with a Reason
3043 of `UnsupportedValue`. \n Support: Extended"
3044 enum:
3045 - http
3046 - https
3047 type: string
3048 statusCode:
3049 default: 302
3050 description: "StatusCode is the HTTP status
3051 code to be used in response. \n Note that
3052 values may be added to this enum, implementations
3053 must ensure that unknown values will not cause
3054 a crash. \n Unknown values here must result
3055 in the implementation setting the Accepted
3056 Condition for the Route to `status: False`,
3057 with a Reason of `UnsupportedValue`. \n Support:
3058 Core"
3059 enum:
3060 - 301
3061 - 302
3062 type: integer
3063 type: object
3064 responseHeaderModifier:
3065 description: "ResponseHeaderModifier defines a schema
3066 for a filter that modifies response headers. \n
3067 Support: Extended"
3068 properties:
3069 add:
3070 description: "Add adds the given header(s) (name,
3071 value) to the request before the action. It
3072 appends to any existing values associated
3073 with the header name. \n Input: GET /foo HTTP/1.1
3074 my-header: foo \n Config: add: - name: \"my-header\"
3075 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
3076 my-header: foo,bar,baz"
3077 items:
3078 description: HTTPHeader represents an HTTP
3079 Header name and value as defined by RFC
3080 7230.
3081 properties:
3082 name:
3083 description: "Name is the name of the
3084 HTTP Header to be matched. Name matching
3085 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3086 \n If multiple entries specify equivalent
3087 header names, the first entry with an
3088 equivalent name MUST be considered for
3089 a match. Subsequent entries with an
3090 equivalent header name MUST be ignored.
3091 Due to the case-insensitivity of header
3092 names, \"foo\" and \"Foo\" are considered
3093 equivalent."
3094 maxLength: 256
3095 minLength: 1
3096 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3097 type: string
3098 value:
3099 description: Value is the value of HTTP
3100 Header to be matched.
3101 maxLength: 4096
3102 minLength: 1
3103 type: string
3104 required:
3105 - name
3106 - value
3107 type: object
3108 maxItems: 16
3109 type: array
3110 x-kubernetes-list-map-keys:
3111 - name
3112 x-kubernetes-list-type: map
3113 remove:
3114 description: "Remove the given header(s) from
3115 the HTTP request before the action. The value
3116 of Remove is a list of HTTP header names.
3117 Note that the header names are case-insensitive
3118 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3119 \n Input: GET /foo HTTP/1.1 my-header1: foo
3120 my-header2: bar my-header3: baz \n Config:
3121 remove: [\"my-header1\", \"my-header3\"] \n
3122 Output: GET /foo HTTP/1.1 my-header2: bar"
3123 items:
3124 type: string
3125 maxItems: 16
3126 type: array
3127 x-kubernetes-list-type: set
3128 set:
3129 description: "Set overwrites the request with
3130 the given header (name, value) before the
3131 action. \n Input: GET /foo HTTP/1.1 my-header:
3132 foo \n Config: set: - name: \"my-header\"
3133 value: \"bar\" \n Output: GET /foo HTTP/1.1
3134 my-header: bar"
3135 items:
3136 description: HTTPHeader represents an HTTP
3137 Header name and value as defined by RFC
3138 7230.
3139 properties:
3140 name:
3141 description: "Name is the name of the
3142 HTTP Header to be matched. Name matching
3143 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3144 \n If multiple entries specify equivalent
3145 header names, the first entry with an
3146 equivalent name MUST be considered for
3147 a match. Subsequent entries with an
3148 equivalent header name MUST be ignored.
3149 Due to the case-insensitivity of header
3150 names, \"foo\" and \"Foo\" are considered
3151 equivalent."
3152 maxLength: 256
3153 minLength: 1
3154 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3155 type: string
3156 value:
3157 description: Value is the value of HTTP
3158 Header to be matched.
3159 maxLength: 4096
3160 minLength: 1
3161 type: string
3162 required:
3163 - name
3164 - value
3165 type: object
3166 maxItems: 16
3167 type: array
3168 x-kubernetes-list-map-keys:
3169 - name
3170 x-kubernetes-list-type: map
3171 type: object
3172 type:
3173 description: "Type identifies the type of filter
3174 to apply. As with other API fields, types are
3175 classified into three conformance levels: \n -
3176 Core: Filter types and their corresponding configuration
3177 defined by \"Support: Core\" in this package,
3178 e.g. \"RequestHeaderModifier\". All implementations
3179 must support core filters. \n - Extended: Filter
3180 types and their corresponding configuration defined
3181 by \"Support: Extended\" in this package, e.g.
3182 \"RequestMirror\". Implementers are encouraged
3183 to support extended filters. \n - Implementation-specific:
3184 Filters that are defined and supported by specific
3185 vendors. In the future, filters showing convergence
3186 in behavior across multiple implementations will
3187 be considered for inclusion in extended or core
3188 conformance levels. Filter-specific configuration
3189 for such filters is specified using the ExtensionRef
3190 field. `Type` should be set to \"ExtensionRef\"
3191 for custom filters. \n Implementers are encouraged
3192 to define custom implementation types to extend
3193 the core API with implementation-specific behavior.
3194 \n If a reference to a custom filter type cannot
3195 be resolved, the filter MUST NOT be skipped. Instead,
3196 requests that would have been processed by that
3197 filter MUST receive a HTTP error response. \n
3198 Note that values may be added to this enum, implementations
3199 must ensure that unknown values will not cause
3200 a crash. \n Unknown values here must result in
3201 the implementation setting the Accepted Condition
3202 for the Route to `status: False`, with a Reason
3203 of `UnsupportedValue`."
3204 enum:
3205 - RequestHeaderModifier
3206 - ResponseHeaderModifier
3207 - RequestMirror
3208 - RequestRedirect
3209 - URLRewrite
3210 - ExtensionRef
3211 type: string
3212 urlRewrite:
3213 description: "URLRewrite defines a schema for a
3214 filter that modifies a request during forwarding.
3215 \n Support: Extended"
3216 properties:
3217 hostname:
3218 description: "Hostname is the value to be used
3219 to replace the Host header value during forwarding.
3220 \n Support: Extended"
3221 maxLength: 253
3222 minLength: 1
3223 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3224 type: string
3225 path:
3226 description: "Path defines a path rewrite. \n
3227 Support: Extended"
3228 properties:
3229 replaceFullPath:
3230 description: ReplaceFullPath specifies the
3231 value with which to replace the full path
3232 of a request during a rewrite or redirect.
3233 maxLength: 1024
3234 type: string
3235 replacePrefixMatch:
3236 description: "ReplacePrefixMatch specifies
3237 the value with which to replace the prefix
3238 match of a request during a rewrite or
3239 redirect. For example, a request to \"/foo/bar\"
3240 with a prefix match of \"/foo\" and a
3241 ReplacePrefixMatch of \"/xyz\" would be
3242 modified to \"/xyz/bar\". \n Note that
3243 this matches the behavior of the PathPrefix
3244 match type. This matches full path elements.
3245 A path element refers to the list of labels
3246 in the path split by the `/` separator.
3247 When specified, a trailing `/` is ignored.
3248 For example, the paths `/abc`, `/abc/`,
3249 and `/abc/def` would all match the prefix
3250 `/abc`, but the path `/abcd` would not.
3251 \n ReplacePrefixMatch is only compatible
3252 with a `PathPrefix` HTTPRouteMatch. Using
3253 any other HTTPRouteMatch type on the same
3254 HTTPRouteRule will result in the implementation
3255 setting the Accepted Condition for the
3256 Route to `status: False`. \n Request Path
3257 | Prefix Match | Replace Prefix | Modified
3258 Path -------------|--------------|----------------|----------
3259 /foo/bar | /foo | /xyz |
3260 /xyz/bar /foo/bar | /foo |
3261 /xyz/ | /xyz/bar /foo/bar |
3262 /foo/ | /xyz | /xyz/bar
3263 /foo/bar | /foo/ | /xyz/ |
3264 /xyz/bar /foo | /foo |
3265 /xyz | /xyz /foo/ | /foo
3266 \ | /xyz | /xyz/ /foo/bar
3267 \ | /foo | <empty string> |
3268 /bar /foo/ | /foo | <empty
3269 string> | / /foo | /foo |
3270 <empty string> | / /foo/ | /foo
3271 \ | / | / /foo |
3272 /foo | / | /"
3273 maxLength: 1024
3274 type: string
3275 type:
3276 description: "Type defines the type of path
3277 modifier. Additional types may be added
3278 in a future release of the API. \n Note
3279 that values may be added to this enum,
3280 implementations must ensure that unknown
3281 values will not cause a crash. \n Unknown
3282 values here must result in the implementation
3283 setting the Accepted Condition for the
3284 Route to `status: False`, with a Reason
3285 of `UnsupportedValue`."
3286 enum:
3287 - ReplaceFullPath
3288 - ReplacePrefixMatch
3289 type: string
3290 required:
3291 - type
3292 type: object
3293 x-kubernetes-validations:
3294 - message: replaceFullPath must be specified
3295 when type is set to 'ReplaceFullPath'
3296 rule: 'self.type == ''ReplaceFullPath'' ?
3297 has(self.replaceFullPath) : true'
3298 - message: type must be 'ReplaceFullPath' when
3299 replaceFullPath is set
3300 rule: 'has(self.replaceFullPath) ? self.type
3301 == ''ReplaceFullPath'' : true'
3302 - message: replacePrefixMatch must be specified
3303 when type is set to 'ReplacePrefixMatch'
3304 rule: 'self.type == ''ReplacePrefixMatch''
3305 ? has(self.replacePrefixMatch) : true'
3306 - message: type must be 'ReplacePrefixMatch'
3307 when replacePrefixMatch is set
3308 rule: 'has(self.replacePrefixMatch) ? self.type
3309 == ''ReplacePrefixMatch'' : true'
3310 type: object
3311 required:
3312 - type
3313 type: object
3314 x-kubernetes-validations:
3315 - message: filter.requestHeaderModifier must be nil
3316 if the filter.type is not RequestHeaderModifier
3317 rule: '!(has(self.requestHeaderModifier) && self.type
3318 != ''RequestHeaderModifier'')'
3319 - message: filter.requestHeaderModifier must be specified
3320 for RequestHeaderModifier filter.type
3321 rule: '!(!has(self.requestHeaderModifier) && self.type
3322 == ''RequestHeaderModifier'')'
3323 - message: filter.responseHeaderModifier must be nil
3324 if the filter.type is not ResponseHeaderModifier
3325 rule: '!(has(self.responseHeaderModifier) && self.type
3326 != ''ResponseHeaderModifier'')'
3327 - message: filter.responseHeaderModifier must be specified
3328 for ResponseHeaderModifier filter.type
3329 rule: '!(!has(self.responseHeaderModifier) && self.type
3330 == ''ResponseHeaderModifier'')'
3331 - message: filter.requestMirror must be nil if the filter.type
3332 is not RequestMirror
3333 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
3334 - message: filter.requestMirror must be specified for
3335 RequestMirror filter.type
3336 rule: '!(!has(self.requestMirror) && self.type ==
3337 ''RequestMirror'')'
3338 - message: filter.requestRedirect must be nil if the
3339 filter.type is not RequestRedirect
3340 rule: '!(has(self.requestRedirect) && self.type !=
3341 ''RequestRedirect'')'
3342 - message: filter.requestRedirect must be specified
3343 for RequestRedirect filter.type
3344 rule: '!(!has(self.requestRedirect) && self.type ==
3345 ''RequestRedirect'')'
3346 - message: filter.urlRewrite must be nil if the filter.type
3347 is not URLRewrite
3348 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
3349 - message: filter.urlRewrite must be specified for URLRewrite
3350 filter.type
3351 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
3352 - message: filter.extensionRef must be nil if the filter.type
3353 is not ExtensionRef
3354 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
3355 - message: filter.extensionRef must be specified for
3356 ExtensionRef filter.type
3357 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
3358 maxItems: 16
3359 type: array
3360 x-kubernetes-validations:
3361 - message: May specify either httpRouteFilterRequestRedirect
3362 or httpRouteFilterRequestRewrite, but not both
3363 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
3364 && self.exists(f, f.type == ''URLRewrite''))'
3365 - message: May specify either httpRouteFilterRequestRedirect
3366 or httpRouteFilterRequestRewrite, but not both
3367 rule: '!(self.exists(f, f.type == ''RequestRedirect'')
3368 && self.exists(f, f.type == ''URLRewrite''))'
3369 - message: RequestHeaderModifier filter cannot be repeated
3370 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
3371 <= 1
3372 - message: ResponseHeaderModifier filter cannot be repeated
3373 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
3374 <= 1
3375 - message: RequestRedirect filter cannot be repeated
3376 rule: self.filter(f, f.type == 'RequestRedirect').size()
3377 <= 1
3378 - message: URLRewrite filter cannot be repeated
3379 rule: self.filter(f, f.type == 'URLRewrite').size()
3380 <= 1
3381 group:
3382 default: ""
3383 description: Group is the group of the referent. For example,
3384 "gateway.networking.k8s.io". When unspecified or empty
3385 string, core API group is inferred.
3386 maxLength: 253
3387 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3388 type: string
3389 kind:
3390 default: Service
3391 description: "Kind is the Kubernetes resource kind of
3392 the referent. For example \"Service\". \n Defaults to
3393 \"Service\" when not specified. \n ExternalName services
3394 can refer to CNAME DNS records that may live outside
3395 of the cluster and as such are difficult to reason about
3396 in terms of conformance. They also may not be safe to
3397 forward to (see CVE-2021-25740 for more information).
3398 Implementations SHOULD NOT support ExternalName Services.
3399 \n Support: Core (Services with a type other than ExternalName)
3400 \n Support: Implementation-specific (Services with type
3401 ExternalName)"
3402 maxLength: 63
3403 minLength: 1
3404 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3405 type: string
3406 name:
3407 description: Name is the name of the referent.
3408 maxLength: 253
3409 minLength: 1
3410 type: string
3411 namespace:
3412 description: "Namespace is the namespace of the backend.
3413 When unspecified, the local namespace is inferred. \n
3414 Note that when a namespace different than the local
3415 namespace is specified, a ReferenceGrant object is required
3416 in the referent namespace to allow that namespace's
3417 owner to accept the reference. See the ReferenceGrant
3418 documentation for details. \n Support: Core"
3419 maxLength: 63
3420 minLength: 1
3421 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3422 type: string
3423 port:
3424 description: Port specifies the destination port number
3425 to use for this resource. Port is required when the
3426 referent is a Kubernetes Service. In this case, the
3427 port number is the service port number, not the target
3428 port. For other resources, destination port might be
3429 derived from the referent resource or this field.
3430 format: int32
3431 maximum: 65535
3432 minimum: 1
3433 type: integer
3434 weight:
3435 default: 1
3436 description: "Weight specifies the proportion of requests
3437 forwarded to the referenced backend. This is computed
3438 as weight/(sum of all weights in this BackendRefs list).
3439 For non-zero values, there may be some epsilon from
3440 the exact proportion defined here depending on the precision
3441 an implementation supports. Weight is not a percentage
3442 and the sum of weights does not need to equal 100. \n
3443 If only one backend is specified and it has a weight
3444 greater than 0, 100% of the traffic is forwarded to
3445 that backend. If weight is set to 0, no traffic should
3446 be forwarded for this entry. If unspecified, weight
3447 defaults to 1. \n Support for this field varies based
3448 on the context where used."
3449 format: int32
3450 maximum: 1000000
3451 minimum: 0
3452 type: integer
3453 required:
3454 - name
3455 type: object
3456 x-kubernetes-validations:
3457 - message: Must have port for Service reference
3458 rule: '(size(self.group) == 0 && self.kind == ''Service'')
3459 ? has(self.port) : true'
3460 maxItems: 16
3461 type: array
3462 filters:
3463 description: "Filters define the filters that are applied to
3464 requests that match this rule. \n The effects of ordering
3465 of multiple behaviors are currently unspecified. This can
3466 change in the future based on feedback during the alpha stage.
3467 \n Conformance-levels at this level are defined based on the
3468 type of filter: \n - ALL core filters MUST be supported by
3469 all implementations. - Implementers are encouraged to support
3470 extended filters. - Implementation-specific custom filters
3471 have no API guarantees across implementations. \n Specifying
3472 the same filter multiple times is not supported unless explicitly
3473 indicated in the filter. \n All filters are expected to be
3474 compatible with each other except for the URLRewrite and RequestRedirect
3475 filters, which may not be combined. If an implementation can
3476 not support other combinations of filters, they must clearly
3477 document that limitation. In cases where incompatible or unsupported
3478 filters are specified and cause the `Accepted` condition to
3479 be set to status `False`, implementations may use the `IncompatibleFilters`
3480 reason to specify this configuration error. \n Support: Core"
3481 items:
3482 description: HTTPRouteFilter defines processing steps that
3483 must be completed during the request or response lifecycle.
3484 HTTPRouteFilters are meant as an extension point to express
3485 processing that may be done in Gateway implementations.
3486 Some examples include request or response modification,
3487 implementing authentication strategies, rate-limiting, and
3488 traffic shaping. API guarantee/conformance is defined based
3489 on the type of the filter.
3490 properties:
3491 extensionRef:
3492 description: "ExtensionRef is an optional, implementation-specific
3493 extension to the \"filter\" behavior. For example,
3494 resource \"myroutefilter\" in group \"networking.example.net\").
3495 ExtensionRef MUST NOT be used for core and extended
3496 filters. \n This filter can be used multiple times within
3497 the same rule. \n Support: Implementation-specific"
3498 properties:
3499 group:
3500 description: Group is the group of the referent. For
3501 example, "gateway.networking.k8s.io". When unspecified
3502 or empty string, core API group is inferred.
3503 maxLength: 253
3504 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3505 type: string
3506 kind:
3507 description: Kind is kind of the referent. For example
3508 "HTTPRoute" or "Service".
3509 maxLength: 63
3510 minLength: 1
3511 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3512 type: string
3513 name:
3514 description: Name is the name of the referent.
3515 maxLength: 253
3516 minLength: 1
3517 type: string
3518 required:
3519 - group
3520 - kind
3521 - name
3522 type: object
3523 requestHeaderModifier:
3524 description: "RequestHeaderModifier defines a schema for
3525 a filter that modifies request headers. \n Support:
3526 Core"
3527 properties:
3528 add:
3529 description: "Add adds the given header(s) (name,
3530 value) to the request before the action. It appends
3531 to any existing values associated with the header
3532 name. \n Input: GET /foo HTTP/1.1 my-header: foo
3533 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
3534 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
3535 items:
3536 description: HTTPHeader represents an HTTP Header
3537 name and value as defined by RFC 7230.
3538 properties:
3539 name:
3540 description: "Name is the name of the HTTP Header
3541 to be matched. Name matching MUST be case
3542 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3543 \n If multiple entries specify equivalent
3544 header names, the first entry with an equivalent
3545 name MUST be considered for a match. Subsequent
3546 entries with an equivalent header name MUST
3547 be ignored. Due to the case-insensitivity
3548 of header names, \"foo\" and \"Foo\" are considered
3549 equivalent."
3550 maxLength: 256
3551 minLength: 1
3552 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3553 type: string
3554 value:
3555 description: Value is the value of HTTP Header
3556 to be matched.
3557 maxLength: 4096
3558 minLength: 1
3559 type: string
3560 required:
3561 - name
3562 - value
3563 type: object
3564 maxItems: 16
3565 type: array
3566 x-kubernetes-list-map-keys:
3567 - name
3568 x-kubernetes-list-type: map
3569 remove:
3570 description: "Remove the given header(s) from the
3571 HTTP request before the action. The value of Remove
3572 is a list of HTTP header names. Note that the header
3573 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3574 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
3575 bar my-header3: baz \n Config: remove: [\"my-header1\",
3576 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
3577 bar"
3578 items:
3579 type: string
3580 maxItems: 16
3581 type: array
3582 x-kubernetes-list-type: set
3583 set:
3584 description: "Set overwrites the request with the
3585 given header (name, value) before the action. \n
3586 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
3587 set: - name: \"my-header\" value: \"bar\" \n Output:
3588 GET /foo HTTP/1.1 my-header: bar"
3589 items:
3590 description: HTTPHeader represents an HTTP Header
3591 name and value as defined by RFC 7230.
3592 properties:
3593 name:
3594 description: "Name is the name of the HTTP Header
3595 to be matched. Name matching MUST be case
3596 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3597 \n If multiple entries specify equivalent
3598 header names, the first entry with an equivalent
3599 name MUST be considered for a match. Subsequent
3600 entries with an equivalent header name MUST
3601 be ignored. Due to the case-insensitivity
3602 of header names, \"foo\" and \"Foo\" are considered
3603 equivalent."
3604 maxLength: 256
3605 minLength: 1
3606 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3607 type: string
3608 value:
3609 description: Value is the value of HTTP Header
3610 to be matched.
3611 maxLength: 4096
3612 minLength: 1
3613 type: string
3614 required:
3615 - name
3616 - value
3617 type: object
3618 maxItems: 16
3619 type: array
3620 x-kubernetes-list-map-keys:
3621 - name
3622 x-kubernetes-list-type: map
3623 type: object
3624 requestMirror:
3625 description: "RequestMirror defines a schema for a filter
3626 that mirrors requests. Requests are sent to the specified
3627 destination, but responses from that destination are
3628 ignored. \n This filter can be used multiple times within
3629 the same rule. Note that not all implementations will
3630 be able to support mirroring to multiple backends. \n
3631 Support: Extended"
3632 properties:
3633 backendRef:
3634 description: "BackendRef references a resource where
3635 mirrored requests are sent. \n Mirrored requests
3636 must be sent only to a single destination endpoint
3637 within this BackendRef, irrespective of how many
3638 endpoints are present within this BackendRef. \n
3639 If the referent cannot be found, this BackendRef
3640 is invalid and must be dropped from the Gateway.
3641 The controller must ensure the \"ResolvedRefs\"
3642 condition on the Route status is set to `status:
3643 False` and not configure this backend in the underlying
3644 implementation. \n If there is a cross-namespace
3645 reference to an *existing* object that is not allowed
3646 by a ReferenceGrant, the controller must ensure
3647 the \"ResolvedRefs\" condition on the Route is
3648 set to `status: False`, with the \"RefNotPermitted\"
3649 reason and not configure this backend in the underlying
3650 implementation. \n In either error case, the Message
3651 of the `ResolvedRefs` Condition should be used to
3652 provide more detail about the problem. \n Support:
3653 Extended for Kubernetes Service \n Support: Implementation-specific
3654 for any other resource"
3655 properties:
3656 group:
3657 default: ""
3658 description: Group is the group of the referent.
3659 For example, "gateway.networking.k8s.io". When
3660 unspecified or empty string, core API group
3661 is inferred.
3662 maxLength: 253
3663 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3664 type: string
3665 kind:
3666 default: Service
3667 description: "Kind is the Kubernetes resource
3668 kind of the referent. For example \"Service\".
3669 \n Defaults to \"Service\" when not specified.
3670 \n ExternalName services can refer to CNAME
3671 DNS records that may live outside of the cluster
3672 and as such are difficult to reason about in
3673 terms of conformance. They also may not be safe
3674 to forward to (see CVE-2021-25740 for more information).
3675 Implementations SHOULD NOT support ExternalName
3676 Services. \n Support: Core (Services with a
3677 type other than ExternalName) \n Support: Implementation-specific
3678 (Services with type ExternalName)"
3679 maxLength: 63
3680 minLength: 1
3681 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
3682 type: string
3683 name:
3684 description: Name is the name of the referent.
3685 maxLength: 253
3686 minLength: 1
3687 type: string
3688 namespace:
3689 description: "Namespace is the namespace of the
3690 backend. When unspecified, the local namespace
3691 is inferred. \n Note that when a namespace different
3692 than the local namespace is specified, a ReferenceGrant
3693 object is required in the referent namespace
3694 to allow that namespace's owner to accept the
3695 reference. See the ReferenceGrant documentation
3696 for details. \n Support: Core"
3697 maxLength: 63
3698 minLength: 1
3699 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
3700 type: string
3701 port:
3702 description: Port specifies the destination port
3703 number to use for this resource. Port is required
3704 when the referent is a Kubernetes Service. In
3705 this case, the port number is the service port
3706 number, not the target port. For other resources,
3707 destination port might be derived from the referent
3708 resource or this field.
3709 format: int32
3710 maximum: 65535
3711 minimum: 1
3712 type: integer
3713 required:
3714 - name
3715 type: object
3716 x-kubernetes-validations:
3717 - message: Must have port for Service reference
3718 rule: '(size(self.group) == 0 && self.kind == ''Service'')
3719 ? has(self.port) : true'
3720 required:
3721 - backendRef
3722 type: object
3723 requestRedirect:
3724 description: "RequestRedirect defines a schema for a filter
3725 that responds to the request with an HTTP redirection.
3726 \n Support: Core"
3727 properties:
3728 hostname:
3729 description: "Hostname is the hostname to be used
3730 in the value of the `Location` header in the response.
3731 When empty, the hostname in the `Host` header of
3732 the request is used. \n Support: Core"
3733 maxLength: 253
3734 minLength: 1
3735 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
3736 type: string
3737 path:
3738 description: "Path defines parameters used to modify
3739 the path of the incoming request. The modified path
3740 is then used to construct the `Location` header.
3741 When empty, the request path is used as-is. \n Support:
3742 Extended"
3743 properties:
3744 replaceFullPath:
3745 description: ReplaceFullPath specifies the value
3746 with which to replace the full path of a request
3747 during a rewrite or redirect.
3748 maxLength: 1024
3749 type: string
3750 replacePrefixMatch:
3751 description: "ReplacePrefixMatch specifies the
3752 value with which to replace the prefix match
3753 of a request during a rewrite or redirect. For
3754 example, a request to \"/foo/bar\" with a prefix
3755 match of \"/foo\" and a ReplacePrefixMatch of
3756 \"/xyz\" would be modified to \"/xyz/bar\".
3757 \n Note that this matches the behavior of the
3758 PathPrefix match type. This matches full path
3759 elements. A path element refers to the list
3760 of labels in the path split by the `/` separator.
3761 When specified, a trailing `/` is ignored. For
3762 example, the paths `/abc`, `/abc/`, and `/abc/def`
3763 would all match the prefix `/abc`, but the path
3764 `/abcd` would not. \n ReplacePrefixMatch is
3765 only compatible with a `PathPrefix` HTTPRouteMatch.
3766 Using any other HTTPRouteMatch type on the same
3767 HTTPRouteRule will result in the implementation
3768 setting the Accepted Condition for the Route
3769 to `status: False`. \n Request Path | Prefix
3770 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
3771 /foo/bar | /foo | /xyz |
3772 /xyz/bar /foo/bar | /foo | /xyz/
3773 \ | /xyz/bar /foo/bar | /foo/ |
3774 /xyz | /xyz/bar /foo/bar | /foo/
3775 \ | /xyz/ | /xyz/bar /foo |
3776 /foo | /xyz | /xyz /foo/ |
3777 /foo | /xyz | /xyz/ /foo/bar
3778 \ | /foo | <empty string> | /bar
3779 /foo/ | /foo | <empty string>
3780 | / /foo | /foo | <empty string>
3781 | / /foo/ | /foo | / |
3782 / /foo | /foo | / |
3783 /"
3784 maxLength: 1024
3785 type: string
3786 type:
3787 description: "Type defines the type of path modifier.
3788 Additional types may be added in a future release
3789 of the API. \n Note that values may be added
3790 to this enum, implementations must ensure that
3791 unknown values will not cause a crash. \n Unknown
3792 values here must result in the implementation
3793 setting the Accepted Condition for the Route
3794 to `status: False`, with a Reason of `UnsupportedValue`."
3795 enum:
3796 - ReplaceFullPath
3797 - ReplacePrefixMatch
3798 type: string
3799 required:
3800 - type
3801 type: object
3802 x-kubernetes-validations:
3803 - message: replaceFullPath must be specified when
3804 type is set to 'ReplaceFullPath'
3805 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
3806 : true'
3807 - message: type must be 'ReplaceFullPath' when replaceFullPath
3808 is set
3809 rule: 'has(self.replaceFullPath) ? self.type ==
3810 ''ReplaceFullPath'' : true'
3811 - message: replacePrefixMatch must be specified when
3812 type is set to 'ReplacePrefixMatch'
3813 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
3814 : true'
3815 - message: type must be 'ReplacePrefixMatch' when
3816 replacePrefixMatch is set
3817 rule: 'has(self.replacePrefixMatch) ? self.type
3818 == ''ReplacePrefixMatch'' : true'
3819 port:
3820 description: "Port is the port to be used in the value
3821 of the `Location` header in the response. \n If
3822 no port is specified, the redirect port MUST be
3823 derived using the following rules: \n * If redirect
3824 scheme is not-empty, the redirect port MUST be the
3825 well-known port associated with the redirect scheme.
3826 Specifically \"http\" to port 80 and \"https\" to
3827 port 443. If the redirect scheme does not have a
3828 well-known port, the listener port of the Gateway
3829 SHOULD be used. * If redirect scheme is empty, the
3830 redirect port MUST be the Gateway Listener port.
3831 \n Implementations SHOULD NOT add the port number
3832 in the 'Location' header in the following cases:
3833 \n * A Location header that will use HTTP (whether
3834 that is determined via the Listener protocol or
3835 the Scheme field) _and_ use port 80. * A Location
3836 header that will use HTTPS (whether that is determined
3837 via the Listener protocol or the Scheme field) _and_
3838 use port 443. \n Support: Extended"
3839 format: int32
3840 maximum: 65535
3841 minimum: 1
3842 type: integer
3843 scheme:
3844 description: "Scheme is the scheme to be used in the
3845 value of the `Location` header in the response.
3846 When empty, the scheme of the request is used. \n
3847 Scheme redirects can affect the port of the redirect,
3848 for more information, refer to the documentation
3849 for the port field of this filter. \n Note that
3850 values may be added to this enum, implementations
3851 must ensure that unknown values will not cause a
3852 crash. \n Unknown values here must result in the
3853 implementation setting the Accepted Condition for
3854 the Route to `status: False`, with a Reason of `UnsupportedValue`.
3855 \n Support: Extended"
3856 enum:
3857 - http
3858 - https
3859 type: string
3860 statusCode:
3861 default: 302
3862 description: "StatusCode is the HTTP status code to
3863 be used in response. \n Note that values may be
3864 added to this enum, implementations must ensure
3865 that unknown values will not cause a crash. \n Unknown
3866 values here must result in the implementation setting
3867 the Accepted Condition for the Route to `status:
3868 False`, with a Reason of `UnsupportedValue`. \n
3869 Support: Core"
3870 enum:
3871 - 301
3872 - 302
3873 type: integer
3874 type: object
3875 responseHeaderModifier:
3876 description: "ResponseHeaderModifier defines a schema
3877 for a filter that modifies response headers. \n Support:
3878 Extended"
3879 properties:
3880 add:
3881 description: "Add adds the given header(s) (name,
3882 value) to the request before the action. It appends
3883 to any existing values associated with the header
3884 name. \n Input: GET /foo HTTP/1.1 my-header: foo
3885 \n Config: add: - name: \"my-header\" value: \"bar,baz\"
3886 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
3887 items:
3888 description: HTTPHeader represents an HTTP Header
3889 name and value as defined by RFC 7230.
3890 properties:
3891 name:
3892 description: "Name is the name of the HTTP Header
3893 to be matched. Name matching MUST be case
3894 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3895 \n If multiple entries specify equivalent
3896 header names, the first entry with an equivalent
3897 name MUST be considered for a match. Subsequent
3898 entries with an equivalent header name MUST
3899 be ignored. Due to the case-insensitivity
3900 of header names, \"foo\" and \"Foo\" are considered
3901 equivalent."
3902 maxLength: 256
3903 minLength: 1
3904 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3905 type: string
3906 value:
3907 description: Value is the value of HTTP Header
3908 to be matched.
3909 maxLength: 4096
3910 minLength: 1
3911 type: string
3912 required:
3913 - name
3914 - value
3915 type: object
3916 maxItems: 16
3917 type: array
3918 x-kubernetes-list-map-keys:
3919 - name
3920 x-kubernetes-list-type: map
3921 remove:
3922 description: "Remove the given header(s) from the
3923 HTTP request before the action. The value of Remove
3924 is a list of HTTP header names. Note that the header
3925 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
3926 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
3927 bar my-header3: baz \n Config: remove: [\"my-header1\",
3928 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
3929 bar"
3930 items:
3931 type: string
3932 maxItems: 16
3933 type: array
3934 x-kubernetes-list-type: set
3935 set:
3936 description: "Set overwrites the request with the
3937 given header (name, value) before the action. \n
3938 Input: GET /foo HTTP/1.1 my-header: foo \n Config:
3939 set: - name: \"my-header\" value: \"bar\" \n Output:
3940 GET /foo HTTP/1.1 my-header: bar"
3941 items:
3942 description: HTTPHeader represents an HTTP Header
3943 name and value as defined by RFC 7230.
3944 properties:
3945 name:
3946 description: "Name is the name of the HTTP Header
3947 to be matched. Name matching MUST be case
3948 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
3949 \n If multiple entries specify equivalent
3950 header names, the first entry with an equivalent
3951 name MUST be considered for a match. Subsequent
3952 entries with an equivalent header name MUST
3953 be ignored. Due to the case-insensitivity
3954 of header names, \"foo\" and \"Foo\" are considered
3955 equivalent."
3956 maxLength: 256
3957 minLength: 1
3958 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
3959 type: string
3960 value:
3961 description: Value is the value of HTTP Header
3962 to be matched.
3963 maxLength: 4096
3964 minLength: 1
3965 type: string
3966 required:
3967 - name
3968 - value
3969 type: object
3970 maxItems: 16
3971 type: array
3972 x-kubernetes-list-map-keys:
3973 - name
3974 x-kubernetes-list-type: map
3975 type: object
3976 type:
3977 description: "Type identifies the type of filter to apply.
3978 As with other API fields, types are classified into
3979 three conformance levels: \n - Core: Filter types and
3980 their corresponding configuration defined by \"Support:
3981 Core\" in this package, e.g. \"RequestHeaderModifier\".
3982 All implementations must support core filters. \n -
3983 Extended: Filter types and their corresponding configuration
3984 defined by \"Support: Extended\" in this package, e.g.
3985 \"RequestMirror\". Implementers are encouraged to support
3986 extended filters. \n - Implementation-specific: Filters
3987 that are defined and supported by specific vendors.
3988 In the future, filters showing convergence in behavior
3989 across multiple implementations will be considered for
3990 inclusion in extended or core conformance levels. Filter-specific
3991 configuration for such filters is specified using the
3992 ExtensionRef field. `Type` should be set to \"ExtensionRef\"
3993 for custom filters. \n Implementers are encouraged to
3994 define custom implementation types to extend the core
3995 API with implementation-specific behavior. \n If a reference
3996 to a custom filter type cannot be resolved, the filter
3997 MUST NOT be skipped. Instead, requests that would have
3998 been processed by that filter MUST receive a HTTP error
3999 response. \n Note that values may be added to this enum,
4000 implementations must ensure that unknown values will
4001 not cause a crash. \n Unknown values here must result
4002 in the implementation setting the Accepted Condition
4003 for the Route to `status: False`, with a Reason of `UnsupportedValue`."
4004 enum:
4005 - RequestHeaderModifier
4006 - ResponseHeaderModifier
4007 - RequestMirror
4008 - RequestRedirect
4009 - URLRewrite
4010 - ExtensionRef
4011 type: string
4012 urlRewrite:
4013 description: "URLRewrite defines a schema for a filter
4014 that modifies a request during forwarding. \n Support:
4015 Extended"
4016 properties:
4017 hostname:
4018 description: "Hostname is the value to be used to
4019 replace the Host header value during forwarding.
4020 \n Support: Extended"
4021 maxLength: 253
4022 minLength: 1
4023 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4024 type: string
4025 path:
4026 description: "Path defines a path rewrite. \n Support:
4027 Extended"
4028 properties:
4029 replaceFullPath:
4030 description: ReplaceFullPath specifies the value
4031 with which to replace the full path of a request
4032 during a rewrite or redirect.
4033 maxLength: 1024
4034 type: string
4035 replacePrefixMatch:
4036 description: "ReplacePrefixMatch specifies the
4037 value with which to replace the prefix match
4038 of a request during a rewrite or redirect. For
4039 example, a request to \"/foo/bar\" with a prefix
4040 match of \"/foo\" and a ReplacePrefixMatch of
4041 \"/xyz\" would be modified to \"/xyz/bar\".
4042 \n Note that this matches the behavior of the
4043 PathPrefix match type. This matches full path
4044 elements. A path element refers to the list
4045 of labels in the path split by the `/` separator.
4046 When specified, a trailing `/` is ignored. For
4047 example, the paths `/abc`, `/abc/`, and `/abc/def`
4048 would all match the prefix `/abc`, but the path
4049 `/abcd` would not. \n ReplacePrefixMatch is
4050 only compatible with a `PathPrefix` HTTPRouteMatch.
4051 Using any other HTTPRouteMatch type on the same
4052 HTTPRouteRule will result in the implementation
4053 setting the Accepted Condition for the Route
4054 to `status: False`. \n Request Path | Prefix
4055 Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
4056 /foo/bar | /foo | /xyz |
4057 /xyz/bar /foo/bar | /foo | /xyz/
4058 \ | /xyz/bar /foo/bar | /foo/ |
4059 /xyz | /xyz/bar /foo/bar | /foo/
4060 \ | /xyz/ | /xyz/bar /foo |
4061 /foo | /xyz | /xyz /foo/ |
4062 /foo | /xyz | /xyz/ /foo/bar
4063 \ | /foo | <empty string> | /bar
4064 /foo/ | /foo | <empty string>
4065 | / /foo | /foo | <empty string>
4066 | / /foo/ | /foo | / |
4067 / /foo | /foo | / |
4068 /"
4069 maxLength: 1024
4070 type: string
4071 type:
4072 description: "Type defines the type of path modifier.
4073 Additional types may be added in a future release
4074 of the API. \n Note that values may be added
4075 to this enum, implementations must ensure that
4076 unknown values will not cause a crash. \n Unknown
4077 values here must result in the implementation
4078 setting the Accepted Condition for the Route
4079 to `status: False`, with a Reason of `UnsupportedValue`."
4080 enum:
4081 - ReplaceFullPath
4082 - ReplacePrefixMatch
4083 type: string
4084 required:
4085 - type
4086 type: object
4087 x-kubernetes-validations:
4088 - message: replaceFullPath must be specified when
4089 type is set to 'ReplaceFullPath'
4090 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath)
4091 : true'
4092 - message: type must be 'ReplaceFullPath' when replaceFullPath
4093 is set
4094 rule: 'has(self.replaceFullPath) ? self.type ==
4095 ''ReplaceFullPath'' : true'
4096 - message: replacePrefixMatch must be specified when
4097 type is set to 'ReplacePrefixMatch'
4098 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch)
4099 : true'
4100 - message: type must be 'ReplacePrefixMatch' when
4101 replacePrefixMatch is set
4102 rule: 'has(self.replacePrefixMatch) ? self.type
4103 == ''ReplacePrefixMatch'' : true'
4104 type: object
4105 required:
4106 - type
4107 type: object
4108 x-kubernetes-validations:
4109 - message: filter.requestHeaderModifier must be nil if the
4110 filter.type is not RequestHeaderModifier
4111 rule: '!(has(self.requestHeaderModifier) && self.type !=
4112 ''RequestHeaderModifier'')'
4113 - message: filter.requestHeaderModifier must be specified
4114 for RequestHeaderModifier filter.type
4115 rule: '!(!has(self.requestHeaderModifier) && self.type ==
4116 ''RequestHeaderModifier'')'
4117 - message: filter.responseHeaderModifier must be nil if the
4118 filter.type is not ResponseHeaderModifier
4119 rule: '!(has(self.responseHeaderModifier) && self.type !=
4120 ''ResponseHeaderModifier'')'
4121 - message: filter.responseHeaderModifier must be specified
4122 for ResponseHeaderModifier filter.type
4123 rule: '!(!has(self.responseHeaderModifier) && self.type
4124 == ''ResponseHeaderModifier'')'
4125 - message: filter.requestMirror must be nil if the filter.type
4126 is not RequestMirror
4127 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
4128 - message: filter.requestMirror must be specified for RequestMirror
4129 filter.type
4130 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')'
4131 - message: filter.requestRedirect must be nil if the filter.type
4132 is not RequestRedirect
4133 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')'
4134 - message: filter.requestRedirect must be specified for RequestRedirect
4135 filter.type
4136 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')'
4137 - message: filter.urlRewrite must be nil if the filter.type
4138 is not URLRewrite
4139 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')'
4140 - message: filter.urlRewrite must be specified for URLRewrite
4141 filter.type
4142 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')'
4143 - message: filter.extensionRef must be nil if the filter.type
4144 is not ExtensionRef
4145 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
4146 - message: filter.extensionRef must be specified for ExtensionRef
4147 filter.type
4148 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
4149 maxItems: 16
4150 type: array
4151 x-kubernetes-validations:
4152 - message: May specify either httpRouteFilterRequestRedirect
4153 or httpRouteFilterRequestRewrite, but not both
4154 rule: '!(self.exists(f, f.type == ''RequestRedirect'') &&
4155 self.exists(f, f.type == ''URLRewrite''))'
4156 - message: RequestHeaderModifier filter cannot be repeated
4157 rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
4158 <= 1
4159 - message: ResponseHeaderModifier filter cannot be repeated
4160 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
4161 <= 1
4162 - message: RequestRedirect filter cannot be repeated
4163 rule: self.filter(f, f.type == 'RequestRedirect').size() <=
4164 1
4165 - message: URLRewrite filter cannot be repeated
4166 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1
4167 matches:
4168 default:
4169 - path:
4170 type: PathPrefix
4171 value: /
4172 description: "Matches define conditions used for matching the
4173 rule against incoming HTTP requests. Each match is independent,
4174 i.e. this rule will be matched if **any** one of the matches
4175 is satisfied. \n For example, take the following matches configuration:
4176 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
4177 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
4178 to match against this rule, a request must satisfy EITHER
4179 of the two conditions: \n - path prefixed with `/foo` AND
4180 contains the header `version: v2` - path prefix of `/v2/foo`
4181 \n See the documentation for HTTPRouteMatch on how to specify
4182 multiple match conditions that should be ANDed together. \n
4183 If no matches are specified, the default is a prefix path
4184 match on \"/\", which has the effect of matching every HTTP
4185 request. \n Proxy or Load Balancer routing configuration generated
4186 from HTTPRoutes MUST prioritize matches based on the following
4187 criteria, continuing on ties. Across all rules specified on
4188 applicable Routes, precedence must be given to the match having:
4189 \n * \"Exact\" path match. * \"Prefix\" path match with largest
4190 number of characters. * Method match. * Largest number of
4191 header matches. * Largest number of query param matches. \n
4192 Note: The precedence of RegularExpression path matches are
4193 implementation-specific. \n If ties still exist across multiple
4194 Routes, matching precedence MUST be determined in order of
4195 the following criteria, continuing on ties: \n * The oldest
4196 Route based on creation timestamp. * The Route appearing first
4197 in alphabetical order by \"{namespace}/{name}\". \n If ties
4198 still exist within an HTTPRoute, matching precedence MUST
4199 be granted to the FIRST matching rule (in list order) with
4200 a match meeting the above criteria. \n When no rules matching
4201 a request have been successfully attached to the parent a
4202 request is coming from, a HTTP 404 status code MUST be returned."
4203 items:
4204 description: "HTTPRouteMatch defines the predicate used to
4205 match requests to a given action. Multiple match types are
4206 ANDed together, i.e. the match will evaluate to true only
4207 if all conditions are satisfied. \n For example, the match
4208 below will match a HTTP request only if its path starts
4209 with `/foo` AND it contains the `version: v1` header: \n
4210 ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
4211 value \"v1\" \n ```"
4212 properties:
4213 headers:
4214 description: Headers specifies HTTP request header matchers.
4215 Multiple match values are ANDed together, meaning, a
4216 request must match all the specified headers to select
4217 the route.
4218 items:
4219 description: HTTPHeaderMatch describes how to select
4220 a HTTP route by matching HTTP request headers.
4221 properties:
4222 name:
4223 description: "Name is the name of the HTTP Header
4224 to be matched. Name matching MUST be case insensitive.
4225 (See https://tools.ietf.org/html/rfc7230#section-3.2).
4226 \n If multiple entries specify equivalent header
4227 names, only the first entry with an equivalent
4228 name MUST be considered for a match. Subsequent
4229 entries with an equivalent header name MUST be
4230 ignored. Due to the case-insensitivity of header
4231 names, \"foo\" and \"Foo\" are considered equivalent.
4232 \n When a header is repeated in an HTTP request,
4233 it is implementation-specific behavior as to how
4234 this is represented. Generally, proxies should
4235 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
4236 regarding processing a repeated header, with special
4237 handling for \"Set-Cookie\"."
4238 maxLength: 256
4239 minLength: 1
4240 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4241 type: string
4242 type:
4243 default: Exact
4244 description: "Type specifies how to match against
4245 the value of the header. \n Support: Core (Exact)
4246 \n Support: Implementation-specific (RegularExpression)
4247 \n Since RegularExpression HeaderMatchType has
4248 implementation-specific conformance, implementations
4249 can support POSIX, PCRE or any other dialects
4250 of regular expressions. Please read the implementation's
4251 documentation to determine the supported dialect."
4252 enum:
4253 - Exact
4254 - RegularExpression
4255 type: string
4256 value:
4257 description: Value is the value of HTTP Header to
4258 be matched.
4259 maxLength: 4096
4260 minLength: 1
4261 type: string
4262 required:
4263 - name
4264 - value
4265 type: object
4266 maxItems: 16
4267 type: array
4268 x-kubernetes-list-map-keys:
4269 - name
4270 x-kubernetes-list-type: map
4271 method:
4272 description: "Method specifies HTTP method matcher. When
4273 specified, this route will be matched only if the request
4274 has the specified method. \n Support: Extended"
4275 enum:
4276 - GET
4277 - HEAD
4278 - POST
4279 - PUT
4280 - DELETE
4281 - CONNECT
4282 - OPTIONS
4283 - TRACE
4284 - PATCH
4285 type: string
4286 path:
4287 default:
4288 type: PathPrefix
4289 value: /
4290 description: Path specifies a HTTP request path matcher.
4291 If this field is not specified, a default prefix match
4292 on the "/" path is provided.
4293 properties:
4294 type:
4295 default: PathPrefix
4296 description: "Type specifies how to match against
4297 the path Value. \n Support: Core (Exact, PathPrefix)
4298 \n Support: Implementation-specific (RegularExpression)"
4299 enum:
4300 - Exact
4301 - PathPrefix
4302 - RegularExpression
4303 type: string
4304 value:
4305 default: /
4306 description: Value of the HTTP path to match against.
4307 maxLength: 1024
4308 type: string
4309 type: object
4310 x-kubernetes-validations:
4311 - message: value must be an absolute path and start with
4312 '/' when type one of ['Exact', 'PathPrefix']
4313 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'')
4314 : true'
4315 - message: must not contain '//' when type one of ['Exact',
4316 'PathPrefix']
4317 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'')
4318 : true'
4319 - message: must not contain '/./' when type one of ['Exact',
4320 'PathPrefix']
4321 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'')
4322 : true'
4323 - message: must not contain '/../' when type one of ['Exact',
4324 'PathPrefix']
4325 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'')
4326 : true'
4327 - message: must not contain '%2f' when type one of ['Exact',
4328 'PathPrefix']
4329 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'')
4330 : true'
4331 - message: must not contain '%2F' when type one of ['Exact',
4332 'PathPrefix']
4333 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'')
4334 : true'
4335 - message: must not contain '#' when type one of ['Exact',
4336 'PathPrefix']
4337 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'')
4338 : true'
4339 - message: must not end with '/..' when type one of ['Exact',
4340 'PathPrefix']
4341 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'')
4342 : true'
4343 - message: must not end with '/.' when type one of ['Exact',
4344 'PathPrefix']
4345 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'')
4346 : true'
4347 - message: type must be one of ['Exact', 'PathPrefix',
4348 'RegularExpression']
4349 rule: self.type in ['Exact','PathPrefix'] || self.type
4350 == 'RegularExpression'
4351 - message: must only contain valid characters (matching
4352 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$)
4353 for types ['Exact', 'PathPrefix']
4354 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""")
4355 : true'
4356 queryParams:
4357 description: "QueryParams specifies HTTP query parameter
4358 matchers. Multiple match values are ANDed together,
4359 meaning, a request must match all the specified query
4360 parameters to select the route. \n Support: Extended"
4361 items:
4362 description: HTTPQueryParamMatch describes how to select
4363 a HTTP route by matching HTTP query parameters.
4364 properties:
4365 name:
4366 description: "Name is the name of the HTTP query
4367 param to be matched. This must be an exact string
4368 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
4369 \n If multiple entries specify equivalent query
4370 param names, only the first entry with an equivalent
4371 name MUST be considered for a match. Subsequent
4372 entries with an equivalent query param name MUST
4373 be ignored. \n If a query param is repeated in
4374 an HTTP request, the behavior is purposely left
4375 undefined, since different data planes have different
4376 capabilities. However, it is *recommended* that
4377 implementations should match against the first
4378 value of the param if the data plane supports
4379 it, as this behavior is expected in other load
4380 balancing contexts outside of the Gateway API.
4381 \n Users SHOULD NOT route traffic based on repeated
4382 query params to guard themselves against potential
4383 differences in the implementations."
4384 maxLength: 256
4385 minLength: 1
4386 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
4387 type: string
4388 type:
4389 default: Exact
4390 description: "Type specifies how to match against
4391 the value of the query parameter. \n Support:
4392 Extended (Exact) \n Support: Implementation-specific
4393 (RegularExpression) \n Since RegularExpression
4394 QueryParamMatchType has Implementation-specific
4395 conformance, implementations can support POSIX,
4396 PCRE or any other dialects of regular expressions.
4397 Please read the implementation's documentation
4398 to determine the supported dialect."
4399 enum:
4400 - Exact
4401 - RegularExpression
4402 type: string
4403 value:
4404 description: Value is the value of HTTP query param
4405 to be matched.
4406 maxLength: 1024
4407 minLength: 1
4408 type: string
4409 required:
4410 - name
4411 - value
4412 type: object
4413 maxItems: 16
4414 type: array
4415 x-kubernetes-list-map-keys:
4416 - name
4417 x-kubernetes-list-type: map
4418 type: object
4419 maxItems: 8
4420 type: array
4421 type: object
4422 x-kubernetes-validations:
4423 - message: RequestRedirect filter must not be used together with
4424 backendRefs
4425 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ?
4426 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))):
4427 true'
4428 - message: When using RequestRedirect filter with path.replacePrefixMatch,
4429 exactly one PathPrefix match must be specified
4430 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect)
4431 && has(f.requestRedirect.path) && f.requestRedirect.path.type
4432 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
4433 ? ((size(self.matches) != 1 || !has(self.matches[0].path) ||
4434 self.matches[0].path.type != ''PathPrefix'') ? false : true)
4435 : true'
4436 - message: When using URLRewrite filter with path.replacePrefixMatch,
4437 exactly one PathPrefix match must be specified
4438 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite)
4439 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
4440 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches)
4441 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
4442 != ''PathPrefix'') ? false : true) : true'
4443 - message: Within backendRefs, when using RequestRedirect filter
4444 with path.replacePrefixMatch, exactly one PathPrefix match must
4445 be specified
4446 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
4447 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect)
4448 && has(f.requestRedirect.path) && f.requestRedirect.path.type
4449 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch)))
4450 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path)
4451 || self.matches[0].path.type != ''PathPrefix'') ? false : true)
4452 : true'
4453 - message: Within backendRefs, When using URLRewrite filter with
4454 path.replacePrefixMatch, exactly one PathPrefix match must be
4455 specified
4456 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b,
4457 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite)
4458 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch''
4459 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches)
4460 != 1 || !has(self.matches[0].path) || self.matches[0].path.type
4461 != ''PathPrefix'') ? false : true) : true'
4462 maxItems: 16
4463 type: array
4464 type: object
4465 status:
4466 description: Status defines the current state of HTTPRoute.
4467 properties:
4468 parents:
4469 description: "Parents is a list of parent resources (usually Gateways)
4470 that are associated with the route, and the status of the route
4471 with respect to each parent. When this route attaches to a parent,
4472 the controller that manages the parent must add an entry to this
4473 list when the controller first sees the route and should update
4474 the entry as appropriate when the route or gateway is modified.
4475 \n Note that parent references that cannot be resolved by an implementation
4476 of this API will not be added to this list. Implementations of this
4477 API can only populate Route status for the Gateways/parent resources
4478 they are responsible for. \n A maximum of 32 Gateways will be represented
4479 in this list. An empty list means the route has not been attached
4480 to any Gateway."
4481 items:
4482 description: RouteParentStatus describes the status of a route with
4483 respect to an associated Parent.
4484 properties:
4485 conditions:
4486 description: "Conditions describes the status of the route with
4487 respect to the Gateway. Note that the route's availability
4488 is also subject to the Gateway's own status conditions and
4489 listener status. \n If the Route's ParentRef specifies an
4490 existing Gateway that supports Routes of this kind AND that
4491 Gateway's controller has sufficient access, then that Gateway's
4492 controller MUST set the \"Accepted\" condition on the Route,
4493 to indicate whether the route has been accepted or rejected
4494 by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
4495 if at least one of the Route's rules is implemented by the
4496 Gateway. \n There are a number of cases where the \"Accepted\"
4497 condition may not be set due to lack of controller visibility,
4498 that includes when: \n * The Route refers to a non-existent
4499 parent. * The Route is of a type that the controller does
4500 not support. * The Route is in a namespace the controller
4501 does not have access to."
4502 items:
4503 description: "Condition contains details for one aspect of
4504 the current state of this API Resource. --- This struct
4505 is intended for direct use as an array at the field path
4506 .status.conditions. For example, \n type FooStatus struct{
4507 // Represents the observations of a foo's current state.
4508 // Known .status.conditions.type are: \"Available\", \"Progressing\",
4509 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
4510 // +listType=map // +listMapKey=type Conditions []metav1.Condition
4511 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
4512 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
4513 }"
4514 properties:
4515 lastTransitionTime:
4516 description: lastTransitionTime is the last time the condition
4517 transitioned from one status to another. This should
4518 be when the underlying condition changed. If that is
4519 not known, then using the time when the API field changed
4520 is acceptable.
4521 format: date-time
4522 type: string
4523 message:
4524 description: message is a human readable message indicating
4525 details about the transition. This may be an empty string.
4526 maxLength: 32768
4527 type: string
4528 observedGeneration:
4529 description: observedGeneration represents the .metadata.generation
4530 that the condition was set based upon. For instance,
4531 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
4532 is 9, the condition is out of date with respect to the
4533 current state of the instance.
4534 format: int64
4535 minimum: 0
4536 type: integer
4537 reason:
4538 description: reason contains a programmatic identifier
4539 indicating the reason for the condition's last transition.
4540 Producers of specific condition types may define expected
4541 values and meanings for this field, and whether the
4542 values are considered a guaranteed API. The value should
4543 be a CamelCase string. This field may not be empty.
4544 maxLength: 1024
4545 minLength: 1
4546 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
4547 type: string
4548 status:
4549 description: status of the condition, one of True, False,
4550 Unknown.
4551 enum:
4552 - "True"
4553 - "False"
4554 - Unknown
4555 type: string
4556 type:
4557 description: type of condition in CamelCase or in foo.example.com/CamelCase.
4558 --- Many .condition.type values are consistent across
4559 resources like Available, but because arbitrary conditions
4560 can be useful (see .node.status.conditions), the ability
4561 to deconflict is important. The regex it matches is
4562 (dns1123SubdomainFmt/)?(qualifiedNameFmt)
4563 maxLength: 316
4564 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
4565 type: string
4566 required:
4567 - lastTransitionTime
4568 - message
4569 - reason
4570 - status
4571 - type
4572 type: object
4573 maxItems: 8
4574 minItems: 1
4575 type: array
4576 x-kubernetes-list-map-keys:
4577 - type
4578 x-kubernetes-list-type: map
4579 controllerName:
4580 description: "ControllerName is a domain/path string that indicates
4581 the name of the controller that wrote this status. This corresponds
4582 with the controllerName field on GatewayClass. \n Example:
4583 \"example.net/gateway-controller\". \n The format of this
4584 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
4585 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
4586 \n Controllers MUST populate this field when writing status.
4587 Controllers should ensure that entries to status populated
4588 with their ControllerName are cleaned up when they are no
4589 longer necessary."
4590 maxLength: 253
4591 minLength: 1
4592 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
4593 type: string
4594 parentRef:
4595 description: ParentRef corresponds with a ParentRef in the spec
4596 that this RouteParentStatus struct describes the status of.
4597 properties:
4598 group:
4599 default: gateway.networking.k8s.io
4600 description: "Group is the group of the referent. When unspecified,
4601 \"gateway.networking.k8s.io\" is inferred. To set the
4602 core API group (such as for a \"Service\" kind referent),
4603 Group must be explicitly set to \"\" (empty string). \n
4604 Support: Core"
4605 maxLength: 253
4606 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4607 type: string
4608 kind:
4609 default: Gateway
4610 description: "Kind is kind of the referent. \n There are
4611 two kinds of parent resources with \"Core\" support: \n
4612 * Gateway (Gateway conformance profile) * Service (Mesh
4613 conformance profile, experimental, ClusterIP Services
4614 only) \n Support for other resources is Implementation-Specific."
4615 maxLength: 63
4616 minLength: 1
4617 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
4618 type: string
4619 name:
4620 description: "Name is the name of the referent. \n Support:
4621 Core"
4622 maxLength: 253
4623 minLength: 1
4624 type: string
4625 namespace:
4626 description: "Namespace is the namespace of the referent.
4627 When unspecified, this refers to the local namespace of
4628 the Route. \n Note that there are specific rules for ParentRefs
4629 which cross namespace boundaries. Cross-namespace references
4630 are only valid if they are explicitly allowed by something
4631 in the namespace they are referring to. For example: Gateway
4632 has the AllowedRoutes field, and ReferenceGrant provides
4633 a generic way to enable any other kind of cross-namespace
4634 reference. \n \n Support: Core"
4635 maxLength: 63
4636 minLength: 1
4637 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
4638 type: string
4639 sectionName:
4640 description: "SectionName is the name of a section within
4641 the target resource. In the following resources, SectionName
4642 is interpreted as the following: \n * Gateway: Listener
4643 Name. When both Port (experimental) and SectionName are
4644 specified, the name and port of the selected listener
4645 must match both specified values. * Service: Port Name.
4646 When both Port (experimental) and SectionName are specified,
4647 the name and port of the selected listener must match
4648 both specified values. Note that attaching Routes to Services
4649 as Parents is part of experimental Mesh support and is
4650 not supported for any other purpose. \n Implementations
4651 MAY choose to support attaching Routes to other resources.
4652 If that is the case, they MUST clearly document how SectionName
4653 is interpreted. \n When unspecified (empty string), this
4654 will reference the entire resource. For the purpose of
4655 status, an attachment is considered successful if at least
4656 one section in the parent resource accepts it. For example,
4657 Gateway listeners can restrict which Routes can attach
4658 to them by Route kind, namespace, or hostname. If 1 of
4659 2 Gateway listeners accept attachment from the referencing
4660 Route, the Route MUST be considered successfully attached.
4661 If no Gateway listeners accept attachment from this Route,
4662 the Route MUST be considered detached from the Gateway.
4663 \n Support: Core"
4664 maxLength: 253
4665 minLength: 1
4666 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
4667 type: string
4668 required:
4669 - name
4670 type: object
4671 required:
4672 - controllerName
4673 - parentRef
4674 type: object
4675 maxItems: 32
4676 type: array
4677 required:
4678 - parents
4679 type: object
4680 required:
4681 - spec
4682 type: object
4683 served: true
4684 storage: true
4685 subresources:
4686 status: {}
4687status:
4688 acceptedNames:
4689 kind: ""
4690 plural: ""
4691 conditions: null
4692 storedVersions: null
View as plain text