我的书签
添加书签
移除书签Kubernetes Configuration Reference
Dynamic configuration with Kubernetes Gateway provider.
Definitions
---apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891creationTimestamp: nullname: gatewayclasses.gateway.networking.k8s.iospec:group: gateway.networking.k8s.ionames:categories:- gateway-apikind: GatewayClasslistKind: GatewayClassListplural: gatewayclassesshortNames:- gcsingular: gatewayclassscope: Clusterversions:- additionalPrinterColumns:- jsonPath: .spec.controllername: Controllertype: string- jsonPath: .metadata.creationTimestampname: Agetype: date- jsonPath: .spec.descriptionname: Descriptionpriority: 1type: stringname: v1alpha2schema:openAPIV3Schema:description: "GatewayClass describes a class of Gateways available to theuser for creating Gateway resources. \n It is recommended that this resourcebe used as a template for Gateways. This means that a Gateway is based onthe state of the GatewayClass at the time it was created and changes tothe GatewayClass or associated parameters are not propagated down to existingGateways. This recommendation is intended to limit the blast radius of changesto GatewayClass or associated parameters. If implementations choose to propagateGatewayClass changes to existing Gateways, that MUST be clearly documentedby the implementation. \n Whenever one or more Gateways are using a GatewayClass,implementations MUST add the `gateway-exists-finalizer.gateway.networking.k8s.io`finalizer on the associated GatewayClass. This ensures that a GatewayClassassociated with a Gateway is not deleted while in use. \n GatewayClass isa Cluster level resource."properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: Spec defines the desired state of GatewayClass.properties:controllerName:description: "ControllerName is the name of the controller that ismanaging Gateways of this class. The value of this field MUST bea domain prefixed path. \n Example: \"example.net/gateway-controller\".\n This field is not mutable and cannot be empty. \n Support: Core"maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$type: stringdescription:description: Description helps describe a GatewayClass with more details.maxLength: 64type: stringparametersRef:description: "ParametersRef is a reference to a resource that containsthe configuration parameters corresponding to the GatewayClass.This is optional if the controller does not require any additionalconfiguration. \n ParametersRef can reference a standard Kubernetesresource, i.e. ConfigMap, or an implementation-specific custom resource.The resource can be cluster-scoped or namespace-scoped. \n If thereferent cannot be found, the GatewayClass's \"InvalidParameters\"status condition will be true. \n Support: Custom"properties:group:description: Group is the group of the referent.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:description: Kind is kind of the referent.maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: Name is the name of the referent.maxLength: 253minLength: 1type: stringnamespace:description: Namespace is the namespace of the referent. Thisfield is required when referring to a Namespace-scoped resourceand MUST be unset when referring to a Cluster-scoped resource.maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringrequired:- group- kind- nametype: objectrequired:- controllerNametype: objectstatus:default:conditions:- lastTransitionTime: "1970-01-01T00:00:00Z"message: Waiting for controllerreason: Waitingstatus: Unknowntype: Accepteddescription: Status defines the current state of GatewayClass.properties:conditions:default:- lastTransitionTime: "1970-01-01T00:00:00Z"message: Waiting for controllerreason: Waitingstatus: Unknowntype: Accepteddescription: "Conditions is the current status from the controllerfor this GatewayClass. \n Controllers should prefer to publish conditionsusing values of GatewayClassConditionType for the type of each Condition."items:description: "Condition contains details for one aspect of the currentstate of this API Resource. --- This struct is intended for directuse as an array at the field path .status.conditions. For example,type FooStatus struct{ // Represents the observations of afoo's current state. // Known .status.conditions.type are:\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ // +patchStrategy=merge // +listType=map // +listMapKey=type\ Conditions []metav1.Condition `json:\"conditions,omitempty\"patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n // other fields }"properties:lastTransitionTime:description: lastTransitionTime is the last time the conditiontransitioned from one status to another. This should be whenthe underlying condition changed. If that is not known, thenusing the time when the API field changed is acceptable.format: date-timetype: stringmessage:description: message is a human readable message indicatingdetails about the transition. This may be an empty string.maxLength: 32768type: stringobservedGeneration:description: observedGeneration represents the .metadata.generationthat the condition was set based upon. For instance, if .metadata.generationis currently 12, but the .status.conditions[x].observedGenerationis 9, the condition is out of date with respect to the currentstate of the instance.format: int64minimum: 0type: integerreason:description: reason contains a programmatic identifier indicatingthe reason for the condition's last transition. Producersof specific condition types may define expected values andmeanings for this field, and whether the values are considereda guaranteed API. The value should be a CamelCase string.This field may not be empty.maxLength: 1024minLength: 1pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$type: stringstatus:description: status of the condition, one of True, False, Unknown.enum:- "True"- "False"- Unknowntype: stringtype:description: type of condition in CamelCase or in foo.example.com/CamelCase.--- Many .condition.type values are consistent across resourceslike Available, but because arbitrary conditions can be useful(see .node.status.conditions), the ability to deconflict isimportant. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)maxLength: 316pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$type: stringrequired:- lastTransitionTime- message- reason- status- typetype: objectmaxItems: 8type: arrayx-kubernetes-list-map-keys:- typex-kubernetes-list-type: maptype: objectrequired:- spectype: objectserved: truestorage: truesubresources:status: {}status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891creationTimestamp: nullname: gateways.gateway.networking.k8s.iospec:group: gateway.networking.k8s.ionames:categories:- gateway-apikind: GatewaylistKind: GatewayListplural: gatewaysshortNames:- gtwsingular: gatewayscope: Namespacedversions:- additionalPrinterColumns:- jsonPath: .spec.gatewayClassNamename: Classtype: string- jsonPath: .status.addresses[*].valuename: Addresstype: string- jsonPath: .status.conditions[?(@.type=="Ready")].statusname: Readytype: string- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1alpha2schema:openAPIV3Schema:description: Gateway represents an instance of a service-traffic handlinginfrastructure by binding Listeners to a set of IP addresses.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: Spec defines the desired state of Gateway.properties:addresses:description: "Addresses requested for this Gateway. This is optionaland behavior can depend on the implementation. If a value is setin the spec and the requested address is invalid or unavailable,the implementation MUST indicate this in the associated entry inGatewayStatus.Addresses. \n The Addresses field represents a requestfor the address(es) on the \"outside of the Gateway\", that trafficbound for this Gateway will use. This could be the IP address orhostname of an external load balancer or other networking infrastructure,or some other address that traffic will be sent to. \n The .listener.hostnamefield is used to route traffic that has already arrived at the Gatewayto the correct in-cluster destination. \n If no Addresses are specified,the implementation MAY schedule the Gateway in an implementation-specificmanner, assigning an appropriate set of Addresses. \n The implementationMUST bind all Listeners to every GatewayAddress that it assignsto the Gateway and add a corresponding entry in GatewayStatus.Addresses.\n Support: Core"items:description: GatewayAddress describes an address that can be boundto a Gateway.properties:type:default: IPAddressdescription: Type of the address.enum:- IPAddress- Hostname- NamedAddresstype: stringvalue:description: "Value of the address. The validity of the valueswill depend on the type and support by the controller. \nExamples: `1.2.3.4`, `128::1`, `my-ip-address`."maxLength: 253minLength: 1type: stringrequired:- valuetype: objectmaxItems: 16type: arraygatewayClassName:description: GatewayClassName used for this Gateway. This is the nameof a GatewayClass resource.maxLength: 253minLength: 1type: stringlisteners:description: "Listeners associated with this Gateway. Listeners definelogical endpoints that are bound on this Gateway's addresses. Atleast one Listener MUST be specified. \n Each listener in a Gatewaymust have a unique combination of Hostname, Port, and Protocol.\n An implementation MAY group Listeners by Port and then collapseeach group of Listeners into a single Listener if the implementationdetermines that the Listeners in the group are \"compatible\". Animplementation MAY also group together and collapse compatible Listenersbelonging to different Gateways. \n For example, an implementationmight consider Listeners to be compatible with each other if allof the following conditions are met: \n 1. Either each Listenerwithin the group specifies the \"HTTP\" Protocol or each Listenerwithin the group specifies either the \"HTTPS\" or \"TLS\" Protocol.\n 2. Each Listener within the group specifies a Hostname that isunique within the group. \n 3. As a special case, one Listenerwithin a group may omit Hostname, in which case this Listenermatches when no other Listener matches. \n If the implementationdoes collapse compatible Listeners, the hostname provided in theincoming client request MUST be matched to a Listener to find thecorrect set of Routes. The incoming hostname MUST be matched usingthe Hostname field for each Listener in order of most to least specific.That is, exact matches must be processed before wildcard matches.\n If this field specifies multiple Listeners that have the samePort value but are not compatible, the implementation must raisea \"Conflicted\" condition in the Listener status. \n Support: Core"items:description: Listener embodies the concept of a logical endpointwhere a Gateway accepts network connections.properties:allowedRoutes:default:namespaces:from: Samedescription: "AllowedRoutes defines the types of routes thatMAY be attached to a Listener and the trusted namespaces wherethose Route resources MAY be present. \n Although a clientrequest may match multiple route rules, only one rule mayultimately receive the request. Matching precedence MUST bedetermined in order of the following criteria: \n * The mostspecific match as defined by the Route type. * The oldestRoute based on creation timestamp. For example, a Route with\ a creation timestamp of \"2020-09-08 01:02:03\" is givenprecedence over a Route with a creation timestamp of \"2020-09-0801:02:04\". * If everything else is equivalent, the Routeappearing first in alphabetical order (namespace/name) shouldbe given precedence. For example, foo/bar is given precedenceover foo/baz. \n All valid rules within a Route attached tothis Listener should be implemented. Invalid Route rules canbe ignored (sometimes that will mean the full Route). If aRoute rule transitions from valid to invalid, support forthat Route rule should be dropped to ensure consistency. Forexample, even if a filter specified by a Route rule is invalid,the rest of the rules within that Route should still be supported.\n Support: Core"properties:kinds:description: "Kinds specifies the groups and kinds of Routesthat are allowed to bind to this Gateway Listener. Whenunspecified or empty, the kinds of Routes selected aredetermined using the Listener protocol. \n A RouteGroupKindMUST correspond to kinds of Routes that are compatiblewith the application protocol specified in the Listener'sProtocol field. If an implementation does not supportor recognize this resource type, it MUST set the \"ResolvedRefs\"condition to False for this Listener with the \"InvalidRoutesRef\"reason. \n Support: Core"items:description: RouteGroupKind indicates the group and kindof a Route resource.properties:group:default: gateway.networking.k8s.iodescription: Group is the group of the Route.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:description: Kind is the kind of the Route.maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringrequired:- kindtype: objectmaxItems: 8type: arraynamespaces:default:from: Samedescription: "Namespaces indicates namespaces from whichRoutes may be attached to this Listener. This is restrictedto the namespace of this Gateway by default. \n Support:Core"properties:from:default: Samedescription: "From indicates where Routes will be selectedfor this Gateway. Possible values are: * All: Routesin all namespaces may be used by this Gateway. * Selector:Routes in namespaces selected by the selector maybe used by this Gateway. * Same: Only Routes inthe same namespace may be used by this Gateway. \nSupport: Core"enum:- All- Selector- Sametype: stringselector:description: "Selector must be specified when From isset to \"Selector\". In that case, only Routes inNamespaces matching this Selector will be selectedby this Gateway. This field is ignored for other valuesof \"From\". \n Support: Core"properties:matchExpressions:description: matchExpressions is a list of labelselector requirements. The requirements are ANDed.items:description: A label selector requirement is aselector that contains values, a key, and anoperator that relates the key and values.properties:key:description: key is the label key that theselector applies to.type: stringoperator:description: operator represents a key's relationshipto a set of values. Valid operators areIn, NotIn, Exists and DoesNotExist.type: stringvalues:description: values is an array of stringvalues. If the operator is In or NotIn,the values array must be non-empty. If theoperator is Exists or DoesNotExist, thevalues array must be empty. This array isreplaced during a strategic merge patch.items:type: stringtype: arrayrequired:- key- operatortype: objecttype: arraymatchLabels:additionalProperties:type: stringdescription: matchLabels is a map of {key,value}pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions,whose key field is "key", the operator is "In",and the values array contains only "value". Therequirements are ANDed.type: objecttype: objecttype: objecttype: objecthostname:description: "Hostname specifies the virtual hostname to matchfor protocol types that define this concept. When unspecified,all hostnames are matched. This field is ignored for protocolsthat don't require hostname based matching. \n ImplementationsMUST apply Hostname matching appropriately for each of thefollowing protocols: \n * TLS: The Listener Hostname MUSTmatch the SNI. * HTTP: The Listener Hostname MUST match theHost header of the request. * HTTPS: The Listener HostnameSHOULD match at both the TLS and HTTP protocol layers asdescribed above. If an implementation does not ensure thatboth the SNI and Host header match the Listener hostname,\ it MUST clearly document that. \n For HTTPRoute and TLSRouteresources, there is an interaction with the `spec.hostnames`array. When both listener and route specify hostnames, thereMUST be an intersection between the values for a Route tobe accepted. For more information, refer to the Route specificHostnames documentation. \n Support: Core"maxLength: 253minLength: 1pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringname:description: "Name is the name of the Listener. \n Support:Core"maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringport:description: "Port is the network port. Multiple listeners mayuse the same port, subject to the Listener compatibility rules.\n Support: Core"format: int32maximum: 65535minimum: 1type: integerprotocol:description: "Protocol specifies the network protocol this listenerexpects to receive. \n Support: Core"maxLength: 255minLength: 1pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$type: stringtls:description: "TLS is the TLS configuration for the Listener.This field is required if the Protocol field is \"HTTPS\"or \"TLS\". It is invalid to set this field if the Protocolfield is \"HTTP\", \"TCP\", or \"UDP\". \n The associationof SNIs to Certificate defined in GatewayTLSConfig is definedbased on the Hostname field for this listener. \n The GatewayClassMUST use the longest matching SNI out of all available certificatesfor any TLS handshake. \n Support: Core"properties:certificateRefs:description: "CertificateRefs contains a series of referencesto Kubernetes objects that contains TLS certificates andprivate keys. These certificates are used to establisha TLS handshake for requests that match the hostname ofthe associated listener. \n A single CertificateRef toa Kubernetes Secret has \"Core\" support. ImplementationsMAY choose to support attaching multiple certificatesto a Listener, but this behavior is implementation-specific.\n References to a resource in different namespace areinvalid UNLESS there is a ReferencePolicy in the targetnamespace that allows the certificate to be attached.If a ReferencePolicy does not allow this reference, the\"ResolvedRefs\" condition MUST be set to False for thislistener with the \"InvalidCertificateRef\" reason. \nThis field is required to have at least one element whenthe mode is set to \"Terminate\" (default) and is optionalotherwise. \n CertificateRefs can reference to standardKubernetes resources, i.e. Secret, or implementation-specificcustom resources. \n Support: Core - A single referenceto a Kubernetes Secret \n Support: Implementation-specific(More than one reference or other resource types)"items:description: "SecretObjectReference identifies an APIobject including its namespace, defaulting to Secret.\n The API object must be valid in the cluster; theGroup and Kind must be registered in the cluster forthis reference to be valid. \n References to objectswith invalid Group and Kind are not valid, and mustbe rejected by the implementation, with appropriateConditions set on the containing object."properties:group:default: ""description: Group is the group of the referent. Forexample, "networking.k8s.io". When unspecified (emptystring), core API group is inferred.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Secretdescription: Kind is kind of the referent. For example"HTTPRoute" or "Service".maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: Name is the name of the referent.maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the backend.When unspecified, the local namespace is inferred.\n Note that when a namespace is specified, a ReferencePolicyobject is required in the referent namespace toallow that namespace's owner to accept the reference.See the ReferencePolicy documentation for details.\n Support: Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringrequired:- nametype: objectmaxItems: 64type: arraymode:default: Terminatedescription: "Mode defines the TLS behavior for the TLSsession initiated by the client. There are two possiblemodes: \n - Terminate: The TLS session between the downstreamclient and the Gateway is terminated at the Gateway.This mode requires certificateRefs to be set and containat least one element. - Passthrough: The TLS session isNOT terminated by the Gateway. This implies that theGateway can't decipher the TLS stream except for theClientHello message of the TLS protocol. CertificateRefsfield is ignored in this mode. \n Support: Core"enum:- Terminate- Passthroughtype: stringoptions:additionalProperties:description: AnnotationValue is the value of an annotationin Gateway API. This is used for validation of mapssuch as TLS options. This roughly matches Kubernetesannotation validation, although the length validationin that case is based on the entire size of the annotationsstruct.maxLength: 4096minLength: 0type: stringdescription: "Options are a list of key/value pairs to enableextended TLS configuration for each implementation. Forexample, configuring the minimum TLS version or supportedcipher suites. \n A set of common keys MAY be definedby the API in the future. To avoid any ambiguity, implementation-specificdefinitions MUST use domain-prefixed names, such as `example.com/my-custom-option`.Un-prefixed names are reserved for key names defined byGateway API. \n Support: Implementation-specific"maxProperties: 16type: objecttype: objectrequired:- name- port- protocoltype: objectmaxItems: 64minItems: 1type: arrayx-kubernetes-list-map-keys:- namex-kubernetes-list-type: maprequired:- gatewayClassName- listenerstype: objectstatus:default:conditions:- lastTransitionTime: "1970-01-01T00:00:00Z"message: Waiting for controllerreason: NotReconciledstatus: Unknowntype: Scheduleddescription: Status defines the current state of Gateway.properties:addresses:description: Addresses lists the IP addresses that have actually beenbound to the Gateway. These addresses may differ from the addressesin the Spec, e.g. if the Gateway automatically assigns an addressfrom a reserved pool.items:description: GatewayAddress describes an address that can be boundto a Gateway.properties:type:default: IPAddressdescription: Type of the address.enum:- IPAddress- Hostname- NamedAddresstype: stringvalue:description: "Value of the address. The validity of the valueswill depend on the type and support by the controller. \nExamples: `1.2.3.4`, `128::1`, `my-ip-address`."maxLength: 253minLength: 1type: stringrequired:- valuetype: objectmaxItems: 16type: arrayconditions:default:- lastTransitionTime: "1970-01-01T00:00:00Z"message: Waiting for controllerreason: NotReconciledstatus: Unknowntype: Scheduleddescription: "Conditions describe the current conditions of the Gateway.\n Implementations should prefer to express Gateway conditions usingthe `GatewayConditionType` and `GatewayConditionReason` constantsso that operators and tools can converge on a common vocabularyto describe Gateway state. \n Known condition types are: \n * \"Scheduled\"* \"Ready\""items:description: "Condition contains details for one aspect of the currentstate of this API Resource. --- This struct is intended for directuse as an array at the field path .status.conditions. For example,type FooStatus struct{ // Represents the observations of afoo's current state. // Known .status.conditions.type are:\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type\ // +patchStrategy=merge // +listType=map // +listMapKey=type\ Conditions []metav1.Condition `json:\"conditions,omitempty\"patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n // other fields }"properties:lastTransitionTime:description: lastTransitionTime is the last time the conditiontransitioned from one status to another. This should be whenthe underlying condition changed. If that is not known, thenusing the time when the API field changed is acceptable.format: date-timetype: stringmessage:description: message is a human readable message indicatingdetails about the transition. This may be an empty string.maxLength: 32768type: stringobservedGeneration:description: observedGeneration represents the .metadata.generationthat the condition was set based upon. For instance, if .metadata.generationis currently 12, but the .status.conditions[x].observedGenerationis 9, the condition is out of date with respect to the currentstate of the instance.format: int64minimum: 0type: integerreason:description: reason contains a programmatic identifier indicatingthe reason for the condition's last transition. Producersof specific condition types may define expected values andmeanings for this field, and whether the values are considereda guaranteed API. The value should be a CamelCase string.This field may not be empty.maxLength: 1024minLength: 1pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$type: stringstatus:description: status of the condition, one of True, False, Unknown.enum:- "True"- "False"- Unknowntype: stringtype:description: type of condition in CamelCase or in foo.example.com/CamelCase.--- Many .condition.type values are consistent across resourceslike Available, but because arbitrary conditions can be useful(see .node.status.conditions), the ability to deconflict isimportant. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)maxLength: 316pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$type: stringrequired:- lastTransitionTime- message- reason- status- typetype: objectmaxItems: 8type: arrayx-kubernetes-list-map-keys:- typex-kubernetes-list-type: maplisteners:description: Listeners provide status for each unique listener portdefined in the Spec.items:description: ListenerStatus is the status associated with a Listener.properties:attachedRoutes:description: AttachedRoutes represents the total number of Routesthat have been successfully attached to this Listener.format: int32type: integerconditions:description: Conditions describe the current condition of thislistener.items:description: "Condition contains details for one aspect ofthe current state of this API Resource. --- This structis intended for direct use as an array at the field path.status.conditions. For example, type FooStatus struct{\ // Represents the observations of a foo's current state.\ // Known .status.conditions.type are: \"Available\",\"Progressing\", and \"Degraded\" // +patchMergeKey=type\ // +patchStrategy=merge // +listType=map //+listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n // other fields }"properties:lastTransitionTime:description: lastTransitionTime is the last time the conditiontransitioned from one status to another. This shouldbe when the underlying condition changed. If that isnot known, then using the time when the API field changedis acceptable.format: date-timetype: stringmessage:description: message is a human readable message indicatingdetails about the transition. This may be an empty string.maxLength: 32768type: stringobservedGeneration:description: observedGeneration represents the .metadata.generationthat the condition was set based upon. For instance,if .metadata.generation is currently 12, but the .status.conditions[x].observedGenerationis 9, the condition is out of date with respect to thecurrent state of the instance.format: int64minimum: 0type: integerreason:description: reason contains a programmatic identifierindicating the reason for the condition's last transition.Producers of specific condition types may define expectedvalues and meanings for this field, and whether thevalues are considered a guaranteed API. The value shouldbe a CamelCase string. This field may not be empty.maxLength: 1024minLength: 1pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$type: stringstatus:description: status of the condition, one of True, False,Unknown.enum:- "True"- "False"- Unknowntype: stringtype:description: type of condition in CamelCase or in foo.example.com/CamelCase.--- Many .condition.type values are consistent acrossresources like Available, but because arbitrary conditionscan be useful (see .node.status.conditions), the abilityto deconflict is important. The regex it matches is(dns1123SubdomainFmt/)?(qualifiedNameFmt)maxLength: 316pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$type: stringrequired:- lastTransitionTime- message- reason- status- typetype: objectmaxItems: 8type: arrayx-kubernetes-list-map-keys:- typex-kubernetes-list-type: mapname:description: Name is the name of the Listener that this statuscorresponds to.maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringsupportedKinds:description: "SupportedKinds is the list indicating the Kindssupported by this listener. This MUST represent the kindsan implementation supports for that Listener configuration.\n If kinds are specified in Spec that are not supported,they MUST NOT appear in this list and an implementation MUSTset the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\"reason. If both valid and invalid Route kinds are specified,the implementation MUST reference the valid Route kinds thathave been specified."items:description: RouteGroupKind indicates the group and kind ofa Route resource.properties:group:default: gateway.networking.k8s.iodescription: Group is the group of the Route.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:description: Kind is the kind of the Route.maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringrequired:- kindtype: objectmaxItems: 8type: arrayrequired:- attachedRoutes- conditions- name- supportedKindstype: objectmaxItems: 64type: arrayx-kubernetes-list-map-keys:- namex-kubernetes-list-type: maptype: objectrequired:- spectype: objectserved: truestorage: truesubresources:status: {}status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891creationTimestamp: nullname: httproutes.gateway.networking.k8s.iospec:group: gateway.networking.k8s.ionames:categories:- gateway-apikind: HTTPRoutelistKind: HTTPRouteListplural: httproutessingular: httproutescope: Namespacedversions:- additionalPrinterColumns:- jsonPath: .spec.hostnamesname: Hostnamestype: string- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1alpha2schema:openAPIV3Schema:description: HTTPRoute provides a way to route HTTP requests. This includesthe capability to match requests by hostname, path, header, or query param.Filters can be used to specify additional processing steps. Backends specifywhere matching requests should be routed.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: Spec defines the desired state of HTTPRoute.properties:hostnames:description: "Hostnames defines a set of hostname that should matchagainst the HTTP Host header to select a HTTPRoute to process therequest. This matches the RFC 1123 definition of a hostname with2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname maybe prefixed with a wildcard label (`*.`). The wildcard labelmust appear by itself as the first label. \n If a hostname is specifiedby both the Listener and HTTPRoute, there must be at least one intersectinghostname for the HTTPRoute to be attached to the Listener. For example:\n * A Listener with `test.example.com` as the hostname matchesHTTPRoutes that have either not specified any hostnames, or havespecified at least one of `test.example.com` or `*.example.com`.* A Listener with `*.example.com` as the hostname matches HTTPRoutes\ that have either not specified any hostnames or have specifiedat least one hostname that matches the Listener hostname. Forexample, `test.example.com` and `*.example.com` would both match.On the other hand, `example.com` and `test.example.net` wouldnot match. \n If both the Listener and HTTPRoute have specifiedhostnames, any HTTPRoute hostnames that do not match the Listenerhostname MUST be ignored. For example, if a Listener specified `*.example.com`,and the HTTPRoute specified `test.example.com` and `test.example.net`,`test.example.net` must not be considered for a match. \n If boththe Listener and HTTPRoute have specified hostnames, and none matchwith the criteria above, then the HTTPRoute is not accepted. Theimplementation must raise an 'Accepted' Condition with a statusof `False` in the corresponding RouteParentStatus. \n Support: Core"items:description: "Hostname is the fully qualified domain name of a networkhost. This matches the RFC 1123 definition of a hostname with2 notable exceptions: \n 1. IPs are not allowed. 2. A hostnamemay be prefixed with a wildcard label (`*.`). The wildcard labelmust appear by itself as the first label. \n Hostname can be \"precise\"which is a domain name without the terminating dot of a networkhost (e.g. \"foo.example.com\") or \"wildcard\", which is a domainname prefixed with a single wildcard label (e.g. `*.example.com`).\n Note that as per RFC1035 and RFC1123, a *label* must consistof lower case alphanumeric characters or '-', and must start andend with an alphanumeric character. No other punctuation is allowed."maxLength: 253minLength: 1pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringmaxItems: 16type: arrayparentRefs:description: "ParentRefs references the resources (usually Gateways)that a Route wants to be attached to. Note that the referenced parentresource needs to allow this for the attachment to be complete.For Gateways, that means the Gateway needs to allow attachment fromRoutes of this kind and namespace. \n The only kind of parent resourcewith \"Core\" support is Gateway. This API may be extended in thefuture to support additional kinds of parent resources such as oneof the route kinds. \n It is invalid to reference an identical parentmore than once. It is valid to reference multiple distinct sectionswithin the same parent resource, such as 2 Listeners within a Gateway.\n It is possible to separately reference multiple distinct objectsthat may be collapsed by an implementation. For example, some implementationsmay choose to merge compatible Gateway Listeners together. If thatis the case, the list of routes attached to those resources shouldalso be merged."items:description: "ParentRef identifies an API object (usually a Gateway)that can be considered a parent of this resource (usually a route).The only kind of parent resource with \"Core\" support is Gateway.This API may be extended in the future to support additional kindsof parent resources, such as HTTPRoute. \n The API object mustbe valid in the cluster; the Group and Kind must be registeredin the cluster for this reference to be valid. \n References toobjects with invalid Group and Kind are not valid, and must berejected by the implementation, with appropriate Conditions seton the containing object."properties:group:default: gateway.networking.k8s.iodescription: "Group is the group of the referent. \n Support:Core"maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Gatewaydescription: "Kind is kind of the referent. \n Support: Core(Gateway) Support: Custom (Other Resources)"maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: "Name is the name of the referent. \n Support:Core"maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the referent. Whenunspecified (or empty string), this refers to the local namespaceof the Route. \n Support: Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringsectionName:description: "SectionName is the name of a section within thetarget resource. In the following resources, SectionName isinterpreted as the following: \n * Gateway: Listener Name\n Implementations MAY choose to support attaching Routesto other resources. If that is the case, they MUST clearlydocument how SectionName is interpreted. \n When unspecified(empty string), this will reference the entire resource. Forthe purpose of status, an attachment is considered successfulif at least one section in the parent resource accepts it.For example, Gateway listeners can restrict which Routes canattach to them by Route kind, namespace, or hostname. If 1of 2 Gateway listeners accept attachment from the referencingRoute, the Route MUST be considered successfully attached.If no Gateway listeners accept attachment from this Route,the Route MUST be considered detached from the Gateway. \nSupport: Core"maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringrequired:- nametype: objectmaxItems: 32type: arrayrules:default:- matches:- path:type: PathPrefixvalue: /description: Rules are a list of HTTP matchers, filters and actions.items:description: HTTPRouteRule defines semantics for matching an HTTPrequest based on conditions (matches), processing it (filters),and forwarding the request to an API object (backendRefs).properties:backendRefs:description: "If unspecified or invalid (refers to a non-existentresource or a Service with no endpoints), the rule performsno forwarding. If there are also no filters specified thatwould result in a response being sent, a HTTP 503 status codeis returned. 503 responses must be sent so that the overallweight is respected; if an invalid backend is requested tohave 80% of requests, then 80% of requests must get a 503instead. \n Support: Core for Kubernetes Service Support:Custom for any other resource \n Support for weight: Core"items:description: HTTPBackendRef defines how a HTTPRoute shouldforward an HTTP request.properties:filters:description: "Filters defined at this level should beexecuted if and only if the request is being forwardedto the backend defined here. \n Support: Custom (Forbroader support of filters, use the Filters field inHTTPRouteRule.)"items:description: HTTPRouteFilter defines processing stepsthat must be completed during the request or responselifecycle. HTTPRouteFilters are meant as an extensionpoint to express processing that may be done in Gatewayimplementations. Some examples include request orresponse modification, implementing authenticationstrategies, rate-limiting, and traffic shaping. APIguarantee/conformance is defined based on the typeof the filter.properties:extensionRef:description: "ExtensionRef is an optional, implementation-specificextension to the \"filter\" behavior. For example,resource \"myroutefilter\" in group \"networking.example.net\").ExtensionRef MUST NOT be used for core and extendedfilters. \n Support: Implementation-specific"properties:group:description: Group is the group of the referent.For example, "networking.k8s.io". When unspecified(empty string), core API group is inferred.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:description: Kind is kind of the referent. Forexample "HTTPRoute" or "Service".maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: Name is the name of the referent.maxLength: 253minLength: 1type: stringrequired:- group- kind- nametype: objectrequestHeaderModifier:description: "RequestHeaderModifier defines a schemafor a filter that modifies request headers. \nSupport: Core"properties:add:description: "Add adds the given header(s) (name,value) to the request before the action. Itappends to any existing values associatedwith the header name. \n Input: GET /fooHTTP/1.1 my-header: foo \n Config: add:\ - name: \"my-header\" value: \"bar\"\n Output: GET /foo HTTP/1.1 my-header:foo my-header: bar"items:description: HTTPHeader represents an HTTPHeader name and value as defined by RFC7230.properties:name:description: "Name is the name of theHTTP Header to be matched. Name matchingMUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n If multiple entries specify equivalentheader names, the first entry with anequivalent name MUST be considered fora match. Subsequent entries with anequivalent header name MUST be ignored.Due to the case-insensitivity of headernames, \"foo\" and \"Foo\" are consideredequivalent."maxLength: 256minLength: 1pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$type: stringvalue:description: Value is the value of HTTPHeader to be matched.maxLength: 4096minLength: 1type: stringrequired:- name- valuetype: objectmaxItems: 16type: arrayx-kubernetes-list-map-keys:- namex-kubernetes-list-type: mapremove:description: "Remove the given header(s) fromthe HTTP request before the action. The valueof Remove is a list of HTTP header names.Note that the header names are case-insensitive(see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n Input: GET /foo HTTP/1.1 my-header1:foo my-header2: bar my-header3: baz \nConfig: remove: [\"my-header1\", \"my-header3\"]\n Output: GET /foo HTTP/1.1 my-header2:bar"items:type: stringmaxItems: 16type: arrayset:description: "Set overwrites the request withthe given header (name, value) before theaction. \n Input: GET /foo HTTP/1.1 my-header:foo \n Config: set: - name: \"my-header\"\ value: \"bar\" \n Output: GET /fooHTTP/1.1 my-header: bar"items:description: HTTPHeader represents an HTTPHeader name and value as defined by RFC7230.properties:name:description: "Name is the name of theHTTP Header to be matched. Name matchingMUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n If multiple entries specify equivalentheader names, the first entry with anequivalent name MUST be considered fora match. Subsequent entries with anequivalent header name MUST be ignored.Due to the case-insensitivity of headernames, \"foo\" and \"Foo\" are consideredequivalent."maxLength: 256minLength: 1pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$type: stringvalue:description: Value is the value of HTTPHeader to be matched.maxLength: 4096minLength: 1type: stringrequired:- name- valuetype: objectmaxItems: 16type: arrayx-kubernetes-list-map-keys:- namex-kubernetes-list-type: maptype: objectrequestMirror:description: "RequestMirror defines a schema fora filter that mirrors requests. Requests are sentto the specified destination, but responses fromthat destination are ignored. \n Support: Extended"properties:backendRef:description: "BackendRef references a resourcewhere mirrored requests are sent. \n If thereferent cannot be found, this BackendRefis invalid and must be dropped from the Gateway.The controller must ensure the \"ResolvedRefs\"condition on the Route status is set to `status:False` and not configure this backend in theunderlying implementation. \n If there isa cross-namespace reference to an *existing*object that is not allowed by a ReferencePolicy,the controller must ensure the \"ResolvedRefs\"\ condition on the Route is set to `status:False`, with the \"RefNotPermitted\" reasonand not configure this backend in the underlyingimplementation. \n In either error case, theMessage of the `ResolvedRefs` Condition shouldbe used to provide more detail about the problem.\n Support: Extended for Kubernetes ServiceSupport: Custom for any other resource"properties:group:default: ""description: Group is the group of the referent.For example, "networking.k8s.io". Whenunspecified (empty string), core API groupis inferred.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Servicedescription: Kind is kind of the referent.For example "HTTPRoute" or "Service".maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: Name is the name of the referent.maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespaceof the backend. When unspecified, thelocal namespace is inferred. \n Note thatwhen a namespace is specified, a ReferencePolicyobject is required in the referent namespaceto allow that namespace's owner to acceptthe reference. See the ReferencePolicydocumentation for details. \n Support:Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringport:description: Port specifies the destinationport number to use for this resource.Port is required when the referent isa Kubernetes Service. For other resources,destination port might be derived fromthe referent resource or this field.format: int32maximum: 65535minimum: 1type: integerrequired:- nametype: objectrequired:- backendReftype: objectrequestRedirect:description: "RequestRedirect defines a schema fora filter that responds to the request with anHTTP redirection. \n Support: Core"properties:hostname:description: "Hostname is the hostname to beused in the value of the `Location` headerin the response. When empty, the hostnameof the request is used. \n Support: Core"maxLength: 253minLength: 1pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringport:description: "Port is the port to be used inthe value of the `Location` header in theresponse. When empty, port (if specified)of the request is used. \n Support: Extended"format: int32maximum: 65535minimum: 1type: integerscheme:description: "Scheme is the scheme to be usedin the value of the `Location` header in theresponse. When empty, the scheme of the requestis used. \n Support: Extended"enum:- http- httpstype: stringstatusCode:default: 302description: "StatusCode is the HTTP statuscode to be used in response. \n Support: Core"enum:- 301- 302type: integertype: objecttype:description: "Type identifies the type of filterto apply. As with other API fields, types areclassified into three conformance levels: \n -Core: Filter types and their corresponding configurationdefined by \"Support: Core\" in this package,e.g. \"RequestHeaderModifier\". All implementationsmust support core filters. \n - Extended: Filtertypes and their corresponding configuration definedby \"Support: Extended\" in this package, e.g.\"RequestMirror\". Implementers are encouragedto support extended filters. \n - Custom: Filtersthat are defined and supported by specific vendors.\ In the future, filters showing convergencein behavior across multiple implementationswill be considered for inclusion in extended orcore conformance levels. Filter-specific configurationfor such filters is specified using the ExtensionReffield. `Type` should be set to \"ExtensionRef\"for custom filters. \n Implementers are encouragedto define custom implementation types to extendthe core API with implementation-specific behavior.\n If a reference to a custom filter type cannotbe resolved, the filter MUST NOT be skipped. Instead,requests that would have been processed by thatfilter MUST receive a HTTP error response."enum:- RequestHeaderModifier- RequestMirror- RequestRedirect- ExtensionReftype: stringrequired:- typetype: objectmaxItems: 16type: arraygroup:default: ""description: Group is the group of the referent. For example,"networking.k8s.io". When unspecified (empty string),core API group is inferred.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Servicedescription: Kind is kind of the referent. For example"HTTPRoute" or "Service".maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: Name is the name of the referent.maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the backend.When unspecified, the local namespace is inferred. \nNote that when a namespace is specified, a ReferencePolicyobject is required in the referent namespace to allowthat namespace's owner to accept the reference. Seethe ReferencePolicy documentation for details. \n Support:Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringport:description: Port specifies the destination port numberto use for this resource. Port is required when thereferent is a Kubernetes Service. For other resources,destination port might be derived from the referentresource or this field.format: int32maximum: 65535minimum: 1type: integerweight:default: 1description: "Weight specifies the proportion of requestsforwarded to the referenced backend. This is computedas weight/(sum of all weights in this BackendRefs list).For non-zero values, there may be some epsilon fromthe exact proportion defined here depending on the precisionan implementation supports. Weight is not a percentageand the sum of weights does not need to equal 100. \nIf only one backend is specified and it has a weightgreater than 0, 100% of the traffic is forwarded tothat backend. If weight is set to 0, no traffic shouldbe forwarded for this entry. If unspecified, weightdefaults to 1. \n Support for this field varies basedon the context where used."format: int32maximum: 1000000minimum: 0type: integerrequired:- nametype: objectmaxItems: 16type: arrayfilters:description: "Filters define the filters that are applied torequests that match this rule. \n The effects of orderingof multiple behaviors are currently unspecified. This canchange in the future based on feedback during the alpha stage.\n Conformance-levels at this level are defined based on thetype of filter: \n - ALL core filters MUST be supported byall implementations. - Implementers are encouraged to supportextended filters. - Implementation-specific custom filtershave no API guarantees across implementations. \n Specifyinga core filter multiple times has unspecified or custom conformance.\n Support: Core"items:description: HTTPRouteFilter defines processing steps thatmust be completed during the request or response lifecycle.HTTPRouteFilters are meant as an extension point to expressprocessing that may be done in Gateway implementations.Some examples include request or response modification,implementing authentication strategies, rate-limiting, andtraffic shaping. API guarantee/conformance is defined basedon the type of the filter.properties:extensionRef:description: "ExtensionRef is an optional, implementation-specificextension to the \"filter\" behavior. For example,resource \"myroutefilter\" in group \"networking.example.net\").ExtensionRef MUST NOT be used for core and extendedfilters. \n Support: Implementation-specific"properties:group:description: Group is the group of the referent. Forexample, "networking.k8s.io". When unspecified (emptystring), core API group is inferred.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:description: Kind is kind of the referent. For example"HTTPRoute" or "Service".maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: Name is the name of the referent.maxLength: 253minLength: 1type: stringrequired:- group- kind- nametype: objectrequestHeaderModifier:description: "RequestHeaderModifier defines a schema fora filter that modifies request headers. \n Support:Core"properties:add:description: "Add adds the given header(s) (name,value) to the request before the action. It appendsto any existing values associated with the headername. \n Input: GET /foo HTTP/1.1 my-header:foo \n Config: add: - name: \"my-header\" value:\"bar\" \n Output: GET /foo HTTP/1.1 my-header:foo my-header: bar"items:description: HTTPHeader represents an HTTP Headername and value as defined by RFC 7230.properties:name:description: "Name is the name of the HTTP Headerto be matched. Name matching MUST be caseinsensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n If multiple entries specify equivalentheader names, the first entry with an equivalentname MUST be considered for a match. Subsequententries with an equivalent header name MUSTbe ignored. Due to the case-insensitivityof header names, \"foo\" and \"Foo\" are consideredequivalent."maxLength: 256minLength: 1pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$type: stringvalue:description: Value is the value of HTTP Headerto be matched.maxLength: 4096minLength: 1type: stringrequired:- name- valuetype: objectmaxItems: 16type: arrayx-kubernetes-list-map-keys:- namex-kubernetes-list-type: mapremove:description: "Remove the given header(s) from theHTTP request before the action. The value of Removeis a list of HTTP header names. Note that the headernames are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n Input: GET /foo HTTP/1.1 my-header1: foo\ my-header2: bar my-header3: baz \n Config:\ remove: [\"my-header1\", \"my-header3\"] \n Output:\ GET /foo HTTP/1.1 my-header2: bar"items:type: stringmaxItems: 16type: arrayset:description: "Set overwrites the request with thegiven header (name, value) before the action. \nInput: GET /foo HTTP/1.1 my-header: foo \n Config:\ set: - name: \"my-header\" value: \"bar\"\n Output: GET /foo HTTP/1.1 my-header: bar"items:description: HTTPHeader represents an HTTP Headername and value as defined by RFC 7230.properties:name:description: "Name is the name of the HTTP Headerto be matched. Name matching MUST be caseinsensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n If multiple entries specify equivalentheader names, the first entry with an equivalentname MUST be considered for a match. Subsequententries with an equivalent header name MUSTbe ignored. Due to the case-insensitivityof header names, \"foo\" and \"Foo\" are consideredequivalent."maxLength: 256minLength: 1pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$type: stringvalue:description: Value is the value of HTTP Headerto be matched.maxLength: 4096minLength: 1type: stringrequired:- name- valuetype: objectmaxItems: 16type: arrayx-kubernetes-list-map-keys:- namex-kubernetes-list-type: maptype: objectrequestMirror:description: "RequestMirror defines a schema for a filterthat mirrors requests. Requests are sent to the specifieddestination, but responses from that destination areignored. \n Support: Extended"properties:backendRef:description: "BackendRef references a resource wheremirrored requests are sent. \n If the referent cannotbe found, this BackendRef is invalid and must bedropped from the Gateway. The controller must ensurethe \"ResolvedRefs\" condition on the Route statusis set to `status: False` and not configure thisbackend in the underlying implementation. \n Ifthere is a cross-namespace reference to an *existing*object that is not allowed by a ReferencePolicy,the controller must ensure the \"ResolvedRefs\"\ condition on the Route is set to `status: False`,with the \"RefNotPermitted\" reason and not configurethis backend in the underlying implementation. \nIn either error case, the Message of the `ResolvedRefs`Condition should be used to provide more detailabout the problem. \n Support: Extended for KubernetesService Support: Custom for any other resource"properties:group:default: ""description: Group is the group of the referent.For example, "networking.k8s.io". When unspecified(empty string), core API group is inferred.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Servicedescription: Kind is kind of the referent. Forexample "HTTPRoute" or "Service".maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: Name is the name of the referent.maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of thebackend. When unspecified, the local namespaceis inferred. \n Note that when a namespace isspecified, a ReferencePolicy object is requiredin the referent namespace to allow that namespace'sowner to accept the reference. See the ReferencePolicydocumentation for details. \n Support: Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringport:description: Port specifies the destination portnumber to use for this resource. Port is requiredwhen the referent is a Kubernetes Service. Forother resources, destination port might be derivedfrom the referent resource or this field.format: int32maximum: 65535minimum: 1type: integerrequired:- nametype: objectrequired:- backendReftype: objectrequestRedirect:description: "RequestRedirect defines a schema for a filterthat responds to the request with an HTTP redirection.\n Support: Core"properties:hostname:description: "Hostname is the hostname to be usedin the value of the `Location` header in the response.When empty, the hostname of the request is used.\n Support: Core"maxLength: 253minLength: 1pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringport:description: "Port is the port to be used in the valueof the `Location` header in the response. When empty,port (if specified) of the request is used. \n Support:Extended"format: int32maximum: 65535minimum: 1type: integerscheme:description: "Scheme is the scheme to be used in thevalue of the `Location` header in the response.When empty, the scheme of the request is used. \nSupport: Extended"enum:- http- httpstype: stringstatusCode:default: 302description: "StatusCode is the HTTP status code tobe used in response. \n Support: Core"enum:- 301- 302type: integertype: objecttype:description: "Type identifies the type of filter to apply.As with other API fields, types are classified intothree conformance levels: \n - Core: Filter types andtheir corresponding configuration defined by \"Support:Core\" in this package, e.g. \"RequestHeaderModifier\".All implementations must support core filters. \n- Extended: Filter types and their corresponding configurationdefined by \"Support: Extended\" in this package,e.g. \"RequestMirror\". Implementers are encouragedto support extended filters. \n - Custom: Filters thatare defined and supported by specific vendors. Inthe future, filters showing convergence in behavioracross multiple implementations will be consideredfor inclusion in extended or core conformance levels.Filter-specific configuration for such filters isspecified using the ExtensionRef field. `Type` shouldbe set to \"ExtensionRef\" for custom filters. \nImplementers are encouraged to define custom implementationtypes to extend the core API with implementation-specificbehavior. \n If a reference to a custom filter typecannot be resolved, the filter MUST NOT be skipped.Instead, requests that would have been processed bythat filter MUST receive a HTTP error response."enum:- RequestHeaderModifier- RequestMirror- RequestRedirect- ExtensionReftype: stringrequired:- typetype: objectmaxItems: 16type: arraymatches:default:- path:type: PathPrefixvalue: /description: "Matches define conditions used for matching therule against incoming HTTP requests. Each match is independent,i.e. this rule will be matched if **any** one of the matchesis satisfied. \n For example, take the following matches configuration:\n ``` matches: - path: value: \"/foo\" headers: -name: \"version\" value: \"v2\" - path: value: \"/v2/foo\"``` \n For a request to match against this rule, a requestmust satisfy EITHER of the two conditions: \n - path prefixedwith `/foo` AND contains the header `version: v2` - path prefixof `/v2/foo` \n See the documentation for HTTPRouteMatch onhow to specify multiple match conditions that should be ANDedtogether. \n If no matches are specified, the default is aprefix path match on \"/\", which has the effect of matchingevery HTTP request. \n Proxy or Load Balancer routing configurationgenerated from HTTPRoutes MUST prioritize rules based on thefollowing criteria, continuing on ties. Precedence must begiven to the the Rule with the largest number of: \n * Charactersin a matching non-wildcard hostname. * Characters in a matchinghostname. * Characters in a matching path. * Header matches.* Query param matches. \n If ties still exist across multipleRoutes, matching precedence MUST be determined in order ofthe following criteria, continuing on ties: \n * The oldestRoute based on creation timestamp. * The Route appearing firstin alphabetical order by \"<namespace>/<name>\". \n If tiesstill exist within the Route that has been given precedence,matching precedence MUST be granted to the first matchingrule meeting the above criteria."items:description: "HTTPRouteMatch defines the predicate used tomatch requests to a given action. Multiple match types areANDed together, i.e. the match will evaluate to true onlyif all conditions are satisfied. \n For example, the matchbelow will match a HTTP request only if its path startswith `/foo` AND it contains the `version: v1` header: \n``` match: path: value: \"/foo\" headers: - name:\"version\" value \"v1\" ```"properties:headers:description: Headers specifies HTTP request header matchers.Multiple match values are ANDed together, meaning, arequest must match all the specified headers to selectthe route.items:description: HTTPHeaderMatch describes how to selecta HTTP route by matching HTTP request headers.properties:name:description: "Name is the name of the HTTP Headerto be matched. Name matching MUST be case insensitive.(See https://tools.ietf.org/html/rfc7230#section-3.2).\n If multiple entries specify equivalent headernames, only the first entry with an equivalentname MUST be considered for a match. Subsequententries with an equivalent header name MUST beignored. Due to the case-insensitivity of headernames, \"foo\" and \"Foo\" are considered equivalent.\n When a header is repeated in an HTTP request,it is implementation-specific behavior as to howthis is represented. Generally, proxies shouldfollow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2regarding processing a repeated header, with specialhandling for \"Set-Cookie\"."maxLength: 256minLength: 1pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$type: stringtype:default: Exactdescription: "Type specifies how to match againstthe value of the header. \n Support: Core (Exact)\n Support: Custom (RegularExpression) \n SinceRegularExpression HeaderMatchType has custom conformance,implementations can support POSIX, PCRE or anyother dialects of regular expressions. Pleaseread the implementation's documentation to determinethe supported dialect."enum:- Exact- RegularExpressiontype: stringvalue:description: Value is the value of HTTP Header tobe matched.maxLength: 4096minLength: 1type: stringrequired:- name- valuetype: objectmaxItems: 16type: arrayx-kubernetes-list-map-keys:- namex-kubernetes-list-type: mapmethod:description: "Method specifies HTTP method matcher. Whenspecified, this route will be matched only if the requesthas the specified method. \n Support: Extended"enum:- GET- HEAD- POST- PUT- DELETE- CONNECT- OPTIONS- TRACE- PATCHtype: stringpath:default:type: PathPrefixvalue: /description: Path specifies a HTTP request path matcher.If this field is not specified, a default prefix matchon the "/" path is provided.properties:type:default: PathPrefixdescription: "Type specifies how to match againstthe path Value. \n Support: Core (Exact, PathPrefix)\n Support: Custom (RegularExpression)"enum:- Exact- PathPrefix- RegularExpressiontype: stringvalue:default: /description: Value of the HTTP path to match against.maxLength: 1024type: stringtype: objectqueryParams:description: QueryParams specifies HTTP query parametermatchers. Multiple match values are ANDed together,meaning, a request must match all the specified queryparameters to select the route.items:description: HTTPQueryParamMatch describes how to selecta HTTP route by matching HTTP query parameters.properties:name:description: Name is the name of the HTTP queryparam to be matched. This must be an exact stringmatch. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).maxLength: 256minLength: 1type: stringtype:default: Exactdescription: "Type specifies how to match againstthe value of the query parameter. \n Support:Extended (Exact) \n Support: Custom (RegularExpression)\n Since RegularExpression QueryParamMatchTypehas custom conformance, implementations can supportPOSIX, PCRE or any other dialects of regular expressions.Please read the implementation's documentationto determine the supported dialect."enum:- Exact- RegularExpressiontype: stringvalue:description: Value is the value of HTTP query paramto be matched.maxLength: 1024minLength: 1type: stringrequired:- name- valuetype: objectmaxItems: 16type: arrayx-kubernetes-list-map-keys:- namex-kubernetes-list-type: maptype: objectmaxItems: 8type: arraytype: objectmaxItems: 16type: arraytype: objectstatus:description: Status defines the current state of HTTPRoute.properties:parents:description: "Parents is a list of parent resources (usually Gateways)that are associated with the route, and the status of the routewith respect to each parent. When this route attaches to a parent,the controller that manages the parent must add an entry to thislist when the controller first sees the route and should updatethe entry as appropriate when the route or gateway is modified.\n Note that parent references that cannot be resolved by an implementationof this API will not be added to this list. Implementations of thisAPI can only populate Route status for the Gateways/parent resourcesthey are responsible for. \n A maximum of 32 Gateways will be representedin this list. An empty list means the route has not been attachedto any Gateway."items:description: RouteParentStatus describes the status of a route withrespect to an associated Parent.properties:conditions:description: "Conditions describes the status of the route withrespect to the Gateway. Note that the route's availabilityis also subject to the Gateway's own status conditions andlistener status. \n If the Route's ParentRef specifies anexisting Gateway that supports Routes of this kind AND thatGateway's controller has sufficient access, then that Gateway'scontroller MUST set the \"Accepted\" condition on the Route,to indicate whether the route has been accepted or rejectedby the Gateway, and why. \n A Route MUST be considered \"Accepted\"if at least one of the Route's rules is implemented by theGateway. \n There are a number of cases where the \"Accepted\"condition may not be set due to lack of controller visibility,that includes when: \n * The Route refers to a non-existentparent. * The Route is of a type that the controller doesnot support. * The Route is in a namespace the the controllerdoes not have access to."items:description: "Condition contains details for one aspect ofthe current state of this API Resource. --- This structis intended for direct use as an array at the field path.status.conditions. For example, type FooStatus struct{\ // Represents the observations of a foo's current state.\ // Known .status.conditions.type are: \"Available\",\"Progressing\", and \"Degraded\" // +patchMergeKey=type\ // +patchStrategy=merge // +listType=map //+listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n // other fields }"properties:lastTransitionTime:description: lastTransitionTime is the last time the conditiontransitioned from one status to another. This shouldbe when the underlying condition changed. If that isnot known, then using the time when the API field changedis acceptable.format: date-timetype: stringmessage:description: message is a human readable message indicatingdetails about the transition. This may be an empty string.maxLength: 32768type: stringobservedGeneration:description: observedGeneration represents the .metadata.generationthat the condition was set based upon. For instance,if .metadata.generation is currently 12, but the .status.conditions[x].observedGenerationis 9, the condition is out of date with respect to thecurrent state of the instance.format: int64minimum: 0type: integerreason:description: reason contains a programmatic identifierindicating the reason for the condition's last transition.Producers of specific condition types may define expectedvalues and meanings for this field, and whether thevalues are considered a guaranteed API. The value shouldbe a CamelCase string. This field may not be empty.maxLength: 1024minLength: 1pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$type: stringstatus:description: status of the condition, one of True, False,Unknown.enum:- "True"- "False"- Unknowntype: stringtype:description: type of condition in CamelCase or in foo.example.com/CamelCase.--- Many .condition.type values are consistent acrossresources like Available, but because arbitrary conditionscan be useful (see .node.status.conditions), the abilityto deconflict is important. The regex it matches is(dns1123SubdomainFmt/)?(qualifiedNameFmt)maxLength: 316pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$type: stringrequired:- lastTransitionTime- message- reason- status- typetype: objectmaxItems: 8minItems: 1type: arrayx-kubernetes-list-map-keys:- typex-kubernetes-list-type: mapcontrollerName:description: "ControllerName is a domain/path string that indicatesthe name of the controller that wrote this status. This correspondswith the controllerName field on GatewayClass. \n Example:\"example.net/gateway-controller\". \n The format of thisfield is DOMAIN \"/\" PATH, where DOMAIN and PATH are validKubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$type: stringparentRef:description: ParentRef corresponds with a ParentRef in the specthat this RouteParentStatus struct describes the status of.properties:group:default: gateway.networking.k8s.iodescription: "Group is the group of the referent. \n Support:Core"maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Gatewaydescription: "Kind is kind of the referent. \n Support:Core (Gateway) Support: Custom (Other Resources)"maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: "Name is the name of the referent. \n Support:Core"maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the referent.When unspecified (or empty string), this refers to thelocal namespace of the Route. \n Support: Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringsectionName:description: "SectionName is the name of a section withinthe target resource. In the following resources, SectionNameis interpreted as the following: \n * Gateway: ListenerName \n Implementations MAY choose to support attachingRoutes to other resources. If that is the case, they MUSTclearly document how SectionName is interpreted. \n Whenunspecified (empty string), this will reference the entireresource. For the purpose of status, an attachment isconsidered successful if at least one section in the parentresource accepts it. For example, Gateway listeners canrestrict which Routes can attach to them by Route kind,namespace, or hostname. If 1 of 2 Gateway listeners acceptattachment from the referencing Route, the Route MUSTbe considered successfully attached. If no Gateway listenersaccept attachment from this Route, the Route MUST be considereddetached from the Gateway. \n Support: Core"maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringrequired:- nametype: objectrequired:- controllerName- parentReftype: objectmaxItems: 32type: arrayrequired:- parentstype: objectrequired:- spectype: objectserved: truestorage: truesubresources:status: {}status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891creationTimestamp: nullname: tcproutes.gateway.networking.k8s.iospec:group: gateway.networking.k8s.ionames:categories:- gateway-apikind: TCPRoutelistKind: TCPRouteListplural: tcproutessingular: tcproutescope: Namespacedversions:- additionalPrinterColumns:- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1alpha2schema:openAPIV3Schema:description: TCPRoute provides a way to route TCP requests. When combinedwith a Gateway listener, it can be used to forward connections on the portspecified by the listener to a set of backends specified by the TCPRoute.properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: Spec defines the desired state of TCPRoute.properties:parentRefs:description: "ParentRefs references the resources (usually Gateways)that a Route wants to be attached to. Note that the referenced parentresource needs to allow this for the attachment to be complete.For Gateways, that means the Gateway needs to allow attachment fromRoutes of this kind and namespace. \n The only kind of parent resourcewith \"Core\" support is Gateway. This API may be extended in thefuture to support additional kinds of parent resources such as oneof the route kinds. \n It is invalid to reference an identical parentmore than once. It is valid to reference multiple distinct sectionswithin the same parent resource, such as 2 Listeners within a Gateway.\n It is possible to separately reference multiple distinct objectsthat may be collapsed by an implementation. For example, some implementationsmay choose to merge compatible Gateway Listeners together. If thatis the case, the list of routes attached to those resources shouldalso be merged."items:description: "ParentRef identifies an API object (usually a Gateway)that can be considered a parent of this resource (usually a route).The only kind of parent resource with \"Core\" support is Gateway.This API may be extended in the future to support additional kindsof parent resources, such as HTTPRoute. \n The API object mustbe valid in the cluster; the Group and Kind must be registeredin the cluster for this reference to be valid. \n References toobjects with invalid Group and Kind are not valid, and must berejected by the implementation, with appropriate Conditions seton the containing object."properties:group:default: gateway.networking.k8s.iodescription: "Group is the group of the referent. \n Support:Core"maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Gatewaydescription: "Kind is kind of the referent. \n Support: Core(Gateway) Support: Custom (Other Resources)"maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: "Name is the name of the referent. \n Support:Core"maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the referent. Whenunspecified (or empty string), this refers to the local namespaceof the Route. \n Support: Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringsectionName:description: "SectionName is the name of a section within thetarget resource. In the following resources, SectionName isinterpreted as the following: \n * Gateway: Listener Name\n Implementations MAY choose to support attaching Routesto other resources. If that is the case, they MUST clearlydocument how SectionName is interpreted. \n When unspecified(empty string), this will reference the entire resource. Forthe purpose of status, an attachment is considered successfulif at least one section in the parent resource accepts it.For example, Gateway listeners can restrict which Routes canattach to them by Route kind, namespace, or hostname. If 1of 2 Gateway listeners accept attachment from the referencingRoute, the Route MUST be considered successfully attached.If no Gateway listeners accept attachment from this Route,the Route MUST be considered detached from the Gateway. \nSupport: Core"maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringrequired:- nametype: objectmaxItems: 32type: arrayrules:description: Rules are a list of TCP matchers and actions.items:description: TCPRouteRule is the configuration for a given rule.properties:backendRefs:description: "BackendRefs defines the backend(s) where matchingrequests should be sent. If unspecified or invalid (refersto a non-existent resource or a Service with no endpoints),the underlying implementation MUST actively reject connectionattempts to this backend. Connection rejections must respectweight; if an invalid backend is requested to have 80% ofconnections, then 80% of connections must be rejected instead.\n Support: Core for Kubernetes Service Support: Custom forany other resource \n Support for weight: Extended"items:description: "BackendRef defines how a Route should forwarda request to a Kubernetes resource. \n Note that when anamespace is specified, a ReferencePolicy object is requiredin the referent namespace to allow that namespace's ownerto accept the reference. See the ReferencePolicy documentationfor details."properties:group:default: ""description: Group is the group of the referent. For example,"networking.k8s.io". When unspecified (empty string),core API group is inferred.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Servicedescription: Kind is kind of the referent. For example"HTTPRoute" or "Service".maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: Name is the name of the referent.maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the backend.When unspecified, the local namespace is inferred. \nNote that when a namespace is specified, a ReferencePolicyobject is required in the referent namespace to allowthat namespace's owner to accept the reference. Seethe ReferencePolicy documentation for details. \n Support:Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringport:description: Port specifies the destination port numberto use for this resource. Port is required when thereferent is a Kubernetes Service. For other resources,destination port might be derived from the referentresource or this field.format: int32maximum: 65535minimum: 1type: integerweight:default: 1description: "Weight specifies the proportion of requestsforwarded to the referenced backend. This is computedas weight/(sum of all weights in this BackendRefs list).For non-zero values, there may be some epsilon fromthe exact proportion defined here depending on the precisionan implementation supports. Weight is not a percentageand the sum of weights does not need to equal 100. \nIf only one backend is specified and it has a weightgreater than 0, 100% of the traffic is forwarded tothat backend. If weight is set to 0, no traffic shouldbe forwarded for this entry. If unspecified, weightdefaults to 1. \n Support for this field varies basedon the context where used."format: int32maximum: 1000000minimum: 0type: integerrequired:- nametype: objectmaxItems: 16minItems: 1type: arraytype: objectmaxItems: 16minItems: 1type: arrayrequired:- rulestype: objectstatus:description: Status defines the current state of TCPRoute.properties:parents:description: "Parents is a list of parent resources (usually Gateways)that are associated with the route, and the status of the routewith respect to each parent. When this route attaches to a parent,the controller that manages the parent must add an entry to thislist when the controller first sees the route and should updatethe entry as appropriate when the route or gateway is modified.\n Note that parent references that cannot be resolved by an implementationof this API will not be added to this list. Implementations of thisAPI can only populate Route status for the Gateways/parent resourcesthey are responsible for. \n A maximum of 32 Gateways will be representedin this list. An empty list means the route has not been attachedto any Gateway."items:description: RouteParentStatus describes the status of a route withrespect to an associated Parent.properties:conditions:description: "Conditions describes the status of the route withrespect to the Gateway. Note that the route's availabilityis also subject to the Gateway's own status conditions andlistener status. \n If the Route's ParentRef specifies anexisting Gateway that supports Routes of this kind AND thatGateway's controller has sufficient access, then that Gateway'scontroller MUST set the \"Accepted\" condition on the Route,to indicate whether the route has been accepted or rejectedby the Gateway, and why. \n A Route MUST be considered \"Accepted\"if at least one of the Route's rules is implemented by theGateway. \n There are a number of cases where the \"Accepted\"condition may not be set due to lack of controller visibility,that includes when: \n * The Route refers to a non-existentparent. * The Route is of a type that the controller doesnot support. * The Route is in a namespace the the controllerdoes not have access to."items:description: "Condition contains details for one aspect ofthe current state of this API Resource. --- This structis intended for direct use as an array at the field path.status.conditions. For example, type FooStatus struct{\ // Represents the observations of a foo's current state.\ // Known .status.conditions.type are: \"Available\",\"Progressing\", and \"Degraded\" // +patchMergeKey=type\ // +patchStrategy=merge // +listType=map //+listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n // other fields }"properties:lastTransitionTime:description: lastTransitionTime is the last time the conditiontransitioned from one status to another. This shouldbe when the underlying condition changed. If that isnot known, then using the time when the API field changedis acceptable.format: date-timetype: stringmessage:description: message is a human readable message indicatingdetails about the transition. This may be an empty string.maxLength: 32768type: stringobservedGeneration:description: observedGeneration represents the .metadata.generationthat the condition was set based upon. For instance,if .metadata.generation is currently 12, but the .status.conditions[x].observedGenerationis 9, the condition is out of date with respect to thecurrent state of the instance.format: int64minimum: 0type: integerreason:description: reason contains a programmatic identifierindicating the reason for the condition's last transition.Producers of specific condition types may define expectedvalues and meanings for this field, and whether thevalues are considered a guaranteed API. The value shouldbe a CamelCase string. This field may not be empty.maxLength: 1024minLength: 1pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$type: stringstatus:description: status of the condition, one of True, False,Unknown.enum:- "True"- "False"- Unknowntype: stringtype:description: type of condition in CamelCase or in foo.example.com/CamelCase.--- Many .condition.type values are consistent acrossresources like Available, but because arbitrary conditionscan be useful (see .node.status.conditions), the abilityto deconflict is important. The regex it matches is(dns1123SubdomainFmt/)?(qualifiedNameFmt)maxLength: 316pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$type: stringrequired:- lastTransitionTime- message- reason- status- typetype: objectmaxItems: 8minItems: 1type: arrayx-kubernetes-list-map-keys:- typex-kubernetes-list-type: mapcontrollerName:description: "ControllerName is a domain/path string that indicatesthe name of the controller that wrote this status. This correspondswith the controllerName field on GatewayClass. \n Example:\"example.net/gateway-controller\". \n The format of thisfield is DOMAIN \"/\" PATH, where DOMAIN and PATH are validKubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$type: stringparentRef:description: ParentRef corresponds with a ParentRef in the specthat this RouteParentStatus struct describes the status of.properties:group:default: gateway.networking.k8s.iodescription: "Group is the group of the referent. \n Support:Core"maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Gatewaydescription: "Kind is kind of the referent. \n Support:Core (Gateway) Support: Custom (Other Resources)"maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: "Name is the name of the referent. \n Support:Core"maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the referent.When unspecified (or empty string), this refers to thelocal namespace of the Route. \n Support: Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringsectionName:description: "SectionName is the name of a section withinthe target resource. In the following resources, SectionNameis interpreted as the following: \n * Gateway: ListenerName \n Implementations MAY choose to support attachingRoutes to other resources. If that is the case, they MUSTclearly document how SectionName is interpreted. \n Whenunspecified (empty string), this will reference the entireresource. For the purpose of status, an attachment isconsidered successful if at least one section in the parentresource accepts it. For example, Gateway listeners canrestrict which Routes can attach to them by Route kind,namespace, or hostname. If 1 of 2 Gateway listeners acceptattachment from the referencing Route, the Route MUSTbe considered successfully attached. If no Gateway listenersaccept attachment from this Route, the Route MUST be considereddetached from the Gateway. \n Support: Core"maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringrequired:- nametype: objectrequired:- controllerName- parentReftype: objectmaxItems: 32type: arrayrequired:- parentstype: objectrequired:- spectype: objectserved: truestorage: truesubresources:status: {}status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []---apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:annotations:api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891creationTimestamp: nullname: tlsroutes.gateway.networking.k8s.iospec:group: gateway.networking.k8s.ionames:categories:- gateway-apikind: TLSRoutelistKind: TLSRouteListplural: tlsroutessingular: tlsroutescope: Namespacedversions:- additionalPrinterColumns:- jsonPath: .metadata.creationTimestampname: Agetype: datename: v1alpha2schema:openAPIV3Schema:description: "The TLSRoute resource is similar to TCPRoute, but can be configuredto match against TLS-specific metadata. This allows more flexibility inmatching streams for a given TLS listener. \n If you need to forward trafficto a single target for a TLS listener, you could choose to use a TCPRoutewith a TLS listener."properties:apiVersion:description: 'APIVersion defines the versioned schema of this representationof an object. Servers should convert recognized schemas to the latestinternal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'type: stringkind:description: 'Kind is a string value representing the REST resource thisobject represents. Servers may infer this from the endpoint the clientsubmits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'type: stringmetadata:type: objectspec:description: Spec defines the desired state of TLSRoute.properties:hostnames:description: "Hostnames defines a set of SNI names that should matchagainst the SNI attribute of TLS ClientHello message in TLS handshake.This matches the RFC 1123 definition of a hostname with 2 notableexceptions: \n 1. IPs are not allowed in SNI names per RFC 6066.2. A hostname may be prefixed with a wildcard label (`*.`). Thewildcard label must appear by itself as the first label. \n Ifa hostname is specified by both the Listener and TLSRoute, theremust be at least one intersecting hostname for the TLSRoute to beattached to the Listener. For example: \n * A Listener with `test.example.com`as the hostname matches TLSRoutes that have either not specifiedany hostnames, or have specified at least one of `test.example.com`or `*.example.com`. * A Listener with `*.example.com` as the hostnamematches TLSRoutes that have either not specified any hostnamesor have specified at least one hostname that matches the Listenerhostname. For example, `test.example.com` and `*.example.com`would both match. On the other hand, `example.com` and `test.example.net`would not match. \n If both the Listener and TLSRoute have specifiedhostnames, any TLSRoute hostnames that do not match the Listenerhostname MUST be ignored. For example, if a Listener specified `*.example.com`,and the TLSRoute specified `test.example.com` and `test.example.net`,`test.example.net` must not be considered for a match. \n If boththe Listener and TLSRoute have specified hostnames, and none matchwith the criteria above, then the TLSRoute is not accepted. Theimplementation must raise an 'Accepted' Condition with a statusof `False` in the corresponding RouteParentStatus. \n Support: Core"items:description: "Hostname is the fully qualified domain name of a networkhost. This matches the RFC 1123 definition of a hostname with2 notable exceptions: \n 1. IPs are not allowed. 2. A hostnamemay be prefixed with a wildcard label (`*.`). The wildcard labelmust appear by itself as the first label. \n Hostname can be \"precise\"which is a domain name without the terminating dot of a networkhost (e.g. \"foo.example.com\") or \"wildcard\", which is a domainname prefixed with a single wildcard label (e.g. `*.example.com`).\n Note that as per RFC1035 and RFC1123, a *label* must consistof lower case alphanumeric characters or '-', and must start andend with an alphanumeric character. No other punctuation is allowed."maxLength: 253minLength: 1pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringmaxItems: 16type: arrayparentRefs:description: "ParentRefs references the resources (usually Gateways)that a Route wants to be attached to. Note that the referenced parentresource needs to allow this for the attachment to be complete.For Gateways, that means the Gateway needs to allow attachment fromRoutes of this kind and namespace. \n The only kind of parent resourcewith \"Core\" support is Gateway. This API may be extended in thefuture to support additional kinds of parent resources such as oneof the route kinds. \n It is invalid to reference an identical parentmore than once. It is valid to reference multiple distinct sectionswithin the same parent resource, such as 2 Listeners within a Gateway.\n It is possible to separately reference multiple distinct objectsthat may be collapsed by an implementation. For example, some implementationsmay choose to merge compatible Gateway Listeners together. If thatis the case, the list of routes attached to those resources shouldalso be merged."items:description: "ParentRef identifies an API object (usually a Gateway)that can be considered a parent of this resource (usually a route).The only kind of parent resource with \"Core\" support is Gateway.This API may be extended in the future to support additional kindsof parent resources, such as HTTPRoute. \n The API object mustbe valid in the cluster; the Group and Kind must be registeredin the cluster for this reference to be valid. \n References toobjects with invalid Group and Kind are not valid, and must berejected by the implementation, with appropriate Conditions seton the containing object."properties:group:default: gateway.networking.k8s.iodescription: "Group is the group of the referent. \n Support:Core"maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Gatewaydescription: "Kind is kind of the referent. \n Support: Core(Gateway) Support: Custom (Other Resources)"maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: "Name is the name of the referent. \n Support:Core"maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the referent. Whenunspecified (or empty string), this refers to the local namespaceof the Route. \n Support: Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringsectionName:description: "SectionName is the name of a section within thetarget resource. In the following resources, SectionName isinterpreted as the following: \n * Gateway: Listener Name\n Implementations MAY choose to support attaching Routesto other resources. If that is the case, they MUST clearlydocument how SectionName is interpreted. \n When unspecified(empty string), this will reference the entire resource. Forthe purpose of status, an attachment is considered successfulif at least one section in the parent resource accepts it.For example, Gateway listeners can restrict which Routes canattach to them by Route kind, namespace, or hostname. If 1of 2 Gateway listeners accept attachment from the referencingRoute, the Route MUST be considered successfully attached.If no Gateway listeners accept attachment from this Route,the Route MUST be considered detached from the Gateway. \nSupport: Core"maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringrequired:- nametype: objectmaxItems: 32type: arrayrules:description: Rules are a list of TLS matchers and actions.items:description: TLSRouteRule is the configuration for a given rule.properties:backendRefs:description: "BackendRefs defines the backend(s) where matchingrequests should be sent. If unspecified or invalid (refersto a non-existent resource or a Service with no endpoints),the rule performs no forwarding; if no filters are specifiedthat would result in a response being sent, the underlyingimplementation must actively reject request attempts to thisbackend, by rejecting the connection or returning a 503 statuscode. Request rejections must respect weight; if an invalidbackend is requested to have 80% of requests, then 80% ofrequests must be rejected instead. \n Support: Core for KubernetesService Support: Custom for any other resource \n Supportfor weight: Extended"items:description: "BackendRef defines how a Route should forwarda request to a Kubernetes resource. \n Note that when anamespace is specified, a ReferencePolicy object is requiredin the referent namespace to allow that namespace's ownerto accept the reference. See the ReferencePolicy documentationfor details."properties:group:default: ""description: Group is the group of the referent. For example,"networking.k8s.io". When unspecified (empty string),core API group is inferred.maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Servicedescription: Kind is kind of the referent. For example"HTTPRoute" or "Service".maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: Name is the name of the referent.maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the backend.When unspecified, the local namespace is inferred. \nNote that when a namespace is specified, a ReferencePolicyobject is required in the referent namespace to allowthat namespace's owner to accept the reference. Seethe ReferencePolicy documentation for details. \n Support:Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringport:description: Port specifies the destination port numberto use for this resource. Port is required when thereferent is a Kubernetes Service. For other resources,destination port might be derived from the referentresource or this field.format: int32maximum: 65535minimum: 1type: integerweight:default: 1description: "Weight specifies the proportion of requestsforwarded to the referenced backend. This is computedas weight/(sum of all weights in this BackendRefs list).For non-zero values, there may be some epsilon fromthe exact proportion defined here depending on the precisionan implementation supports. Weight is not a percentageand the sum of weights does not need to equal 100. \nIf only one backend is specified and it has a weightgreater than 0, 100% of the traffic is forwarded tothat backend. If weight is set to 0, no traffic shouldbe forwarded for this entry. If unspecified, weightdefaults to 1. \n Support for this field varies basedon the context where used."format: int32maximum: 1000000minimum: 0type: integerrequired:- nametype: objectmaxItems: 16minItems: 1type: arraytype: objectmaxItems: 16minItems: 1type: arrayrequired:- rulestype: objectstatus:description: Status defines the current state of TLSRoute.properties:parents:description: "Parents is a list of parent resources (usually Gateways)that are associated with the route, and the status of the routewith respect to each parent. When this route attaches to a parent,the controller that manages the parent must add an entry to thislist when the controller first sees the route and should updatethe entry as appropriate when the route or gateway is modified.\n Note that parent references that cannot be resolved by an implementationof this API will not be added to this list. Implementations of thisAPI can only populate Route status for the Gateways/parent resourcesthey are responsible for. \n A maximum of 32 Gateways will be representedin this list. An empty list means the route has not been attachedto any Gateway."items:description: RouteParentStatus describes the status of a route withrespect to an associated Parent.properties:conditions:description: "Conditions describes the status of the route withrespect to the Gateway. Note that the route's availabilityis also subject to the Gateway's own status conditions andlistener status. \n If the Route's ParentRef specifies anexisting Gateway that supports Routes of this kind AND thatGateway's controller has sufficient access, then that Gateway'scontroller MUST set the \"Accepted\" condition on the Route,to indicate whether the route has been accepted or rejectedby the Gateway, and why. \n A Route MUST be considered \"Accepted\"if at least one of the Route's rules is implemented by theGateway. \n There are a number of cases where the \"Accepted\"condition may not be set due to lack of controller visibility,that includes when: \n * The Route refers to a non-existentparent. * The Route is of a type that the controller doesnot support. * The Route is in a namespace the the controllerdoes not have access to."items:description: "Condition contains details for one aspect ofthe current state of this API Resource. --- This structis intended for direct use as an array at the field path.status.conditions. For example, type FooStatus struct{\ // Represents the observations of a foo's current state.\ // Known .status.conditions.type are: \"Available\",\"Progressing\", and \"Degraded\" // +patchMergeKey=type\ // +patchStrategy=merge // +listType=map //+listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n // other fields }"properties:lastTransitionTime:description: lastTransitionTime is the last time the conditiontransitioned from one status to another. This shouldbe when the underlying condition changed. If that isnot known, then using the time when the API field changedis acceptable.format: date-timetype: stringmessage:description: message is a human readable message indicatingdetails about the transition. This may be an empty string.maxLength: 32768type: stringobservedGeneration:description: observedGeneration represents the .metadata.generationthat the condition was set based upon. For instance,if .metadata.generation is currently 12, but the .status.conditions[x].observedGenerationis 9, the condition is out of date with respect to thecurrent state of the instance.format: int64minimum: 0type: integerreason:description: reason contains a programmatic identifierindicating the reason for the condition's last transition.Producers of specific condition types may define expectedvalues and meanings for this field, and whether thevalues are considered a guaranteed API. The value shouldbe a CamelCase string. This field may not be empty.maxLength: 1024minLength: 1pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$type: stringstatus:description: status of the condition, one of True, False,Unknown.enum:- "True"- "False"- Unknowntype: stringtype:description: type of condition in CamelCase or in foo.example.com/CamelCase.--- Many .condition.type values are consistent acrossresources like Available, but because arbitrary conditionscan be useful (see .node.status.conditions), the abilityto deconflict is important. The regex it matches is(dns1123SubdomainFmt/)?(qualifiedNameFmt)maxLength: 316pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$type: stringrequired:- lastTransitionTime- message- reason- status- typetype: objectmaxItems: 8minItems: 1type: arrayx-kubernetes-list-map-keys:- typex-kubernetes-list-type: mapcontrollerName:description: "ControllerName is a domain/path string that indicatesthe name of the controller that wrote this status. This correspondswith the controllerName field on GatewayClass. \n Example:\"example.net/gateway-controller\". \n The format of thisfield is DOMAIN \"/\" PATH, where DOMAIN and PATH are validKubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$type: stringparentRef:description: ParentRef corresponds with a ParentRef in the specthat this RouteParentStatus struct describes the status of.properties:group:default: gateway.networking.k8s.iodescription: "Group is the group of the referent. \n Support:Core"maxLength: 253pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringkind:default: Gatewaydescription: "Kind is kind of the referent. \n Support:Core (Gateway) Support: Custom (Other Resources)"maxLength: 63minLength: 1pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$type: stringname:description: "Name is the name of the referent. \n Support:Core"maxLength: 253minLength: 1type: stringnamespace:description: "Namespace is the namespace of the referent.When unspecified (or empty string), this refers to thelocal namespace of the Route. \n Support: Core"maxLength: 63minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$type: stringsectionName:description: "SectionName is the name of a section withinthe target resource. In the following resources, SectionNameis interpreted as the following: \n * Gateway: ListenerName \n Implementations MAY choose to support attachingRoutes to other resources. If that is the case, they MUSTclearly document how SectionName is interpreted. \n Whenunspecified (empty string), this will reference the entireresource. For the purpose of status, an attachment isconsidered successful if at least one section in the parentresource accepts it. For example, Gateway listeners canrestrict which Routes can attach to them by Route kind,namespace, or hostname. If 1 of 2 Gateway listeners acceptattachment from the referencing Route, the Route MUSTbe considered successfully attached. If no Gateway listenersaccept attachment from this Route, the Route MUST be considereddetached from the Gateway. \n Support: Core"maxLength: 253minLength: 1pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$type: stringrequired:- nametype: objectrequired:- controllerName- parentReftype: objectmaxItems: 32type: arrayrequired:- parentstype: objectrequired:- spectype: objectserved: truestorage: truesubresources:status: {}status:acceptedNames:kind: ""plural: ""conditions: []storedVersions: []
Resources
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GatewayClass
metadata:
name: my-gateway-class
spec:
controllerName: traefik.io/gateway-controller
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: Gateway
metadata:
name: my-gateway
namespace: default
spec:
gatewayClassName: my-gateway-class
listeners: # Use GatewayClass defaults for listener definition.
- name: http
protocol: HTTP
port: 80
- name: https
protocol: HTTPS
port: 443
tls:
certificateRefs:
- kind: Secret
name: mysecret
- name: tcp
protocol: TCP
port: 9000
allowedRoutes:
kinds:
- kind: TCPRoute
- name: tls
protocol: TLS
port: 9443
hostname: example.com
tls:
certificateRefs:
- kind: Secret
name: mysecret
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: HTTPRoute
metadata:
name: http-app
namespace: default
spec:
parentRefs:
- name: my-gateway
hostnames:
- foo.com
rules:
- matches:
- path:
type: Exact
value: /bar
backendRefs:
- name: whoami
port: 80
weight: 1
- matches:
- path:
type: PathPrefix
value: /foo
backendRefs:
- group: traefik.io
kind: TraefikService
name: myservice@file
weight: 1
port: 80
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TCPRoute
metadata:
name: tcp-app
namespace: default
spec:
parentRefs:
- name: my-gateway
rules:
- backendRefs:
- name: whoamitcp
port: 9000
weight: 1
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
name: tls-app
namespace: default
spec:
parentRefs:
- name: my-gateway
sectionName: tls
rules:
- backendRefs:
- name: whoamitcp
port: 9000
weight: 1
RBAC
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gateway-role
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
- gateways
- httproutes
- tcproutes
- tlsroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
- gateways/status
- httproutes/status
- tcproutes/status
- tlsroutes/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gateway-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gateway-role
subjects:
- kind: ServiceAccount
name: traefik-controller
namespace: default
Using Traefik for Business Applications?
If you are using Traefik in your organization, consider our enterprise-grade solutions:
- API Management
Explore // Watch Demo Video - API Gateway
Explore // Watch Demo Video - Ingress Controller
Kubernetes // Docker Swarm
These tools help businesses discover, deploy, secure, and manage microservices and APIs easily, at scale, across any environment.
