sigs.k8s.io/gateway-api@v1.0.0/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 6 gateway.networking.k8s.io/bundle-version: v1.0.0 7 gateway.networking.k8s.io/channel: experimental 8 creationTimestamp: null 9 name: gateways.gateway.networking.k8s.io 10 spec: 11 group: gateway.networking.k8s.io 12 names: 13 categories: 14 - gateway-api 15 kind: Gateway 16 listKind: GatewayList 17 plural: gateways 18 shortNames: 19 - gtw 20 singular: gateway 21 scope: Namespaced 22 versions: 23 - additionalPrinterColumns: 24 - jsonPath: .spec.gatewayClassName 25 name: Class 26 type: string 27 - jsonPath: .status.addresses[*].value 28 name: Address 29 type: string 30 - jsonPath: .status.conditions[?(@.type=="Programmed")].status 31 name: Programmed 32 type: string 33 - jsonPath: .metadata.creationTimestamp 34 name: Age 35 type: date 36 name: v1 37 schema: 38 openAPIV3Schema: 39 description: Gateway represents an instance of a service-traffic handling 40 infrastructure by binding Listeners to a set of IP addresses. 41 properties: 42 apiVersion: 43 description: 'APIVersion defines the versioned schema of this representation 44 of an object. Servers should convert recognized schemas to the latest 45 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 46 type: string 47 kind: 48 description: 'Kind is a string value representing the REST resource this 49 object represents. Servers may infer this from the endpoint the client 50 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 51 type: string 52 metadata: 53 type: object 54 spec: 55 description: Spec defines the desired state of Gateway. 56 properties: 57 addresses: 58 description: "Addresses requested for this Gateway. This is optional 59 and behavior can depend on the implementation. If a value is set 60 in the spec and the requested address is invalid or unavailable, 61 the implementation MUST indicate this in the associated entry in 62 GatewayStatus.Addresses. \n The Addresses field represents a request 63 for the address(es) on the \"outside of the Gateway\", that traffic 64 bound for this Gateway will use. This could be the IP address or 65 hostname of an external load balancer or other networking infrastructure, 66 or some other address that traffic will be sent to. \n If no Addresses 67 are specified, the implementation MAY schedule the Gateway in an 68 implementation-specific manner, assigning an appropriate set of 69 Addresses. \n The implementation MUST bind all Listeners to every 70 GatewayAddress that it assigns to the Gateway and add a corresponding 71 entry in GatewayStatus.Addresses. \n Support: Extended \n " 72 items: 73 description: GatewayAddress describes an address that can be bound 74 to a Gateway. 75 oneOf: 76 - properties: 77 type: 78 enum: 79 - IPAddress 80 value: 81 anyOf: 82 - format: ipv4 83 - format: ipv6 84 - properties: 85 type: 86 not: 87 enum: 88 - IPAddress 89 properties: 90 type: 91 default: IPAddress 92 description: Type of the address. 93 maxLength: 253 94 minLength: 1 95 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 96 type: string 97 value: 98 description: "Value of the address. The validity of the values 99 will depend on the type and support by the controller. \n 100 Examples: `1.2.3.4`, `128::1`, `my-ip-address`." 101 maxLength: 253 102 minLength: 1 103 type: string 104 required: 105 - value 106 type: object 107 x-kubernetes-validations: 108 - message: Hostname value must only contain valid characters (matching 109 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$) 110 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""): 111 true' 112 maxItems: 16 113 type: array 114 x-kubernetes-validations: 115 - message: IPAddress values must be unique 116 rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2, 117 a2.type == a1.type && a2.value == a1.value) : true )' 118 - message: Hostname values must be unique 119 rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2, 120 a2.type == a1.type && a2.value == a1.value) : true )' 121 gatewayClassName: 122 description: GatewayClassName used for this Gateway. This is the name 123 of a GatewayClass resource. 124 maxLength: 253 125 minLength: 1 126 type: string 127 infrastructure: 128 description: "Infrastructure defines infrastructure level attributes 129 about this Gateway instance. \n Support: Core \n " 130 properties: 131 annotations: 132 additionalProperties: 133 description: AnnotationValue is the value of an annotation in 134 Gateway API. This is used for validation of maps such as TLS 135 options. This roughly matches Kubernetes annotation validation, 136 although the length validation in that case is based on the 137 entire size of the annotations struct. 138 maxLength: 4096 139 minLength: 0 140 type: string 141 description: "Annotations that SHOULD be applied to any resources 142 created in response to this Gateway. \n For implementations 143 creating other Kubernetes objects, this should be the `metadata.annotations` 144 field on resources. For other implementations, this refers to 145 any relevant (implementation specific) \"annotations\" concepts. 146 \n An implementation may chose to add additional implementation-specific 147 annotations as they see fit. \n Support: Extended" 148 maxProperties: 8 149 type: object 150 labels: 151 additionalProperties: 152 description: AnnotationValue is the value of an annotation in 153 Gateway API. This is used for validation of maps such as TLS 154 options. This roughly matches Kubernetes annotation validation, 155 although the length validation in that case is based on the 156 entire size of the annotations struct. 157 maxLength: 4096 158 minLength: 0 159 type: string 160 description: "Labels that SHOULD be applied to any resources created 161 in response to this Gateway. \n For implementations creating 162 other Kubernetes objects, this should be the `metadata.labels` 163 field on resources. For other implementations, this refers to 164 any relevant (implementation specific) \"labels\" concepts. 165 \n An implementation may chose to add additional implementation-specific 166 labels as they see fit. \n Support: Extended" 167 maxProperties: 8 168 type: object 169 type: object 170 listeners: 171 description: "Listeners associated with this Gateway. Listeners define 172 logical endpoints that are bound on this Gateway's addresses. At 173 least one Listener MUST be specified. \n Each Listener in a set 174 of Listeners (for example, in a single Gateway) MUST be _distinct_, 175 in that a traffic flow MUST be able to be assigned to exactly one 176 listener. (This section uses \"set of Listeners\" rather than \"Listeners 177 in a single Gateway\" because implementations MAY merge configuration 178 from multiple Gateways onto a single data plane, and these rules 179 _also_ apply in that case). \n Practically, this means that each 180 listener in a set MUST have a unique combination of Port, Protocol, 181 and, if supported by the protocol, Hostname. \n Some combinations 182 of port, protocol, and TLS settings are considered Core support 183 and MUST be supported by implementations based on their targeted 184 conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80, 185 Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: 186 Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port: 187 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners 188 have the following property: \n The implementation can match inbound 189 requests to a single distinct Listener. When multiple Listeners 190 share values for fields (for example, two Listeners with the same 191 Port value), the implementation can match requests to only one of 192 the Listeners using other Listener fields. \n For example, the following 193 Listener scenarios are distinct: \n 1. Multiple Listeners with the 194 same Port that all use the \"HTTP\" Protocol that all have unique 195 Hostname values. 2. Multiple Listeners with the same Port that use 196 either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname 197 values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, 198 where no Listener with the same Protocol has the same Port value. 199 \n Some fields in the Listener struct have possible values that 200 affect whether the Listener is distinct. Hostname is particularly 201 relevant for HTTP or HTTPS protocols. \n When using the Hostname 202 value to select between same-Port, same-Protocol Listeners, the 203 Hostname value must be different on each Listener for the Listener 204 to be distinct. \n When the Listeners are distinct based on Hostname, 205 inbound request hostnames MUST match from the most specific to least 206 specific Hostname values to choose the correct Listener and its 207 associated set of Routes. \n Exact matches must be processed before 208 wildcard matches, and wildcard matches must be processed before 209 fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` 210 takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` 211 takes precedence over `\"\"`. \n Additionally, if there are multiple 212 wildcard entries, more specific wildcard entries must be processed 213 before less specific wildcard entries. For example, `\"*.foo.example.com\"` 214 takes precedence over `\"*.example.com\"`. The precise definition 215 here is that the higher the number of dots in the hostname to the 216 right of the wildcard character, the higher the precedence. \n The 217 wildcard character will match any number of characters _and dots_ 218 to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"` 219 _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners 220 that are not distinct, then those Listeners are Conflicted, and 221 the implementation MUST set the \"Conflicted\" condition in the 222 Listener Status to \"True\". \n Implementations MAY choose to accept 223 a Gateway with some Conflicted Listeners only if they only accept 224 the partial Listener set that contains no Conflicted Listeners. 225 To put this another way, implementations may accept a partial Listener 226 set only if they throw out *all* the conflicting Listeners. No picking 227 one of the conflicting listeners as the winner. This also means 228 that the Gateway must have at least one non-conflicting Listener 229 in this case, otherwise it violates the requirement that at least 230 one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\" 231 condition on the Gateway Status when the Gateway contains Conflicted 232 Listeners whether or not they accept the Gateway. That Condition 233 SHOULD clearly indicate in the Message which Listeners are conflicted, 234 and which are Accepted. Additionally, the Listener status for those 235 listeners SHOULD indicate which Listeners are conflicted and not 236 Accepted. \n A Gateway's Listeners are considered \"compatible\" 237 if: \n 1. They are distinct. 2. The implementation can serve them 238 in compliance with the Addresses requirement that all Listeners 239 are available on all assigned addresses. \n Compatible combinations 240 in Extended support are expected to vary across implementations. 241 A combination that is compatible for one implementation may not 242 be compatible for another. \n For example, an implementation that 243 cannot serve both TCP and UDP listeners on the same address, or 244 cannot mix HTTPS and generic TLS listens on the same port would 245 not consider those cases compatible, even though they are distinct. 246 \n Note that requests SHOULD match at most one Listener. For example, 247 if Listeners are defined for \"foo.example.com\" and \"*.example.com\", 248 a request to \"foo.example.com\" SHOULD only be routed using routes 249 attached to the \"foo.example.com\" Listener (and not the \"*.example.com\" 250 Listener). This concept is known as \"Listener Isolation\". Implementations 251 that do not support Listener Isolation MUST clearly document this. 252 \n Implementations MAY merge separate Gateways onto a single set 253 of Addresses if all Listeners across all Gateways are compatible. 254 \n Support: Core" 255 items: 256 description: Listener embodies the concept of a logical endpoint 257 where a Gateway accepts network connections. 258 properties: 259 allowedRoutes: 260 default: 261 namespaces: 262 from: Same 263 description: "AllowedRoutes defines the types of routes that 264 MAY be attached to a Listener and the trusted namespaces where 265 those Route resources MAY be present. \n Although a client 266 request may match multiple route rules, only one rule may 267 ultimately receive the request. Matching precedence MUST be 268 determined in order of the following criteria: \n * The most 269 specific match as defined by the Route type. * The oldest 270 Route based on creation timestamp. For example, a Route with 271 a creation timestamp of \"2020-09-08 01:02:03\" is given precedence 272 over a Route with a creation timestamp of \"2020-09-08 01:02:04\". 273 * If everything else is equivalent, the Route appearing first 274 in alphabetical order (namespace/name) should be given precedence. 275 For example, foo/bar is given precedence over foo/baz. \n 276 All valid rules within a Route attached to this Listener should 277 be implemented. Invalid Route rules can be ignored (sometimes 278 that will mean the full Route). If a Route rule transitions 279 from valid to invalid, support for that Route rule should 280 be dropped to ensure consistency. For example, even if a filter 281 specified by a Route rule is invalid, the rest of the rules 282 within that Route should still be supported. \n Support: Core" 283 properties: 284 kinds: 285 description: "Kinds specifies the groups and kinds of Routes 286 that are allowed to bind to this Gateway Listener. When 287 unspecified or empty, the kinds of Routes selected are 288 determined using the Listener protocol. \n A RouteGroupKind 289 MUST correspond to kinds of Routes that are compatible 290 with the application protocol specified in the Listener's 291 Protocol field. If an implementation does not support 292 or recognize this resource type, it MUST set the \"ResolvedRefs\" 293 condition to False for this Listener with the \"InvalidRouteKinds\" 294 reason. \n Support: Core" 295 items: 296 description: RouteGroupKind indicates the group and kind 297 of a Route resource. 298 properties: 299 group: 300 default: gateway.networking.k8s.io 301 description: Group is the group of the Route. 302 maxLength: 253 303 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 304 type: string 305 kind: 306 description: Kind is the kind of the Route. 307 maxLength: 63 308 minLength: 1 309 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 310 type: string 311 required: 312 - kind 313 type: object 314 maxItems: 8 315 type: array 316 namespaces: 317 default: 318 from: Same 319 description: "Namespaces indicates namespaces from which 320 Routes may be attached to this Listener. This is restricted 321 to the namespace of this Gateway by default. \n Support: 322 Core" 323 properties: 324 from: 325 default: Same 326 description: "From indicates where Routes will be selected 327 for this Gateway. Possible values are: \n * All: Routes 328 in all namespaces may be used by this Gateway. * Selector: 329 Routes in namespaces selected by the selector may 330 be used by this Gateway. * Same: Only Routes in the 331 same namespace may be used by this Gateway. \n Support: 332 Core" 333 enum: 334 - All 335 - Selector 336 - Same 337 type: string 338 selector: 339 description: "Selector must be specified when From is 340 set to \"Selector\". In that case, only Routes in 341 Namespaces matching this Selector will be selected 342 by this Gateway. This field is ignored for other values 343 of \"From\". \n Support: Core" 344 properties: 345 matchExpressions: 346 description: matchExpressions is a list of label 347 selector requirements. The requirements are ANDed. 348 items: 349 description: A label selector requirement is a 350 selector that contains values, a key, and an 351 operator that relates the key and values. 352 properties: 353 key: 354 description: key is the label key that the 355 selector applies to. 356 type: string 357 operator: 358 description: operator represents a key's relationship 359 to a set of values. Valid operators are 360 In, NotIn, Exists and DoesNotExist. 361 type: string 362 values: 363 description: values is an array of string 364 values. If the operator is In or NotIn, 365 the values array must be non-empty. If the 366 operator is Exists or DoesNotExist, the 367 values array must be empty. This array is 368 replaced during a strategic merge patch. 369 items: 370 type: string 371 type: array 372 required: 373 - key 374 - operator 375 type: object 376 type: array 377 matchLabels: 378 additionalProperties: 379 type: string 380 description: matchLabels is a map of {key,value} 381 pairs. A single {key,value} in the matchLabels 382 map is equivalent to an element of matchExpressions, 383 whose key field is "key", the operator is "In", 384 and the values array contains only "value". The 385 requirements are ANDed. 386 type: object 387 type: object 388 x-kubernetes-map-type: atomic 389 type: object 390 type: object 391 hostname: 392 description: "Hostname specifies the virtual hostname to match 393 for protocol types that define this concept. When unspecified, 394 all hostnames are matched. This field is ignored for protocols 395 that don't require hostname based matching. \n Implementations 396 MUST apply Hostname matching appropriately for each of the 397 following protocols: \n * TLS: The Listener Hostname MUST 398 match the SNI. * HTTP: The Listener Hostname MUST match the 399 Host header of the request. * HTTPS: The Listener Hostname 400 SHOULD match at both the TLS and HTTP protocol layers as described 401 above. If an implementation does not ensure that both the 402 SNI and Host header match the Listener hostname, it MUST clearly 403 document that. \n For HTTPRoute and TLSRoute resources, there 404 is an interaction with the `spec.hostnames` array. When both 405 listener and route specify hostnames, there MUST be an intersection 406 between the values for a Route to be accepted. For more information, 407 refer to the Route specific Hostnames documentation. \n Hostnames 408 that are prefixed with a wildcard label (`*.`) are interpreted 409 as a suffix match. That means that a match for `*.example.com` 410 would match both `test.example.com`, and `foo.test.example.com`, 411 but not `example.com`. \n Support: Core" 412 maxLength: 253 413 minLength: 1 414 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 415 type: string 416 name: 417 description: "Name is the name of the Listener. This name MUST 418 be unique within a Gateway. \n Support: Core" 419 maxLength: 253 420 minLength: 1 421 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 422 type: string 423 port: 424 description: "Port is the network port. Multiple listeners may 425 use the same port, subject to the Listener compatibility rules. 426 \n Support: Core" 427 format: int32 428 maximum: 65535 429 minimum: 1 430 type: integer 431 protocol: 432 description: "Protocol specifies the network protocol this listener 433 expects to receive. \n Support: Core" 434 maxLength: 255 435 minLength: 1 436 pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$ 437 type: string 438 tls: 439 description: "TLS is the TLS configuration for the Listener. 440 This field is required if the Protocol field is \"HTTPS\" 441 or \"TLS\". It is invalid to set this field if the Protocol 442 field is \"HTTP\", \"TCP\", or \"UDP\". \n The association 443 of SNIs to Certificate defined in GatewayTLSConfig is defined 444 based on the Hostname field for this listener. \n The GatewayClass 445 MUST use the longest matching SNI out of all available certificates 446 for any TLS handshake. \n Support: Core" 447 properties: 448 certificateRefs: 449 description: "CertificateRefs contains a series of references 450 to Kubernetes objects that contains TLS certificates and 451 private keys. These certificates are used to establish 452 a TLS handshake for requests that match the hostname of 453 the associated listener. \n A single CertificateRef to 454 a Kubernetes Secret has \"Core\" support. Implementations 455 MAY choose to support attaching multiple certificates 456 to a Listener, but this behavior is implementation-specific. 457 \n References to a resource in different namespace are 458 invalid UNLESS there is a ReferenceGrant in the target 459 namespace that allows the certificate to be attached. 460 If a ReferenceGrant does not allow this reference, the 461 \"ResolvedRefs\" condition MUST be set to False for this 462 listener with the \"RefNotPermitted\" reason. \n This 463 field is required to have at least one element when the 464 mode is set to \"Terminate\" (default) and is optional 465 otherwise. \n CertificateRefs can reference to standard 466 Kubernetes resources, i.e. Secret, or implementation-specific 467 custom resources. \n Support: Core - A single reference 468 to a Kubernetes Secret of type kubernetes.io/tls \n Support: 469 Implementation-specific (More than one reference or other 470 resource types)" 471 items: 472 description: "SecretObjectReference identifies an API 473 object including its namespace, defaulting to Secret. 474 \n The API object must be valid in the cluster; the 475 Group and Kind must be registered in the cluster for 476 this reference to be valid. \n References to objects 477 with invalid Group and Kind are not valid, and must 478 be rejected by the implementation, with appropriate 479 Conditions set on the containing object." 480 properties: 481 group: 482 default: "" 483 description: Group is the group of the referent. For 484 example, "gateway.networking.k8s.io". When unspecified 485 or empty string, core API group is inferred. 486 maxLength: 253 487 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 488 type: string 489 kind: 490 default: Secret 491 description: Kind is kind of the referent. For example 492 "Secret". 493 maxLength: 63 494 minLength: 1 495 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 496 type: string 497 name: 498 description: Name is the name of the referent. 499 maxLength: 253 500 minLength: 1 501 type: string 502 namespace: 503 description: "Namespace is the namespace of the referenced 504 object. When unspecified, the local namespace is 505 inferred. \n Note that when a namespace different 506 than the local namespace is specified, a ReferenceGrant 507 object is required in the referent namespace to 508 allow that namespace's owner to accept the reference. 509 See the ReferenceGrant documentation for details. 510 \n Support: Core" 511 maxLength: 63 512 minLength: 1 513 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 514 type: string 515 required: 516 - name 517 type: object 518 maxItems: 64 519 type: array 520 mode: 521 default: Terminate 522 description: "Mode defines the TLS behavior for the TLS 523 session initiated by the client. There are two possible 524 modes: \n - Terminate: The TLS session between the downstream 525 client and the Gateway is terminated at the Gateway. This 526 mode requires certificateRefs to be set and contain at 527 least one element. - Passthrough: The TLS session is NOT 528 terminated by the Gateway. This implies that the Gateway 529 can't decipher the TLS stream except for the ClientHello 530 message of the TLS protocol. CertificateRefs field is 531 ignored in this mode. \n Support: Core" 532 enum: 533 - Terminate 534 - Passthrough 535 type: string 536 options: 537 additionalProperties: 538 description: AnnotationValue is the value of an annotation 539 in Gateway API. This is used for validation of maps 540 such as TLS options. This roughly matches Kubernetes 541 annotation validation, although the length validation 542 in that case is based on the entire size of the annotations 543 struct. 544 maxLength: 4096 545 minLength: 0 546 type: string 547 description: "Options are a list of key/value pairs to enable 548 extended TLS configuration for each implementation. For 549 example, configuring the minimum TLS version or supported 550 cipher suites. \n A set of common keys MAY be defined 551 by the API in the future. To avoid any ambiguity, implementation-specific 552 definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. 553 Un-prefixed names are reserved for key names defined by 554 Gateway API. \n Support: Implementation-specific" 555 maxProperties: 16 556 type: object 557 type: object 558 x-kubernetes-validations: 559 - message: certificateRefs must be specified when TLSModeType 560 is Terminate 561 rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs) 562 > 0 : true' 563 required: 564 - name 565 - port 566 - protocol 567 type: object 568 maxItems: 64 569 minItems: 1 570 type: array 571 x-kubernetes-list-map-keys: 572 - name 573 x-kubernetes-list-type: map 574 x-kubernetes-validations: 575 - message: tls must be specified for protocols ['HTTPS', 'TLS'] 576 rule: 'self.all(l, l.protocol in [''HTTPS'', ''TLS''] ? has(l.tls) 577 : true)' 578 - message: tls must not be specified for protocols ['HTTP', 'TCP', 579 'UDP'] 580 rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ? 581 !has(l.tls) : true)' 582 - message: hostname must not be specified for protocols ['TCP', 'UDP'] 583 rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname) 584 || l.hostname == '''') : true)' 585 - message: Listener name must be unique within the Gateway 586 rule: self.all(l1, self.exists_one(l2, l1.name == l2.name)) 587 - message: Combination of port, protocol and hostname must be unique 588 for each listener 589 rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol 590 == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname 591 == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))' 592 required: 593 - gatewayClassName 594 - listeners 595 type: object 596 status: 597 default: 598 conditions: 599 - lastTransitionTime: "1970-01-01T00:00:00Z" 600 message: Waiting for controller 601 reason: Pending 602 status: Unknown 603 type: Accepted 604 - lastTransitionTime: "1970-01-01T00:00:00Z" 605 message: Waiting for controller 606 reason: Pending 607 status: Unknown 608 type: Programmed 609 description: Status defines the current state of Gateway. 610 properties: 611 addresses: 612 description: "Addresses lists the network addresses that have been 613 bound to the Gateway. \n This list may differ from the addresses 614 provided in the spec under some conditions: \n * no addresses are 615 specified, all addresses are dynamically assigned * a combination 616 of specified and dynamic addresses are assigned * a specified address 617 was unusable (e.g. already in use) \n " 618 items: 619 description: GatewayStatusAddress describes a network address that 620 is bound to a Gateway. 621 oneOf: 622 - properties: 623 type: 624 enum: 625 - IPAddress 626 value: 627 anyOf: 628 - format: ipv4 629 - format: ipv6 630 - properties: 631 type: 632 not: 633 enum: 634 - IPAddress 635 properties: 636 type: 637 default: IPAddress 638 description: Type of the address. 639 maxLength: 253 640 minLength: 1 641 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 642 type: string 643 value: 644 description: "Value of the address. The validity of the values 645 will depend on the type and support by the controller. \n 646 Examples: `1.2.3.4`, `128::1`, `my-ip-address`." 647 maxLength: 253 648 minLength: 1 649 type: string 650 required: 651 - value 652 type: object 653 x-kubernetes-validations: 654 - message: Hostname value must only contain valid characters (matching 655 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$) 656 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""): 657 true' 658 maxItems: 16 659 type: array 660 conditions: 661 default: 662 - lastTransitionTime: "1970-01-01T00:00:00Z" 663 message: Waiting for controller 664 reason: Pending 665 status: Unknown 666 type: Accepted 667 - lastTransitionTime: "1970-01-01T00:00:00Z" 668 message: Waiting for controller 669 reason: Pending 670 status: Unknown 671 type: Programmed 672 description: "Conditions describe the current conditions of the Gateway. 673 \n Implementations should prefer to express Gateway conditions using 674 the `GatewayConditionType` and `GatewayConditionReason` constants 675 so that operators and tools can converge on a common vocabulary 676 to describe Gateway state. \n Known condition types are: \n * \"Accepted\" 677 * \"Programmed\" * \"Ready\"" 678 items: 679 description: "Condition contains details for one aspect of the current 680 state of this API Resource. --- This struct is intended for direct 681 use as an array at the field path .status.conditions. For example, 682 \n type FooStatus struct{ // Represents the observations of a 683 foo's current state. // Known .status.conditions.type are: \"Available\", 684 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 685 // +listType=map // +listMapKey=type Conditions []metav1.Condition 686 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 687 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" 688 properties: 689 lastTransitionTime: 690 description: lastTransitionTime is the last time the condition 691 transitioned from one status to another. This should be when 692 the underlying condition changed. If that is not known, then 693 using the time when the API field changed is acceptable. 694 format: date-time 695 type: string 696 message: 697 description: message is a human readable message indicating 698 details about the transition. This may be an empty string. 699 maxLength: 32768 700 type: string 701 observedGeneration: 702 description: observedGeneration represents the .metadata.generation 703 that the condition was set based upon. For instance, if .metadata.generation 704 is currently 12, but the .status.conditions[x].observedGeneration 705 is 9, the condition is out of date with respect to the current 706 state of the instance. 707 format: int64 708 minimum: 0 709 type: integer 710 reason: 711 description: reason contains a programmatic identifier indicating 712 the reason for the condition's last transition. Producers 713 of specific condition types may define expected values and 714 meanings for this field, and whether the values are considered 715 a guaranteed API. The value should be a CamelCase string. 716 This field may not be empty. 717 maxLength: 1024 718 minLength: 1 719 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 720 type: string 721 status: 722 description: status of the condition, one of True, False, Unknown. 723 enum: 724 - "True" 725 - "False" 726 - Unknown 727 type: string 728 type: 729 description: type of condition in CamelCase or in foo.example.com/CamelCase. 730 --- Many .condition.type values are consistent across resources 731 like Available, but because arbitrary conditions can be useful 732 (see .node.status.conditions), the ability to deconflict is 733 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 734 maxLength: 316 735 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 736 type: string 737 required: 738 - lastTransitionTime 739 - message 740 - reason 741 - status 742 - type 743 type: object 744 maxItems: 8 745 type: array 746 x-kubernetes-list-map-keys: 747 - type 748 x-kubernetes-list-type: map 749 listeners: 750 description: Listeners provide status for each unique listener port 751 defined in the Spec. 752 items: 753 description: ListenerStatus is the status associated with a Listener. 754 properties: 755 attachedRoutes: 756 description: "AttachedRoutes represents the total number of 757 Routes that have been successfully attached to this Listener. 758 \n Successful attachment of a Route to a Listener is based 759 solely on the combination of the AllowedRoutes field on the 760 corresponding Listener and the Route's ParentRefs field. A 761 Route is successfully attached to a Listener when it is selected 762 by the Listener's AllowedRoutes field AND the Route has a 763 valid ParentRef selecting the whole Gateway resource or a 764 specific Listener as a parent resource (more detail on attachment 765 semantics can be found in the documentation on the various 766 Route kinds ParentRefs fields). Listener or Route status does 767 not impact successful attachment, i.e. the AttachedRoutes 768 field count MUST be set for Listeners with condition Accepted: 769 false and MUST count successfully attached Routes that may 770 themselves have Accepted: false conditions. \n Uses for this 771 field include troubleshooting Route attachment and measuring 772 blast radius/impact of changes to a Listener." 773 format: int32 774 type: integer 775 conditions: 776 description: Conditions describe the current condition of this 777 listener. 778 items: 779 description: "Condition contains details for one aspect of 780 the current state of this API Resource. --- This struct 781 is intended for direct use as an array at the field path 782 .status.conditions. For example, \n type FooStatus struct{ 783 // Represents the observations of a foo's current state. 784 // Known .status.conditions.type are: \"Available\", \"Progressing\", 785 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 786 // +listType=map // +listMapKey=type Conditions []metav1.Condition 787 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 788 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields 789 }" 790 properties: 791 lastTransitionTime: 792 description: lastTransitionTime is the last time the condition 793 transitioned from one status to another. This should 794 be when the underlying condition changed. If that is 795 not known, then using the time when the API field changed 796 is acceptable. 797 format: date-time 798 type: string 799 message: 800 description: message is a human readable message indicating 801 details about the transition. This may be an empty string. 802 maxLength: 32768 803 type: string 804 observedGeneration: 805 description: observedGeneration represents the .metadata.generation 806 that the condition was set based upon. For instance, 807 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration 808 is 9, the condition is out of date with respect to the 809 current state of the instance. 810 format: int64 811 minimum: 0 812 type: integer 813 reason: 814 description: reason contains a programmatic identifier 815 indicating the reason for the condition's last transition. 816 Producers of specific condition types may define expected 817 values and meanings for this field, and whether the 818 values are considered a guaranteed API. The value should 819 be a CamelCase string. This field may not be empty. 820 maxLength: 1024 821 minLength: 1 822 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 823 type: string 824 status: 825 description: status of the condition, one of True, False, 826 Unknown. 827 enum: 828 - "True" 829 - "False" 830 - Unknown 831 type: string 832 type: 833 description: type of condition in CamelCase or in foo.example.com/CamelCase. 834 --- Many .condition.type values are consistent across 835 resources like Available, but because arbitrary conditions 836 can be useful (see .node.status.conditions), the ability 837 to deconflict is important. The regex it matches is 838 (dns1123SubdomainFmt/)?(qualifiedNameFmt) 839 maxLength: 316 840 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 841 type: string 842 required: 843 - lastTransitionTime 844 - message 845 - reason 846 - status 847 - type 848 type: object 849 maxItems: 8 850 type: array 851 x-kubernetes-list-map-keys: 852 - type 853 x-kubernetes-list-type: map 854 name: 855 description: Name is the name of the Listener that this status 856 corresponds to. 857 maxLength: 253 858 minLength: 1 859 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 860 type: string 861 supportedKinds: 862 description: "SupportedKinds is the list indicating the Kinds 863 supported by this listener. This MUST represent the kinds 864 an implementation supports for that Listener configuration. 865 \n If kinds are specified in Spec that are not supported, 866 they MUST NOT appear in this list and an implementation MUST 867 set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\" 868 reason. If both valid and invalid Route kinds are specified, 869 the implementation MUST reference the valid Route kinds that 870 have been specified." 871 items: 872 description: RouteGroupKind indicates the group and kind of 873 a Route resource. 874 properties: 875 group: 876 default: gateway.networking.k8s.io 877 description: Group is the group of the Route. 878 maxLength: 253 879 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 880 type: string 881 kind: 882 description: Kind is the kind of the Route. 883 maxLength: 63 884 minLength: 1 885 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 886 type: string 887 required: 888 - kind 889 type: object 890 maxItems: 8 891 type: array 892 required: 893 - attachedRoutes 894 - conditions 895 - name 896 - supportedKinds 897 type: object 898 maxItems: 64 899 type: array 900 x-kubernetes-list-map-keys: 901 - name 902 x-kubernetes-list-type: map 903 type: object 904 required: 905 - spec 906 type: object 907 served: true 908 storage: false 909 subresources: 910 status: {} 911 - additionalPrinterColumns: 912 - jsonPath: .spec.gatewayClassName 913 name: Class 914 type: string 915 - jsonPath: .status.addresses[*].value 916 name: Address 917 type: string 918 - jsonPath: .status.conditions[?(@.type=="Programmed")].status 919 name: Programmed 920 type: string 921 - jsonPath: .metadata.creationTimestamp 922 name: Age 923 type: date 924 name: v1beta1 925 schema: 926 openAPIV3Schema: 927 description: Gateway represents an instance of a service-traffic handling 928 infrastructure by binding Listeners to a set of IP addresses. 929 properties: 930 apiVersion: 931 description: 'APIVersion defines the versioned schema of this representation 932 of an object. Servers should convert recognized schemas to the latest 933 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 934 type: string 935 kind: 936 description: 'Kind is a string value representing the REST resource this 937 object represents. Servers may infer this from the endpoint the client 938 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 939 type: string 940 metadata: 941 type: object 942 spec: 943 description: Spec defines the desired state of Gateway. 944 properties: 945 addresses: 946 description: "Addresses requested for this Gateway. This is optional 947 and behavior can depend on the implementation. If a value is set 948 in the spec and the requested address is invalid or unavailable, 949 the implementation MUST indicate this in the associated entry in 950 GatewayStatus.Addresses. \n The Addresses field represents a request 951 for the address(es) on the \"outside of the Gateway\", that traffic 952 bound for this Gateway will use. This could be the IP address or 953 hostname of an external load balancer or other networking infrastructure, 954 or some other address that traffic will be sent to. \n If no Addresses 955 are specified, the implementation MAY schedule the Gateway in an 956 implementation-specific manner, assigning an appropriate set of 957 Addresses. \n The implementation MUST bind all Listeners to every 958 GatewayAddress that it assigns to the Gateway and add a corresponding 959 entry in GatewayStatus.Addresses. \n Support: Extended \n " 960 items: 961 description: GatewayAddress describes an address that can be bound 962 to a Gateway. 963 oneOf: 964 - properties: 965 type: 966 enum: 967 - IPAddress 968 value: 969 anyOf: 970 - format: ipv4 971 - format: ipv6 972 - properties: 973 type: 974 not: 975 enum: 976 - IPAddress 977 properties: 978 type: 979 default: IPAddress 980 description: Type of the address. 981 maxLength: 253 982 minLength: 1 983 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 984 type: string 985 value: 986 description: "Value of the address. The validity of the values 987 will depend on the type and support by the controller. \n 988 Examples: `1.2.3.4`, `128::1`, `my-ip-address`." 989 maxLength: 253 990 minLength: 1 991 type: string 992 required: 993 - value 994 type: object 995 x-kubernetes-validations: 996 - message: Hostname value must only contain valid characters (matching 997 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$) 998 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""): 999 true' 1000 maxItems: 16 1001 type: array 1002 x-kubernetes-validations: 1003 - message: IPAddress values must be unique 1004 rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2, 1005 a2.type == a1.type && a2.value == a1.value) : true )' 1006 - message: Hostname values must be unique 1007 rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2, 1008 a2.type == a1.type && a2.value == a1.value) : true )' 1009 gatewayClassName: 1010 description: GatewayClassName used for this Gateway. This is the name 1011 of a GatewayClass resource. 1012 maxLength: 253 1013 minLength: 1 1014 type: string 1015 infrastructure: 1016 description: "Infrastructure defines infrastructure level attributes 1017 about this Gateway instance. \n Support: Core \n " 1018 properties: 1019 annotations: 1020 additionalProperties: 1021 description: AnnotationValue is the value of an annotation in 1022 Gateway API. This is used for validation of maps such as TLS 1023 options. This roughly matches Kubernetes annotation validation, 1024 although the length validation in that case is based on the 1025 entire size of the annotations struct. 1026 maxLength: 4096 1027 minLength: 0 1028 type: string 1029 description: "Annotations that SHOULD be applied to any resources 1030 created in response to this Gateway. \n For implementations 1031 creating other Kubernetes objects, this should be the `metadata.annotations` 1032 field on resources. For other implementations, this refers to 1033 any relevant (implementation specific) \"annotations\" concepts. 1034 \n An implementation may chose to add additional implementation-specific 1035 annotations as they see fit. \n Support: Extended" 1036 maxProperties: 8 1037 type: object 1038 labels: 1039 additionalProperties: 1040 description: AnnotationValue is the value of an annotation in 1041 Gateway API. This is used for validation of maps such as TLS 1042 options. This roughly matches Kubernetes annotation validation, 1043 although the length validation in that case is based on the 1044 entire size of the annotations struct. 1045 maxLength: 4096 1046 minLength: 0 1047 type: string 1048 description: "Labels that SHOULD be applied to any resources created 1049 in response to this Gateway. \n For implementations creating 1050 other Kubernetes objects, this should be the `metadata.labels` 1051 field on resources. For other implementations, this refers to 1052 any relevant (implementation specific) \"labels\" concepts. 1053 \n An implementation may chose to add additional implementation-specific 1054 labels as they see fit. \n Support: Extended" 1055 maxProperties: 8 1056 type: object 1057 type: object 1058 listeners: 1059 description: "Listeners associated with this Gateway. Listeners define 1060 logical endpoints that are bound on this Gateway's addresses. At 1061 least one Listener MUST be specified. \n Each Listener in a set 1062 of Listeners (for example, in a single Gateway) MUST be _distinct_, 1063 in that a traffic flow MUST be able to be assigned to exactly one 1064 listener. (This section uses \"set of Listeners\" rather than \"Listeners 1065 in a single Gateway\" because implementations MAY merge configuration 1066 from multiple Gateways onto a single data plane, and these rules 1067 _also_ apply in that case). \n Practically, this means that each 1068 listener in a set MUST have a unique combination of Port, Protocol, 1069 and, if supported by the protocol, Hostname. \n Some combinations 1070 of port, protocol, and TLS settings are considered Core support 1071 and MUST be supported by implementations based on their targeted 1072 conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80, 1073 Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: 1074 Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port: 1075 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners 1076 have the following property: \n The implementation can match inbound 1077 requests to a single distinct Listener. When multiple Listeners 1078 share values for fields (for example, two Listeners with the same 1079 Port value), the implementation can match requests to only one of 1080 the Listeners using other Listener fields. \n For example, the following 1081 Listener scenarios are distinct: \n 1. Multiple Listeners with the 1082 same Port that all use the \"HTTP\" Protocol that all have unique 1083 Hostname values. 2. Multiple Listeners with the same Port that use 1084 either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname 1085 values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners, 1086 where no Listener with the same Protocol has the same Port value. 1087 \n Some fields in the Listener struct have possible values that 1088 affect whether the Listener is distinct. Hostname is particularly 1089 relevant for HTTP or HTTPS protocols. \n When using the Hostname 1090 value to select between same-Port, same-Protocol Listeners, the 1091 Hostname value must be different on each Listener for the Listener 1092 to be distinct. \n When the Listeners are distinct based on Hostname, 1093 inbound request hostnames MUST match from the most specific to least 1094 specific Hostname values to choose the correct Listener and its 1095 associated set of Routes. \n Exact matches must be processed before 1096 wildcard matches, and wildcard matches must be processed before 1097 fallback (empty Hostname value) matches. For example, `\"foo.example.com\"` 1098 takes precedence over `\"*.example.com\"`, and `\"*.example.com\"` 1099 takes precedence over `\"\"`. \n Additionally, if there are multiple 1100 wildcard entries, more specific wildcard entries must be processed 1101 before less specific wildcard entries. For example, `\"*.foo.example.com\"` 1102 takes precedence over `\"*.example.com\"`. The precise definition 1103 here is that the higher the number of dots in the hostname to the 1104 right of the wildcard character, the higher the precedence. \n The 1105 wildcard character will match any number of characters _and dots_ 1106 to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"` 1107 _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners 1108 that are not distinct, then those Listeners are Conflicted, and 1109 the implementation MUST set the \"Conflicted\" condition in the 1110 Listener Status to \"True\". \n Implementations MAY choose to accept 1111 a Gateway with some Conflicted Listeners only if they only accept 1112 the partial Listener set that contains no Conflicted Listeners. 1113 To put this another way, implementations may accept a partial Listener 1114 set only if they throw out *all* the conflicting Listeners. No picking 1115 one of the conflicting listeners as the winner. This also means 1116 that the Gateway must have at least one non-conflicting Listener 1117 in this case, otherwise it violates the requirement that at least 1118 one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\" 1119 condition on the Gateway Status when the Gateway contains Conflicted 1120 Listeners whether or not they accept the Gateway. That Condition 1121 SHOULD clearly indicate in the Message which Listeners are conflicted, 1122 and which are Accepted. Additionally, the Listener status for those 1123 listeners SHOULD indicate which Listeners are conflicted and not 1124 Accepted. \n A Gateway's Listeners are considered \"compatible\" 1125 if: \n 1. They are distinct. 2. The implementation can serve them 1126 in compliance with the Addresses requirement that all Listeners 1127 are available on all assigned addresses. \n Compatible combinations 1128 in Extended support are expected to vary across implementations. 1129 A combination that is compatible for one implementation may not 1130 be compatible for another. \n For example, an implementation that 1131 cannot serve both TCP and UDP listeners on the same address, or 1132 cannot mix HTTPS and generic TLS listens on the same port would 1133 not consider those cases compatible, even though they are distinct. 1134 \n Note that requests SHOULD match at most one Listener. For example, 1135 if Listeners are defined for \"foo.example.com\" and \"*.example.com\", 1136 a request to \"foo.example.com\" SHOULD only be routed using routes 1137 attached to the \"foo.example.com\" Listener (and not the \"*.example.com\" 1138 Listener). This concept is known as \"Listener Isolation\". Implementations 1139 that do not support Listener Isolation MUST clearly document this. 1140 \n Implementations MAY merge separate Gateways onto a single set 1141 of Addresses if all Listeners across all Gateways are compatible. 1142 \n Support: Core" 1143 items: 1144 description: Listener embodies the concept of a logical endpoint 1145 where a Gateway accepts network connections. 1146 properties: 1147 allowedRoutes: 1148 default: 1149 namespaces: 1150 from: Same 1151 description: "AllowedRoutes defines the types of routes that 1152 MAY be attached to a Listener and the trusted namespaces where 1153 those Route resources MAY be present. \n Although a client 1154 request may match multiple route rules, only one rule may 1155 ultimately receive the request. Matching precedence MUST be 1156 determined in order of the following criteria: \n * The most 1157 specific match as defined by the Route type. * The oldest 1158 Route based on creation timestamp. For example, a Route with 1159 a creation timestamp of \"2020-09-08 01:02:03\" is given precedence 1160 over a Route with a creation timestamp of \"2020-09-08 01:02:04\". 1161 * If everything else is equivalent, the Route appearing first 1162 in alphabetical order (namespace/name) should be given precedence. 1163 For example, foo/bar is given precedence over foo/baz. \n 1164 All valid rules within a Route attached to this Listener should 1165 be implemented. Invalid Route rules can be ignored (sometimes 1166 that will mean the full Route). If a Route rule transitions 1167 from valid to invalid, support for that Route rule should 1168 be dropped to ensure consistency. For example, even if a filter 1169 specified by a Route rule is invalid, the rest of the rules 1170 within that Route should still be supported. \n Support: Core" 1171 properties: 1172 kinds: 1173 description: "Kinds specifies the groups and kinds of Routes 1174 that are allowed to bind to this Gateway Listener. When 1175 unspecified or empty, the kinds of Routes selected are 1176 determined using the Listener protocol. \n A RouteGroupKind 1177 MUST correspond to kinds of Routes that are compatible 1178 with the application protocol specified in the Listener's 1179 Protocol field. If an implementation does not support 1180 or recognize this resource type, it MUST set the \"ResolvedRefs\" 1181 condition to False for this Listener with the \"InvalidRouteKinds\" 1182 reason. \n Support: Core" 1183 items: 1184 description: RouteGroupKind indicates the group and kind 1185 of a Route resource. 1186 properties: 1187 group: 1188 default: gateway.networking.k8s.io 1189 description: Group is the group of the Route. 1190 maxLength: 253 1191 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1192 type: string 1193 kind: 1194 description: Kind is the kind of the Route. 1195 maxLength: 63 1196 minLength: 1 1197 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1198 type: string 1199 required: 1200 - kind 1201 type: object 1202 maxItems: 8 1203 type: array 1204 namespaces: 1205 default: 1206 from: Same 1207 description: "Namespaces indicates namespaces from which 1208 Routes may be attached to this Listener. This is restricted 1209 to the namespace of this Gateway by default. \n Support: 1210 Core" 1211 properties: 1212 from: 1213 default: Same 1214 description: "From indicates where Routes will be selected 1215 for this Gateway. Possible values are: \n * All: Routes 1216 in all namespaces may be used by this Gateway. * Selector: 1217 Routes in namespaces selected by the selector may 1218 be used by this Gateway. * Same: Only Routes in the 1219 same namespace may be used by this Gateway. \n Support: 1220 Core" 1221 enum: 1222 - All 1223 - Selector 1224 - Same 1225 type: string 1226 selector: 1227 description: "Selector must be specified when From is 1228 set to \"Selector\". In that case, only Routes in 1229 Namespaces matching this Selector will be selected 1230 by this Gateway. This field is ignored for other values 1231 of \"From\". \n Support: Core" 1232 properties: 1233 matchExpressions: 1234 description: matchExpressions is a list of label 1235 selector requirements. The requirements are ANDed. 1236 items: 1237 description: A label selector requirement is a 1238 selector that contains values, a key, and an 1239 operator that relates the key and values. 1240 properties: 1241 key: 1242 description: key is the label key that the 1243 selector applies to. 1244 type: string 1245 operator: 1246 description: operator represents a key's relationship 1247 to a set of values. Valid operators are 1248 In, NotIn, Exists and DoesNotExist. 1249 type: string 1250 values: 1251 description: values is an array of string 1252 values. If the operator is In or NotIn, 1253 the values array must be non-empty. If the 1254 operator is Exists or DoesNotExist, the 1255 values array must be empty. This array is 1256 replaced during a strategic merge patch. 1257 items: 1258 type: string 1259 type: array 1260 required: 1261 - key 1262 - operator 1263 type: object 1264 type: array 1265 matchLabels: 1266 additionalProperties: 1267 type: string 1268 description: matchLabels is a map of {key,value} 1269 pairs. A single {key,value} in the matchLabels 1270 map is equivalent to an element of matchExpressions, 1271 whose key field is "key", the operator is "In", 1272 and the values array contains only "value". The 1273 requirements are ANDed. 1274 type: object 1275 type: object 1276 x-kubernetes-map-type: atomic 1277 type: object 1278 type: object 1279 hostname: 1280 description: "Hostname specifies the virtual hostname to match 1281 for protocol types that define this concept. When unspecified, 1282 all hostnames are matched. This field is ignored for protocols 1283 that don't require hostname based matching. \n Implementations 1284 MUST apply Hostname matching appropriately for each of the 1285 following protocols: \n * TLS: The Listener Hostname MUST 1286 match the SNI. * HTTP: The Listener Hostname MUST match the 1287 Host header of the request. * HTTPS: The Listener Hostname 1288 SHOULD match at both the TLS and HTTP protocol layers as described 1289 above. If an implementation does not ensure that both the 1290 SNI and Host header match the Listener hostname, it MUST clearly 1291 document that. \n For HTTPRoute and TLSRoute resources, there 1292 is an interaction with the `spec.hostnames` array. When both 1293 listener and route specify hostnames, there MUST be an intersection 1294 between the values for a Route to be accepted. For more information, 1295 refer to the Route specific Hostnames documentation. \n Hostnames 1296 that are prefixed with a wildcard label (`*.`) are interpreted 1297 as a suffix match. That means that a match for `*.example.com` 1298 would match both `test.example.com`, and `foo.test.example.com`, 1299 but not `example.com`. \n Support: Core" 1300 maxLength: 253 1301 minLength: 1 1302 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1303 type: string 1304 name: 1305 description: "Name is the name of the Listener. This name MUST 1306 be unique within a Gateway. \n Support: Core" 1307 maxLength: 253 1308 minLength: 1 1309 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1310 type: string 1311 port: 1312 description: "Port is the network port. Multiple listeners may 1313 use the same port, subject to the Listener compatibility rules. 1314 \n Support: Core" 1315 format: int32 1316 maximum: 65535 1317 minimum: 1 1318 type: integer 1319 protocol: 1320 description: "Protocol specifies the network protocol this listener 1321 expects to receive. \n Support: Core" 1322 maxLength: 255 1323 minLength: 1 1324 pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$ 1325 type: string 1326 tls: 1327 description: "TLS is the TLS configuration for the Listener. 1328 This field is required if the Protocol field is \"HTTPS\" 1329 or \"TLS\". It is invalid to set this field if the Protocol 1330 field is \"HTTP\", \"TCP\", or \"UDP\". \n The association 1331 of SNIs to Certificate defined in GatewayTLSConfig is defined 1332 based on the Hostname field for this listener. \n The GatewayClass 1333 MUST use the longest matching SNI out of all available certificates 1334 for any TLS handshake. \n Support: Core" 1335 properties: 1336 certificateRefs: 1337 description: "CertificateRefs contains a series of references 1338 to Kubernetes objects that contains TLS certificates and 1339 private keys. These certificates are used to establish 1340 a TLS handshake for requests that match the hostname of 1341 the associated listener. \n A single CertificateRef to 1342 a Kubernetes Secret has \"Core\" support. Implementations 1343 MAY choose to support attaching multiple certificates 1344 to a Listener, but this behavior is implementation-specific. 1345 \n References to a resource in different namespace are 1346 invalid UNLESS there is a ReferenceGrant in the target 1347 namespace that allows the certificate to be attached. 1348 If a ReferenceGrant does not allow this reference, the 1349 \"ResolvedRefs\" condition MUST be set to False for this 1350 listener with the \"RefNotPermitted\" reason. \n This 1351 field is required to have at least one element when the 1352 mode is set to \"Terminate\" (default) and is optional 1353 otherwise. \n CertificateRefs can reference to standard 1354 Kubernetes resources, i.e. Secret, or implementation-specific 1355 custom resources. \n Support: Core - A single reference 1356 to a Kubernetes Secret of type kubernetes.io/tls \n Support: 1357 Implementation-specific (More than one reference or other 1358 resource types)" 1359 items: 1360 description: "SecretObjectReference identifies an API 1361 object including its namespace, defaulting to Secret. 1362 \n The API object must be valid in the cluster; the 1363 Group and Kind must be registered in the cluster for 1364 this reference to be valid. \n References to objects 1365 with invalid Group and Kind are not valid, and must 1366 be rejected by the implementation, with appropriate 1367 Conditions set on the containing object." 1368 properties: 1369 group: 1370 default: "" 1371 description: Group is the group of the referent. For 1372 example, "gateway.networking.k8s.io". When unspecified 1373 or empty string, core API group is inferred. 1374 maxLength: 253 1375 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1376 type: string 1377 kind: 1378 default: Secret 1379 description: Kind is kind of the referent. For example 1380 "Secret". 1381 maxLength: 63 1382 minLength: 1 1383 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1384 type: string 1385 name: 1386 description: Name is the name of the referent. 1387 maxLength: 253 1388 minLength: 1 1389 type: string 1390 namespace: 1391 description: "Namespace is the namespace of the referenced 1392 object. When unspecified, the local namespace is 1393 inferred. \n Note that when a namespace different 1394 than the local namespace is specified, a ReferenceGrant 1395 object is required in the referent namespace to 1396 allow that namespace's owner to accept the reference. 1397 See the ReferenceGrant documentation for details. 1398 \n Support: Core" 1399 maxLength: 63 1400 minLength: 1 1401 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 1402 type: string 1403 required: 1404 - name 1405 type: object 1406 maxItems: 64 1407 type: array 1408 mode: 1409 default: Terminate 1410 description: "Mode defines the TLS behavior for the TLS 1411 session initiated by the client. There are two possible 1412 modes: \n - Terminate: The TLS session between the downstream 1413 client and the Gateway is terminated at the Gateway. This 1414 mode requires certificateRefs to be set and contain at 1415 least one element. - Passthrough: The TLS session is NOT 1416 terminated by the Gateway. This implies that the Gateway 1417 can't decipher the TLS stream except for the ClientHello 1418 message of the TLS protocol. CertificateRefs field is 1419 ignored in this mode. \n Support: Core" 1420 enum: 1421 - Terminate 1422 - Passthrough 1423 type: string 1424 options: 1425 additionalProperties: 1426 description: AnnotationValue is the value of an annotation 1427 in Gateway API. This is used for validation of maps 1428 such as TLS options. This roughly matches Kubernetes 1429 annotation validation, although the length validation 1430 in that case is based on the entire size of the annotations 1431 struct. 1432 maxLength: 4096 1433 minLength: 0 1434 type: string 1435 description: "Options are a list of key/value pairs to enable 1436 extended TLS configuration for each implementation. For 1437 example, configuring the minimum TLS version or supported 1438 cipher suites. \n A set of common keys MAY be defined 1439 by the API in the future. To avoid any ambiguity, implementation-specific 1440 definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`. 1441 Un-prefixed names are reserved for key names defined by 1442 Gateway API. \n Support: Implementation-specific" 1443 maxProperties: 16 1444 type: object 1445 type: object 1446 x-kubernetes-validations: 1447 - message: certificateRefs must be specified when TLSModeType 1448 is Terminate 1449 rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs) 1450 > 0 : true' 1451 required: 1452 - name 1453 - port 1454 - protocol 1455 type: object 1456 maxItems: 64 1457 minItems: 1 1458 type: array 1459 x-kubernetes-list-map-keys: 1460 - name 1461 x-kubernetes-list-type: map 1462 x-kubernetes-validations: 1463 - message: tls must be specified for protocols ['HTTPS', 'TLS'] 1464 rule: 'self.all(l, l.protocol in [''HTTPS'', ''TLS''] ? has(l.tls) 1465 : true)' 1466 - message: tls must not be specified for protocols ['HTTP', 'TCP', 1467 'UDP'] 1468 rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ? 1469 !has(l.tls) : true)' 1470 - message: hostname must not be specified for protocols ['TCP', 'UDP'] 1471 rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname) 1472 || l.hostname == '''') : true)' 1473 - message: Listener name must be unique within the Gateway 1474 rule: self.all(l1, self.exists_one(l2, l1.name == l2.name)) 1475 - message: Combination of port, protocol and hostname must be unique 1476 for each listener 1477 rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol 1478 == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname 1479 == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))' 1480 required: 1481 - gatewayClassName 1482 - listeners 1483 type: object 1484 status: 1485 default: 1486 conditions: 1487 - lastTransitionTime: "1970-01-01T00:00:00Z" 1488 message: Waiting for controller 1489 reason: Pending 1490 status: Unknown 1491 type: Accepted 1492 - lastTransitionTime: "1970-01-01T00:00:00Z" 1493 message: Waiting for controller 1494 reason: Pending 1495 status: Unknown 1496 type: Programmed 1497 description: Status defines the current state of Gateway. 1498 properties: 1499 addresses: 1500 description: "Addresses lists the network addresses that have been 1501 bound to the Gateway. \n This list may differ from the addresses 1502 provided in the spec under some conditions: \n * no addresses are 1503 specified, all addresses are dynamically assigned * a combination 1504 of specified and dynamic addresses are assigned * a specified address 1505 was unusable (e.g. already in use) \n " 1506 items: 1507 description: GatewayStatusAddress describes a network address that 1508 is bound to a Gateway. 1509 oneOf: 1510 - properties: 1511 type: 1512 enum: 1513 - IPAddress 1514 value: 1515 anyOf: 1516 - format: ipv4 1517 - format: ipv6 1518 - properties: 1519 type: 1520 not: 1521 enum: 1522 - IPAddress 1523 properties: 1524 type: 1525 default: IPAddress 1526 description: Type of the address. 1527 maxLength: 253 1528 minLength: 1 1529 pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 1530 type: string 1531 value: 1532 description: "Value of the address. The validity of the values 1533 will depend on the type and support by the controller. \n 1534 Examples: `1.2.3.4`, `128::1`, `my-ip-address`." 1535 maxLength: 253 1536 minLength: 1 1537 type: string 1538 required: 1539 - value 1540 type: object 1541 x-kubernetes-validations: 1542 - message: Hostname value must only contain valid characters (matching 1543 ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$) 1544 rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""): 1545 true' 1546 maxItems: 16 1547 type: array 1548 conditions: 1549 default: 1550 - lastTransitionTime: "1970-01-01T00:00:00Z" 1551 message: Waiting for controller 1552 reason: Pending 1553 status: Unknown 1554 type: Accepted 1555 - lastTransitionTime: "1970-01-01T00:00:00Z" 1556 message: Waiting for controller 1557 reason: Pending 1558 status: Unknown 1559 type: Programmed 1560 description: "Conditions describe the current conditions of the Gateway. 1561 \n Implementations should prefer to express Gateway conditions using 1562 the `GatewayConditionType` and `GatewayConditionReason` constants 1563 so that operators and tools can converge on a common vocabulary 1564 to describe Gateway state. \n Known condition types are: \n * \"Accepted\" 1565 * \"Programmed\" * \"Ready\"" 1566 items: 1567 description: "Condition contains details for one aspect of the current 1568 state of this API Resource. --- This struct is intended for direct 1569 use as an array at the field path .status.conditions. For example, 1570 \n type FooStatus struct{ // Represents the observations of a 1571 foo's current state. // Known .status.conditions.type are: \"Available\", 1572 \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 1573 // +listType=map // +listMapKey=type Conditions []metav1.Condition 1574 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 1575 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" 1576 properties: 1577 lastTransitionTime: 1578 description: lastTransitionTime is the last time the condition 1579 transitioned from one status to another. This should be when 1580 the underlying condition changed. If that is not known, then 1581 using the time when the API field changed is acceptable. 1582 format: date-time 1583 type: string 1584 message: 1585 description: message is a human readable message indicating 1586 details about the transition. This may be an empty string. 1587 maxLength: 32768 1588 type: string 1589 observedGeneration: 1590 description: observedGeneration represents the .metadata.generation 1591 that the condition was set based upon. For instance, if .metadata.generation 1592 is currently 12, but the .status.conditions[x].observedGeneration 1593 is 9, the condition is out of date with respect to the current 1594 state of the instance. 1595 format: int64 1596 minimum: 0 1597 type: integer 1598 reason: 1599 description: reason contains a programmatic identifier indicating 1600 the reason for the condition's last transition. Producers 1601 of specific condition types may define expected values and 1602 meanings for this field, and whether the values are considered 1603 a guaranteed API. The value should be a CamelCase string. 1604 This field may not be empty. 1605 maxLength: 1024 1606 minLength: 1 1607 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 1608 type: string 1609 status: 1610 description: status of the condition, one of True, False, Unknown. 1611 enum: 1612 - "True" 1613 - "False" 1614 - Unknown 1615 type: string 1616 type: 1617 description: type of condition in CamelCase or in foo.example.com/CamelCase. 1618 --- Many .condition.type values are consistent across resources 1619 like Available, but because arbitrary conditions can be useful 1620 (see .node.status.conditions), the ability to deconflict is 1621 important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) 1622 maxLength: 316 1623 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 1624 type: string 1625 required: 1626 - lastTransitionTime 1627 - message 1628 - reason 1629 - status 1630 - type 1631 type: object 1632 maxItems: 8 1633 type: array 1634 x-kubernetes-list-map-keys: 1635 - type 1636 x-kubernetes-list-type: map 1637 listeners: 1638 description: Listeners provide status for each unique listener port 1639 defined in the Spec. 1640 items: 1641 description: ListenerStatus is the status associated with a Listener. 1642 properties: 1643 attachedRoutes: 1644 description: "AttachedRoutes represents the total number of 1645 Routes that have been successfully attached to this Listener. 1646 \n Successful attachment of a Route to a Listener is based 1647 solely on the combination of the AllowedRoutes field on the 1648 corresponding Listener and the Route's ParentRefs field. A 1649 Route is successfully attached to a Listener when it is selected 1650 by the Listener's AllowedRoutes field AND the Route has a 1651 valid ParentRef selecting the whole Gateway resource or a 1652 specific Listener as a parent resource (more detail on attachment 1653 semantics can be found in the documentation on the various 1654 Route kinds ParentRefs fields). Listener or Route status does 1655 not impact successful attachment, i.e. the AttachedRoutes 1656 field count MUST be set for Listeners with condition Accepted: 1657 false and MUST count successfully attached Routes that may 1658 themselves have Accepted: false conditions. \n Uses for this 1659 field include troubleshooting Route attachment and measuring 1660 blast radius/impact of changes to a Listener." 1661 format: int32 1662 type: integer 1663 conditions: 1664 description: Conditions describe the current condition of this 1665 listener. 1666 items: 1667 description: "Condition contains details for one aspect of 1668 the current state of this API Resource. --- This struct 1669 is intended for direct use as an array at the field path 1670 .status.conditions. For example, \n type FooStatus struct{ 1671 // Represents the observations of a foo's current state. 1672 // Known .status.conditions.type are: \"Available\", \"Progressing\", 1673 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 1674 // +listType=map // +listMapKey=type Conditions []metav1.Condition 1675 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 1676 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields 1677 }" 1678 properties: 1679 lastTransitionTime: 1680 description: lastTransitionTime is the last time the condition 1681 transitioned from one status to another. This should 1682 be when the underlying condition changed. If that is 1683 not known, then using the time when the API field changed 1684 is acceptable. 1685 format: date-time 1686 type: string 1687 message: 1688 description: message is a human readable message indicating 1689 details about the transition. This may be an empty string. 1690 maxLength: 32768 1691 type: string 1692 observedGeneration: 1693 description: observedGeneration represents the .metadata.generation 1694 that the condition was set based upon. For instance, 1695 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration 1696 is 9, the condition is out of date with respect to the 1697 current state of the instance. 1698 format: int64 1699 minimum: 0 1700 type: integer 1701 reason: 1702 description: reason contains a programmatic identifier 1703 indicating the reason for the condition's last transition. 1704 Producers of specific condition types may define expected 1705 values and meanings for this field, and whether the 1706 values are considered a guaranteed API. The value should 1707 be a CamelCase string. This field may not be empty. 1708 maxLength: 1024 1709 minLength: 1 1710 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 1711 type: string 1712 status: 1713 description: status of the condition, one of True, False, 1714 Unknown. 1715 enum: 1716 - "True" 1717 - "False" 1718 - Unknown 1719 type: string 1720 type: 1721 description: type of condition in CamelCase or in foo.example.com/CamelCase. 1722 --- Many .condition.type values are consistent across 1723 resources like Available, but because arbitrary conditions 1724 can be useful (see .node.status.conditions), the ability 1725 to deconflict is important. The regex it matches is 1726 (dns1123SubdomainFmt/)?(qualifiedNameFmt) 1727 maxLength: 316 1728 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 1729 type: string 1730 required: 1731 - lastTransitionTime 1732 - message 1733 - reason 1734 - status 1735 - type 1736 type: object 1737 maxItems: 8 1738 type: array 1739 x-kubernetes-list-map-keys: 1740 - type 1741 x-kubernetes-list-type: map 1742 name: 1743 description: Name is the name of the Listener that this status 1744 corresponds to. 1745 maxLength: 253 1746 minLength: 1 1747 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1748 type: string 1749 supportedKinds: 1750 description: "SupportedKinds is the list indicating the Kinds 1751 supported by this listener. This MUST represent the kinds 1752 an implementation supports for that Listener configuration. 1753 \n If kinds are specified in Spec that are not supported, 1754 they MUST NOT appear in this list and an implementation MUST 1755 set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\" 1756 reason. If both valid and invalid Route kinds are specified, 1757 the implementation MUST reference the valid Route kinds that 1758 have been specified." 1759 items: 1760 description: RouteGroupKind indicates the group and kind of 1761 a Route resource. 1762 properties: 1763 group: 1764 default: gateway.networking.k8s.io 1765 description: Group is the group of the Route. 1766 maxLength: 253 1767 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1768 type: string 1769 kind: 1770 description: Kind is the kind of the Route. 1771 maxLength: 63 1772 minLength: 1 1773 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1774 type: string 1775 required: 1776 - kind 1777 type: object 1778 maxItems: 8 1779 type: array 1780 required: 1781 - attachedRoutes 1782 - conditions 1783 - name 1784 - supportedKinds 1785 type: object 1786 maxItems: 64 1787 type: array 1788 x-kubernetes-list-map-keys: 1789 - name 1790 x-kubernetes-list-type: map 1791 type: object 1792 required: 1793 - spec 1794 type: object 1795 served: true 1796 storage: true 1797 subresources: 1798 status: {} 1799 status: 1800 acceptedNames: 1801 kind: "" 1802 plural: "" 1803 conditions: null 1804 storedVersions: null