sigs.k8s.io/gateway-api@v1.0.0/config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 6 gateway.networking.k8s.io/bundle-version: v1.0.0 7 gateway.networking.k8s.io/channel: experimental 8 creationTimestamp: null 9 name: grpcroutes.gateway.networking.k8s.io 10 spec: 11 group: gateway.networking.k8s.io 12 names: 13 categories: 14 - gateway-api 15 kind: GRPCRoute 16 listKind: GRPCRouteList 17 plural: grpcroutes 18 singular: grpcroute 19 scope: Namespaced 20 versions: 21 - additionalPrinterColumns: 22 - jsonPath: .spec.hostnames 23 name: Hostnames 24 type: string 25 - jsonPath: .metadata.creationTimestamp 26 name: Age 27 type: date 28 name: v1alpha2 29 schema: 30 openAPIV3Schema: 31 description: "GRPCRoute provides a way to route gRPC requests. This includes 32 the capability to match requests by hostname, gRPC service, gRPC method, 33 or HTTP/2 header. Filters can be used to specify additional processing steps. 34 Backends specify where matching requests will be routed. \n GRPCRoute falls 35 under extended support within the Gateway API. Within the following specification, 36 the word \"MUST\" indicates that an implementation supporting GRPCRoute 37 must conform to the indicated requirement, but an implementation not supporting 38 this route type need not follow the requirement unless explicitly indicated. 39 \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` 40 MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, 41 i.e. via ALPN. If the implementation does not support this, then it MUST 42 set the \"Accepted\" condition to \"False\" for the affected listener with 43 a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 44 connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute` 45 with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, 46 https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade 47 from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). 48 If the implementation does not support this, then it MUST set the \"Accepted\" 49 condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". 50 Implementations MAY also accept HTTP/2 connections with an upgrade from 51 HTTP/1, i.e. without prior knowledge." 52 properties: 53 apiVersion: 54 description: 'APIVersion defines the versioned schema of this representation 55 of an object. Servers should convert recognized schemas to the latest 56 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 57 type: string 58 kind: 59 description: 'Kind is a string value representing the REST resource this 60 object represents. Servers may infer this from the endpoint the client 61 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 62 type: string 63 metadata: 64 type: object 65 spec: 66 description: Spec defines the desired state of GRPCRoute. 67 properties: 68 hostnames: 69 description: "Hostnames defines a set of hostnames to match against 70 the GRPC Host header to select a GRPCRoute to process the request. 71 This matches the RFC 1123 definition of a hostname with 2 notable 72 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed 73 with a wildcard label (`*.`). The wildcard label MUST appear by 74 itself as the first label. \n If a hostname is specified by both 75 the Listener and GRPCRoute, there MUST be at least one intersecting 76 hostname for the GRPCRoute to be attached to the Listener. For example: 77 \n * A Listener with `test.example.com` as the hostname matches 78 GRPCRoutes that have either not specified any hostnames, or have 79 specified at least one of `test.example.com` or `*.example.com`. 80 * A Listener with `*.example.com` as the hostname matches GRPCRoutes 81 that have either not specified any hostnames or have specified at 82 least one hostname that matches the Listener hostname. For example, 83 `test.example.com` and `*.example.com` would both match. On the 84 other hand, `example.com` and `test.example.net` would not match. 85 \n Hostnames that are prefixed with a wildcard label (`*.`) are 86 interpreted as a suffix match. That means that a match for `*.example.com` 87 would match both `test.example.com`, and `foo.test.example.com`, 88 but not `example.com`. \n If both the Listener and GRPCRoute have 89 specified hostnames, any GRPCRoute hostnames that do not match the 90 Listener hostname MUST be ignored. For example, if a Listener specified 91 `*.example.com`, and the GRPCRoute specified `test.example.com` 92 and `test.example.net`, `test.example.net` MUST NOT be considered 93 for a match. \n If both the Listener and GRPCRoute have specified 94 hostnames, and none match with the criteria above, then the GRPCRoute 95 MUST NOT be accepted by the implementation. The implementation MUST 96 raise an 'Accepted' Condition with a status of `False` in the corresponding 97 RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute 98 is attached to a Listener and that listener already has another 99 Route (B) of the other type attached and the intersection of the 100 hostnames of A and B is non-empty, then the implementation MUST 101 accept exactly one of these two routes, determined by the following 102 criteria, in order: \n * The oldest Route based on creation timestamp. 103 * The Route appearing first in alphabetical order by \"{namespace}/{name}\". 104 \n The rejected Route MUST raise an 'Accepted' condition with a 105 status of 'False' in the corresponding RouteParentStatus. \n Support: 106 Core" 107 items: 108 description: "Hostname is the fully qualified domain name of a network 109 host. This matches the RFC 1123 definition of a hostname with 110 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname 111 may be prefixed with a wildcard label (`*.`). The wildcard label 112 must appear by itself as the first label. \n Hostname can be \"precise\" 113 which is a domain name without the terminating dot of a network 114 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain 115 name prefixed with a single wildcard label (e.g. `*.example.com`). 116 \n Note that as per RFC1035 and RFC1123, a *label* must consist 117 of lower case alphanumeric characters or '-', and must start and 118 end with an alphanumeric character. No other punctuation is allowed." 119 maxLength: 253 120 minLength: 1 121 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 122 type: string 123 maxItems: 16 124 type: array 125 parentRefs: 126 description: "ParentRefs references the resources (usually Gateways) 127 that a Route wants to be attached to. Note that the referenced parent 128 resource needs to allow this for the attachment to be complete. 129 For Gateways, that means the Gateway needs to allow attachment from 130 Routes of this kind and namespace. For Services, that means the 131 Service must either be in the same namespace for a \"producer\" 132 route, or the mesh implementation must support and allow \"consumer\" 133 routes for the referenced Service. ReferenceGrant is not applicable 134 for governing ParentRefs to Services - it is not possible to create 135 a \"producer\" route for a Service in a different namespace from 136 the Route. \n There are two kinds of parent resources with \"Core\" 137 support: \n * Gateway (Gateway conformance profile) * Service (Mesh 138 conformance profile, experimental, ClusterIP Services only) This 139 API may be extended in the future to support additional kinds of 140 parent resources. \n ParentRefs must be _distinct_. This means either 141 that: \n * They select different objects. If this is the case, 142 then parentRef entries are distinct. In terms of fields, this means 143 that the multi-part key defined by `group`, `kind`, `namespace`, 144 and `name` must be unique across all parentRef entries in the Route. 145 * They do not select different objects, but for each optional field 146 used, each ParentRef that selects the same object must set the same 147 set of optional fields to different values. If one ParentRef sets 148 a combination of optional fields, all must set the same combination. 149 \n Some examples: \n * If one ParentRef sets `sectionName`, all 150 ParentRefs referencing the same object must also set `sectionName`. 151 * If one ParentRef sets `port`, all ParentRefs referencing the same 152 object must also set `port`. * If one ParentRef sets `sectionName` 153 and `port`, all ParentRefs referencing the same object must also 154 set `sectionName` and `port`. \n It is possible to separately reference 155 multiple distinct objects that may be collapsed by an implementation. 156 For example, some implementations may choose to merge compatible 157 Gateway Listeners together. If that is the case, the list of routes 158 attached to those resources should also be merged. \n Note that 159 for ParentRefs that cross namespace boundaries, there are specific 160 rules. Cross-namespace references are only valid if they are explicitly 161 allowed by something in the namespace they are referring to. For 162 example, Gateway has the AllowedRoutes field, and ReferenceGrant 163 provides a generic way to enable other kinds of cross-namespace 164 reference. \n ParentRefs from a Route to a Service in the same 165 namespace are \"producer\" routes, which apply default routing rules 166 to inbound connections from any namespace to the Service. \n ParentRefs 167 from a Route to a Service in a different namespace are \"consumer\" 168 routes, and these routing rules are only applied to outbound connections 169 originating from the same namespace as the Route, for which the 170 intended destination of the connections are a Service targeted as 171 a ParentRef of the Route. \n " 172 items: 173 description: "ParentReference identifies an API object (usually 174 a Gateway) that can be considered a parent of this resource (usually 175 a route). There are two kinds of parent resources with \"Core\" 176 support: \n * Gateway (Gateway conformance profile) * Service 177 (Mesh conformance profile, experimental, ClusterIP Services only) 178 \n This API may be extended in the future to support additional 179 kinds of parent resources. \n The API object must be valid in 180 the cluster; the Group and Kind must be registered in the cluster 181 for this reference to be valid." 182 properties: 183 group: 184 default: gateway.networking.k8s.io 185 description: "Group is the group of the referent. When unspecified, 186 \"gateway.networking.k8s.io\" is inferred. To set the core 187 API group (such as for a \"Service\" kind referent), Group 188 must be explicitly set to \"\" (empty string). \n Support: 189 Core" 190 maxLength: 253 191 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 192 type: string 193 kind: 194 default: Gateway 195 description: "Kind is kind of the referent. \n There are two 196 kinds of parent resources with \"Core\" support: \n * Gateway 197 (Gateway conformance profile) * Service (Mesh conformance 198 profile, experimental, ClusterIP Services only) \n Support 199 for other resources is Implementation-Specific." 200 maxLength: 63 201 minLength: 1 202 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 203 type: string 204 name: 205 description: "Name is the name of the referent. \n Support: 206 Core" 207 maxLength: 253 208 minLength: 1 209 type: string 210 namespace: 211 description: "Namespace is the namespace of the referent. When 212 unspecified, this refers to the local namespace of the Route. 213 \n Note that there are specific rules for ParentRefs which 214 cross namespace boundaries. Cross-namespace references are 215 only valid if they are explicitly allowed by something in 216 the namespace they are referring to. For example: Gateway 217 has the AllowedRoutes field, and ReferenceGrant provides a 218 generic way to enable any other kind of cross-namespace reference. 219 \n ParentRefs from a Route to a Service in the same namespace 220 are \"producer\" routes, which apply default routing rules 221 to inbound connections from any namespace to the Service. 222 \n ParentRefs from a Route to a Service in a different namespace 223 are \"consumer\" routes, and these routing rules are only 224 applied to outbound connections originating from the same 225 namespace as the Route, for which the intended destination 226 of the connections are a Service targeted as a ParentRef of 227 the Route. \n Support: Core" 228 maxLength: 63 229 minLength: 1 230 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 231 type: string 232 port: 233 description: "Port is the network port this Route targets. It 234 can be interpreted differently based on the type of parent 235 resource. \n When the parent resource is a Gateway, this targets 236 all listeners listening on the specified port that also support 237 this kind of Route(and select this Route). It's not recommended 238 to set `Port` unless the networking behaviors specified in 239 a Route must apply to a specific port as opposed to a listener(s) 240 whose port(s) may be changed. When both Port and SectionName 241 are specified, the name and port of the selected listener 242 must match both specified values. \n When the parent resource 243 is a Service, this targets a specific port in the Service 244 spec. When both Port (experimental) and SectionName are specified, 245 the name and port of the selected port must match both specified 246 values. \n Implementations MAY choose to support other parent 247 resources. Implementations supporting other types of parent 248 resources MUST clearly document how/if Port is interpreted. 249 \n For the purpose of status, an attachment is considered 250 successful as long as the parent resource accepts it partially. 251 For example, Gateway listeners can restrict which Routes can 252 attach to them by Route kind, namespace, or hostname. If 1 253 of 2 Gateway listeners accept attachment from the referencing 254 Route, the Route MUST be considered successfully attached. 255 If no Gateway listeners accept attachment from this Route, 256 the Route MUST be considered detached from the Gateway. \n 257 Support: Extended \n " 258 format: int32 259 maximum: 65535 260 minimum: 1 261 type: integer 262 sectionName: 263 description: "SectionName is the name of a section within the 264 target resource. In the following resources, SectionName is 265 interpreted as the following: \n * Gateway: Listener Name. 266 When both Port (experimental) and SectionName are specified, 267 the name and port of the selected listener must match both 268 specified values. * Service: Port Name. When both Port (experimental) 269 and SectionName are specified, the name and port of the selected 270 listener must match both specified values. Note that attaching 271 Routes to Services as Parents is part of experimental Mesh 272 support and is not supported for any other purpose. \n Implementations 273 MAY choose to support attaching Routes to other resources. 274 If that is the case, they MUST clearly document how SectionName 275 is interpreted. \n When unspecified (empty string), this will 276 reference the entire resource. For the purpose of status, 277 an attachment is considered successful if at least one section 278 in the parent resource accepts it. For example, Gateway listeners 279 can restrict which Routes can attach to them by Route kind, 280 namespace, or hostname. If 1 of 2 Gateway listeners accept 281 attachment from the referencing Route, the Route MUST be considered 282 successfully attached. If no Gateway listeners accept attachment 283 from this Route, the Route MUST be considered detached from 284 the Gateway. \n Support: Core" 285 maxLength: 253 286 minLength: 1 287 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 288 type: string 289 required: 290 - name 291 type: object 292 maxItems: 32 293 type: array 294 x-kubernetes-validations: 295 - message: sectionName or port must be specified when parentRefs includes 296 2 or more references to the same parent 297 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind 298 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 299 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ 300 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && 301 p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) 302 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName 303 == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) 304 || p2.port == 0)): true))' 305 - message: sectionName or port must be unique when parentRefs includes 306 2 or more references to the same parent 307 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind 308 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 309 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ 310 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && 311 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) 312 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName 313 == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName 314 == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) 315 || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port 316 == p2.port)))) 317 rules: 318 description: Rules are a list of GRPC matchers, filters and actions. 319 items: 320 description: GRPCRouteRule defines the semantics for matching a 321 gRPC request based on conditions (matches), processing it (filters), 322 and forwarding the request to an API object (backendRefs). 323 properties: 324 backendRefs: 325 description: "BackendRefs defines the backend(s) where matching 326 requests should be sent. \n Failure behavior here depends 327 on how many BackendRefs are specified and how many are invalid. 328 \n If *all* entries in BackendRefs are invalid, and there 329 are also no filters specified in this route rule, *all* traffic 330 which matches this rule MUST receive an `UNAVAILABLE` status. 331 \n See the GRPCBackendRef definition for the rules about what 332 makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef 333 is invalid, `UNAVAILABLE` statuses MUST be returned for requests 334 that would have otherwise been routed to an invalid backend. 335 If multiple backends are specified, and some are invalid, 336 the proportion of requests that would otherwise have been 337 routed to an invalid backend MUST receive an `UNAVAILABLE` 338 status. \n For example, if two backends are specified with 339 equal weights, and one is invalid, 50 percent of traffic MUST 340 receive an `UNAVAILABLE` status. Implementations may choose 341 how that 50 percent is determined. \n Support: Core for Kubernetes 342 Service \n Support: Implementation-specific for any other 343 resource \n Support for weight: Core" 344 items: 345 description: "GRPCBackendRef defines how a GRPCRoute forwards 346 a gRPC request. \n Note that when a namespace different 347 than the local namespace is specified, a ReferenceGrant 348 object is required in the referent namespace to allow that 349 namespace's owner to accept the reference. See the ReferenceGrant 350 documentation for details. \n <gateway:experimental:description> 351 \n When the BackendRef points to a Kubernetes Service, implementations 352 SHOULD honor the appProtocol field if it is set for the 353 target Service Port. \n Implementations supporting appProtocol 354 SHOULD recognize the Kubernetes Standard Application Protocols 355 defined in KEP-3726. \n If a Service appProtocol isn't specified, 356 an implementation MAY infer the backend protocol through 357 its own means. Implementations MAY infer the protocol from 358 the Route type referring to the backend Service. \n If a 359 Route is not able to send traffic to the backend using the 360 specified protocol then the backend is considered invalid. 361 Implementations MUST set the \"ResolvedRefs\" condition 362 to \"False\" with the \"UnsupportedProtocol\" reason. \n 363 </gateway:experimental:description>" 364 properties: 365 filters: 366 description: "Filters defined at this level MUST be executed 367 if and only if the request is being forwarded to the 368 backend defined here. \n Support: Implementation-specific 369 (For broader support of filters, use the Filters field 370 in GRPCRouteRule.)" 371 items: 372 description: GRPCRouteFilter defines processing steps 373 that must be completed during the request or response 374 lifecycle. GRPCRouteFilters are meant as an extension 375 point to express processing that may be done in Gateway 376 implementations. Some examples include request or 377 response modification, implementing authentication 378 strategies, rate-limiting, and traffic shaping. API 379 guarantee/conformance is defined based on the type 380 of the filter. 381 properties: 382 extensionRef: 383 description: "ExtensionRef is an optional, implementation-specific 384 extension to the \"filter\" behavior. For example, 385 resource \"myroutefilter\" in group \"networking.example.net\"). 386 ExtensionRef MUST NOT be used for core and extended 387 filters. \n Support: Implementation-specific \n 388 This filter can be used multiple times within 389 the same rule." 390 properties: 391 group: 392 description: Group is the group of the referent. 393 For example, "gateway.networking.k8s.io". 394 When unspecified or empty string, core API 395 group is inferred. 396 maxLength: 253 397 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 398 type: string 399 kind: 400 description: Kind is kind of the referent. For 401 example "HTTPRoute" or "Service". 402 maxLength: 63 403 minLength: 1 404 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 405 type: string 406 name: 407 description: Name is the name of the referent. 408 maxLength: 253 409 minLength: 1 410 type: string 411 required: 412 - group 413 - kind 414 - name 415 type: object 416 requestHeaderModifier: 417 description: "RequestHeaderModifier defines a schema 418 for a filter that modifies request headers. \n 419 Support: Core" 420 properties: 421 add: 422 description: "Add adds the given header(s) (name, 423 value) to the request before the action. It 424 appends to any existing values associated 425 with the header name. \n Input: GET /foo HTTP/1.1 426 my-header: foo \n Config: add: - name: \"my-header\" 427 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 428 my-header: foo,bar,baz" 429 items: 430 description: HTTPHeader represents an HTTP 431 Header name and value as defined by RFC 432 7230. 433 properties: 434 name: 435 description: "Name is the name of the 436 HTTP Header to be matched. Name matching 437 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 438 \n If multiple entries specify equivalent 439 header names, the first entry with an 440 equivalent name MUST be considered for 441 a match. Subsequent entries with an 442 equivalent header name MUST be ignored. 443 Due to the case-insensitivity of header 444 names, \"foo\" and \"Foo\" are considered 445 equivalent." 446 maxLength: 256 447 minLength: 1 448 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 449 type: string 450 value: 451 description: Value is the value of HTTP 452 Header to be matched. 453 maxLength: 4096 454 minLength: 1 455 type: string 456 required: 457 - name 458 - value 459 type: object 460 maxItems: 16 461 type: array 462 x-kubernetes-list-map-keys: 463 - name 464 x-kubernetes-list-type: map 465 remove: 466 description: "Remove the given header(s) from 467 the HTTP request before the action. The value 468 of Remove is a list of HTTP header names. 469 Note that the header names are case-insensitive 470 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 471 \n Input: GET /foo HTTP/1.1 my-header1: foo 472 my-header2: bar my-header3: baz \n Config: 473 remove: [\"my-header1\", \"my-header3\"] \n 474 Output: GET /foo HTTP/1.1 my-header2: bar" 475 items: 476 type: string 477 maxItems: 16 478 type: array 479 x-kubernetes-list-type: set 480 set: 481 description: "Set overwrites the request with 482 the given header (name, value) before the 483 action. \n Input: GET /foo HTTP/1.1 my-header: 484 foo \n Config: set: - name: \"my-header\" 485 value: \"bar\" \n Output: GET /foo HTTP/1.1 486 my-header: bar" 487 items: 488 description: HTTPHeader represents an HTTP 489 Header name and value as defined by RFC 490 7230. 491 properties: 492 name: 493 description: "Name is the name of the 494 HTTP Header to be matched. Name matching 495 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 496 \n If multiple entries specify equivalent 497 header names, the first entry with an 498 equivalent name MUST be considered for 499 a match. Subsequent entries with an 500 equivalent header name MUST be ignored. 501 Due to the case-insensitivity of header 502 names, \"foo\" and \"Foo\" are considered 503 equivalent." 504 maxLength: 256 505 minLength: 1 506 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 507 type: string 508 value: 509 description: Value is the value of HTTP 510 Header to be matched. 511 maxLength: 4096 512 minLength: 1 513 type: string 514 required: 515 - name 516 - value 517 type: object 518 maxItems: 16 519 type: array 520 x-kubernetes-list-map-keys: 521 - name 522 x-kubernetes-list-type: map 523 type: object 524 requestMirror: 525 description: "RequestMirror defines a schema for 526 a filter that mirrors requests. Requests are sent 527 to the specified destination, but responses from 528 that destination are ignored. \n This filter can 529 be used multiple times within the same rule. Note 530 that not all implementations will be able to support 531 mirroring to multiple backends. \n Support: Extended" 532 properties: 533 backendRef: 534 description: "BackendRef references a resource 535 where mirrored requests are sent. \n Mirrored 536 requests must be sent only to a single destination 537 endpoint within this BackendRef, irrespective 538 of how many endpoints are present within this 539 BackendRef. \n If the referent cannot be found, 540 this BackendRef is invalid and must be dropped 541 from the Gateway. The controller must ensure 542 the \"ResolvedRefs\" condition on the Route 543 status is set to `status: False` and not configure 544 this backend in the underlying implementation. 545 \n If there is a cross-namespace reference 546 to an *existing* object that is not allowed 547 by a ReferenceGrant, the controller must ensure 548 the \"ResolvedRefs\" condition on the Route 549 is set to `status: False`, with the \"RefNotPermitted\" 550 reason and not configure this backend in the 551 underlying implementation. \n In either error 552 case, the Message of the `ResolvedRefs` Condition 553 should be used to provide more detail about 554 the problem. \n Support: Extended for Kubernetes 555 Service \n Support: Implementation-specific 556 for any other resource" 557 properties: 558 group: 559 default: "" 560 description: Group is the group of the referent. 561 For example, "gateway.networking.k8s.io". 562 When unspecified or empty string, core 563 API group is inferred. 564 maxLength: 253 565 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 566 type: string 567 kind: 568 default: Service 569 description: "Kind is the Kubernetes resource 570 kind of the referent. For example \"Service\". 571 \n Defaults to \"Service\" when not specified. 572 \n ExternalName services can refer to 573 CNAME DNS records that may live outside 574 of the cluster and as such are difficult 575 to reason about in terms of conformance. 576 They also may not be safe to forward to 577 (see CVE-2021-25740 for more information). 578 Implementations SHOULD NOT support ExternalName 579 Services. \n Support: Core (Services with 580 a type other than ExternalName) \n Support: 581 Implementation-specific (Services with 582 type ExternalName)" 583 maxLength: 63 584 minLength: 1 585 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 586 type: string 587 name: 588 description: Name is the name of the referent. 589 maxLength: 253 590 minLength: 1 591 type: string 592 namespace: 593 description: "Namespace is the namespace 594 of the backend. When unspecified, the 595 local namespace is inferred. \n Note that 596 when a namespace different than the local 597 namespace is specified, a ReferenceGrant 598 object is required in the referent namespace 599 to allow that namespace's owner to accept 600 the reference. See the ReferenceGrant 601 documentation for details. \n Support: 602 Core" 603 maxLength: 63 604 minLength: 1 605 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 606 type: string 607 port: 608 description: Port specifies the destination 609 port number to use for this resource. 610 Port is required when the referent is 611 a Kubernetes Service. In this case, the 612 port number is the service port number, 613 not the target port. For other resources, 614 destination port might be derived from 615 the referent resource or this field. 616 format: int32 617 maximum: 65535 618 minimum: 1 619 type: integer 620 required: 621 - name 622 type: object 623 x-kubernetes-validations: 624 - message: Must have port for Service reference 625 rule: '(size(self.group) == 0 && self.kind 626 == ''Service'') ? has(self.port) : true' 627 required: 628 - backendRef 629 type: object 630 responseHeaderModifier: 631 description: "ResponseHeaderModifier defines a schema 632 for a filter that modifies response headers. \n 633 Support: Extended" 634 properties: 635 add: 636 description: "Add adds the given header(s) (name, 637 value) to the request before the action. It 638 appends to any existing values associated 639 with the header name. \n Input: GET /foo HTTP/1.1 640 my-header: foo \n Config: add: - name: \"my-header\" 641 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 642 my-header: foo,bar,baz" 643 items: 644 description: HTTPHeader represents an HTTP 645 Header name and value as defined by RFC 646 7230. 647 properties: 648 name: 649 description: "Name is the name of the 650 HTTP Header to be matched. Name matching 651 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 652 \n If multiple entries specify equivalent 653 header names, the first entry with an 654 equivalent name MUST be considered for 655 a match. Subsequent entries with an 656 equivalent header name MUST be ignored. 657 Due to the case-insensitivity of header 658 names, \"foo\" and \"Foo\" are considered 659 equivalent." 660 maxLength: 256 661 minLength: 1 662 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 663 type: string 664 value: 665 description: Value is the value of HTTP 666 Header to be matched. 667 maxLength: 4096 668 minLength: 1 669 type: string 670 required: 671 - name 672 - value 673 type: object 674 maxItems: 16 675 type: array 676 x-kubernetes-list-map-keys: 677 - name 678 x-kubernetes-list-type: map 679 remove: 680 description: "Remove the given header(s) from 681 the HTTP request before the action. The value 682 of Remove is a list of HTTP header names. 683 Note that the header names are case-insensitive 684 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 685 \n Input: GET /foo HTTP/1.1 my-header1: foo 686 my-header2: bar my-header3: baz \n Config: 687 remove: [\"my-header1\", \"my-header3\"] \n 688 Output: GET /foo HTTP/1.1 my-header2: bar" 689 items: 690 type: string 691 maxItems: 16 692 type: array 693 x-kubernetes-list-type: set 694 set: 695 description: "Set overwrites the request with 696 the given header (name, value) before the 697 action. \n Input: GET /foo HTTP/1.1 my-header: 698 foo \n Config: set: - name: \"my-header\" 699 value: \"bar\" \n Output: GET /foo HTTP/1.1 700 my-header: bar" 701 items: 702 description: HTTPHeader represents an HTTP 703 Header name and value as defined by RFC 704 7230. 705 properties: 706 name: 707 description: "Name is the name of the 708 HTTP Header to be matched. Name matching 709 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 710 \n If multiple entries specify equivalent 711 header names, the first entry with an 712 equivalent name MUST be considered for 713 a match. Subsequent entries with an 714 equivalent header name MUST be ignored. 715 Due to the case-insensitivity of header 716 names, \"foo\" and \"Foo\" are considered 717 equivalent." 718 maxLength: 256 719 minLength: 1 720 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 721 type: string 722 value: 723 description: Value is the value of HTTP 724 Header to be matched. 725 maxLength: 4096 726 minLength: 1 727 type: string 728 required: 729 - name 730 - value 731 type: object 732 maxItems: 16 733 type: array 734 x-kubernetes-list-map-keys: 735 - name 736 x-kubernetes-list-type: map 737 type: object 738 type: 739 description: "Type identifies the type of filter 740 to apply. As with other API fields, types are 741 classified into three conformance levels: \n - 742 Core: Filter types and their corresponding configuration 743 defined by \"Support: Core\" in this package, 744 e.g. \"RequestHeaderModifier\". All implementations 745 supporting GRPCRoute MUST support core filters. 746 \n - Extended: Filter types and their corresponding 747 configuration defined by \"Support: Extended\" 748 in this package, e.g. \"RequestMirror\". Implementers 749 are encouraged to support extended filters. \n 750 - Implementation-specific: Filters that are defined 751 and supported by specific vendors. In the future, 752 filters showing convergence in behavior across 753 multiple implementations will be considered for 754 inclusion in extended or core conformance levels. 755 Filter-specific configuration for such filters 756 is specified using the ExtensionRef field. `Type` 757 MUST be set to \"ExtensionRef\" for custom filters. 758 \n Implementers are encouraged to define custom 759 implementation types to extend the core API with 760 implementation-specific behavior. \n If a reference 761 to a custom filter type cannot be resolved, the 762 filter MUST NOT be skipped. Instead, requests 763 that would have been processed by that filter 764 MUST receive a HTTP error response. \n " 765 enum: 766 - ResponseHeaderModifier 767 - RequestHeaderModifier 768 - RequestMirror 769 - ExtensionRef 770 type: string 771 required: 772 - type 773 type: object 774 x-kubernetes-validations: 775 - message: filter.requestHeaderModifier must be nil 776 if the filter.type is not RequestHeaderModifier 777 rule: '!(has(self.requestHeaderModifier) && self.type 778 != ''RequestHeaderModifier'')' 779 - message: filter.requestHeaderModifier must be specified 780 for RequestHeaderModifier filter.type 781 rule: '!(!has(self.requestHeaderModifier) && self.type 782 == ''RequestHeaderModifier'')' 783 - message: filter.responseHeaderModifier must be nil 784 if the filter.type is not ResponseHeaderModifier 785 rule: '!(has(self.responseHeaderModifier) && self.type 786 != ''ResponseHeaderModifier'')' 787 - message: filter.responseHeaderModifier must be specified 788 for ResponseHeaderModifier filter.type 789 rule: '!(!has(self.responseHeaderModifier) && self.type 790 == ''ResponseHeaderModifier'')' 791 - message: filter.requestMirror must be nil if the filter.type 792 is not RequestMirror 793 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 794 - message: filter.requestMirror must be specified for 795 RequestMirror filter.type 796 rule: '!(!has(self.requestMirror) && self.type == 797 ''RequestMirror'')' 798 - message: filter.extensionRef must be nil if the filter.type 799 is not ExtensionRef 800 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 801 - message: filter.extensionRef must be specified for 802 ExtensionRef filter.type 803 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 804 maxItems: 16 805 type: array 806 x-kubernetes-validations: 807 - message: RequestHeaderModifier filter cannot be repeated 808 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 809 <= 1 810 - message: ResponseHeaderModifier filter cannot be repeated 811 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 812 <= 1 813 group: 814 default: "" 815 description: Group is the group of the referent. For example, 816 "gateway.networking.k8s.io". When unspecified or empty 817 string, core API group is inferred. 818 maxLength: 253 819 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 820 type: string 821 kind: 822 default: Service 823 description: "Kind is the Kubernetes resource kind of 824 the referent. For example \"Service\". \n Defaults to 825 \"Service\" when not specified. \n ExternalName services 826 can refer to CNAME DNS records that may live outside 827 of the cluster and as such are difficult to reason about 828 in terms of conformance. They also may not be safe to 829 forward to (see CVE-2021-25740 for more information). 830 Implementations SHOULD NOT support ExternalName Services. 831 \n Support: Core (Services with a type other than ExternalName) 832 \n Support: Implementation-specific (Services with type 833 ExternalName)" 834 maxLength: 63 835 minLength: 1 836 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 837 type: string 838 name: 839 description: Name is the name of the referent. 840 maxLength: 253 841 minLength: 1 842 type: string 843 namespace: 844 description: "Namespace is the namespace of the backend. 845 When unspecified, the local namespace is inferred. \n 846 Note that when a namespace different than the local 847 namespace is specified, a ReferenceGrant object is required 848 in the referent namespace to allow that namespace's 849 owner to accept the reference. See the ReferenceGrant 850 documentation for details. \n Support: Core" 851 maxLength: 63 852 minLength: 1 853 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 854 type: string 855 port: 856 description: Port specifies the destination port number 857 to use for this resource. Port is required when the 858 referent is a Kubernetes Service. In this case, the 859 port number is the service port number, not the target 860 port. For other resources, destination port might be 861 derived from the referent resource or this field. 862 format: int32 863 maximum: 65535 864 minimum: 1 865 type: integer 866 weight: 867 default: 1 868 description: "Weight specifies the proportion of requests 869 forwarded to the referenced backend. This is computed 870 as weight/(sum of all weights in this BackendRefs list). 871 For non-zero values, there may be some epsilon from 872 the exact proportion defined here depending on the precision 873 an implementation supports. Weight is not a percentage 874 and the sum of weights does not need to equal 100. \n 875 If only one backend is specified and it has a weight 876 greater than 0, 100% of the traffic is forwarded to 877 that backend. If weight is set to 0, no traffic should 878 be forwarded for this entry. If unspecified, weight 879 defaults to 1. \n Support for this field varies based 880 on the context where used." 881 format: int32 882 maximum: 1000000 883 minimum: 0 884 type: integer 885 required: 886 - name 887 type: object 888 x-kubernetes-validations: 889 - message: Must have port for Service reference 890 rule: '(size(self.group) == 0 && self.kind == ''Service'') 891 ? has(self.port) : true' 892 maxItems: 16 893 type: array 894 filters: 895 description: "Filters define the filters that are applied to 896 requests that match this rule. \n The effects of ordering 897 of multiple behaviors are currently unspecified. This can 898 change in the future based on feedback during the alpha stage. 899 \n Conformance-levels at this level are defined based on the 900 type of filter: \n - ALL core filters MUST be supported by 901 all implementations that support GRPCRoute. - Implementers 902 are encouraged to support extended filters. - Implementation-specific 903 custom filters have no API guarantees across implementations. 904 \n Specifying the same filter multiple times is not supported 905 unless explicitly indicated in the filter. \n If an implementation 906 can not support a combination of filters, it must clearly 907 document that limitation. In cases where incompatible or unsupported 908 filters are specified and cause the `Accepted` condition to 909 be set to status `False`, implementations may use the `IncompatibleFilters` 910 reason to specify this configuration error. \n Support: Core" 911 items: 912 description: GRPCRouteFilter defines processing steps that 913 must be completed during the request or response lifecycle. 914 GRPCRouteFilters are meant as an extension point to express 915 processing that may be done in Gateway implementations. 916 Some examples include request or response modification, 917 implementing authentication strategies, rate-limiting, and 918 traffic shaping. API guarantee/conformance is defined based 919 on the type of the filter. 920 properties: 921 extensionRef: 922 description: "ExtensionRef is an optional, implementation-specific 923 extension to the \"filter\" behavior. For example, 924 resource \"myroutefilter\" in group \"networking.example.net\"). 925 ExtensionRef MUST NOT be used for core and extended 926 filters. \n Support: Implementation-specific \n This 927 filter can be used multiple times within the same rule." 928 properties: 929 group: 930 description: Group is the group of the referent. For 931 example, "gateway.networking.k8s.io". When unspecified 932 or empty string, core API group is inferred. 933 maxLength: 253 934 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 935 type: string 936 kind: 937 description: Kind is kind of the referent. For example 938 "HTTPRoute" or "Service". 939 maxLength: 63 940 minLength: 1 941 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 942 type: string 943 name: 944 description: Name is the name of the referent. 945 maxLength: 253 946 minLength: 1 947 type: string 948 required: 949 - group 950 - kind 951 - name 952 type: object 953 requestHeaderModifier: 954 description: "RequestHeaderModifier defines a schema for 955 a filter that modifies request headers. \n Support: 956 Core" 957 properties: 958 add: 959 description: "Add adds the given header(s) (name, 960 value) to the request before the action. It appends 961 to any existing values associated with the header 962 name. \n Input: GET /foo HTTP/1.1 my-header: foo 963 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 964 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 965 items: 966 description: HTTPHeader represents an HTTP Header 967 name and value as defined by RFC 7230. 968 properties: 969 name: 970 description: "Name is the name of the HTTP Header 971 to be matched. Name matching MUST be case 972 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 973 \n If multiple entries specify equivalent 974 header names, the first entry with an equivalent 975 name MUST be considered for a match. Subsequent 976 entries with an equivalent header name MUST 977 be ignored. Due to the case-insensitivity 978 of header names, \"foo\" and \"Foo\" are considered 979 equivalent." 980 maxLength: 256 981 minLength: 1 982 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 983 type: string 984 value: 985 description: Value is the value of HTTP Header 986 to be matched. 987 maxLength: 4096 988 minLength: 1 989 type: string 990 required: 991 - name 992 - value 993 type: object 994 maxItems: 16 995 type: array 996 x-kubernetes-list-map-keys: 997 - name 998 x-kubernetes-list-type: map 999 remove: 1000 description: "Remove the given header(s) from the 1001 HTTP request before the action. The value of Remove 1002 is a list of HTTP header names. Note that the header 1003 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 1004 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 1005 bar my-header3: baz \n Config: remove: [\"my-header1\", 1006 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 1007 bar" 1008 items: 1009 type: string 1010 maxItems: 16 1011 type: array 1012 x-kubernetes-list-type: set 1013 set: 1014 description: "Set overwrites the request with the 1015 given header (name, value) before the action. \n 1016 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 1017 set: - name: \"my-header\" value: \"bar\" \n Output: 1018 GET /foo HTTP/1.1 my-header: bar" 1019 items: 1020 description: HTTPHeader represents an HTTP Header 1021 name and value as defined by RFC 7230. 1022 properties: 1023 name: 1024 description: "Name is the name of the HTTP Header 1025 to be matched. Name matching MUST be case 1026 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1027 \n If multiple entries specify equivalent 1028 header names, the first entry with an equivalent 1029 name MUST be considered for a match. Subsequent 1030 entries with an equivalent header name MUST 1031 be ignored. Due to the case-insensitivity 1032 of header names, \"foo\" and \"Foo\" are considered 1033 equivalent." 1034 maxLength: 256 1035 minLength: 1 1036 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1037 type: string 1038 value: 1039 description: Value is the value of HTTP Header 1040 to be matched. 1041 maxLength: 4096 1042 minLength: 1 1043 type: string 1044 required: 1045 - name 1046 - value 1047 type: object 1048 maxItems: 16 1049 type: array 1050 x-kubernetes-list-map-keys: 1051 - name 1052 x-kubernetes-list-type: map 1053 type: object 1054 requestMirror: 1055 description: "RequestMirror defines a schema for a filter 1056 that mirrors requests. Requests are sent to the specified 1057 destination, but responses from that destination are 1058 ignored. \n This filter can be used multiple times within 1059 the same rule. Note that not all implementations will 1060 be able to support mirroring to multiple backends. \n 1061 Support: Extended" 1062 properties: 1063 backendRef: 1064 description: "BackendRef references a resource where 1065 mirrored requests are sent. \n Mirrored requests 1066 must be sent only to a single destination endpoint 1067 within this BackendRef, irrespective of how many 1068 endpoints are present within this BackendRef. \n 1069 If the referent cannot be found, this BackendRef 1070 is invalid and must be dropped from the Gateway. 1071 The controller must ensure the \"ResolvedRefs\" 1072 condition on the Route status is set to `status: 1073 False` and not configure this backend in the underlying 1074 implementation. \n If there is a cross-namespace 1075 reference to an *existing* object that is not allowed 1076 by a ReferenceGrant, the controller must ensure 1077 the \"ResolvedRefs\" condition on the Route is 1078 set to `status: False`, with the \"RefNotPermitted\" 1079 reason and not configure this backend in the underlying 1080 implementation. \n In either error case, the Message 1081 of the `ResolvedRefs` Condition should be used to 1082 provide more detail about the problem. \n Support: 1083 Extended for Kubernetes Service \n Support: Implementation-specific 1084 for any other resource" 1085 properties: 1086 group: 1087 default: "" 1088 description: Group is the group of the referent. 1089 For example, "gateway.networking.k8s.io". When 1090 unspecified or empty string, core API group 1091 is inferred. 1092 maxLength: 253 1093 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1094 type: string 1095 kind: 1096 default: Service 1097 description: "Kind is the Kubernetes resource 1098 kind of the referent. For example \"Service\". 1099 \n Defaults to \"Service\" when not specified. 1100 \n ExternalName services can refer to CNAME 1101 DNS records that may live outside of the cluster 1102 and as such are difficult to reason about in 1103 terms of conformance. They also may not be safe 1104 to forward to (see CVE-2021-25740 for more information). 1105 Implementations SHOULD NOT support ExternalName 1106 Services. \n Support: Core (Services with a 1107 type other than ExternalName) \n Support: Implementation-specific 1108 (Services with type ExternalName)" 1109 maxLength: 63 1110 minLength: 1 1111 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1112 type: string 1113 name: 1114 description: Name is the name of the referent. 1115 maxLength: 253 1116 minLength: 1 1117 type: string 1118 namespace: 1119 description: "Namespace is the namespace of the 1120 backend. When unspecified, the local namespace 1121 is inferred. \n Note that when a namespace different 1122 than the local namespace is specified, a ReferenceGrant 1123 object is required in the referent namespace 1124 to allow that namespace's owner to accept the 1125 reference. See the ReferenceGrant documentation 1126 for details. \n Support: Core" 1127 maxLength: 63 1128 minLength: 1 1129 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 1130 type: string 1131 port: 1132 description: Port specifies the destination port 1133 number to use for this resource. Port is required 1134 when the referent is a Kubernetes Service. In 1135 this case, the port number is the service port 1136 number, not the target port. For other resources, 1137 destination port might be derived from the referent 1138 resource or this field. 1139 format: int32 1140 maximum: 65535 1141 minimum: 1 1142 type: integer 1143 required: 1144 - name 1145 type: object 1146 x-kubernetes-validations: 1147 - message: Must have port for Service reference 1148 rule: '(size(self.group) == 0 && self.kind == ''Service'') 1149 ? has(self.port) : true' 1150 required: 1151 - backendRef 1152 type: object 1153 responseHeaderModifier: 1154 description: "ResponseHeaderModifier defines a schema 1155 for a filter that modifies response headers. \n Support: 1156 Extended" 1157 properties: 1158 add: 1159 description: "Add adds the given header(s) (name, 1160 value) to the request before the action. It appends 1161 to any existing values associated with the header 1162 name. \n Input: GET /foo HTTP/1.1 my-header: foo 1163 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 1164 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 1165 items: 1166 description: HTTPHeader represents an HTTP Header 1167 name and value as defined by RFC 7230. 1168 properties: 1169 name: 1170 description: "Name is the name of the HTTP Header 1171 to be matched. Name matching MUST be case 1172 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1173 \n If multiple entries specify equivalent 1174 header names, the first entry with an equivalent 1175 name MUST be considered for a match. Subsequent 1176 entries with an equivalent header name MUST 1177 be ignored. Due to the case-insensitivity 1178 of header names, \"foo\" and \"Foo\" are considered 1179 equivalent." 1180 maxLength: 256 1181 minLength: 1 1182 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1183 type: string 1184 value: 1185 description: Value is the value of HTTP Header 1186 to be matched. 1187 maxLength: 4096 1188 minLength: 1 1189 type: string 1190 required: 1191 - name 1192 - value 1193 type: object 1194 maxItems: 16 1195 type: array 1196 x-kubernetes-list-map-keys: 1197 - name 1198 x-kubernetes-list-type: map 1199 remove: 1200 description: "Remove the given header(s) from the 1201 HTTP request before the action. The value of Remove 1202 is a list of HTTP header names. Note that the header 1203 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 1204 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 1205 bar my-header3: baz \n Config: remove: [\"my-header1\", 1206 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 1207 bar" 1208 items: 1209 type: string 1210 maxItems: 16 1211 type: array 1212 x-kubernetes-list-type: set 1213 set: 1214 description: "Set overwrites the request with the 1215 given header (name, value) before the action. \n 1216 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 1217 set: - name: \"my-header\" value: \"bar\" \n Output: 1218 GET /foo HTTP/1.1 my-header: bar" 1219 items: 1220 description: HTTPHeader represents an HTTP Header 1221 name and value as defined by RFC 7230. 1222 properties: 1223 name: 1224 description: "Name is the name of the HTTP Header 1225 to be matched. Name matching MUST be case 1226 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1227 \n If multiple entries specify equivalent 1228 header names, the first entry with an equivalent 1229 name MUST be considered for a match. Subsequent 1230 entries with an equivalent header name MUST 1231 be ignored. Due to the case-insensitivity 1232 of header names, \"foo\" and \"Foo\" are considered 1233 equivalent." 1234 maxLength: 256 1235 minLength: 1 1236 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1237 type: string 1238 value: 1239 description: Value is the value of HTTP Header 1240 to be matched. 1241 maxLength: 4096 1242 minLength: 1 1243 type: string 1244 required: 1245 - name 1246 - value 1247 type: object 1248 maxItems: 16 1249 type: array 1250 x-kubernetes-list-map-keys: 1251 - name 1252 x-kubernetes-list-type: map 1253 type: object 1254 type: 1255 description: "Type identifies the type of filter to apply. 1256 As with other API fields, types are classified into 1257 three conformance levels: \n - Core: Filter types and 1258 their corresponding configuration defined by \"Support: 1259 Core\" in this package, e.g. \"RequestHeaderModifier\". 1260 All implementations supporting GRPCRoute MUST support 1261 core filters. \n - Extended: Filter types and their 1262 corresponding configuration defined by \"Support: Extended\" 1263 in this package, e.g. \"RequestMirror\". Implementers 1264 are encouraged to support extended filters. \n - Implementation-specific: 1265 Filters that are defined and supported by specific vendors. 1266 In the future, filters showing convergence in behavior 1267 across multiple implementations will be considered for 1268 inclusion in extended or core conformance levels. Filter-specific 1269 configuration for such filters is specified using the 1270 ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" 1271 for custom filters. \n Implementers are encouraged to 1272 define custom implementation types to extend the core 1273 API with implementation-specific behavior. \n If a reference 1274 to a custom filter type cannot be resolved, the filter 1275 MUST NOT be skipped. Instead, requests that would have 1276 been processed by that filter MUST receive a HTTP error 1277 response. \n " 1278 enum: 1279 - ResponseHeaderModifier 1280 - RequestHeaderModifier 1281 - RequestMirror 1282 - ExtensionRef 1283 type: string 1284 required: 1285 - type 1286 type: object 1287 x-kubernetes-validations: 1288 - message: filter.requestHeaderModifier must be nil if the 1289 filter.type is not RequestHeaderModifier 1290 rule: '!(has(self.requestHeaderModifier) && self.type != 1291 ''RequestHeaderModifier'')' 1292 - message: filter.requestHeaderModifier must be specified 1293 for RequestHeaderModifier filter.type 1294 rule: '!(!has(self.requestHeaderModifier) && self.type == 1295 ''RequestHeaderModifier'')' 1296 - message: filter.responseHeaderModifier must be nil if the 1297 filter.type is not ResponseHeaderModifier 1298 rule: '!(has(self.responseHeaderModifier) && self.type != 1299 ''ResponseHeaderModifier'')' 1300 - message: filter.responseHeaderModifier must be specified 1301 for ResponseHeaderModifier filter.type 1302 rule: '!(!has(self.responseHeaderModifier) && self.type 1303 == ''ResponseHeaderModifier'')' 1304 - message: filter.requestMirror must be nil if the filter.type 1305 is not RequestMirror 1306 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 1307 - message: filter.requestMirror must be specified for RequestMirror 1308 filter.type 1309 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')' 1310 - message: filter.extensionRef must be nil if the filter.type 1311 is not ExtensionRef 1312 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 1313 - message: filter.extensionRef must be specified for ExtensionRef 1314 filter.type 1315 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 1316 maxItems: 16 1317 type: array 1318 x-kubernetes-validations: 1319 - message: RequestHeaderModifier filter cannot be repeated 1320 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 1321 <= 1 1322 - message: ResponseHeaderModifier filter cannot be repeated 1323 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 1324 <= 1 1325 matches: 1326 description: "Matches define conditions used for matching the 1327 rule against incoming gRPC requests. Each match is independent, 1328 i.e. this rule will be matched if **any** one of the matches 1329 is satisfied. \n For example, take the following matches configuration: 1330 \n ``` matches: - method: service: foo.bar headers: values: 1331 version: 2 - method: service: foo.bar.v2 ``` \n For a request 1332 to match against this rule, it MUST satisfy EITHER of the 1333 two conditions: \n - service of foo.bar AND contains the header 1334 `version: 2` - service of foo.bar.v2 \n See the documentation 1335 for GRPCRouteMatch on how to specify multiple match conditions 1336 to be ANDed together. \n If no matches are specified, the 1337 implementation MUST match every gRPC request. \n Proxy or 1338 Load Balancer routing configuration generated from GRPCRoutes 1339 MUST prioritize rules based on the following criteria, continuing 1340 on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. 1341 Precedence MUST be given to the rule with the largest number 1342 of: \n * Characters in a matching non-wildcard hostname. * 1343 Characters in a matching hostname. * Characters in a matching 1344 service. * Characters in a matching method. * Header matches. 1345 \n If ties still exist across multiple Routes, matching precedence 1346 MUST be determined in order of the following criteria, continuing 1347 on ties: \n * The oldest Route based on creation timestamp. 1348 * The Route appearing first in alphabetical order by \"{namespace}/{name}\". 1349 \n If ties still exist within the Route that has been given 1350 precedence, matching precedence MUST be granted to the first 1351 matching rule meeting the above criteria." 1352 items: 1353 description: "GRPCRouteMatch defines the predicate used to 1354 match requests to a given action. Multiple match types are 1355 ANDed together, i.e. the match will evaluate to true only 1356 if all conditions are satisfied. \n For example, the match 1357 below will match a gRPC request only if its service is `foo` 1358 AND it contains the `version: v1` header: \n ``` matches: 1359 - method: type: Exact service: \"foo\" headers: - name: 1360 \"version\" value \"v1\" \n ```" 1361 properties: 1362 headers: 1363 description: Headers specifies gRPC request header matchers. 1364 Multiple match values are ANDed together, meaning, a 1365 request MUST match all the specified headers to select 1366 the route. 1367 items: 1368 description: GRPCHeaderMatch describes how to select 1369 a gRPC route by matching gRPC request headers. 1370 properties: 1371 name: 1372 description: "Name is the name of the gRPC Header 1373 to be matched. \n If multiple entries specify 1374 equivalent header names, only the first entry 1375 with an equivalent name MUST be considered for 1376 a match. Subsequent entries with an equivalent 1377 header name MUST be ignored. Due to the case-insensitivity 1378 of header names, \"foo\" and \"Foo\" are considered 1379 equivalent." 1380 maxLength: 256 1381 minLength: 1 1382 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1383 type: string 1384 type: 1385 default: Exact 1386 description: Type specifies how to match against 1387 the value of the header. 1388 enum: 1389 - Exact 1390 - RegularExpression 1391 type: string 1392 value: 1393 description: Value is the value of the gRPC Header 1394 to be matched. 1395 maxLength: 4096 1396 minLength: 1 1397 type: string 1398 required: 1399 - name 1400 - value 1401 type: object 1402 maxItems: 16 1403 type: array 1404 x-kubernetes-list-map-keys: 1405 - name 1406 x-kubernetes-list-type: map 1407 method: 1408 description: Method specifies a gRPC request service/method 1409 matcher. If this field is not specified, all services 1410 and methods will match. 1411 properties: 1412 method: 1413 description: "Value of the method to match against. 1414 If left empty or omitted, will match all services. 1415 \n At least one of Service and Method MUST be a 1416 non-empty string." 1417 maxLength: 1024 1418 type: string 1419 service: 1420 description: "Value of the service to match against. 1421 If left empty or omitted, will match any service. 1422 \n At least one of Service and Method MUST be a 1423 non-empty string." 1424 maxLength: 1024 1425 type: string 1426 type: 1427 default: Exact 1428 description: "Type specifies how to match against 1429 the service and/or method. Support: Core (Exact 1430 with service and method specified) \n Support: Implementation-specific 1431 (Exact with method specified but no service specified) 1432 \n Support: Implementation-specific (RegularExpression)" 1433 enum: 1434 - Exact 1435 - RegularExpression 1436 type: string 1437 type: object 1438 x-kubernetes-validations: 1439 - message: One or both of 'service' or 'method' must be 1440 specified 1441 rule: 'has(self.type) ? has(self.service) || has(self.method) 1442 : true' 1443 - message: service must only contain valid characters 1444 (matching ^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$) 1445 rule: '(!has(self.type) || self.type == ''Exact'') && 1446 has(self.service) ? self.service.matches(r"""^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$"""): 1447 true' 1448 - message: method must only contain valid characters (matching 1449 ^[A-Za-z_][A-Za-z_0-9]*$) 1450 rule: '(!has(self.type) || self.type == ''Exact'') && 1451 has(self.method) ? self.method.matches(r"""^[A-Za-z_][A-Za-z_0-9]*$"""): 1452 true' 1453 type: object 1454 maxItems: 8 1455 type: array 1456 type: object 1457 maxItems: 16 1458 type: array 1459 type: object 1460 status: 1461 description: Status defines the current state of GRPCRoute. 1462 properties: 1463 parents: 1464 description: "Parents is a list of parent resources (usually Gateways) 1465 that are associated with the route, and the status of the route 1466 with respect to each parent. When this route attaches to a parent, 1467 the controller that manages the parent must add an entry to this 1468 list when the controller first sees the route and should update 1469 the entry as appropriate when the route or gateway is modified. 1470 \n Note that parent references that cannot be resolved by an implementation 1471 of this API will not be added to this list. Implementations of this 1472 API can only populate Route status for the Gateways/parent resources 1473 they are responsible for. \n A maximum of 32 Gateways will be represented 1474 in this list. An empty list means the route has not been attached 1475 to any Gateway." 1476 items: 1477 description: RouteParentStatus describes the status of a route with 1478 respect to an associated Parent. 1479 properties: 1480 conditions: 1481 description: "Conditions describes the status of the route with 1482 respect to the Gateway. Note that the route's availability 1483 is also subject to the Gateway's own status conditions and 1484 listener status. \n If the Route's ParentRef specifies an 1485 existing Gateway that supports Routes of this kind AND that 1486 Gateway's controller has sufficient access, then that Gateway's 1487 controller MUST set the \"Accepted\" condition on the Route, 1488 to indicate whether the route has been accepted or rejected 1489 by the Gateway, and why. \n A Route MUST be considered \"Accepted\" 1490 if at least one of the Route's rules is implemented by the 1491 Gateway. \n There are a number of cases where the \"Accepted\" 1492 condition may not be set due to lack of controller visibility, 1493 that includes when: \n * The Route refers to a non-existent 1494 parent. * The Route is of a type that the controller does 1495 not support. * The Route is in a namespace the controller 1496 does not have access to." 1497 items: 1498 description: "Condition contains details for one aspect of 1499 the current state of this API Resource. --- This struct 1500 is intended for direct use as an array at the field path 1501 .status.conditions. For example, \n type FooStatus struct{ 1502 // Represents the observations of a foo's current state. 1503 // Known .status.conditions.type are: \"Available\", \"Progressing\", 1504 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 1505 // +listType=map // +listMapKey=type Conditions []metav1.Condition 1506 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 1507 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields 1508 }" 1509 properties: 1510 lastTransitionTime: 1511 description: lastTransitionTime is the last time the condition 1512 transitioned from one status to another. This should 1513 be when the underlying condition changed. If that is 1514 not known, then using the time when the API field changed 1515 is acceptable. 1516 format: date-time 1517 type: string 1518 message: 1519 description: message is a human readable message indicating 1520 details about the transition. This may be an empty string. 1521 maxLength: 32768 1522 type: string 1523 observedGeneration: 1524 description: observedGeneration represents the .metadata.generation 1525 that the condition was set based upon. For instance, 1526 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration 1527 is 9, the condition is out of date with respect to the 1528 current state of the instance. 1529 format: int64 1530 minimum: 0 1531 type: integer 1532 reason: 1533 description: reason contains a programmatic identifier 1534 indicating the reason for the condition's last transition. 1535 Producers of specific condition types may define expected 1536 values and meanings for this field, and whether the 1537 values are considered a guaranteed API. The value should 1538 be a CamelCase string. This field may not be empty. 1539 maxLength: 1024 1540 minLength: 1 1541 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 1542 type: string 1543 status: 1544 description: status of the condition, one of True, False, 1545 Unknown. 1546 enum: 1547 - "True" 1548 - "False" 1549 - Unknown 1550 type: string 1551 type: 1552 description: type of condition in CamelCase or in foo.example.com/CamelCase. 1553 --- Many .condition.type values are consistent across 1554 resources like Available, but because arbitrary conditions 1555 can be useful (see .node.status.conditions), the ability 1556 to deconflict is important. The regex it matches is 1557 (dns1123SubdomainFmt/)?(qualifiedNameFmt) 1558 maxLength: 316 1559 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 1560 type: string 1561 required: 1562 - lastTransitionTime 1563 - message 1564 - reason 1565 - status 1566 - type 1567 type: object 1568 maxItems: 8 1569 minItems: 1 1570 type: array 1571 x-kubernetes-list-map-keys: 1572 - type 1573 x-kubernetes-list-type: map 1574 controllerName: 1575 description: "ControllerName is a domain/path string that indicates 1576 the name of the controller that wrote this status. This corresponds 1577 with the controllerName field on GatewayClass. \n Example: 1578 \"example.net/gateway-controller\". \n The format of this 1579 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid 1580 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). 1581 \n Controllers MUST populate this field when writing status. 1582 Controllers should ensure that entries to status populated 1583 with their ControllerName are cleaned up when they are no 1584 longer necessary." 1585 maxLength: 253 1586 minLength: 1 1587 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 1588 type: string 1589 parentRef: 1590 description: ParentRef corresponds with a ParentRef in the spec 1591 that this RouteParentStatus struct describes the status of. 1592 properties: 1593 group: 1594 default: gateway.networking.k8s.io 1595 description: "Group is the group of the referent. When unspecified, 1596 \"gateway.networking.k8s.io\" is inferred. To set the 1597 core API group (such as for a \"Service\" kind referent), 1598 Group must be explicitly set to \"\" (empty string). \n 1599 Support: Core" 1600 maxLength: 253 1601 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1602 type: string 1603 kind: 1604 default: Gateway 1605 description: "Kind is kind of the referent. \n There are 1606 two kinds of parent resources with \"Core\" support: \n 1607 * Gateway (Gateway conformance profile) * Service (Mesh 1608 conformance profile, experimental, ClusterIP Services 1609 only) \n Support for other resources is Implementation-Specific." 1610 maxLength: 63 1611 minLength: 1 1612 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1613 type: string 1614 name: 1615 description: "Name is the name of the referent. \n Support: 1616 Core" 1617 maxLength: 253 1618 minLength: 1 1619 type: string 1620 namespace: 1621 description: "Namespace is the namespace of the referent. 1622 When unspecified, this refers to the local namespace of 1623 the Route. \n Note that there are specific rules for ParentRefs 1624 which cross namespace boundaries. Cross-namespace references 1625 are only valid if they are explicitly allowed by something 1626 in the namespace they are referring to. For example: Gateway 1627 has the AllowedRoutes field, and ReferenceGrant provides 1628 a generic way to enable any other kind of cross-namespace 1629 reference. \n ParentRefs from a Route to a Service in 1630 the same namespace are \"producer\" routes, which apply 1631 default routing rules to inbound connections from any 1632 namespace to the Service. \n ParentRefs from a Route to 1633 a Service in a different namespace are \"consumer\" routes, 1634 and these routing rules are only applied to outbound connections 1635 originating from the same namespace as the Route, for 1636 which the intended destination of the connections are 1637 a Service targeted as a ParentRef of the Route. \n Support: 1638 Core" 1639 maxLength: 63 1640 minLength: 1 1641 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 1642 type: string 1643 port: 1644 description: "Port is the network port this Route targets. 1645 It can be interpreted differently based on the type of 1646 parent resource. \n When the parent resource is a Gateway, 1647 this targets all listeners listening on the specified 1648 port that also support this kind of Route(and select this 1649 Route). It's not recommended to set `Port` unless the 1650 networking behaviors specified in a Route must apply to 1651 a specific port as opposed to a listener(s) whose port(s) 1652 may be changed. When both Port and SectionName are specified, 1653 the name and port of the selected listener must match 1654 both specified values. \n When the parent resource is 1655 a Service, this targets a specific port in the Service 1656 spec. When both Port (experimental) and SectionName are 1657 specified, the name and port of the selected port must 1658 match both specified values. \n Implementations MAY choose 1659 to support other parent resources. Implementations supporting 1660 other types of parent resources MUST clearly document 1661 how/if Port is interpreted. \n For the purpose of status, 1662 an attachment is considered successful as long as the 1663 parent resource accepts it partially. For example, Gateway 1664 listeners can restrict which Routes can attach to them 1665 by Route kind, namespace, or hostname. If 1 of 2 Gateway 1666 listeners accept attachment from the referencing Route, 1667 the Route MUST be considered successfully attached. If 1668 no Gateway listeners accept attachment from this Route, 1669 the Route MUST be considered detached from the Gateway. 1670 \n Support: Extended \n " 1671 format: int32 1672 maximum: 65535 1673 minimum: 1 1674 type: integer 1675 sectionName: 1676 description: "SectionName is the name of a section within 1677 the target resource. In the following resources, SectionName 1678 is interpreted as the following: \n * Gateway: Listener 1679 Name. When both Port (experimental) and SectionName are 1680 specified, the name and port of the selected listener 1681 must match both specified values. * Service: Port Name. 1682 When both Port (experimental) and SectionName are specified, 1683 the name and port of the selected listener must match 1684 both specified values. Note that attaching Routes to Services 1685 as Parents is part of experimental Mesh support and is 1686 not supported for any other purpose. \n Implementations 1687 MAY choose to support attaching Routes to other resources. 1688 If that is the case, they MUST clearly document how SectionName 1689 is interpreted. \n When unspecified (empty string), this 1690 will reference the entire resource. For the purpose of 1691 status, an attachment is considered successful if at least 1692 one section in the parent resource accepts it. For example, 1693 Gateway listeners can restrict which Routes can attach 1694 to them by Route kind, namespace, or hostname. If 1 of 1695 2 Gateway listeners accept attachment from the referencing 1696 Route, the Route MUST be considered successfully attached. 1697 If no Gateway listeners accept attachment from this Route, 1698 the Route MUST be considered detached from the Gateway. 1699 \n Support: Core" 1700 maxLength: 253 1701 minLength: 1 1702 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1703 type: string 1704 required: 1705 - name 1706 type: object 1707 required: 1708 - controllerName 1709 - parentRef 1710 type: object 1711 maxItems: 32 1712 type: array 1713 required: 1714 - parents 1715 type: object 1716 type: object 1717 served: true 1718 storage: true 1719 subresources: 1720 status: {} 1721 status: 1722 acceptedNames: 1723 kind: "" 1724 plural: "" 1725 conditions: null 1726 storedVersions: null