sigs.k8s.io/gateway-api@v1.0.0/config/crd/experimental/gateway.networking.k8s.io_httproutes.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 6 gateway.networking.k8s.io/bundle-version: v1.0.0 7 gateway.networking.k8s.io/channel: experimental 8 creationTimestamp: null 9 name: httproutes.gateway.networking.k8s.io 10 spec: 11 group: gateway.networking.k8s.io 12 names: 13 categories: 14 - gateway-api 15 kind: HTTPRoute 16 listKind: HTTPRouteList 17 plural: httproutes 18 singular: httproute 19 scope: Namespaced 20 versions: 21 - additionalPrinterColumns: 22 - jsonPath: .spec.hostnames 23 name: Hostnames 24 type: string 25 - jsonPath: .metadata.creationTimestamp 26 name: Age 27 type: date 28 name: v1 29 schema: 30 openAPIV3Schema: 31 description: HTTPRoute provides a way to route HTTP requests. This includes 32 the capability to match requests by hostname, path, header, or query param. 33 Filters can be used to specify additional processing steps. Backends specify 34 where matching requests should be routed. 35 properties: 36 apiVersion: 37 description: 'APIVersion defines the versioned schema of this representation 38 of an object. Servers should convert recognized schemas to the latest 39 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 40 type: string 41 kind: 42 description: 'Kind is a string value representing the REST resource this 43 object represents. Servers may infer this from the endpoint the client 44 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 45 type: string 46 metadata: 47 type: object 48 spec: 49 description: Spec defines the desired state of HTTPRoute. 50 properties: 51 hostnames: 52 description: "Hostnames defines a set of hostnames that should match 53 against the HTTP Host header to select a HTTPRoute used to process 54 the request. Implementations MUST ignore any port value specified 55 in the HTTP Host header while performing a match and (absent of 56 any applicable header modification configuration) MUST forward this 57 header unmodified to the backend. \n Valid values for Hostnames 58 are determined by RFC 1123 definition of a hostname with 2 notable 59 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed 60 with a wildcard label (`*.`). The wildcard label must appear by 61 itself as the first label. \n If a hostname is specified by both 62 the Listener and HTTPRoute, there must be at least one intersecting 63 hostname for the HTTPRoute to be attached to the Listener. For example: 64 \n * A Listener with `test.example.com` as the hostname matches 65 HTTPRoutes that have either not specified any hostnames, or have 66 specified at least one of `test.example.com` or `*.example.com`. 67 * A Listener with `*.example.com` as the hostname matches HTTPRoutes 68 that have either not specified any hostnames or have specified at 69 least one hostname that matches the Listener hostname. For example, 70 `*.example.com`, `test.example.com`, and `foo.test.example.com` 71 would all match. On the other hand, `example.com` and `test.example.net` 72 would not match. \n Hostnames that are prefixed with a wildcard 73 label (`*.`) are interpreted as a suffix match. That means that 74 a match for `*.example.com` would match both `test.example.com`, 75 and `foo.test.example.com`, but not `example.com`. \n If both the 76 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames 77 that do not match the Listener hostname MUST be ignored. For example, 78 if a Listener specified `*.example.com`, and the HTTPRoute specified 79 `test.example.com` and `test.example.net`, `test.example.net` must 80 not be considered for a match. \n If both the Listener and HTTPRoute 81 have specified hostnames, and none match with the criteria above, 82 then the HTTPRoute is not accepted. The implementation must raise 83 an 'Accepted' Condition with a status of `False` in the corresponding 84 RouteParentStatus. \n In the event that multiple HTTPRoutes specify 85 intersecting hostnames (e.g. overlapping wildcard matching and exact 86 matching hostnames), precedence must be given to rules from the 87 HTTPRoute with the largest number of: \n * Characters in a matching 88 non-wildcard hostname. * Characters in a matching hostname. \n If 89 ties exist across multiple Routes, the matching precedence rules 90 for HTTPRouteMatches takes over. \n Support: Core" 91 items: 92 description: "Hostname is the fully qualified domain name of a network 93 host. This matches the RFC 1123 definition of a hostname with 94 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname 95 may be prefixed with a wildcard label (`*.`). The wildcard label 96 must appear by itself as the first label. \n Hostname can be \"precise\" 97 which is a domain name without the terminating dot of a network 98 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain 99 name prefixed with a single wildcard label (e.g. `*.example.com`). 100 \n Note that as per RFC1035 and RFC1123, a *label* must consist 101 of lower case alphanumeric characters or '-', and must start and 102 end with an alphanumeric character. No other punctuation is allowed." 103 maxLength: 253 104 minLength: 1 105 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 106 type: string 107 maxItems: 16 108 type: array 109 parentRefs: 110 description: "ParentRefs references the resources (usually Gateways) 111 that a Route wants to be attached to. Note that the referenced parent 112 resource needs to allow this for the attachment to be complete. 113 For Gateways, that means the Gateway needs to allow attachment from 114 Routes of this kind and namespace. For Services, that means the 115 Service must either be in the same namespace for a \"producer\" 116 route, or the mesh implementation must support and allow \"consumer\" 117 routes for the referenced Service. ReferenceGrant is not applicable 118 for governing ParentRefs to Services - it is not possible to create 119 a \"producer\" route for a Service in a different namespace from 120 the Route. \n There are two kinds of parent resources with \"Core\" 121 support: \n * Gateway (Gateway conformance profile) * Service (Mesh 122 conformance profile, experimental, ClusterIP Services only) This 123 API may be extended in the future to support additional kinds of 124 parent resources. \n ParentRefs must be _distinct_. This means either 125 that: \n * They select different objects. If this is the case, 126 then parentRef entries are distinct. In terms of fields, this means 127 that the multi-part key defined by `group`, `kind`, `namespace`, 128 and `name` must be unique across all parentRef entries in the Route. 129 * They do not select different objects, but for each optional field 130 used, each ParentRef that selects the same object must set the same 131 set of optional fields to different values. If one ParentRef sets 132 a combination of optional fields, all must set the same combination. 133 \n Some examples: \n * If one ParentRef sets `sectionName`, all 134 ParentRefs referencing the same object must also set `sectionName`. 135 * If one ParentRef sets `port`, all ParentRefs referencing the same 136 object must also set `port`. * If one ParentRef sets `sectionName` 137 and `port`, all ParentRefs referencing the same object must also 138 set `sectionName` and `port`. \n It is possible to separately reference 139 multiple distinct objects that may be collapsed by an implementation. 140 For example, some implementations may choose to merge compatible 141 Gateway Listeners together. If that is the case, the list of routes 142 attached to those resources should also be merged. \n Note that 143 for ParentRefs that cross namespace boundaries, there are specific 144 rules. Cross-namespace references are only valid if they are explicitly 145 allowed by something in the namespace they are referring to. For 146 example, Gateway has the AllowedRoutes field, and ReferenceGrant 147 provides a generic way to enable other kinds of cross-namespace 148 reference. \n ParentRefs from a Route to a Service in the same 149 namespace are \"producer\" routes, which apply default routing rules 150 to inbound connections from any namespace to the Service. \n ParentRefs 151 from a Route to a Service in a different namespace are \"consumer\" 152 routes, and these routing rules are only applied to outbound connections 153 originating from the same namespace as the Route, for which the 154 intended destination of the connections are a Service targeted as 155 a ParentRef of the Route. \n " 156 items: 157 description: "ParentReference identifies an API object (usually 158 a Gateway) that can be considered a parent of this resource (usually 159 a route). There are two kinds of parent resources with \"Core\" 160 support: \n * Gateway (Gateway conformance profile) * Service 161 (Mesh conformance profile, experimental, ClusterIP Services only) 162 \n This API may be extended in the future to support additional 163 kinds of parent resources. \n The API object must be valid in 164 the cluster; the Group and Kind must be registered in the cluster 165 for this reference to be valid." 166 properties: 167 group: 168 default: gateway.networking.k8s.io 169 description: "Group is the group of the referent. When unspecified, 170 \"gateway.networking.k8s.io\" is inferred. To set the core 171 API group (such as for a \"Service\" kind referent), Group 172 must be explicitly set to \"\" (empty string). \n Support: 173 Core" 174 maxLength: 253 175 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 176 type: string 177 kind: 178 default: Gateway 179 description: "Kind is kind of the referent. \n There are two 180 kinds of parent resources with \"Core\" support: \n * Gateway 181 (Gateway conformance profile) * Service (Mesh conformance 182 profile, experimental, ClusterIP Services only) \n Support 183 for other resources is Implementation-Specific." 184 maxLength: 63 185 minLength: 1 186 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 187 type: string 188 name: 189 description: "Name is the name of the referent. \n Support: 190 Core" 191 maxLength: 253 192 minLength: 1 193 type: string 194 namespace: 195 description: "Namespace is the namespace of the referent. When 196 unspecified, this refers to the local namespace of the Route. 197 \n Note that there are specific rules for ParentRefs which 198 cross namespace boundaries. Cross-namespace references are 199 only valid if they are explicitly allowed by something in 200 the namespace they are referring to. For example: Gateway 201 has the AllowedRoutes field, and ReferenceGrant provides a 202 generic way to enable any other kind of cross-namespace reference. 203 \n ParentRefs from a Route to a Service in the same namespace 204 are \"producer\" routes, which apply default routing rules 205 to inbound connections from any namespace to the Service. 206 \n ParentRefs from a Route to a Service in a different namespace 207 are \"consumer\" routes, and these routing rules are only 208 applied to outbound connections originating from the same 209 namespace as the Route, for which the intended destination 210 of the connections are a Service targeted as a ParentRef of 211 the Route. \n Support: Core" 212 maxLength: 63 213 minLength: 1 214 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 215 type: string 216 port: 217 description: "Port is the network port this Route targets. It 218 can be interpreted differently based on the type of parent 219 resource. \n When the parent resource is a Gateway, this targets 220 all listeners listening on the specified port that also support 221 this kind of Route(and select this Route). It's not recommended 222 to set `Port` unless the networking behaviors specified in 223 a Route must apply to a specific port as opposed to a listener(s) 224 whose port(s) may be changed. When both Port and SectionName 225 are specified, the name and port of the selected listener 226 must match both specified values. \n When the parent resource 227 is a Service, this targets a specific port in the Service 228 spec. When both Port (experimental) and SectionName are specified, 229 the name and port of the selected port must match both specified 230 values. \n Implementations MAY choose to support other parent 231 resources. Implementations supporting other types of parent 232 resources MUST clearly document how/if Port is interpreted. 233 \n For the purpose of status, an attachment is considered 234 successful as long as the parent resource accepts it partially. 235 For example, Gateway listeners can restrict which Routes can 236 attach to them by Route kind, namespace, or hostname. If 1 237 of 2 Gateway listeners accept attachment from the referencing 238 Route, the Route MUST be considered successfully attached. 239 If no Gateway listeners accept attachment from this Route, 240 the Route MUST be considered detached from the Gateway. \n 241 Support: Extended \n " 242 format: int32 243 maximum: 65535 244 minimum: 1 245 type: integer 246 sectionName: 247 description: "SectionName is the name of a section within the 248 target resource. In the following resources, SectionName is 249 interpreted as the following: \n * Gateway: Listener Name. 250 When both Port (experimental) and SectionName are specified, 251 the name and port of the selected listener must match both 252 specified values. * Service: Port Name. When both Port (experimental) 253 and SectionName are specified, the name and port of the selected 254 listener must match both specified values. Note that attaching 255 Routes to Services as Parents is part of experimental Mesh 256 support and is not supported for any other purpose. \n Implementations 257 MAY choose to support attaching Routes to other resources. 258 If that is the case, they MUST clearly document how SectionName 259 is interpreted. \n When unspecified (empty string), this will 260 reference the entire resource. For the purpose of status, 261 an attachment is considered successful if at least one section 262 in the parent resource accepts it. For example, Gateway listeners 263 can restrict which Routes can attach to them by Route kind, 264 namespace, or hostname. If 1 of 2 Gateway listeners accept 265 attachment from the referencing Route, the Route MUST be considered 266 successfully attached. If no Gateway listeners accept attachment 267 from this Route, the Route MUST be considered detached from 268 the Gateway. \n Support: Core" 269 maxLength: 253 270 minLength: 1 271 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 272 type: string 273 required: 274 - name 275 type: object 276 maxItems: 32 277 type: array 278 x-kubernetes-validations: 279 - message: sectionName or port must be specified when parentRefs includes 280 2 or more references to the same parent 281 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind 282 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 283 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ 284 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && 285 p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) 286 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName 287 == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) 288 || p2.port == 0)): true))' 289 - message: sectionName or port must be unique when parentRefs includes 290 2 or more references to the same parent 291 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind 292 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 293 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ 294 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && 295 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) 296 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName 297 == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName 298 == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) 299 || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port 300 == p2.port)))) 301 rules: 302 default: 303 - matches: 304 - path: 305 type: PathPrefix 306 value: / 307 description: Rules are a list of HTTP matchers, filters and actions. 308 items: 309 description: HTTPRouteRule defines semantics for matching an HTTP 310 request based on conditions (matches), processing it (filters), 311 and forwarding the request to an API object (backendRefs). 312 properties: 313 backendRefs: 314 description: "BackendRefs defines the backend(s) where matching 315 requests should be sent. \n Failure behavior here depends 316 on how many BackendRefs are specified and how many are invalid. 317 \n If *all* entries in BackendRefs are invalid, and there 318 are also no filters specified in this route rule, *all* traffic 319 which matches this rule MUST receive a 500 status code. \n 320 See the HTTPBackendRef definition for the rules about what 321 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef 322 is invalid, 500 status codes MUST be returned for requests 323 that would have otherwise been routed to an invalid backend. 324 If multiple backends are specified, and some are invalid, 325 the proportion of requests that would otherwise have been 326 routed to an invalid backend MUST receive a 500 status code. 327 \n For example, if two backends are specified with equal weights, 328 and one is invalid, 50 percent of traffic must receive a 500. 329 Implementations may choose how that 50 percent is determined. 330 \n Support: Core for Kubernetes Service \n Support: Extended 331 for Kubernetes ServiceImport \n Support: Implementation-specific 332 for any other resource \n Support for weight: Core" 333 items: 334 description: "HTTPBackendRef defines how a HTTPRoute forwards 335 a HTTP request. \n Note that when a namespace different 336 than the local namespace is specified, a ReferenceGrant 337 object is required in the referent namespace to allow that 338 namespace's owner to accept the reference. See the ReferenceGrant 339 documentation for details. \n <gateway:experimental:description> 340 \n When the BackendRef points to a Kubernetes Service, implementations 341 SHOULD honor the appProtocol field if it is set for the 342 target Service Port. \n Implementations supporting appProtocol 343 SHOULD recognize the Kubernetes Standard Application Protocols 344 defined in KEP-3726. \n If a Service appProtocol isn't specified, 345 an implementation MAY infer the backend protocol through 346 its own means. Implementations MAY infer the protocol from 347 the Route type referring to the backend Service. \n If a 348 Route is not able to send traffic to the backend using the 349 specified protocol then the backend is considered invalid. 350 Implementations MUST set the \"ResolvedRefs\" condition 351 to \"False\" with the \"UnsupportedProtocol\" reason. \n 352 </gateway:experimental:description>" 353 properties: 354 filters: 355 description: "Filters defined at this level should be 356 executed if and only if the request is being forwarded 357 to the backend defined here. \n Support: Implementation-specific 358 (For broader support of filters, use the Filters field 359 in HTTPRouteRule.)" 360 items: 361 description: HTTPRouteFilter defines processing steps 362 that must be completed during the request or response 363 lifecycle. HTTPRouteFilters are meant as an extension 364 point to express processing that may be done in Gateway 365 implementations. Some examples include request or 366 response modification, implementing authentication 367 strategies, rate-limiting, and traffic shaping. API 368 guarantee/conformance is defined based on the type 369 of the filter. 370 properties: 371 extensionRef: 372 description: "ExtensionRef is an optional, implementation-specific 373 extension to the \"filter\" behavior. For example, 374 resource \"myroutefilter\" in group \"networking.example.net\"). 375 ExtensionRef MUST NOT be used for core and extended 376 filters. \n This filter can be used multiple times 377 within the same rule. \n Support: Implementation-specific" 378 properties: 379 group: 380 description: Group is the group of the referent. 381 For example, "gateway.networking.k8s.io". 382 When unspecified or empty string, core API 383 group is inferred. 384 maxLength: 253 385 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 386 type: string 387 kind: 388 description: Kind is kind of the referent. For 389 example "HTTPRoute" or "Service". 390 maxLength: 63 391 minLength: 1 392 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 393 type: string 394 name: 395 description: Name is the name of the referent. 396 maxLength: 253 397 minLength: 1 398 type: string 399 required: 400 - group 401 - kind 402 - name 403 type: object 404 requestHeaderModifier: 405 description: "RequestHeaderModifier defines a schema 406 for a filter that modifies request headers. \n 407 Support: Core" 408 properties: 409 add: 410 description: "Add adds the given header(s) (name, 411 value) to the request before the action. It 412 appends to any existing values associated 413 with the header name. \n Input: GET /foo HTTP/1.1 414 my-header: foo \n Config: add: - name: \"my-header\" 415 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 416 my-header: foo,bar,baz" 417 items: 418 description: HTTPHeader represents an HTTP 419 Header name and value as defined by RFC 420 7230. 421 properties: 422 name: 423 description: "Name is the name of the 424 HTTP Header to be matched. Name matching 425 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 426 \n If multiple entries specify equivalent 427 header names, the first entry with an 428 equivalent name MUST be considered for 429 a match. Subsequent entries with an 430 equivalent header name MUST be ignored. 431 Due to the case-insensitivity of header 432 names, \"foo\" and \"Foo\" are considered 433 equivalent." 434 maxLength: 256 435 minLength: 1 436 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 437 type: string 438 value: 439 description: Value is the value of HTTP 440 Header to be matched. 441 maxLength: 4096 442 minLength: 1 443 type: string 444 required: 445 - name 446 - value 447 type: object 448 maxItems: 16 449 type: array 450 x-kubernetes-list-map-keys: 451 - name 452 x-kubernetes-list-type: map 453 remove: 454 description: "Remove the given header(s) from 455 the HTTP request before the action. The value 456 of Remove is a list of HTTP header names. 457 Note that the header names are case-insensitive 458 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 459 \n Input: GET /foo HTTP/1.1 my-header1: foo 460 my-header2: bar my-header3: baz \n Config: 461 remove: [\"my-header1\", \"my-header3\"] \n 462 Output: GET /foo HTTP/1.1 my-header2: bar" 463 items: 464 type: string 465 maxItems: 16 466 type: array 467 x-kubernetes-list-type: set 468 set: 469 description: "Set overwrites the request with 470 the given header (name, value) before the 471 action. \n Input: GET /foo HTTP/1.1 my-header: 472 foo \n Config: set: - name: \"my-header\" 473 value: \"bar\" \n Output: GET /foo HTTP/1.1 474 my-header: bar" 475 items: 476 description: HTTPHeader represents an HTTP 477 Header name and value as defined by RFC 478 7230. 479 properties: 480 name: 481 description: "Name is the name of the 482 HTTP Header to be matched. Name matching 483 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 484 \n If multiple entries specify equivalent 485 header names, the first entry with an 486 equivalent name MUST be considered for 487 a match. Subsequent entries with an 488 equivalent header name MUST be ignored. 489 Due to the case-insensitivity of header 490 names, \"foo\" and \"Foo\" are considered 491 equivalent." 492 maxLength: 256 493 minLength: 1 494 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 495 type: string 496 value: 497 description: Value is the value of HTTP 498 Header to be matched. 499 maxLength: 4096 500 minLength: 1 501 type: string 502 required: 503 - name 504 - value 505 type: object 506 maxItems: 16 507 type: array 508 x-kubernetes-list-map-keys: 509 - name 510 x-kubernetes-list-type: map 511 type: object 512 requestMirror: 513 description: "RequestMirror defines a schema for 514 a filter that mirrors requests. Requests are sent 515 to the specified destination, but responses from 516 that destination are ignored. \n This filter can 517 be used multiple times within the same rule. Note 518 that not all implementations will be able to support 519 mirroring to multiple backends. \n Support: Extended" 520 properties: 521 backendRef: 522 description: "BackendRef references a resource 523 where mirrored requests are sent. \n Mirrored 524 requests must be sent only to a single destination 525 endpoint within this BackendRef, irrespective 526 of how many endpoints are present within this 527 BackendRef. \n If the referent cannot be found, 528 this BackendRef is invalid and must be dropped 529 from the Gateway. The controller must ensure 530 the \"ResolvedRefs\" condition on the Route 531 status is set to `status: False` and not configure 532 this backend in the underlying implementation. 533 \n If there is a cross-namespace reference 534 to an *existing* object that is not allowed 535 by a ReferenceGrant, the controller must ensure 536 the \"ResolvedRefs\" condition on the Route 537 is set to `status: False`, with the \"RefNotPermitted\" 538 reason and not configure this backend in the 539 underlying implementation. \n In either error 540 case, the Message of the `ResolvedRefs` Condition 541 should be used to provide more detail about 542 the problem. \n Support: Extended for Kubernetes 543 Service \n Support: Implementation-specific 544 for any other resource" 545 properties: 546 group: 547 default: "" 548 description: Group is the group of the referent. 549 For example, "gateway.networking.k8s.io". 550 When unspecified or empty string, core 551 API group is inferred. 552 maxLength: 253 553 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 554 type: string 555 kind: 556 default: Service 557 description: "Kind is the Kubernetes resource 558 kind of the referent. For example \"Service\". 559 \n Defaults to \"Service\" when not specified. 560 \n ExternalName services can refer to 561 CNAME DNS records that may live outside 562 of the cluster and as such are difficult 563 to reason about in terms of conformance. 564 They also may not be safe to forward to 565 (see CVE-2021-25740 for more information). 566 Implementations SHOULD NOT support ExternalName 567 Services. \n Support: Core (Services with 568 a type other than ExternalName) \n Support: 569 Implementation-specific (Services with 570 type ExternalName)" 571 maxLength: 63 572 minLength: 1 573 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 574 type: string 575 name: 576 description: Name is the name of the referent. 577 maxLength: 253 578 minLength: 1 579 type: string 580 namespace: 581 description: "Namespace is the namespace 582 of the backend. When unspecified, the 583 local namespace is inferred. \n Note that 584 when a namespace different than the local 585 namespace is specified, a ReferenceGrant 586 object is required in the referent namespace 587 to allow that namespace's owner to accept 588 the reference. See the ReferenceGrant 589 documentation for details. \n Support: 590 Core" 591 maxLength: 63 592 minLength: 1 593 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 594 type: string 595 port: 596 description: Port specifies the destination 597 port number to use for this resource. 598 Port is required when the referent is 599 a Kubernetes Service. In this case, the 600 port number is the service port number, 601 not the target port. For other resources, 602 destination port might be derived from 603 the referent resource or this field. 604 format: int32 605 maximum: 65535 606 minimum: 1 607 type: integer 608 required: 609 - name 610 type: object 611 x-kubernetes-validations: 612 - message: Must have port for Service reference 613 rule: '(size(self.group) == 0 && self.kind 614 == ''Service'') ? has(self.port) : true' 615 required: 616 - backendRef 617 type: object 618 requestRedirect: 619 description: "RequestRedirect defines a schema for 620 a filter that responds to the request with an 621 HTTP redirection. \n Support: Core" 622 properties: 623 hostname: 624 description: "Hostname is the hostname to be 625 used in the value of the `Location` header 626 in the response. When empty, the hostname 627 in the `Host` header of the request is used. 628 \n Support: Core" 629 maxLength: 253 630 minLength: 1 631 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 632 type: string 633 path: 634 description: "Path defines parameters used to 635 modify the path of the incoming request. The 636 modified path is then used to construct the 637 `Location` header. When empty, the request 638 path is used as-is. \n Support: Extended" 639 properties: 640 replaceFullPath: 641 description: ReplaceFullPath specifies the 642 value with which to replace the full path 643 of a request during a rewrite or redirect. 644 maxLength: 1024 645 type: string 646 replacePrefixMatch: 647 description: "ReplacePrefixMatch specifies 648 the value with which to replace the prefix 649 match of a request during a rewrite or 650 redirect. For example, a request to \"/foo/bar\" 651 with a prefix match of \"/foo\" and a 652 ReplacePrefixMatch of \"/xyz\" would be 653 modified to \"/xyz/bar\". \n Note that 654 this matches the behavior of the PathPrefix 655 match type. This matches full path elements. 656 A path element refers to the list of labels 657 in the path split by the `/` separator. 658 When specified, a trailing `/` is ignored. 659 For example, the paths `/abc`, `/abc/`, 660 and `/abc/def` would all match the prefix 661 `/abc`, but the path `/abcd` would not. 662 \n ReplacePrefixMatch is only compatible 663 with a `PathPrefix` HTTPRouteMatch. Using 664 any other HTTPRouteMatch type on the same 665 HTTPRouteRule will result in the implementation 666 setting the Accepted Condition for the 667 Route to `status: False`. \n Request Path 668 | Prefix Match | Replace Prefix | Modified 669 Path -------------|--------------|----------------|---------- 670 /foo/bar | /foo | /xyz | 671 /xyz/bar /foo/bar | /foo | 672 /xyz/ | /xyz/bar /foo/bar | 673 /foo/ | /xyz | /xyz/bar 674 /foo/bar | /foo/ | /xyz/ | 675 /xyz/bar /foo | /foo | 676 /xyz | /xyz /foo/ | /foo 677 \ | /xyz | /xyz/ /foo/bar 678 \ | /foo | <empty string> | 679 /bar /foo/ | /foo | <empty 680 string> | / /foo | /foo | 681 <empty string> | / /foo/ | /foo 682 \ | / | / /foo | 683 /foo | / | /" 684 maxLength: 1024 685 type: string 686 type: 687 description: "Type defines the type of path 688 modifier. Additional types may be added 689 in a future release of the API. \n Note 690 that values may be added to this enum, 691 implementations must ensure that unknown 692 values will not cause a crash. \n Unknown 693 values here must result in the implementation 694 setting the Accepted Condition for the 695 Route to `status: False`, with a Reason 696 of `UnsupportedValue`." 697 enum: 698 - ReplaceFullPath 699 - ReplacePrefixMatch 700 type: string 701 required: 702 - type 703 type: object 704 x-kubernetes-validations: 705 - message: replaceFullPath must be specified 706 when type is set to 'ReplaceFullPath' 707 rule: 'self.type == ''ReplaceFullPath'' ? 708 has(self.replaceFullPath) : true' 709 - message: type must be 'ReplaceFullPath' when 710 replaceFullPath is set 711 rule: 'has(self.replaceFullPath) ? self.type 712 == ''ReplaceFullPath'' : true' 713 - message: replacePrefixMatch must be specified 714 when type is set to 'ReplacePrefixMatch' 715 rule: 'self.type == ''ReplacePrefixMatch'' 716 ? has(self.replacePrefixMatch) : true' 717 - message: type must be 'ReplacePrefixMatch' 718 when replacePrefixMatch is set 719 rule: 'has(self.replacePrefixMatch) ? self.type 720 == ''ReplacePrefixMatch'' : true' 721 port: 722 description: "Port is the port to be used in 723 the value of the `Location` header in the 724 response. \n If no port is specified, the 725 redirect port MUST be derived using the following 726 rules: \n * If redirect scheme is not-empty, 727 the redirect port MUST be the well-known port 728 associated with the redirect scheme. Specifically 729 \"http\" to port 80 and \"https\" to port 730 443. If the redirect scheme does not have 731 a well-known port, the listener port of the 732 Gateway SHOULD be used. * If redirect scheme 733 is empty, the redirect port MUST be the Gateway 734 Listener port. \n Implementations SHOULD NOT 735 add the port number in the 'Location' header 736 in the following cases: \n * A Location header 737 that will use HTTP (whether that is determined 738 via the Listener protocol or the Scheme field) 739 _and_ use port 80. * A Location header that 740 will use HTTPS (whether that is determined 741 via the Listener protocol or the Scheme field) 742 _and_ use port 443. \n Support: Extended" 743 format: int32 744 maximum: 65535 745 minimum: 1 746 type: integer 747 scheme: 748 description: "Scheme is the scheme to be used 749 in the value of the `Location` header in the 750 response. When empty, the scheme of the request 751 is used. \n Scheme redirects can affect the 752 port of the redirect, for more information, 753 refer to the documentation for the port field 754 of this filter. \n Note that values may be 755 added to this enum, implementations must ensure 756 that unknown values will not cause a crash. 757 \n Unknown values here must result in the 758 implementation setting the Accepted Condition 759 for the Route to `status: False`, with a Reason 760 of `UnsupportedValue`. \n Support: Extended" 761 enum: 762 - http 763 - https 764 type: string 765 statusCode: 766 default: 302 767 description: "StatusCode is the HTTP status 768 code to be used in response. \n Note that 769 values may be added to this enum, implementations 770 must ensure that unknown values will not cause 771 a crash. \n Unknown values here must result 772 in the implementation setting the Accepted 773 Condition for the Route to `status: False`, 774 with a Reason of `UnsupportedValue`. \n Support: 775 Core" 776 enum: 777 - 301 778 - 302 779 type: integer 780 type: object 781 responseHeaderModifier: 782 description: "ResponseHeaderModifier defines a schema 783 for a filter that modifies response headers. \n 784 Support: Extended" 785 properties: 786 add: 787 description: "Add adds the given header(s) (name, 788 value) to the request before the action. It 789 appends to any existing values associated 790 with the header name. \n Input: GET /foo HTTP/1.1 791 my-header: foo \n Config: add: - name: \"my-header\" 792 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 793 my-header: foo,bar,baz" 794 items: 795 description: HTTPHeader represents an HTTP 796 Header name and value as defined by RFC 797 7230. 798 properties: 799 name: 800 description: "Name is the name of the 801 HTTP Header to be matched. Name matching 802 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 803 \n If multiple entries specify equivalent 804 header names, the first entry with an 805 equivalent name MUST be considered for 806 a match. Subsequent entries with an 807 equivalent header name MUST be ignored. 808 Due to the case-insensitivity of header 809 names, \"foo\" and \"Foo\" are considered 810 equivalent." 811 maxLength: 256 812 minLength: 1 813 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 814 type: string 815 value: 816 description: Value is the value of HTTP 817 Header to be matched. 818 maxLength: 4096 819 minLength: 1 820 type: string 821 required: 822 - name 823 - value 824 type: object 825 maxItems: 16 826 type: array 827 x-kubernetes-list-map-keys: 828 - name 829 x-kubernetes-list-type: map 830 remove: 831 description: "Remove the given header(s) from 832 the HTTP request before the action. The value 833 of Remove is a list of HTTP header names. 834 Note that the header names are case-insensitive 835 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 836 \n Input: GET /foo HTTP/1.1 my-header1: foo 837 my-header2: bar my-header3: baz \n Config: 838 remove: [\"my-header1\", \"my-header3\"] \n 839 Output: GET /foo HTTP/1.1 my-header2: bar" 840 items: 841 type: string 842 maxItems: 16 843 type: array 844 x-kubernetes-list-type: set 845 set: 846 description: "Set overwrites the request with 847 the given header (name, value) before the 848 action. \n Input: GET /foo HTTP/1.1 my-header: 849 foo \n Config: set: - name: \"my-header\" 850 value: \"bar\" \n Output: GET /foo HTTP/1.1 851 my-header: bar" 852 items: 853 description: HTTPHeader represents an HTTP 854 Header name and value as defined by RFC 855 7230. 856 properties: 857 name: 858 description: "Name is the name of the 859 HTTP Header to be matched. Name matching 860 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 861 \n If multiple entries specify equivalent 862 header names, the first entry with an 863 equivalent name MUST be considered for 864 a match. Subsequent entries with an 865 equivalent header name MUST be ignored. 866 Due to the case-insensitivity of header 867 names, \"foo\" and \"Foo\" are considered 868 equivalent." 869 maxLength: 256 870 minLength: 1 871 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 872 type: string 873 value: 874 description: Value is the value of HTTP 875 Header to be matched. 876 maxLength: 4096 877 minLength: 1 878 type: string 879 required: 880 - name 881 - value 882 type: object 883 maxItems: 16 884 type: array 885 x-kubernetes-list-map-keys: 886 - name 887 x-kubernetes-list-type: map 888 type: object 889 type: 890 description: "Type identifies the type of filter 891 to apply. As with other API fields, types are 892 classified into three conformance levels: \n - 893 Core: Filter types and their corresponding configuration 894 defined by \"Support: Core\" in this package, 895 e.g. \"RequestHeaderModifier\". All implementations 896 must support core filters. \n - Extended: Filter 897 types and their corresponding configuration defined 898 by \"Support: Extended\" in this package, e.g. 899 \"RequestMirror\". Implementers are encouraged 900 to support extended filters. \n - Implementation-specific: 901 Filters that are defined and supported by specific 902 vendors. In the future, filters showing convergence 903 in behavior across multiple implementations will 904 be considered for inclusion in extended or core 905 conformance levels. Filter-specific configuration 906 for such filters is specified using the ExtensionRef 907 field. `Type` should be set to \"ExtensionRef\" 908 for custom filters. \n Implementers are encouraged 909 to define custom implementation types to extend 910 the core API with implementation-specific behavior. 911 \n If a reference to a custom filter type cannot 912 be resolved, the filter MUST NOT be skipped. Instead, 913 requests that would have been processed by that 914 filter MUST receive a HTTP error response. \n 915 Note that values may be added to this enum, implementations 916 must ensure that unknown values will not cause 917 a crash. \n Unknown values here must result in 918 the implementation setting the Accepted Condition 919 for the Route to `status: False`, with a Reason 920 of `UnsupportedValue`." 921 enum: 922 - RequestHeaderModifier 923 - ResponseHeaderModifier 924 - RequestMirror 925 - RequestRedirect 926 - URLRewrite 927 - ExtensionRef 928 type: string 929 urlRewrite: 930 description: "URLRewrite defines a schema for a 931 filter that modifies a request during forwarding. 932 \n Support: Extended" 933 properties: 934 hostname: 935 description: "Hostname is the value to be used 936 to replace the Host header value during forwarding. 937 \n Support: Extended" 938 maxLength: 253 939 minLength: 1 940 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 941 type: string 942 path: 943 description: "Path defines a path rewrite. \n 944 Support: Extended" 945 properties: 946 replaceFullPath: 947 description: ReplaceFullPath specifies the 948 value with which to replace the full path 949 of a request during a rewrite or redirect. 950 maxLength: 1024 951 type: string 952 replacePrefixMatch: 953 description: "ReplacePrefixMatch specifies 954 the value with which to replace the prefix 955 match of a request during a rewrite or 956 redirect. For example, a request to \"/foo/bar\" 957 with a prefix match of \"/foo\" and a 958 ReplacePrefixMatch of \"/xyz\" would be 959 modified to \"/xyz/bar\". \n Note that 960 this matches the behavior of the PathPrefix 961 match type. This matches full path elements. 962 A path element refers to the list of labels 963 in the path split by the `/` separator. 964 When specified, a trailing `/` is ignored. 965 For example, the paths `/abc`, `/abc/`, 966 and `/abc/def` would all match the prefix 967 `/abc`, but the path `/abcd` would not. 968 \n ReplacePrefixMatch is only compatible 969 with a `PathPrefix` HTTPRouteMatch. Using 970 any other HTTPRouteMatch type on the same 971 HTTPRouteRule will result in the implementation 972 setting the Accepted Condition for the 973 Route to `status: False`. \n Request Path 974 | Prefix Match | Replace Prefix | Modified 975 Path -------------|--------------|----------------|---------- 976 /foo/bar | /foo | /xyz | 977 /xyz/bar /foo/bar | /foo | 978 /xyz/ | /xyz/bar /foo/bar | 979 /foo/ | /xyz | /xyz/bar 980 /foo/bar | /foo/ | /xyz/ | 981 /xyz/bar /foo | /foo | 982 /xyz | /xyz /foo/ | /foo 983 \ | /xyz | /xyz/ /foo/bar 984 \ | /foo | <empty string> | 985 /bar /foo/ | /foo | <empty 986 string> | / /foo | /foo | 987 <empty string> | / /foo/ | /foo 988 \ | / | / /foo | 989 /foo | / | /" 990 maxLength: 1024 991 type: string 992 type: 993 description: "Type defines the type of path 994 modifier. Additional types may be added 995 in a future release of the API. \n Note 996 that values may be added to this enum, 997 implementations must ensure that unknown 998 values will not cause a crash. \n Unknown 999 values here must result in the implementation 1000 setting the Accepted Condition for the 1001 Route to `status: False`, with a Reason 1002 of `UnsupportedValue`." 1003 enum: 1004 - ReplaceFullPath 1005 - ReplacePrefixMatch 1006 type: string 1007 required: 1008 - type 1009 type: object 1010 x-kubernetes-validations: 1011 - message: replaceFullPath must be specified 1012 when type is set to 'ReplaceFullPath' 1013 rule: 'self.type == ''ReplaceFullPath'' ? 1014 has(self.replaceFullPath) : true' 1015 - message: type must be 'ReplaceFullPath' when 1016 replaceFullPath is set 1017 rule: 'has(self.replaceFullPath) ? self.type 1018 == ''ReplaceFullPath'' : true' 1019 - message: replacePrefixMatch must be specified 1020 when type is set to 'ReplacePrefixMatch' 1021 rule: 'self.type == ''ReplacePrefixMatch'' 1022 ? has(self.replacePrefixMatch) : true' 1023 - message: type must be 'ReplacePrefixMatch' 1024 when replacePrefixMatch is set 1025 rule: 'has(self.replacePrefixMatch) ? self.type 1026 == ''ReplacePrefixMatch'' : true' 1027 type: object 1028 required: 1029 - type 1030 type: object 1031 x-kubernetes-validations: 1032 - message: filter.requestHeaderModifier must be nil 1033 if the filter.type is not RequestHeaderModifier 1034 rule: '!(has(self.requestHeaderModifier) && self.type 1035 != ''RequestHeaderModifier'')' 1036 - message: filter.requestHeaderModifier must be specified 1037 for RequestHeaderModifier filter.type 1038 rule: '!(!has(self.requestHeaderModifier) && self.type 1039 == ''RequestHeaderModifier'')' 1040 - message: filter.responseHeaderModifier must be nil 1041 if the filter.type is not ResponseHeaderModifier 1042 rule: '!(has(self.responseHeaderModifier) && self.type 1043 != ''ResponseHeaderModifier'')' 1044 - message: filter.responseHeaderModifier must be specified 1045 for ResponseHeaderModifier filter.type 1046 rule: '!(!has(self.responseHeaderModifier) && self.type 1047 == ''ResponseHeaderModifier'')' 1048 - message: filter.requestMirror must be nil if the filter.type 1049 is not RequestMirror 1050 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 1051 - message: filter.requestMirror must be specified for 1052 RequestMirror filter.type 1053 rule: '!(!has(self.requestMirror) && self.type == 1054 ''RequestMirror'')' 1055 - message: filter.requestRedirect must be nil if the 1056 filter.type is not RequestRedirect 1057 rule: '!(has(self.requestRedirect) && self.type != 1058 ''RequestRedirect'')' 1059 - message: filter.requestRedirect must be specified 1060 for RequestRedirect filter.type 1061 rule: '!(!has(self.requestRedirect) && self.type == 1062 ''RequestRedirect'')' 1063 - message: filter.urlRewrite must be nil if the filter.type 1064 is not URLRewrite 1065 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')' 1066 - message: filter.urlRewrite must be specified for URLRewrite 1067 filter.type 1068 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')' 1069 - message: filter.extensionRef must be nil if the filter.type 1070 is not ExtensionRef 1071 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 1072 - message: filter.extensionRef must be specified for 1073 ExtensionRef filter.type 1074 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 1075 maxItems: 16 1076 type: array 1077 x-kubernetes-validations: 1078 - message: May specify either httpRouteFilterRequestRedirect 1079 or httpRouteFilterRequestRewrite, but not both 1080 rule: '!(self.exists(f, f.type == ''RequestRedirect'') 1081 && self.exists(f, f.type == ''URLRewrite''))' 1082 - message: May specify either httpRouteFilterRequestRedirect 1083 or httpRouteFilterRequestRewrite, but not both 1084 rule: '!(self.exists(f, f.type == ''RequestRedirect'') 1085 && self.exists(f, f.type == ''URLRewrite''))' 1086 - message: RequestHeaderModifier filter cannot be repeated 1087 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 1088 <= 1 1089 - message: ResponseHeaderModifier filter cannot be repeated 1090 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 1091 <= 1 1092 - message: RequestRedirect filter cannot be repeated 1093 rule: self.filter(f, f.type == 'RequestRedirect').size() 1094 <= 1 1095 - message: URLRewrite filter cannot be repeated 1096 rule: self.filter(f, f.type == 'URLRewrite').size() 1097 <= 1 1098 group: 1099 default: "" 1100 description: Group is the group of the referent. For example, 1101 "gateway.networking.k8s.io". When unspecified or empty 1102 string, core API group is inferred. 1103 maxLength: 253 1104 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1105 type: string 1106 kind: 1107 default: Service 1108 description: "Kind is the Kubernetes resource kind of 1109 the referent. For example \"Service\". \n Defaults to 1110 \"Service\" when not specified. \n ExternalName services 1111 can refer to CNAME DNS records that may live outside 1112 of the cluster and as such are difficult to reason about 1113 in terms of conformance. They also may not be safe to 1114 forward to (see CVE-2021-25740 for more information). 1115 Implementations SHOULD NOT support ExternalName Services. 1116 \n Support: Core (Services with a type other than ExternalName) 1117 \n Support: Implementation-specific (Services with type 1118 ExternalName)" 1119 maxLength: 63 1120 minLength: 1 1121 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1122 type: string 1123 name: 1124 description: Name is the name of the referent. 1125 maxLength: 253 1126 minLength: 1 1127 type: string 1128 namespace: 1129 description: "Namespace is the namespace of the backend. 1130 When unspecified, the local namespace is inferred. \n 1131 Note that when a namespace different than the local 1132 namespace is specified, a ReferenceGrant object is required 1133 in the referent namespace to allow that namespace's 1134 owner to accept the reference. See the ReferenceGrant 1135 documentation for details. \n Support: Core" 1136 maxLength: 63 1137 minLength: 1 1138 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 1139 type: string 1140 port: 1141 description: Port specifies the destination port number 1142 to use for this resource. Port is required when the 1143 referent is a Kubernetes Service. In this case, the 1144 port number is the service port number, not the target 1145 port. For other resources, destination port might be 1146 derived from the referent resource or this field. 1147 format: int32 1148 maximum: 65535 1149 minimum: 1 1150 type: integer 1151 weight: 1152 default: 1 1153 description: "Weight specifies the proportion of requests 1154 forwarded to the referenced backend. This is computed 1155 as weight/(sum of all weights in this BackendRefs list). 1156 For non-zero values, there may be some epsilon from 1157 the exact proportion defined here depending on the precision 1158 an implementation supports. Weight is not a percentage 1159 and the sum of weights does not need to equal 100. \n 1160 If only one backend is specified and it has a weight 1161 greater than 0, 100% of the traffic is forwarded to 1162 that backend. If weight is set to 0, no traffic should 1163 be forwarded for this entry. If unspecified, weight 1164 defaults to 1. \n Support for this field varies based 1165 on the context where used." 1166 format: int32 1167 maximum: 1000000 1168 minimum: 0 1169 type: integer 1170 required: 1171 - name 1172 type: object 1173 x-kubernetes-validations: 1174 - message: Must have port for Service reference 1175 rule: '(size(self.group) == 0 && self.kind == ''Service'') 1176 ? has(self.port) : true' 1177 maxItems: 16 1178 type: array 1179 filters: 1180 description: "Filters define the filters that are applied to 1181 requests that match this rule. \n The effects of ordering 1182 of multiple behaviors are currently unspecified. This can 1183 change in the future based on feedback during the alpha stage. 1184 \n Conformance-levels at this level are defined based on the 1185 type of filter: \n - ALL core filters MUST be supported by 1186 all implementations. - Implementers are encouraged to support 1187 extended filters. - Implementation-specific custom filters 1188 have no API guarantees across implementations. \n Specifying 1189 the same filter multiple times is not supported unless explicitly 1190 indicated in the filter. \n All filters are expected to be 1191 compatible with each other except for the URLRewrite and RequestRedirect 1192 filters, which may not be combined. If an implementation can 1193 not support other combinations of filters, they must clearly 1194 document that limitation. In cases where incompatible or unsupported 1195 filters are specified and cause the `Accepted` condition to 1196 be set to status `False`, implementations may use the `IncompatibleFilters` 1197 reason to specify this configuration error. \n Support: Core" 1198 items: 1199 description: HTTPRouteFilter defines processing steps that 1200 must be completed during the request or response lifecycle. 1201 HTTPRouteFilters are meant as an extension point to express 1202 processing that may be done in Gateway implementations. 1203 Some examples include request or response modification, 1204 implementing authentication strategies, rate-limiting, and 1205 traffic shaping. API guarantee/conformance is defined based 1206 on the type of the filter. 1207 properties: 1208 extensionRef: 1209 description: "ExtensionRef is an optional, implementation-specific 1210 extension to the \"filter\" behavior. For example, 1211 resource \"myroutefilter\" in group \"networking.example.net\"). 1212 ExtensionRef MUST NOT be used for core and extended 1213 filters. \n This filter can be used multiple times within 1214 the same rule. \n Support: Implementation-specific" 1215 properties: 1216 group: 1217 description: Group is the group of the referent. For 1218 example, "gateway.networking.k8s.io". When unspecified 1219 or empty string, core API group is inferred. 1220 maxLength: 253 1221 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1222 type: string 1223 kind: 1224 description: Kind is kind of the referent. For example 1225 "HTTPRoute" or "Service". 1226 maxLength: 63 1227 minLength: 1 1228 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1229 type: string 1230 name: 1231 description: Name is the name of the referent. 1232 maxLength: 253 1233 minLength: 1 1234 type: string 1235 required: 1236 - group 1237 - kind 1238 - name 1239 type: object 1240 requestHeaderModifier: 1241 description: "RequestHeaderModifier defines a schema for 1242 a filter that modifies request headers. \n Support: 1243 Core" 1244 properties: 1245 add: 1246 description: "Add adds the given header(s) (name, 1247 value) to the request before the action. It appends 1248 to any existing values associated with the header 1249 name. \n Input: GET /foo HTTP/1.1 my-header: foo 1250 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 1251 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 1252 items: 1253 description: HTTPHeader represents an HTTP Header 1254 name and value as defined by RFC 7230. 1255 properties: 1256 name: 1257 description: "Name is the name of the HTTP Header 1258 to be matched. Name matching MUST be case 1259 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1260 \n If multiple entries specify equivalent 1261 header names, the first entry with an equivalent 1262 name MUST be considered for a match. Subsequent 1263 entries with an equivalent header name MUST 1264 be ignored. Due to the case-insensitivity 1265 of header names, \"foo\" and \"Foo\" are considered 1266 equivalent." 1267 maxLength: 256 1268 minLength: 1 1269 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1270 type: string 1271 value: 1272 description: Value is the value of HTTP Header 1273 to be matched. 1274 maxLength: 4096 1275 minLength: 1 1276 type: string 1277 required: 1278 - name 1279 - value 1280 type: object 1281 maxItems: 16 1282 type: array 1283 x-kubernetes-list-map-keys: 1284 - name 1285 x-kubernetes-list-type: map 1286 remove: 1287 description: "Remove the given header(s) from the 1288 HTTP request before the action. The value of Remove 1289 is a list of HTTP header names. Note that the header 1290 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 1291 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 1292 bar my-header3: baz \n Config: remove: [\"my-header1\", 1293 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 1294 bar" 1295 items: 1296 type: string 1297 maxItems: 16 1298 type: array 1299 x-kubernetes-list-type: set 1300 set: 1301 description: "Set overwrites the request with the 1302 given header (name, value) before the action. \n 1303 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 1304 set: - name: \"my-header\" value: \"bar\" \n Output: 1305 GET /foo HTTP/1.1 my-header: bar" 1306 items: 1307 description: HTTPHeader represents an HTTP Header 1308 name and value as defined by RFC 7230. 1309 properties: 1310 name: 1311 description: "Name is the name of the HTTP Header 1312 to be matched. Name matching MUST be case 1313 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1314 \n If multiple entries specify equivalent 1315 header names, the first entry with an equivalent 1316 name MUST be considered for a match. Subsequent 1317 entries with an equivalent header name MUST 1318 be ignored. Due to the case-insensitivity 1319 of header names, \"foo\" and \"Foo\" are considered 1320 equivalent." 1321 maxLength: 256 1322 minLength: 1 1323 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1324 type: string 1325 value: 1326 description: Value is the value of HTTP Header 1327 to be matched. 1328 maxLength: 4096 1329 minLength: 1 1330 type: string 1331 required: 1332 - name 1333 - value 1334 type: object 1335 maxItems: 16 1336 type: array 1337 x-kubernetes-list-map-keys: 1338 - name 1339 x-kubernetes-list-type: map 1340 type: object 1341 requestMirror: 1342 description: "RequestMirror defines a schema for a filter 1343 that mirrors requests. Requests are sent to the specified 1344 destination, but responses from that destination are 1345 ignored. \n This filter can be used multiple times within 1346 the same rule. Note that not all implementations will 1347 be able to support mirroring to multiple backends. \n 1348 Support: Extended" 1349 properties: 1350 backendRef: 1351 description: "BackendRef references a resource where 1352 mirrored requests are sent. \n Mirrored requests 1353 must be sent only to a single destination endpoint 1354 within this BackendRef, irrespective of how many 1355 endpoints are present within this BackendRef. \n 1356 If the referent cannot be found, this BackendRef 1357 is invalid and must be dropped from the Gateway. 1358 The controller must ensure the \"ResolvedRefs\" 1359 condition on the Route status is set to `status: 1360 False` and not configure this backend in the underlying 1361 implementation. \n If there is a cross-namespace 1362 reference to an *existing* object that is not allowed 1363 by a ReferenceGrant, the controller must ensure 1364 the \"ResolvedRefs\" condition on the Route is 1365 set to `status: False`, with the \"RefNotPermitted\" 1366 reason and not configure this backend in the underlying 1367 implementation. \n In either error case, the Message 1368 of the `ResolvedRefs` Condition should be used to 1369 provide more detail about the problem. \n Support: 1370 Extended for Kubernetes Service \n Support: Implementation-specific 1371 for any other resource" 1372 properties: 1373 group: 1374 default: "" 1375 description: Group is the group of the referent. 1376 For example, "gateway.networking.k8s.io". When 1377 unspecified or empty string, core API group 1378 is inferred. 1379 maxLength: 253 1380 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1381 type: string 1382 kind: 1383 default: Service 1384 description: "Kind is the Kubernetes resource 1385 kind of the referent. For example \"Service\". 1386 \n Defaults to \"Service\" when not specified. 1387 \n ExternalName services can refer to CNAME 1388 DNS records that may live outside of the cluster 1389 and as such are difficult to reason about in 1390 terms of conformance. They also may not be safe 1391 to forward to (see CVE-2021-25740 for more information). 1392 Implementations SHOULD NOT support ExternalName 1393 Services. \n Support: Core (Services with a 1394 type other than ExternalName) \n Support: Implementation-specific 1395 (Services with type ExternalName)" 1396 maxLength: 63 1397 minLength: 1 1398 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1399 type: string 1400 name: 1401 description: Name is the name of the referent. 1402 maxLength: 253 1403 minLength: 1 1404 type: string 1405 namespace: 1406 description: "Namespace is the namespace of the 1407 backend. When unspecified, the local namespace 1408 is inferred. \n Note that when a namespace different 1409 than the local namespace is specified, a ReferenceGrant 1410 object is required in the referent namespace 1411 to allow that namespace's owner to accept the 1412 reference. See the ReferenceGrant documentation 1413 for details. \n Support: Core" 1414 maxLength: 63 1415 minLength: 1 1416 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 1417 type: string 1418 port: 1419 description: Port specifies the destination port 1420 number to use for this resource. Port is required 1421 when the referent is a Kubernetes Service. In 1422 this case, the port number is the service port 1423 number, not the target port. For other resources, 1424 destination port might be derived from the referent 1425 resource or this field. 1426 format: int32 1427 maximum: 65535 1428 minimum: 1 1429 type: integer 1430 required: 1431 - name 1432 type: object 1433 x-kubernetes-validations: 1434 - message: Must have port for Service reference 1435 rule: '(size(self.group) == 0 && self.kind == ''Service'') 1436 ? has(self.port) : true' 1437 required: 1438 - backendRef 1439 type: object 1440 requestRedirect: 1441 description: "RequestRedirect defines a schema for a filter 1442 that responds to the request with an HTTP redirection. 1443 \n Support: Core" 1444 properties: 1445 hostname: 1446 description: "Hostname is the hostname to be used 1447 in the value of the `Location` header in the response. 1448 When empty, the hostname in the `Host` header of 1449 the request is used. \n Support: Core" 1450 maxLength: 253 1451 minLength: 1 1452 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1453 type: string 1454 path: 1455 description: "Path defines parameters used to modify 1456 the path of the incoming request. The modified path 1457 is then used to construct the `Location` header. 1458 When empty, the request path is used as-is. \n Support: 1459 Extended" 1460 properties: 1461 replaceFullPath: 1462 description: ReplaceFullPath specifies the value 1463 with which to replace the full path of a request 1464 during a rewrite or redirect. 1465 maxLength: 1024 1466 type: string 1467 replacePrefixMatch: 1468 description: "ReplacePrefixMatch specifies the 1469 value with which to replace the prefix match 1470 of a request during a rewrite or redirect. For 1471 example, a request to \"/foo/bar\" with a prefix 1472 match of \"/foo\" and a ReplacePrefixMatch of 1473 \"/xyz\" would be modified to \"/xyz/bar\". 1474 \n Note that this matches the behavior of the 1475 PathPrefix match type. This matches full path 1476 elements. A path element refers to the list 1477 of labels in the path split by the `/` separator. 1478 When specified, a trailing `/` is ignored. For 1479 example, the paths `/abc`, `/abc/`, and `/abc/def` 1480 would all match the prefix `/abc`, but the path 1481 `/abcd` would not. \n ReplacePrefixMatch is 1482 only compatible with a `PathPrefix` HTTPRouteMatch. 1483 Using any other HTTPRouteMatch type on the same 1484 HTTPRouteRule will result in the implementation 1485 setting the Accepted Condition for the Route 1486 to `status: False`. \n Request Path | Prefix 1487 Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- 1488 /foo/bar | /foo | /xyz | 1489 /xyz/bar /foo/bar | /foo | /xyz/ 1490 \ | /xyz/bar /foo/bar | /foo/ | 1491 /xyz | /xyz/bar /foo/bar | /foo/ 1492 \ | /xyz/ | /xyz/bar /foo | 1493 /foo | /xyz | /xyz /foo/ | 1494 /foo | /xyz | /xyz/ /foo/bar 1495 \ | /foo | <empty string> | /bar 1496 /foo/ | /foo | <empty string> 1497 | / /foo | /foo | <empty string> 1498 | / /foo/ | /foo | / | 1499 / /foo | /foo | / | 1500 /" 1501 maxLength: 1024 1502 type: string 1503 type: 1504 description: "Type defines the type of path modifier. 1505 Additional types may be added in a future release 1506 of the API. \n Note that values may be added 1507 to this enum, implementations must ensure that 1508 unknown values will not cause a crash. \n Unknown 1509 values here must result in the implementation 1510 setting the Accepted Condition for the Route 1511 to `status: False`, with a Reason of `UnsupportedValue`." 1512 enum: 1513 - ReplaceFullPath 1514 - ReplacePrefixMatch 1515 type: string 1516 required: 1517 - type 1518 type: object 1519 x-kubernetes-validations: 1520 - message: replaceFullPath must be specified when 1521 type is set to 'ReplaceFullPath' 1522 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath) 1523 : true' 1524 - message: type must be 'ReplaceFullPath' when replaceFullPath 1525 is set 1526 rule: 'has(self.replaceFullPath) ? self.type == 1527 ''ReplaceFullPath'' : true' 1528 - message: replacePrefixMatch must be specified when 1529 type is set to 'ReplacePrefixMatch' 1530 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch) 1531 : true' 1532 - message: type must be 'ReplacePrefixMatch' when 1533 replacePrefixMatch is set 1534 rule: 'has(self.replacePrefixMatch) ? self.type 1535 == ''ReplacePrefixMatch'' : true' 1536 port: 1537 description: "Port is the port to be used in the value 1538 of the `Location` header in the response. \n If 1539 no port is specified, the redirect port MUST be 1540 derived using the following rules: \n * If redirect 1541 scheme is not-empty, the redirect port MUST be the 1542 well-known port associated with the redirect scheme. 1543 Specifically \"http\" to port 80 and \"https\" to 1544 port 443. If the redirect scheme does not have a 1545 well-known port, the listener port of the Gateway 1546 SHOULD be used. * If redirect scheme is empty, the 1547 redirect port MUST be the Gateway Listener port. 1548 \n Implementations SHOULD NOT add the port number 1549 in the 'Location' header in the following cases: 1550 \n * A Location header that will use HTTP (whether 1551 that is determined via the Listener protocol or 1552 the Scheme field) _and_ use port 80. * A Location 1553 header that will use HTTPS (whether that is determined 1554 via the Listener protocol or the Scheme field) _and_ 1555 use port 443. \n Support: Extended" 1556 format: int32 1557 maximum: 65535 1558 minimum: 1 1559 type: integer 1560 scheme: 1561 description: "Scheme is the scheme to be used in the 1562 value of the `Location` header in the response. 1563 When empty, the scheme of the request is used. \n 1564 Scheme redirects can affect the port of the redirect, 1565 for more information, refer to the documentation 1566 for the port field of this filter. \n Note that 1567 values may be added to this enum, implementations 1568 must ensure that unknown values will not cause a 1569 crash. \n Unknown values here must result in the 1570 implementation setting the Accepted Condition for 1571 the Route to `status: False`, with a Reason of `UnsupportedValue`. 1572 \n Support: Extended" 1573 enum: 1574 - http 1575 - https 1576 type: string 1577 statusCode: 1578 default: 302 1579 description: "StatusCode is the HTTP status code to 1580 be used in response. \n Note that values may be 1581 added to this enum, implementations must ensure 1582 that unknown values will not cause a crash. \n Unknown 1583 values here must result in the implementation setting 1584 the Accepted Condition for the Route to `status: 1585 False`, with a Reason of `UnsupportedValue`. \n 1586 Support: Core" 1587 enum: 1588 - 301 1589 - 302 1590 type: integer 1591 type: object 1592 responseHeaderModifier: 1593 description: "ResponseHeaderModifier defines a schema 1594 for a filter that modifies response headers. \n Support: 1595 Extended" 1596 properties: 1597 add: 1598 description: "Add adds the given header(s) (name, 1599 value) to the request before the action. It appends 1600 to any existing values associated with the header 1601 name. \n Input: GET /foo HTTP/1.1 my-header: foo 1602 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 1603 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 1604 items: 1605 description: HTTPHeader represents an HTTP Header 1606 name and value as defined by RFC 7230. 1607 properties: 1608 name: 1609 description: "Name is the name of the HTTP Header 1610 to be matched. Name matching MUST be case 1611 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1612 \n If multiple entries specify equivalent 1613 header names, the first entry with an equivalent 1614 name MUST be considered for a match. Subsequent 1615 entries with an equivalent header name MUST 1616 be ignored. Due to the case-insensitivity 1617 of header names, \"foo\" and \"Foo\" are considered 1618 equivalent." 1619 maxLength: 256 1620 minLength: 1 1621 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1622 type: string 1623 value: 1624 description: Value is the value of HTTP Header 1625 to be matched. 1626 maxLength: 4096 1627 minLength: 1 1628 type: string 1629 required: 1630 - name 1631 - value 1632 type: object 1633 maxItems: 16 1634 type: array 1635 x-kubernetes-list-map-keys: 1636 - name 1637 x-kubernetes-list-type: map 1638 remove: 1639 description: "Remove the given header(s) from the 1640 HTTP request before the action. The value of Remove 1641 is a list of HTTP header names. Note that the header 1642 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 1643 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 1644 bar my-header3: baz \n Config: remove: [\"my-header1\", 1645 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 1646 bar" 1647 items: 1648 type: string 1649 maxItems: 16 1650 type: array 1651 x-kubernetes-list-type: set 1652 set: 1653 description: "Set overwrites the request with the 1654 given header (name, value) before the action. \n 1655 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 1656 set: - name: \"my-header\" value: \"bar\" \n Output: 1657 GET /foo HTTP/1.1 my-header: bar" 1658 items: 1659 description: HTTPHeader represents an HTTP Header 1660 name and value as defined by RFC 7230. 1661 properties: 1662 name: 1663 description: "Name is the name of the HTTP Header 1664 to be matched. Name matching MUST be case 1665 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1666 \n If multiple entries specify equivalent 1667 header names, the first entry with an equivalent 1668 name MUST be considered for a match. Subsequent 1669 entries with an equivalent header name MUST 1670 be ignored. Due to the case-insensitivity 1671 of header names, \"foo\" and \"Foo\" are considered 1672 equivalent." 1673 maxLength: 256 1674 minLength: 1 1675 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1676 type: string 1677 value: 1678 description: Value is the value of HTTP Header 1679 to be matched. 1680 maxLength: 4096 1681 minLength: 1 1682 type: string 1683 required: 1684 - name 1685 - value 1686 type: object 1687 maxItems: 16 1688 type: array 1689 x-kubernetes-list-map-keys: 1690 - name 1691 x-kubernetes-list-type: map 1692 type: object 1693 type: 1694 description: "Type identifies the type of filter to apply. 1695 As with other API fields, types are classified into 1696 three conformance levels: \n - Core: Filter types and 1697 their corresponding configuration defined by \"Support: 1698 Core\" in this package, e.g. \"RequestHeaderModifier\". 1699 All implementations must support core filters. \n - 1700 Extended: Filter types and their corresponding configuration 1701 defined by \"Support: Extended\" in this package, e.g. 1702 \"RequestMirror\". Implementers are encouraged to support 1703 extended filters. \n - Implementation-specific: Filters 1704 that are defined and supported by specific vendors. 1705 In the future, filters showing convergence in behavior 1706 across multiple implementations will be considered for 1707 inclusion in extended or core conformance levels. Filter-specific 1708 configuration for such filters is specified using the 1709 ExtensionRef field. `Type` should be set to \"ExtensionRef\" 1710 for custom filters. \n Implementers are encouraged to 1711 define custom implementation types to extend the core 1712 API with implementation-specific behavior. \n If a reference 1713 to a custom filter type cannot be resolved, the filter 1714 MUST NOT be skipped. Instead, requests that would have 1715 been processed by that filter MUST receive a HTTP error 1716 response. \n Note that values may be added to this enum, 1717 implementations must ensure that unknown values will 1718 not cause a crash. \n Unknown values here must result 1719 in the implementation setting the Accepted Condition 1720 for the Route to `status: False`, with a Reason of `UnsupportedValue`." 1721 enum: 1722 - RequestHeaderModifier 1723 - ResponseHeaderModifier 1724 - RequestMirror 1725 - RequestRedirect 1726 - URLRewrite 1727 - ExtensionRef 1728 type: string 1729 urlRewrite: 1730 description: "URLRewrite defines a schema for a filter 1731 that modifies a request during forwarding. \n Support: 1732 Extended" 1733 properties: 1734 hostname: 1735 description: "Hostname is the value to be used to 1736 replace the Host header value during forwarding. 1737 \n Support: Extended" 1738 maxLength: 253 1739 minLength: 1 1740 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1741 type: string 1742 path: 1743 description: "Path defines a path rewrite. \n Support: 1744 Extended" 1745 properties: 1746 replaceFullPath: 1747 description: ReplaceFullPath specifies the value 1748 with which to replace the full path of a request 1749 during a rewrite or redirect. 1750 maxLength: 1024 1751 type: string 1752 replacePrefixMatch: 1753 description: "ReplacePrefixMatch specifies the 1754 value with which to replace the prefix match 1755 of a request during a rewrite or redirect. For 1756 example, a request to \"/foo/bar\" with a prefix 1757 match of \"/foo\" and a ReplacePrefixMatch of 1758 \"/xyz\" would be modified to \"/xyz/bar\". 1759 \n Note that this matches the behavior of the 1760 PathPrefix match type. This matches full path 1761 elements. A path element refers to the list 1762 of labels in the path split by the `/` separator. 1763 When specified, a trailing `/` is ignored. For 1764 example, the paths `/abc`, `/abc/`, and `/abc/def` 1765 would all match the prefix `/abc`, but the path 1766 `/abcd` would not. \n ReplacePrefixMatch is 1767 only compatible with a `PathPrefix` HTTPRouteMatch. 1768 Using any other HTTPRouteMatch type on the same 1769 HTTPRouteRule will result in the implementation 1770 setting the Accepted Condition for the Route 1771 to `status: False`. \n Request Path | Prefix 1772 Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- 1773 /foo/bar | /foo | /xyz | 1774 /xyz/bar /foo/bar | /foo | /xyz/ 1775 \ | /xyz/bar /foo/bar | /foo/ | 1776 /xyz | /xyz/bar /foo/bar | /foo/ 1777 \ | /xyz/ | /xyz/bar /foo | 1778 /foo | /xyz | /xyz /foo/ | 1779 /foo | /xyz | /xyz/ /foo/bar 1780 \ | /foo | <empty string> | /bar 1781 /foo/ | /foo | <empty string> 1782 | / /foo | /foo | <empty string> 1783 | / /foo/ | /foo | / | 1784 / /foo | /foo | / | 1785 /" 1786 maxLength: 1024 1787 type: string 1788 type: 1789 description: "Type defines the type of path modifier. 1790 Additional types may be added in a future release 1791 of the API. \n Note that values may be added 1792 to this enum, implementations must ensure that 1793 unknown values will not cause a crash. \n Unknown 1794 values here must result in the implementation 1795 setting the Accepted Condition for the Route 1796 to `status: False`, with a Reason of `UnsupportedValue`." 1797 enum: 1798 - ReplaceFullPath 1799 - ReplacePrefixMatch 1800 type: string 1801 required: 1802 - type 1803 type: object 1804 x-kubernetes-validations: 1805 - message: replaceFullPath must be specified when 1806 type is set to 'ReplaceFullPath' 1807 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath) 1808 : true' 1809 - message: type must be 'ReplaceFullPath' when replaceFullPath 1810 is set 1811 rule: 'has(self.replaceFullPath) ? self.type == 1812 ''ReplaceFullPath'' : true' 1813 - message: replacePrefixMatch must be specified when 1814 type is set to 'ReplacePrefixMatch' 1815 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch) 1816 : true' 1817 - message: type must be 'ReplacePrefixMatch' when 1818 replacePrefixMatch is set 1819 rule: 'has(self.replacePrefixMatch) ? self.type 1820 == ''ReplacePrefixMatch'' : true' 1821 type: object 1822 required: 1823 - type 1824 type: object 1825 x-kubernetes-validations: 1826 - message: filter.requestHeaderModifier must be nil if the 1827 filter.type is not RequestHeaderModifier 1828 rule: '!(has(self.requestHeaderModifier) && self.type != 1829 ''RequestHeaderModifier'')' 1830 - message: filter.requestHeaderModifier must be specified 1831 for RequestHeaderModifier filter.type 1832 rule: '!(!has(self.requestHeaderModifier) && self.type == 1833 ''RequestHeaderModifier'')' 1834 - message: filter.responseHeaderModifier must be nil if the 1835 filter.type is not ResponseHeaderModifier 1836 rule: '!(has(self.responseHeaderModifier) && self.type != 1837 ''ResponseHeaderModifier'')' 1838 - message: filter.responseHeaderModifier must be specified 1839 for ResponseHeaderModifier filter.type 1840 rule: '!(!has(self.responseHeaderModifier) && self.type 1841 == ''ResponseHeaderModifier'')' 1842 - message: filter.requestMirror must be nil if the filter.type 1843 is not RequestMirror 1844 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 1845 - message: filter.requestMirror must be specified for RequestMirror 1846 filter.type 1847 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')' 1848 - message: filter.requestRedirect must be nil if the filter.type 1849 is not RequestRedirect 1850 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')' 1851 - message: filter.requestRedirect must be specified for RequestRedirect 1852 filter.type 1853 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')' 1854 - message: filter.urlRewrite must be nil if the filter.type 1855 is not URLRewrite 1856 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')' 1857 - message: filter.urlRewrite must be specified for URLRewrite 1858 filter.type 1859 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')' 1860 - message: filter.extensionRef must be nil if the filter.type 1861 is not ExtensionRef 1862 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 1863 - message: filter.extensionRef must be specified for ExtensionRef 1864 filter.type 1865 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 1866 maxItems: 16 1867 type: array 1868 x-kubernetes-validations: 1869 - message: May specify either httpRouteFilterRequestRedirect 1870 or httpRouteFilterRequestRewrite, but not both 1871 rule: '!(self.exists(f, f.type == ''RequestRedirect'') && 1872 self.exists(f, f.type == ''URLRewrite''))' 1873 - message: RequestHeaderModifier filter cannot be repeated 1874 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 1875 <= 1 1876 - message: ResponseHeaderModifier filter cannot be repeated 1877 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 1878 <= 1 1879 - message: RequestRedirect filter cannot be repeated 1880 rule: self.filter(f, f.type == 'RequestRedirect').size() <= 1881 1 1882 - message: URLRewrite filter cannot be repeated 1883 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1 1884 matches: 1885 default: 1886 - path: 1887 type: PathPrefix 1888 value: / 1889 description: "Matches define conditions used for matching the 1890 rule against incoming HTTP requests. Each match is independent, 1891 i.e. this rule will be matched if **any** one of the matches 1892 is satisfied. \n For example, take the following matches configuration: 1893 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" 1894 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request 1895 to match against this rule, a request must satisfy EITHER 1896 of the two conditions: \n - path prefixed with `/foo` AND 1897 contains the header `version: v2` - path prefix of `/v2/foo` 1898 \n See the documentation for HTTPRouteMatch on how to specify 1899 multiple match conditions that should be ANDed together. \n 1900 If no matches are specified, the default is a prefix path 1901 match on \"/\", which has the effect of matching every HTTP 1902 request. \n Proxy or Load Balancer routing configuration generated 1903 from HTTPRoutes MUST prioritize matches based on the following 1904 criteria, continuing on ties. Across all rules specified on 1905 applicable Routes, precedence must be given to the match having: 1906 \n * \"Exact\" path match. * \"Prefix\" path match with largest 1907 number of characters. * Method match. * Largest number of 1908 header matches. * Largest number of query param matches. \n 1909 Note: The precedence of RegularExpression path matches are 1910 implementation-specific. \n If ties still exist across multiple 1911 Routes, matching precedence MUST be determined in order of 1912 the following criteria, continuing on ties: \n * The oldest 1913 Route based on creation timestamp. * The Route appearing first 1914 in alphabetical order by \"{namespace}/{name}\". \n If ties 1915 still exist within an HTTPRoute, matching precedence MUST 1916 be granted to the FIRST matching rule (in list order) with 1917 a match meeting the above criteria. \n When no rules matching 1918 a request have been successfully attached to the parent a 1919 request is coming from, a HTTP 404 status code MUST be returned." 1920 items: 1921 description: "HTTPRouteMatch defines the predicate used to 1922 match requests to a given action. Multiple match types are 1923 ANDed together, i.e. the match will evaluate to true only 1924 if all conditions are satisfied. \n For example, the match 1925 below will match a HTTP request only if its path starts 1926 with `/foo` AND it contains the `version: v1` header: \n 1927 ``` match: \n path: value: \"/foo\" headers: - name: \"version\" 1928 value \"v1\" \n ```" 1929 properties: 1930 headers: 1931 description: Headers specifies HTTP request header matchers. 1932 Multiple match values are ANDed together, meaning, a 1933 request must match all the specified headers to select 1934 the route. 1935 items: 1936 description: HTTPHeaderMatch describes how to select 1937 a HTTP route by matching HTTP request headers. 1938 properties: 1939 name: 1940 description: "Name is the name of the HTTP Header 1941 to be matched. Name matching MUST be case insensitive. 1942 (See https://tools.ietf.org/html/rfc7230#section-3.2). 1943 \n If multiple entries specify equivalent header 1944 names, only the first entry with an equivalent 1945 name MUST be considered for a match. Subsequent 1946 entries with an equivalent header name MUST be 1947 ignored. Due to the case-insensitivity of header 1948 names, \"foo\" and \"Foo\" are considered equivalent. 1949 \n When a header is repeated in an HTTP request, 1950 it is implementation-specific behavior as to how 1951 this is represented. Generally, proxies should 1952 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 1953 regarding processing a repeated header, with special 1954 handling for \"Set-Cookie\"." 1955 maxLength: 256 1956 minLength: 1 1957 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1958 type: string 1959 type: 1960 default: Exact 1961 description: "Type specifies how to match against 1962 the value of the header. \n Support: Core (Exact) 1963 \n Support: Implementation-specific (RegularExpression) 1964 \n Since RegularExpression HeaderMatchType has 1965 implementation-specific conformance, implementations 1966 can support POSIX, PCRE or any other dialects 1967 of regular expressions. Please read the implementation's 1968 documentation to determine the supported dialect." 1969 enum: 1970 - Exact 1971 - RegularExpression 1972 type: string 1973 value: 1974 description: Value is the value of HTTP Header to 1975 be matched. 1976 maxLength: 4096 1977 minLength: 1 1978 type: string 1979 required: 1980 - name 1981 - value 1982 type: object 1983 maxItems: 16 1984 type: array 1985 x-kubernetes-list-map-keys: 1986 - name 1987 x-kubernetes-list-type: map 1988 method: 1989 description: "Method specifies HTTP method matcher. When 1990 specified, this route will be matched only if the request 1991 has the specified method. \n Support: Extended" 1992 enum: 1993 - GET 1994 - HEAD 1995 - POST 1996 - PUT 1997 - DELETE 1998 - CONNECT 1999 - OPTIONS 2000 - TRACE 2001 - PATCH 2002 type: string 2003 path: 2004 default: 2005 type: PathPrefix 2006 value: / 2007 description: Path specifies a HTTP request path matcher. 2008 If this field is not specified, a default prefix match 2009 on the "/" path is provided. 2010 properties: 2011 type: 2012 default: PathPrefix 2013 description: "Type specifies how to match against 2014 the path Value. \n Support: Core (Exact, PathPrefix) 2015 \n Support: Implementation-specific (RegularExpression)" 2016 enum: 2017 - Exact 2018 - PathPrefix 2019 - RegularExpression 2020 type: string 2021 value: 2022 default: / 2023 description: Value of the HTTP path to match against. 2024 maxLength: 1024 2025 type: string 2026 type: object 2027 x-kubernetes-validations: 2028 - message: value must be an absolute path and start with 2029 '/' when type one of ['Exact', 'PathPrefix'] 2030 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'') 2031 : true' 2032 - message: must not contain '//' when type one of ['Exact', 2033 'PathPrefix'] 2034 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'') 2035 : true' 2036 - message: must not contain '/./' when type one of ['Exact', 2037 'PathPrefix'] 2038 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'') 2039 : true' 2040 - message: must not contain '/../' when type one of ['Exact', 2041 'PathPrefix'] 2042 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'') 2043 : true' 2044 - message: must not contain '%2f' when type one of ['Exact', 2045 'PathPrefix'] 2046 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'') 2047 : true' 2048 - message: must not contain '%2F' when type one of ['Exact', 2049 'PathPrefix'] 2050 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'') 2051 : true' 2052 - message: must not contain '#' when type one of ['Exact', 2053 'PathPrefix'] 2054 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'') 2055 : true' 2056 - message: must not end with '/..' when type one of ['Exact', 2057 'PathPrefix'] 2058 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'') 2059 : true' 2060 - message: must not end with '/.' when type one of ['Exact', 2061 'PathPrefix'] 2062 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'') 2063 : true' 2064 - message: type must be one of ['Exact', 'PathPrefix', 2065 'RegularExpression'] 2066 rule: self.type in ['Exact','PathPrefix'] || self.type 2067 == 'RegularExpression' 2068 - message: must only contain valid characters (matching 2069 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) 2070 for types ['Exact', 'PathPrefix'] 2071 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""") 2072 : true' 2073 queryParams: 2074 description: "QueryParams specifies HTTP query parameter 2075 matchers. Multiple match values are ANDed together, 2076 meaning, a request must match all the specified query 2077 parameters to select the route. \n Support: Extended" 2078 items: 2079 description: HTTPQueryParamMatch describes how to select 2080 a HTTP route by matching HTTP query parameters. 2081 properties: 2082 name: 2083 description: "Name is the name of the HTTP query 2084 param to be matched. This must be an exact string 2085 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). 2086 \n If multiple entries specify equivalent query 2087 param names, only the first entry with an equivalent 2088 name MUST be considered for a match. Subsequent 2089 entries with an equivalent query param name MUST 2090 be ignored. \n If a query param is repeated in 2091 an HTTP request, the behavior is purposely left 2092 undefined, since different data planes have different 2093 capabilities. However, it is *recommended* that 2094 implementations should match against the first 2095 value of the param if the data plane supports 2096 it, as this behavior is expected in other load 2097 balancing contexts outside of the Gateway API. 2098 \n Users SHOULD NOT route traffic based on repeated 2099 query params to guard themselves against potential 2100 differences in the implementations." 2101 maxLength: 256 2102 minLength: 1 2103 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 2104 type: string 2105 type: 2106 default: Exact 2107 description: "Type specifies how to match against 2108 the value of the query parameter. \n Support: 2109 Extended (Exact) \n Support: Implementation-specific 2110 (RegularExpression) \n Since RegularExpression 2111 QueryParamMatchType has Implementation-specific 2112 conformance, implementations can support POSIX, 2113 PCRE or any other dialects of regular expressions. 2114 Please read the implementation's documentation 2115 to determine the supported dialect." 2116 enum: 2117 - Exact 2118 - RegularExpression 2119 type: string 2120 value: 2121 description: Value is the value of HTTP query param 2122 to be matched. 2123 maxLength: 1024 2124 minLength: 1 2125 type: string 2126 required: 2127 - name 2128 - value 2129 type: object 2130 maxItems: 16 2131 type: array 2132 x-kubernetes-list-map-keys: 2133 - name 2134 x-kubernetes-list-type: map 2135 type: object 2136 maxItems: 8 2137 type: array 2138 timeouts: 2139 description: "Timeouts defines the timeouts that can be configured 2140 for an HTTP request. \n Support: Extended \n " 2141 properties: 2142 backendRequest: 2143 description: "BackendRequest specifies a timeout for an 2144 individual request from the gateway to a backend. This 2145 covers the time from when the request first starts being 2146 sent from the gateway to when the full response has been 2147 received from the backend. \n An entire client HTTP transaction 2148 with a gateway, covered by the Request timeout, may result 2149 in more than one call from the gateway to the destination 2150 backend, for example, if automatic retries are supported. 2151 \n Because the Request timeout encompasses the BackendRequest 2152 timeout, the value of BackendRequest must be <= the value 2153 of Request timeout. \n Support: Extended" 2154 pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$ 2155 type: string 2156 request: 2157 description: "Request specifies the maximum duration for 2158 a gateway to respond to an HTTP request. If the gateway 2159 has not been able to respond before this deadline is met, 2160 the gateway MUST return a timeout error. \n For example, 2161 setting the `rules.timeouts.request` field to the value 2162 `10s` in an `HTTPRoute` will cause a timeout if a client 2163 request is taking longer than 10 seconds to complete. 2164 \n This timeout is intended to cover as close to the whole 2165 request-response transaction as possible although an implementation 2166 MAY choose to start the timeout after the entire request 2167 stream has been received instead of immediately after 2168 the transaction is initiated by the client. \n When this 2169 field is unspecified, request timeout behavior is implementation-specific. 2170 \n Support: Extended" 2171 pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$ 2172 type: string 2173 type: object 2174 x-kubernetes-validations: 2175 - message: backendRequest timeout cannot be longer than request 2176 timeout 2177 rule: '!(has(self.request) && has(self.backendRequest) && 2178 duration(self.request) != duration(''0s'') && duration(self.backendRequest) 2179 > duration(self.request))' 2180 type: object 2181 x-kubernetes-validations: 2182 - message: RequestRedirect filter must not be used together with 2183 backendRefs 2184 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ? 2185 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): 2186 true' 2187 - message: When using RequestRedirect filter with path.replacePrefixMatch, 2188 exactly one PathPrefix match must be specified 2189 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) 2190 && has(f.requestRedirect.path) && f.requestRedirect.path.type 2191 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch))) 2192 ? ((size(self.matches) != 1 || !has(self.matches[0].path) || 2193 self.matches[0].path.type != ''PathPrefix'') ? false : true) 2194 : true' 2195 - message: When using URLRewrite filter with path.replacePrefixMatch, 2196 exactly one PathPrefix match must be specified 2197 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) 2198 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch'' 2199 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) 2200 != 1 || !has(self.matches[0].path) || self.matches[0].path.type 2201 != ''PathPrefix'') ? false : true) : true' 2202 - message: Within backendRefs, when using RequestRedirect filter 2203 with path.replacePrefixMatch, exactly one PathPrefix match must 2204 be specified 2205 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b, 2206 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) 2207 && has(f.requestRedirect.path) && f.requestRedirect.path.type 2208 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch))) 2209 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) 2210 || self.matches[0].path.type != ''PathPrefix'') ? false : true) 2211 : true' 2212 - message: Within backendRefs, When using URLRewrite filter with 2213 path.replacePrefixMatch, exactly one PathPrefix match must be 2214 specified 2215 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b, 2216 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) 2217 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch'' 2218 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) 2219 != 1 || !has(self.matches[0].path) || self.matches[0].path.type 2220 != ''PathPrefix'') ? false : true) : true' 2221 maxItems: 16 2222 type: array 2223 type: object 2224 status: 2225 description: Status defines the current state of HTTPRoute. 2226 properties: 2227 parents: 2228 description: "Parents is a list of parent resources (usually Gateways) 2229 that are associated with the route, and the status of the route 2230 with respect to each parent. When this route attaches to a parent, 2231 the controller that manages the parent must add an entry to this 2232 list when the controller first sees the route and should update 2233 the entry as appropriate when the route or gateway is modified. 2234 \n Note that parent references that cannot be resolved by an implementation 2235 of this API will not be added to this list. Implementations of this 2236 API can only populate Route status for the Gateways/parent resources 2237 they are responsible for. \n A maximum of 32 Gateways will be represented 2238 in this list. An empty list means the route has not been attached 2239 to any Gateway." 2240 items: 2241 description: RouteParentStatus describes the status of a route with 2242 respect to an associated Parent. 2243 properties: 2244 conditions: 2245 description: "Conditions describes the status of the route with 2246 respect to the Gateway. Note that the route's availability 2247 is also subject to the Gateway's own status conditions and 2248 listener status. \n If the Route's ParentRef specifies an 2249 existing Gateway that supports Routes of this kind AND that 2250 Gateway's controller has sufficient access, then that Gateway's 2251 controller MUST set the \"Accepted\" condition on the Route, 2252 to indicate whether the route has been accepted or rejected 2253 by the Gateway, and why. \n A Route MUST be considered \"Accepted\" 2254 if at least one of the Route's rules is implemented by the 2255 Gateway. \n There are a number of cases where the \"Accepted\" 2256 condition may not be set due to lack of controller visibility, 2257 that includes when: \n * The Route refers to a non-existent 2258 parent. * The Route is of a type that the controller does 2259 not support. * The Route is in a namespace the controller 2260 does not have access to." 2261 items: 2262 description: "Condition contains details for one aspect of 2263 the current state of this API Resource. --- This struct 2264 is intended for direct use as an array at the field path 2265 .status.conditions. For example, \n type FooStatus struct{ 2266 // Represents the observations of a foo's current state. 2267 // Known .status.conditions.type are: \"Available\", \"Progressing\", 2268 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 2269 // +listType=map // +listMapKey=type Conditions []metav1.Condition 2270 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 2271 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields 2272 }" 2273 properties: 2274 lastTransitionTime: 2275 description: lastTransitionTime is the last time the condition 2276 transitioned from one status to another. This should 2277 be when the underlying condition changed. If that is 2278 not known, then using the time when the API field changed 2279 is acceptable. 2280 format: date-time 2281 type: string 2282 message: 2283 description: message is a human readable message indicating 2284 details about the transition. This may be an empty string. 2285 maxLength: 32768 2286 type: string 2287 observedGeneration: 2288 description: observedGeneration represents the .metadata.generation 2289 that the condition was set based upon. For instance, 2290 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration 2291 is 9, the condition is out of date with respect to the 2292 current state of the instance. 2293 format: int64 2294 minimum: 0 2295 type: integer 2296 reason: 2297 description: reason contains a programmatic identifier 2298 indicating the reason for the condition's last transition. 2299 Producers of specific condition types may define expected 2300 values and meanings for this field, and whether the 2301 values are considered a guaranteed API. The value should 2302 be a CamelCase string. This field may not be empty. 2303 maxLength: 1024 2304 minLength: 1 2305 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 2306 type: string 2307 status: 2308 description: status of the condition, one of True, False, 2309 Unknown. 2310 enum: 2311 - "True" 2312 - "False" 2313 - Unknown 2314 type: string 2315 type: 2316 description: type of condition in CamelCase or in foo.example.com/CamelCase. 2317 --- Many .condition.type values are consistent across 2318 resources like Available, but because arbitrary conditions 2319 can be useful (see .node.status.conditions), the ability 2320 to deconflict is important. The regex it matches is 2321 (dns1123SubdomainFmt/)?(qualifiedNameFmt) 2322 maxLength: 316 2323 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 2324 type: string 2325 required: 2326 - lastTransitionTime 2327 - message 2328 - reason 2329 - status 2330 - type 2331 type: object 2332 maxItems: 8 2333 minItems: 1 2334 type: array 2335 x-kubernetes-list-map-keys: 2336 - type 2337 x-kubernetes-list-type: map 2338 controllerName: 2339 description: "ControllerName is a domain/path string that indicates 2340 the name of the controller that wrote this status. This corresponds 2341 with the controllerName field on GatewayClass. \n Example: 2342 \"example.net/gateway-controller\". \n The format of this 2343 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid 2344 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). 2345 \n Controllers MUST populate this field when writing status. 2346 Controllers should ensure that entries to status populated 2347 with their ControllerName are cleaned up when they are no 2348 longer necessary." 2349 maxLength: 253 2350 minLength: 1 2351 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 2352 type: string 2353 parentRef: 2354 description: ParentRef corresponds with a ParentRef in the spec 2355 that this RouteParentStatus struct describes the status of. 2356 properties: 2357 group: 2358 default: gateway.networking.k8s.io 2359 description: "Group is the group of the referent. When unspecified, 2360 \"gateway.networking.k8s.io\" is inferred. To set the 2361 core API group (such as for a \"Service\" kind referent), 2362 Group must be explicitly set to \"\" (empty string). \n 2363 Support: Core" 2364 maxLength: 253 2365 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2366 type: string 2367 kind: 2368 default: Gateway 2369 description: "Kind is kind of the referent. \n There are 2370 two kinds of parent resources with \"Core\" support: \n 2371 * Gateway (Gateway conformance profile) * Service (Mesh 2372 conformance profile, experimental, ClusterIP Services 2373 only) \n Support for other resources is Implementation-Specific." 2374 maxLength: 63 2375 minLength: 1 2376 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 2377 type: string 2378 name: 2379 description: "Name is the name of the referent. \n Support: 2380 Core" 2381 maxLength: 253 2382 minLength: 1 2383 type: string 2384 namespace: 2385 description: "Namespace is the namespace of the referent. 2386 When unspecified, this refers to the local namespace of 2387 the Route. \n Note that there are specific rules for ParentRefs 2388 which cross namespace boundaries. Cross-namespace references 2389 are only valid if they are explicitly allowed by something 2390 in the namespace they are referring to. For example: Gateway 2391 has the AllowedRoutes field, and ReferenceGrant provides 2392 a generic way to enable any other kind of cross-namespace 2393 reference. \n ParentRefs from a Route to a Service in 2394 the same namespace are \"producer\" routes, which apply 2395 default routing rules to inbound connections from any 2396 namespace to the Service. \n ParentRefs from a Route to 2397 a Service in a different namespace are \"consumer\" routes, 2398 and these routing rules are only applied to outbound connections 2399 originating from the same namespace as the Route, for 2400 which the intended destination of the connections are 2401 a Service targeted as a ParentRef of the Route. \n Support: 2402 Core" 2403 maxLength: 63 2404 minLength: 1 2405 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 2406 type: string 2407 port: 2408 description: "Port is the network port this Route targets. 2409 It can be interpreted differently based on the type of 2410 parent resource. \n When the parent resource is a Gateway, 2411 this targets all listeners listening on the specified 2412 port that also support this kind of Route(and select this 2413 Route). It's not recommended to set `Port` unless the 2414 networking behaviors specified in a Route must apply to 2415 a specific port as opposed to a listener(s) whose port(s) 2416 may be changed. When both Port and SectionName are specified, 2417 the name and port of the selected listener must match 2418 both specified values. \n When the parent resource is 2419 a Service, this targets a specific port in the Service 2420 spec. When both Port (experimental) and SectionName are 2421 specified, the name and port of the selected port must 2422 match both specified values. \n Implementations MAY choose 2423 to support other parent resources. Implementations supporting 2424 other types of parent resources MUST clearly document 2425 how/if Port is interpreted. \n For the purpose of status, 2426 an attachment is considered successful as long as the 2427 parent resource accepts it partially. For example, Gateway 2428 listeners can restrict which Routes can attach to them 2429 by Route kind, namespace, or hostname. If 1 of 2 Gateway 2430 listeners accept attachment from the referencing Route, 2431 the Route MUST be considered successfully attached. If 2432 no Gateway listeners accept attachment from this Route, 2433 the Route MUST be considered detached from the Gateway. 2434 \n Support: Extended \n " 2435 format: int32 2436 maximum: 65535 2437 minimum: 1 2438 type: integer 2439 sectionName: 2440 description: "SectionName is the name of a section within 2441 the target resource. In the following resources, SectionName 2442 is interpreted as the following: \n * Gateway: Listener 2443 Name. When both Port (experimental) and SectionName are 2444 specified, the name and port of the selected listener 2445 must match both specified values. * Service: Port Name. 2446 When both Port (experimental) and SectionName are specified, 2447 the name and port of the selected listener must match 2448 both specified values. Note that attaching Routes to Services 2449 as Parents is part of experimental Mesh support and is 2450 not supported for any other purpose. \n Implementations 2451 MAY choose to support attaching Routes to other resources. 2452 If that is the case, they MUST clearly document how SectionName 2453 is interpreted. \n When unspecified (empty string), this 2454 will reference the entire resource. For the purpose of 2455 status, an attachment is considered successful if at least 2456 one section in the parent resource accepts it. For example, 2457 Gateway listeners can restrict which Routes can attach 2458 to them by Route kind, namespace, or hostname. If 1 of 2459 2 Gateway listeners accept attachment from the referencing 2460 Route, the Route MUST be considered successfully attached. 2461 If no Gateway listeners accept attachment from this Route, 2462 the Route MUST be considered detached from the Gateway. 2463 \n Support: Core" 2464 maxLength: 253 2465 minLength: 1 2466 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2467 type: string 2468 required: 2469 - name 2470 type: object 2471 required: 2472 - controllerName 2473 - parentRef 2474 type: object 2475 maxItems: 32 2476 type: array 2477 required: 2478 - parents 2479 type: object 2480 required: 2481 - spec 2482 type: object 2483 served: true 2484 storage: false 2485 subresources: 2486 status: {} 2487 - additionalPrinterColumns: 2488 - jsonPath: .spec.hostnames 2489 name: Hostnames 2490 type: string 2491 - jsonPath: .metadata.creationTimestamp 2492 name: Age 2493 type: date 2494 name: v1beta1 2495 schema: 2496 openAPIV3Schema: 2497 description: HTTPRoute provides a way to route HTTP requests. This includes 2498 the capability to match requests by hostname, path, header, or query param. 2499 Filters can be used to specify additional processing steps. Backends specify 2500 where matching requests should be routed. 2501 properties: 2502 apiVersion: 2503 description: 'APIVersion defines the versioned schema of this representation 2504 of an object. Servers should convert recognized schemas to the latest 2505 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2506 type: string 2507 kind: 2508 description: 'Kind is a string value representing the REST resource this 2509 object represents. Servers may infer this from the endpoint the client 2510 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2511 type: string 2512 metadata: 2513 type: object 2514 spec: 2515 description: Spec defines the desired state of HTTPRoute. 2516 properties: 2517 hostnames: 2518 description: "Hostnames defines a set of hostnames that should match 2519 against the HTTP Host header to select a HTTPRoute used to process 2520 the request. Implementations MUST ignore any port value specified 2521 in the HTTP Host header while performing a match and (absent of 2522 any applicable header modification configuration) MUST forward this 2523 header unmodified to the backend. \n Valid values for Hostnames 2524 are determined by RFC 1123 definition of a hostname with 2 notable 2525 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed 2526 with a wildcard label (`*.`). The wildcard label must appear by 2527 itself as the first label. \n If a hostname is specified by both 2528 the Listener and HTTPRoute, there must be at least one intersecting 2529 hostname for the HTTPRoute to be attached to the Listener. For example: 2530 \n * A Listener with `test.example.com` as the hostname matches 2531 HTTPRoutes that have either not specified any hostnames, or have 2532 specified at least one of `test.example.com` or `*.example.com`. 2533 * A Listener with `*.example.com` as the hostname matches HTTPRoutes 2534 that have either not specified any hostnames or have specified at 2535 least one hostname that matches the Listener hostname. For example, 2536 `*.example.com`, `test.example.com`, and `foo.test.example.com` 2537 would all match. On the other hand, `example.com` and `test.example.net` 2538 would not match. \n Hostnames that are prefixed with a wildcard 2539 label (`*.`) are interpreted as a suffix match. That means that 2540 a match for `*.example.com` would match both `test.example.com`, 2541 and `foo.test.example.com`, but not `example.com`. \n If both the 2542 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames 2543 that do not match the Listener hostname MUST be ignored. For example, 2544 if a Listener specified `*.example.com`, and the HTTPRoute specified 2545 `test.example.com` and `test.example.net`, `test.example.net` must 2546 not be considered for a match. \n If both the Listener and HTTPRoute 2547 have specified hostnames, and none match with the criteria above, 2548 then the HTTPRoute is not accepted. The implementation must raise 2549 an 'Accepted' Condition with a status of `False` in the corresponding 2550 RouteParentStatus. \n In the event that multiple HTTPRoutes specify 2551 intersecting hostnames (e.g. overlapping wildcard matching and exact 2552 matching hostnames), precedence must be given to rules from the 2553 HTTPRoute with the largest number of: \n * Characters in a matching 2554 non-wildcard hostname. * Characters in a matching hostname. \n If 2555 ties exist across multiple Routes, the matching precedence rules 2556 for HTTPRouteMatches takes over. \n Support: Core" 2557 items: 2558 description: "Hostname is the fully qualified domain name of a network 2559 host. This matches the RFC 1123 definition of a hostname with 2560 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname 2561 may be prefixed with a wildcard label (`*.`). The wildcard label 2562 must appear by itself as the first label. \n Hostname can be \"precise\" 2563 which is a domain name without the terminating dot of a network 2564 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain 2565 name prefixed with a single wildcard label (e.g. `*.example.com`). 2566 \n Note that as per RFC1035 and RFC1123, a *label* must consist 2567 of lower case alphanumeric characters or '-', and must start and 2568 end with an alphanumeric character. No other punctuation is allowed." 2569 maxLength: 253 2570 minLength: 1 2571 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2572 type: string 2573 maxItems: 16 2574 type: array 2575 parentRefs: 2576 description: "ParentRefs references the resources (usually Gateways) 2577 that a Route wants to be attached to. Note that the referenced parent 2578 resource needs to allow this for the attachment to be complete. 2579 For Gateways, that means the Gateway needs to allow attachment from 2580 Routes of this kind and namespace. For Services, that means the 2581 Service must either be in the same namespace for a \"producer\" 2582 route, or the mesh implementation must support and allow \"consumer\" 2583 routes for the referenced Service. ReferenceGrant is not applicable 2584 for governing ParentRefs to Services - it is not possible to create 2585 a \"producer\" route for a Service in a different namespace from 2586 the Route. \n There are two kinds of parent resources with \"Core\" 2587 support: \n * Gateway (Gateway conformance profile) * Service (Mesh 2588 conformance profile, experimental, ClusterIP Services only) This 2589 API may be extended in the future to support additional kinds of 2590 parent resources. \n ParentRefs must be _distinct_. This means either 2591 that: \n * They select different objects. If this is the case, 2592 then parentRef entries are distinct. In terms of fields, this means 2593 that the multi-part key defined by `group`, `kind`, `namespace`, 2594 and `name` must be unique across all parentRef entries in the Route. 2595 * They do not select different objects, but for each optional field 2596 used, each ParentRef that selects the same object must set the same 2597 set of optional fields to different values. If one ParentRef sets 2598 a combination of optional fields, all must set the same combination. 2599 \n Some examples: \n * If one ParentRef sets `sectionName`, all 2600 ParentRefs referencing the same object must also set `sectionName`. 2601 * If one ParentRef sets `port`, all ParentRefs referencing the same 2602 object must also set `port`. * If one ParentRef sets `sectionName` 2603 and `port`, all ParentRefs referencing the same object must also 2604 set `sectionName` and `port`. \n It is possible to separately reference 2605 multiple distinct objects that may be collapsed by an implementation. 2606 For example, some implementations may choose to merge compatible 2607 Gateway Listeners together. If that is the case, the list of routes 2608 attached to those resources should also be merged. \n Note that 2609 for ParentRefs that cross namespace boundaries, there are specific 2610 rules. Cross-namespace references are only valid if they are explicitly 2611 allowed by something in the namespace they are referring to. For 2612 example, Gateway has the AllowedRoutes field, and ReferenceGrant 2613 provides a generic way to enable other kinds of cross-namespace 2614 reference. \n ParentRefs from a Route to a Service in the same 2615 namespace are \"producer\" routes, which apply default routing rules 2616 to inbound connections from any namespace to the Service. \n ParentRefs 2617 from a Route to a Service in a different namespace are \"consumer\" 2618 routes, and these routing rules are only applied to outbound connections 2619 originating from the same namespace as the Route, for which the 2620 intended destination of the connections are a Service targeted as 2621 a ParentRef of the Route. \n " 2622 items: 2623 description: "ParentReference identifies an API object (usually 2624 a Gateway) that can be considered a parent of this resource (usually 2625 a route). There are two kinds of parent resources with \"Core\" 2626 support: \n * Gateway (Gateway conformance profile) * Service 2627 (Mesh conformance profile, experimental, ClusterIP Services only) 2628 \n This API may be extended in the future to support additional 2629 kinds of parent resources. \n The API object must be valid in 2630 the cluster; the Group and Kind must be registered in the cluster 2631 for this reference to be valid." 2632 properties: 2633 group: 2634 default: gateway.networking.k8s.io 2635 description: "Group is the group of the referent. When unspecified, 2636 \"gateway.networking.k8s.io\" is inferred. To set the core 2637 API group (such as for a \"Service\" kind referent), Group 2638 must be explicitly set to \"\" (empty string). \n Support: 2639 Core" 2640 maxLength: 253 2641 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2642 type: string 2643 kind: 2644 default: Gateway 2645 description: "Kind is kind of the referent. \n There are two 2646 kinds of parent resources with \"Core\" support: \n * Gateway 2647 (Gateway conformance profile) * Service (Mesh conformance 2648 profile, experimental, ClusterIP Services only) \n Support 2649 for other resources is Implementation-Specific." 2650 maxLength: 63 2651 minLength: 1 2652 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 2653 type: string 2654 name: 2655 description: "Name is the name of the referent. \n Support: 2656 Core" 2657 maxLength: 253 2658 minLength: 1 2659 type: string 2660 namespace: 2661 description: "Namespace is the namespace of the referent. When 2662 unspecified, this refers to the local namespace of the Route. 2663 \n Note that there are specific rules for ParentRefs which 2664 cross namespace boundaries. Cross-namespace references are 2665 only valid if they are explicitly allowed by something in 2666 the namespace they are referring to. For example: Gateway 2667 has the AllowedRoutes field, and ReferenceGrant provides a 2668 generic way to enable any other kind of cross-namespace reference. 2669 \n ParentRefs from a Route to a Service in the same namespace 2670 are \"producer\" routes, which apply default routing rules 2671 to inbound connections from any namespace to the Service. 2672 \n ParentRefs from a Route to a Service in a different namespace 2673 are \"consumer\" routes, and these routing rules are only 2674 applied to outbound connections originating from the same 2675 namespace as the Route, for which the intended destination 2676 of the connections are a Service targeted as a ParentRef of 2677 the Route. \n Support: Core" 2678 maxLength: 63 2679 minLength: 1 2680 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 2681 type: string 2682 port: 2683 description: "Port is the network port this Route targets. It 2684 can be interpreted differently based on the type of parent 2685 resource. \n When the parent resource is a Gateway, this targets 2686 all listeners listening on the specified port that also support 2687 this kind of Route(and select this Route). It's not recommended 2688 to set `Port` unless the networking behaviors specified in 2689 a Route must apply to a specific port as opposed to a listener(s) 2690 whose port(s) may be changed. When both Port and SectionName 2691 are specified, the name and port of the selected listener 2692 must match both specified values. \n When the parent resource 2693 is a Service, this targets a specific port in the Service 2694 spec. When both Port (experimental) and SectionName are specified, 2695 the name and port of the selected port must match both specified 2696 values. \n Implementations MAY choose to support other parent 2697 resources. Implementations supporting other types of parent 2698 resources MUST clearly document how/if Port is interpreted. 2699 \n For the purpose of status, an attachment is considered 2700 successful as long as the parent resource accepts it partially. 2701 For example, Gateway listeners can restrict which Routes can 2702 attach to them by Route kind, namespace, or hostname. If 1 2703 of 2 Gateway listeners accept attachment from the referencing 2704 Route, the Route MUST be considered successfully attached. 2705 If no Gateway listeners accept attachment from this Route, 2706 the Route MUST be considered detached from the Gateway. \n 2707 Support: Extended \n " 2708 format: int32 2709 maximum: 65535 2710 minimum: 1 2711 type: integer 2712 sectionName: 2713 description: "SectionName is the name of a section within the 2714 target resource. In the following resources, SectionName is 2715 interpreted as the following: \n * Gateway: Listener Name. 2716 When both Port (experimental) and SectionName are specified, 2717 the name and port of the selected listener must match both 2718 specified values. * Service: Port Name. When both Port (experimental) 2719 and SectionName are specified, the name and port of the selected 2720 listener must match both specified values. Note that attaching 2721 Routes to Services as Parents is part of experimental Mesh 2722 support and is not supported for any other purpose. \n Implementations 2723 MAY choose to support attaching Routes to other resources. 2724 If that is the case, they MUST clearly document how SectionName 2725 is interpreted. \n When unspecified (empty string), this will 2726 reference the entire resource. For the purpose of status, 2727 an attachment is considered successful if at least one section 2728 in the parent resource accepts it. For example, Gateway listeners 2729 can restrict which Routes can attach to them by Route kind, 2730 namespace, or hostname. If 1 of 2 Gateway listeners accept 2731 attachment from the referencing Route, the Route MUST be considered 2732 successfully attached. If no Gateway listeners accept attachment 2733 from this Route, the Route MUST be considered detached from 2734 the Gateway. \n Support: Core" 2735 maxLength: 253 2736 minLength: 1 2737 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2738 type: string 2739 required: 2740 - name 2741 type: object 2742 maxItems: 32 2743 type: array 2744 x-kubernetes-validations: 2745 - message: sectionName or port must be specified when parentRefs includes 2746 2 or more references to the same parent 2747 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind 2748 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 2749 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ 2750 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && 2751 p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) 2752 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName 2753 == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) 2754 || p2.port == 0)): true))' 2755 - message: sectionName or port must be unique when parentRefs includes 2756 2 or more references to the same parent 2757 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind 2758 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 2759 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ 2760 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && 2761 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) 2762 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName 2763 == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName 2764 == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) 2765 || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port 2766 == p2.port)))) 2767 rules: 2768 default: 2769 - matches: 2770 - path: 2771 type: PathPrefix 2772 value: / 2773 description: Rules are a list of HTTP matchers, filters and actions. 2774 items: 2775 description: HTTPRouteRule defines semantics for matching an HTTP 2776 request based on conditions (matches), processing it (filters), 2777 and forwarding the request to an API object (backendRefs). 2778 properties: 2779 backendRefs: 2780 description: "BackendRefs defines the backend(s) where matching 2781 requests should be sent. \n Failure behavior here depends 2782 on how many BackendRefs are specified and how many are invalid. 2783 \n If *all* entries in BackendRefs are invalid, and there 2784 are also no filters specified in this route rule, *all* traffic 2785 which matches this rule MUST receive a 500 status code. \n 2786 See the HTTPBackendRef definition for the rules about what 2787 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef 2788 is invalid, 500 status codes MUST be returned for requests 2789 that would have otherwise been routed to an invalid backend. 2790 If multiple backends are specified, and some are invalid, 2791 the proportion of requests that would otherwise have been 2792 routed to an invalid backend MUST receive a 500 status code. 2793 \n For example, if two backends are specified with equal weights, 2794 and one is invalid, 50 percent of traffic must receive a 500. 2795 Implementations may choose how that 50 percent is determined. 2796 \n Support: Core for Kubernetes Service \n Support: Extended 2797 for Kubernetes ServiceImport \n Support: Implementation-specific 2798 for any other resource \n Support for weight: Core" 2799 items: 2800 description: "HTTPBackendRef defines how a HTTPRoute forwards 2801 a HTTP request. \n Note that when a namespace different 2802 than the local namespace is specified, a ReferenceGrant 2803 object is required in the referent namespace to allow that 2804 namespace's owner to accept the reference. See the ReferenceGrant 2805 documentation for details. \n <gateway:experimental:description> 2806 \n When the BackendRef points to a Kubernetes Service, implementations 2807 SHOULD honor the appProtocol field if it is set for the 2808 target Service Port. \n Implementations supporting appProtocol 2809 SHOULD recognize the Kubernetes Standard Application Protocols 2810 defined in KEP-3726. \n If a Service appProtocol isn't specified, 2811 an implementation MAY infer the backend protocol through 2812 its own means. Implementations MAY infer the protocol from 2813 the Route type referring to the backend Service. \n If a 2814 Route is not able to send traffic to the backend using the 2815 specified protocol then the backend is considered invalid. 2816 Implementations MUST set the \"ResolvedRefs\" condition 2817 to \"False\" with the \"UnsupportedProtocol\" reason. \n 2818 </gateway:experimental:description>" 2819 properties: 2820 filters: 2821 description: "Filters defined at this level should be 2822 executed if and only if the request is being forwarded 2823 to the backend defined here. \n Support: Implementation-specific 2824 (For broader support of filters, use the Filters field 2825 in HTTPRouteRule.)" 2826 items: 2827 description: HTTPRouteFilter defines processing steps 2828 that must be completed during the request or response 2829 lifecycle. HTTPRouteFilters are meant as an extension 2830 point to express processing that may be done in Gateway 2831 implementations. Some examples include request or 2832 response modification, implementing authentication 2833 strategies, rate-limiting, and traffic shaping. API 2834 guarantee/conformance is defined based on the type 2835 of the filter. 2836 properties: 2837 extensionRef: 2838 description: "ExtensionRef is an optional, implementation-specific 2839 extension to the \"filter\" behavior. For example, 2840 resource \"myroutefilter\" in group \"networking.example.net\"). 2841 ExtensionRef MUST NOT be used for core and extended 2842 filters. \n This filter can be used multiple times 2843 within the same rule. \n Support: Implementation-specific" 2844 properties: 2845 group: 2846 description: Group is the group of the referent. 2847 For example, "gateway.networking.k8s.io". 2848 When unspecified or empty string, core API 2849 group is inferred. 2850 maxLength: 253 2851 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2852 type: string 2853 kind: 2854 description: Kind is kind of the referent. For 2855 example "HTTPRoute" or "Service". 2856 maxLength: 63 2857 minLength: 1 2858 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 2859 type: string 2860 name: 2861 description: Name is the name of the referent. 2862 maxLength: 253 2863 minLength: 1 2864 type: string 2865 required: 2866 - group 2867 - kind 2868 - name 2869 type: object 2870 requestHeaderModifier: 2871 description: "RequestHeaderModifier defines a schema 2872 for a filter that modifies request headers. \n 2873 Support: Core" 2874 properties: 2875 add: 2876 description: "Add adds the given header(s) (name, 2877 value) to the request before the action. It 2878 appends to any existing values associated 2879 with the header name. \n Input: GET /foo HTTP/1.1 2880 my-header: foo \n Config: add: - name: \"my-header\" 2881 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 2882 my-header: foo,bar,baz" 2883 items: 2884 description: HTTPHeader represents an HTTP 2885 Header name and value as defined by RFC 2886 7230. 2887 properties: 2888 name: 2889 description: "Name is the name of the 2890 HTTP Header to be matched. Name matching 2891 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 2892 \n If multiple entries specify equivalent 2893 header names, the first entry with an 2894 equivalent name MUST be considered for 2895 a match. Subsequent entries with an 2896 equivalent header name MUST be ignored. 2897 Due to the case-insensitivity of header 2898 names, \"foo\" and \"Foo\" are considered 2899 equivalent." 2900 maxLength: 256 2901 minLength: 1 2902 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 2903 type: string 2904 value: 2905 description: Value is the value of HTTP 2906 Header to be matched. 2907 maxLength: 4096 2908 minLength: 1 2909 type: string 2910 required: 2911 - name 2912 - value 2913 type: object 2914 maxItems: 16 2915 type: array 2916 x-kubernetes-list-map-keys: 2917 - name 2918 x-kubernetes-list-type: map 2919 remove: 2920 description: "Remove the given header(s) from 2921 the HTTP request before the action. The value 2922 of Remove is a list of HTTP header names. 2923 Note that the header names are case-insensitive 2924 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 2925 \n Input: GET /foo HTTP/1.1 my-header1: foo 2926 my-header2: bar my-header3: baz \n Config: 2927 remove: [\"my-header1\", \"my-header3\"] \n 2928 Output: GET /foo HTTP/1.1 my-header2: bar" 2929 items: 2930 type: string 2931 maxItems: 16 2932 type: array 2933 x-kubernetes-list-type: set 2934 set: 2935 description: "Set overwrites the request with 2936 the given header (name, value) before the 2937 action. \n Input: GET /foo HTTP/1.1 my-header: 2938 foo \n Config: set: - name: \"my-header\" 2939 value: \"bar\" \n Output: GET /foo HTTP/1.1 2940 my-header: bar" 2941 items: 2942 description: HTTPHeader represents an HTTP 2943 Header name and value as defined by RFC 2944 7230. 2945 properties: 2946 name: 2947 description: "Name is the name of the 2948 HTTP Header to be matched. Name matching 2949 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 2950 \n If multiple entries specify equivalent 2951 header names, the first entry with an 2952 equivalent name MUST be considered for 2953 a match. Subsequent entries with an 2954 equivalent header name MUST be ignored. 2955 Due to the case-insensitivity of header 2956 names, \"foo\" and \"Foo\" are considered 2957 equivalent." 2958 maxLength: 256 2959 minLength: 1 2960 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 2961 type: string 2962 value: 2963 description: Value is the value of HTTP 2964 Header to be matched. 2965 maxLength: 4096 2966 minLength: 1 2967 type: string 2968 required: 2969 - name 2970 - value 2971 type: object 2972 maxItems: 16 2973 type: array 2974 x-kubernetes-list-map-keys: 2975 - name 2976 x-kubernetes-list-type: map 2977 type: object 2978 requestMirror: 2979 description: "RequestMirror defines a schema for 2980 a filter that mirrors requests. Requests are sent 2981 to the specified destination, but responses from 2982 that destination are ignored. \n This filter can 2983 be used multiple times within the same rule. Note 2984 that not all implementations will be able to support 2985 mirroring to multiple backends. \n Support: Extended" 2986 properties: 2987 backendRef: 2988 description: "BackendRef references a resource 2989 where mirrored requests are sent. \n Mirrored 2990 requests must be sent only to a single destination 2991 endpoint within this BackendRef, irrespective 2992 of how many endpoints are present within this 2993 BackendRef. \n If the referent cannot be found, 2994 this BackendRef is invalid and must be dropped 2995 from the Gateway. The controller must ensure 2996 the \"ResolvedRefs\" condition on the Route 2997 status is set to `status: False` and not configure 2998 this backend in the underlying implementation. 2999 \n If there is a cross-namespace reference 3000 to an *existing* object that is not allowed 3001 by a ReferenceGrant, the controller must ensure 3002 the \"ResolvedRefs\" condition on the Route 3003 is set to `status: False`, with the \"RefNotPermitted\" 3004 reason and not configure this backend in the 3005 underlying implementation. \n In either error 3006 case, the Message of the `ResolvedRefs` Condition 3007 should be used to provide more detail about 3008 the problem. \n Support: Extended for Kubernetes 3009 Service \n Support: Implementation-specific 3010 for any other resource" 3011 properties: 3012 group: 3013 default: "" 3014 description: Group is the group of the referent. 3015 For example, "gateway.networking.k8s.io". 3016 When unspecified or empty string, core 3017 API group is inferred. 3018 maxLength: 253 3019 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3020 type: string 3021 kind: 3022 default: Service 3023 description: "Kind is the Kubernetes resource 3024 kind of the referent. For example \"Service\". 3025 \n Defaults to \"Service\" when not specified. 3026 \n ExternalName services can refer to 3027 CNAME DNS records that may live outside 3028 of the cluster and as such are difficult 3029 to reason about in terms of conformance. 3030 They also may not be safe to forward to 3031 (see CVE-2021-25740 for more information). 3032 Implementations SHOULD NOT support ExternalName 3033 Services. \n Support: Core (Services with 3034 a type other than ExternalName) \n Support: 3035 Implementation-specific (Services with 3036 type ExternalName)" 3037 maxLength: 63 3038 minLength: 1 3039 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 3040 type: string 3041 name: 3042 description: Name is the name of the referent. 3043 maxLength: 253 3044 minLength: 1 3045 type: string 3046 namespace: 3047 description: "Namespace is the namespace 3048 of the backend. When unspecified, the 3049 local namespace is inferred. \n Note that 3050 when a namespace different than the local 3051 namespace is specified, a ReferenceGrant 3052 object is required in the referent namespace 3053 to allow that namespace's owner to accept 3054 the reference. See the ReferenceGrant 3055 documentation for details. \n Support: 3056 Core" 3057 maxLength: 63 3058 minLength: 1 3059 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 3060 type: string 3061 port: 3062 description: Port specifies the destination 3063 port number to use for this resource. 3064 Port is required when the referent is 3065 a Kubernetes Service. In this case, the 3066 port number is the service port number, 3067 not the target port. For other resources, 3068 destination port might be derived from 3069 the referent resource or this field. 3070 format: int32 3071 maximum: 65535 3072 minimum: 1 3073 type: integer 3074 required: 3075 - name 3076 type: object 3077 x-kubernetes-validations: 3078 - message: Must have port for Service reference 3079 rule: '(size(self.group) == 0 && self.kind 3080 == ''Service'') ? has(self.port) : true' 3081 required: 3082 - backendRef 3083 type: object 3084 requestRedirect: 3085 description: "RequestRedirect defines a schema for 3086 a filter that responds to the request with an 3087 HTTP redirection. \n Support: Core" 3088 properties: 3089 hostname: 3090 description: "Hostname is the hostname to be 3091 used in the value of the `Location` header 3092 in the response. When empty, the hostname 3093 in the `Host` header of the request is used. 3094 \n Support: Core" 3095 maxLength: 253 3096 minLength: 1 3097 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3098 type: string 3099 path: 3100 description: "Path defines parameters used to 3101 modify the path of the incoming request. The 3102 modified path is then used to construct the 3103 `Location` header. When empty, the request 3104 path is used as-is. \n Support: Extended" 3105 properties: 3106 replaceFullPath: 3107 description: ReplaceFullPath specifies the 3108 value with which to replace the full path 3109 of a request during a rewrite or redirect. 3110 maxLength: 1024 3111 type: string 3112 replacePrefixMatch: 3113 description: "ReplacePrefixMatch specifies 3114 the value with which to replace the prefix 3115 match of a request during a rewrite or 3116 redirect. For example, a request to \"/foo/bar\" 3117 with a prefix match of \"/foo\" and a 3118 ReplacePrefixMatch of \"/xyz\" would be 3119 modified to \"/xyz/bar\". \n Note that 3120 this matches the behavior of the PathPrefix 3121 match type. This matches full path elements. 3122 A path element refers to the list of labels 3123 in the path split by the `/` separator. 3124 When specified, a trailing `/` is ignored. 3125 For example, the paths `/abc`, `/abc/`, 3126 and `/abc/def` would all match the prefix 3127 `/abc`, but the path `/abcd` would not. 3128 \n ReplacePrefixMatch is only compatible 3129 with a `PathPrefix` HTTPRouteMatch. Using 3130 any other HTTPRouteMatch type on the same 3131 HTTPRouteRule will result in the implementation 3132 setting the Accepted Condition for the 3133 Route to `status: False`. \n Request Path 3134 | Prefix Match | Replace Prefix | Modified 3135 Path -------------|--------------|----------------|---------- 3136 /foo/bar | /foo | /xyz | 3137 /xyz/bar /foo/bar | /foo | 3138 /xyz/ | /xyz/bar /foo/bar | 3139 /foo/ | /xyz | /xyz/bar 3140 /foo/bar | /foo/ | /xyz/ | 3141 /xyz/bar /foo | /foo | 3142 /xyz | /xyz /foo/ | /foo 3143 \ | /xyz | /xyz/ /foo/bar 3144 \ | /foo | <empty string> | 3145 /bar /foo/ | /foo | <empty 3146 string> | / /foo | /foo | 3147 <empty string> | / /foo/ | /foo 3148 \ | / | / /foo | 3149 /foo | / | /" 3150 maxLength: 1024 3151 type: string 3152 type: 3153 description: "Type defines the type of path 3154 modifier. Additional types may be added 3155 in a future release of the API. \n Note 3156 that values may be added to this enum, 3157 implementations must ensure that unknown 3158 values will not cause a crash. \n Unknown 3159 values here must result in the implementation 3160 setting the Accepted Condition for the 3161 Route to `status: False`, with a Reason 3162 of `UnsupportedValue`." 3163 enum: 3164 - ReplaceFullPath 3165 - ReplacePrefixMatch 3166 type: string 3167 required: 3168 - type 3169 type: object 3170 x-kubernetes-validations: 3171 - message: replaceFullPath must be specified 3172 when type is set to 'ReplaceFullPath' 3173 rule: 'self.type == ''ReplaceFullPath'' ? 3174 has(self.replaceFullPath) : true' 3175 - message: type must be 'ReplaceFullPath' when 3176 replaceFullPath is set 3177 rule: 'has(self.replaceFullPath) ? self.type 3178 == ''ReplaceFullPath'' : true' 3179 - message: replacePrefixMatch must be specified 3180 when type is set to 'ReplacePrefixMatch' 3181 rule: 'self.type == ''ReplacePrefixMatch'' 3182 ? has(self.replacePrefixMatch) : true' 3183 - message: type must be 'ReplacePrefixMatch' 3184 when replacePrefixMatch is set 3185 rule: 'has(self.replacePrefixMatch) ? self.type 3186 == ''ReplacePrefixMatch'' : true' 3187 port: 3188 description: "Port is the port to be used in 3189 the value of the `Location` header in the 3190 response. \n If no port is specified, the 3191 redirect port MUST be derived using the following 3192 rules: \n * If redirect scheme is not-empty, 3193 the redirect port MUST be the well-known port 3194 associated with the redirect scheme. Specifically 3195 \"http\" to port 80 and \"https\" to port 3196 443. If the redirect scheme does not have 3197 a well-known port, the listener port of the 3198 Gateway SHOULD be used. * If redirect scheme 3199 is empty, the redirect port MUST be the Gateway 3200 Listener port. \n Implementations SHOULD NOT 3201 add the port number in the 'Location' header 3202 in the following cases: \n * A Location header 3203 that will use HTTP (whether that is determined 3204 via the Listener protocol or the Scheme field) 3205 _and_ use port 80. * A Location header that 3206 will use HTTPS (whether that is determined 3207 via the Listener protocol or the Scheme field) 3208 _and_ use port 443. \n Support: Extended" 3209 format: int32 3210 maximum: 65535 3211 minimum: 1 3212 type: integer 3213 scheme: 3214 description: "Scheme is the scheme to be used 3215 in the value of the `Location` header in the 3216 response. When empty, the scheme of the request 3217 is used. \n Scheme redirects can affect the 3218 port of the redirect, for more information, 3219 refer to the documentation for the port field 3220 of this filter. \n Note that values may be 3221 added to this enum, implementations must ensure 3222 that unknown values will not cause a crash. 3223 \n Unknown values here must result in the 3224 implementation setting the Accepted Condition 3225 for the Route to `status: False`, with a Reason 3226 of `UnsupportedValue`. \n Support: Extended" 3227 enum: 3228 - http 3229 - https 3230 type: string 3231 statusCode: 3232 default: 302 3233 description: "StatusCode is the HTTP status 3234 code to be used in response. \n Note that 3235 values may be added to this enum, implementations 3236 must ensure that unknown values will not cause 3237 a crash. \n Unknown values here must result 3238 in the implementation setting the Accepted 3239 Condition for the Route to `status: False`, 3240 with a Reason of `UnsupportedValue`. \n Support: 3241 Core" 3242 enum: 3243 - 301 3244 - 302 3245 type: integer 3246 type: object 3247 responseHeaderModifier: 3248 description: "ResponseHeaderModifier defines a schema 3249 for a filter that modifies response headers. \n 3250 Support: Extended" 3251 properties: 3252 add: 3253 description: "Add adds the given header(s) (name, 3254 value) to the request before the action. It 3255 appends to any existing values associated 3256 with the header name. \n Input: GET /foo HTTP/1.1 3257 my-header: foo \n Config: add: - name: \"my-header\" 3258 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 3259 my-header: foo,bar,baz" 3260 items: 3261 description: HTTPHeader represents an HTTP 3262 Header name and value as defined by RFC 3263 7230. 3264 properties: 3265 name: 3266 description: "Name is the name of the 3267 HTTP Header to be matched. Name matching 3268 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3269 \n If multiple entries specify equivalent 3270 header names, the first entry with an 3271 equivalent name MUST be considered for 3272 a match. Subsequent entries with an 3273 equivalent header name MUST be ignored. 3274 Due to the case-insensitivity of header 3275 names, \"foo\" and \"Foo\" are considered 3276 equivalent." 3277 maxLength: 256 3278 minLength: 1 3279 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3280 type: string 3281 value: 3282 description: Value is the value of HTTP 3283 Header to be matched. 3284 maxLength: 4096 3285 minLength: 1 3286 type: string 3287 required: 3288 - name 3289 - value 3290 type: object 3291 maxItems: 16 3292 type: array 3293 x-kubernetes-list-map-keys: 3294 - name 3295 x-kubernetes-list-type: map 3296 remove: 3297 description: "Remove the given header(s) from 3298 the HTTP request before the action. The value 3299 of Remove is a list of HTTP header names. 3300 Note that the header names are case-insensitive 3301 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 3302 \n Input: GET /foo HTTP/1.1 my-header1: foo 3303 my-header2: bar my-header3: baz \n Config: 3304 remove: [\"my-header1\", \"my-header3\"] \n 3305 Output: GET /foo HTTP/1.1 my-header2: bar" 3306 items: 3307 type: string 3308 maxItems: 16 3309 type: array 3310 x-kubernetes-list-type: set 3311 set: 3312 description: "Set overwrites the request with 3313 the given header (name, value) before the 3314 action. \n Input: GET /foo HTTP/1.1 my-header: 3315 foo \n Config: set: - name: \"my-header\" 3316 value: \"bar\" \n Output: GET /foo HTTP/1.1 3317 my-header: bar" 3318 items: 3319 description: HTTPHeader represents an HTTP 3320 Header name and value as defined by RFC 3321 7230. 3322 properties: 3323 name: 3324 description: "Name is the name of the 3325 HTTP Header to be matched. Name matching 3326 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3327 \n If multiple entries specify equivalent 3328 header names, the first entry with an 3329 equivalent name MUST be considered for 3330 a match. Subsequent entries with an 3331 equivalent header name MUST be ignored. 3332 Due to the case-insensitivity of header 3333 names, \"foo\" and \"Foo\" are considered 3334 equivalent." 3335 maxLength: 256 3336 minLength: 1 3337 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3338 type: string 3339 value: 3340 description: Value is the value of HTTP 3341 Header to be matched. 3342 maxLength: 4096 3343 minLength: 1 3344 type: string 3345 required: 3346 - name 3347 - value 3348 type: object 3349 maxItems: 16 3350 type: array 3351 x-kubernetes-list-map-keys: 3352 - name 3353 x-kubernetes-list-type: map 3354 type: object 3355 type: 3356 description: "Type identifies the type of filter 3357 to apply. As with other API fields, types are 3358 classified into three conformance levels: \n - 3359 Core: Filter types and their corresponding configuration 3360 defined by \"Support: Core\" in this package, 3361 e.g. \"RequestHeaderModifier\". All implementations 3362 must support core filters. \n - Extended: Filter 3363 types and their corresponding configuration defined 3364 by \"Support: Extended\" in this package, e.g. 3365 \"RequestMirror\". Implementers are encouraged 3366 to support extended filters. \n - Implementation-specific: 3367 Filters that are defined and supported by specific 3368 vendors. In the future, filters showing convergence 3369 in behavior across multiple implementations will 3370 be considered for inclusion in extended or core 3371 conformance levels. Filter-specific configuration 3372 for such filters is specified using the ExtensionRef 3373 field. `Type` should be set to \"ExtensionRef\" 3374 for custom filters. \n Implementers are encouraged 3375 to define custom implementation types to extend 3376 the core API with implementation-specific behavior. 3377 \n If a reference to a custom filter type cannot 3378 be resolved, the filter MUST NOT be skipped. Instead, 3379 requests that would have been processed by that 3380 filter MUST receive a HTTP error response. \n 3381 Note that values may be added to this enum, implementations 3382 must ensure that unknown values will not cause 3383 a crash. \n Unknown values here must result in 3384 the implementation setting the Accepted Condition 3385 for the Route to `status: False`, with a Reason 3386 of `UnsupportedValue`." 3387 enum: 3388 - RequestHeaderModifier 3389 - ResponseHeaderModifier 3390 - RequestMirror 3391 - RequestRedirect 3392 - URLRewrite 3393 - ExtensionRef 3394 type: string 3395 urlRewrite: 3396 description: "URLRewrite defines a schema for a 3397 filter that modifies a request during forwarding. 3398 \n Support: Extended" 3399 properties: 3400 hostname: 3401 description: "Hostname is the value to be used 3402 to replace the Host header value during forwarding. 3403 \n Support: Extended" 3404 maxLength: 253 3405 minLength: 1 3406 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3407 type: string 3408 path: 3409 description: "Path defines a path rewrite. \n 3410 Support: Extended" 3411 properties: 3412 replaceFullPath: 3413 description: ReplaceFullPath specifies the 3414 value with which to replace the full path 3415 of a request during a rewrite or redirect. 3416 maxLength: 1024 3417 type: string 3418 replacePrefixMatch: 3419 description: "ReplacePrefixMatch specifies 3420 the value with which to replace the prefix 3421 match of a request during a rewrite or 3422 redirect. For example, a request to \"/foo/bar\" 3423 with a prefix match of \"/foo\" and a 3424 ReplacePrefixMatch of \"/xyz\" would be 3425 modified to \"/xyz/bar\". \n Note that 3426 this matches the behavior of the PathPrefix 3427 match type. This matches full path elements. 3428 A path element refers to the list of labels 3429 in the path split by the `/` separator. 3430 When specified, a trailing `/` is ignored. 3431 For example, the paths `/abc`, `/abc/`, 3432 and `/abc/def` would all match the prefix 3433 `/abc`, but the path `/abcd` would not. 3434 \n ReplacePrefixMatch is only compatible 3435 with a `PathPrefix` HTTPRouteMatch. Using 3436 any other HTTPRouteMatch type on the same 3437 HTTPRouteRule will result in the implementation 3438 setting the Accepted Condition for the 3439 Route to `status: False`. \n Request Path 3440 | Prefix Match | Replace Prefix | Modified 3441 Path -------------|--------------|----------------|---------- 3442 /foo/bar | /foo | /xyz | 3443 /xyz/bar /foo/bar | /foo | 3444 /xyz/ | /xyz/bar /foo/bar | 3445 /foo/ | /xyz | /xyz/bar 3446 /foo/bar | /foo/ | /xyz/ | 3447 /xyz/bar /foo | /foo | 3448 /xyz | /xyz /foo/ | /foo 3449 \ | /xyz | /xyz/ /foo/bar 3450 \ | /foo | <empty string> | 3451 /bar /foo/ | /foo | <empty 3452 string> | / /foo | /foo | 3453 <empty string> | / /foo/ | /foo 3454 \ | / | / /foo | 3455 /foo | / | /" 3456 maxLength: 1024 3457 type: string 3458 type: 3459 description: "Type defines the type of path 3460 modifier. Additional types may be added 3461 in a future release of the API. \n Note 3462 that values may be added to this enum, 3463 implementations must ensure that unknown 3464 values will not cause a crash. \n Unknown 3465 values here must result in the implementation 3466 setting the Accepted Condition for the 3467 Route to `status: False`, with a Reason 3468 of `UnsupportedValue`." 3469 enum: 3470 - ReplaceFullPath 3471 - ReplacePrefixMatch 3472 type: string 3473 required: 3474 - type 3475 type: object 3476 x-kubernetes-validations: 3477 - message: replaceFullPath must be specified 3478 when type is set to 'ReplaceFullPath' 3479 rule: 'self.type == ''ReplaceFullPath'' ? 3480 has(self.replaceFullPath) : true' 3481 - message: type must be 'ReplaceFullPath' when 3482 replaceFullPath is set 3483 rule: 'has(self.replaceFullPath) ? self.type 3484 == ''ReplaceFullPath'' : true' 3485 - message: replacePrefixMatch must be specified 3486 when type is set to 'ReplacePrefixMatch' 3487 rule: 'self.type == ''ReplacePrefixMatch'' 3488 ? has(self.replacePrefixMatch) : true' 3489 - message: type must be 'ReplacePrefixMatch' 3490 when replacePrefixMatch is set 3491 rule: 'has(self.replacePrefixMatch) ? self.type 3492 == ''ReplacePrefixMatch'' : true' 3493 type: object 3494 required: 3495 - type 3496 type: object 3497 x-kubernetes-validations: 3498 - message: filter.requestHeaderModifier must be nil 3499 if the filter.type is not RequestHeaderModifier 3500 rule: '!(has(self.requestHeaderModifier) && self.type 3501 != ''RequestHeaderModifier'')' 3502 - message: filter.requestHeaderModifier must be specified 3503 for RequestHeaderModifier filter.type 3504 rule: '!(!has(self.requestHeaderModifier) && self.type 3505 == ''RequestHeaderModifier'')' 3506 - message: filter.responseHeaderModifier must be nil 3507 if the filter.type is not ResponseHeaderModifier 3508 rule: '!(has(self.responseHeaderModifier) && self.type 3509 != ''ResponseHeaderModifier'')' 3510 - message: filter.responseHeaderModifier must be specified 3511 for ResponseHeaderModifier filter.type 3512 rule: '!(!has(self.responseHeaderModifier) && self.type 3513 == ''ResponseHeaderModifier'')' 3514 - message: filter.requestMirror must be nil if the filter.type 3515 is not RequestMirror 3516 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 3517 - message: filter.requestMirror must be specified for 3518 RequestMirror filter.type 3519 rule: '!(!has(self.requestMirror) && self.type == 3520 ''RequestMirror'')' 3521 - message: filter.requestRedirect must be nil if the 3522 filter.type is not RequestRedirect 3523 rule: '!(has(self.requestRedirect) && self.type != 3524 ''RequestRedirect'')' 3525 - message: filter.requestRedirect must be specified 3526 for RequestRedirect filter.type 3527 rule: '!(!has(self.requestRedirect) && self.type == 3528 ''RequestRedirect'')' 3529 - message: filter.urlRewrite must be nil if the filter.type 3530 is not URLRewrite 3531 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')' 3532 - message: filter.urlRewrite must be specified for URLRewrite 3533 filter.type 3534 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')' 3535 - message: filter.extensionRef must be nil if the filter.type 3536 is not ExtensionRef 3537 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 3538 - message: filter.extensionRef must be specified for 3539 ExtensionRef filter.type 3540 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 3541 maxItems: 16 3542 type: array 3543 x-kubernetes-validations: 3544 - message: May specify either httpRouteFilterRequestRedirect 3545 or httpRouteFilterRequestRewrite, but not both 3546 rule: '!(self.exists(f, f.type == ''RequestRedirect'') 3547 && self.exists(f, f.type == ''URLRewrite''))' 3548 - message: May specify either httpRouteFilterRequestRedirect 3549 or httpRouteFilterRequestRewrite, but not both 3550 rule: '!(self.exists(f, f.type == ''RequestRedirect'') 3551 && self.exists(f, f.type == ''URLRewrite''))' 3552 - message: RequestHeaderModifier filter cannot be repeated 3553 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 3554 <= 1 3555 - message: ResponseHeaderModifier filter cannot be repeated 3556 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 3557 <= 1 3558 - message: RequestRedirect filter cannot be repeated 3559 rule: self.filter(f, f.type == 'RequestRedirect').size() 3560 <= 1 3561 - message: URLRewrite filter cannot be repeated 3562 rule: self.filter(f, f.type == 'URLRewrite').size() 3563 <= 1 3564 group: 3565 default: "" 3566 description: Group is the group of the referent. For example, 3567 "gateway.networking.k8s.io". When unspecified or empty 3568 string, core API group is inferred. 3569 maxLength: 253 3570 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3571 type: string 3572 kind: 3573 default: Service 3574 description: "Kind is the Kubernetes resource kind of 3575 the referent. For example \"Service\". \n Defaults to 3576 \"Service\" when not specified. \n ExternalName services 3577 can refer to CNAME DNS records that may live outside 3578 of the cluster and as such are difficult to reason about 3579 in terms of conformance. They also may not be safe to 3580 forward to (see CVE-2021-25740 for more information). 3581 Implementations SHOULD NOT support ExternalName Services. 3582 \n Support: Core (Services with a type other than ExternalName) 3583 \n Support: Implementation-specific (Services with type 3584 ExternalName)" 3585 maxLength: 63 3586 minLength: 1 3587 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 3588 type: string 3589 name: 3590 description: Name is the name of the referent. 3591 maxLength: 253 3592 minLength: 1 3593 type: string 3594 namespace: 3595 description: "Namespace is the namespace of the backend. 3596 When unspecified, the local namespace is inferred. \n 3597 Note that when a namespace different than the local 3598 namespace is specified, a ReferenceGrant object is required 3599 in the referent namespace to allow that namespace's 3600 owner to accept the reference. See the ReferenceGrant 3601 documentation for details. \n Support: Core" 3602 maxLength: 63 3603 minLength: 1 3604 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 3605 type: string 3606 port: 3607 description: Port specifies the destination port number 3608 to use for this resource. Port is required when the 3609 referent is a Kubernetes Service. In this case, the 3610 port number is the service port number, not the target 3611 port. For other resources, destination port might be 3612 derived from the referent resource or this field. 3613 format: int32 3614 maximum: 65535 3615 minimum: 1 3616 type: integer 3617 weight: 3618 default: 1 3619 description: "Weight specifies the proportion of requests 3620 forwarded to the referenced backend. This is computed 3621 as weight/(sum of all weights in this BackendRefs list). 3622 For non-zero values, there may be some epsilon from 3623 the exact proportion defined here depending on the precision 3624 an implementation supports. Weight is not a percentage 3625 and the sum of weights does not need to equal 100. \n 3626 If only one backend is specified and it has a weight 3627 greater than 0, 100% of the traffic is forwarded to 3628 that backend. If weight is set to 0, no traffic should 3629 be forwarded for this entry. If unspecified, weight 3630 defaults to 1. \n Support for this field varies based 3631 on the context where used." 3632 format: int32 3633 maximum: 1000000 3634 minimum: 0 3635 type: integer 3636 required: 3637 - name 3638 type: object 3639 x-kubernetes-validations: 3640 - message: Must have port for Service reference 3641 rule: '(size(self.group) == 0 && self.kind == ''Service'') 3642 ? has(self.port) : true' 3643 maxItems: 16 3644 type: array 3645 filters: 3646 description: "Filters define the filters that are applied to 3647 requests that match this rule. \n The effects of ordering 3648 of multiple behaviors are currently unspecified. This can 3649 change in the future based on feedback during the alpha stage. 3650 \n Conformance-levels at this level are defined based on the 3651 type of filter: \n - ALL core filters MUST be supported by 3652 all implementations. - Implementers are encouraged to support 3653 extended filters. - Implementation-specific custom filters 3654 have no API guarantees across implementations. \n Specifying 3655 the same filter multiple times is not supported unless explicitly 3656 indicated in the filter. \n All filters are expected to be 3657 compatible with each other except for the URLRewrite and RequestRedirect 3658 filters, which may not be combined. If an implementation can 3659 not support other combinations of filters, they must clearly 3660 document that limitation. In cases where incompatible or unsupported 3661 filters are specified and cause the `Accepted` condition to 3662 be set to status `False`, implementations may use the `IncompatibleFilters` 3663 reason to specify this configuration error. \n Support: Core" 3664 items: 3665 description: HTTPRouteFilter defines processing steps that 3666 must be completed during the request or response lifecycle. 3667 HTTPRouteFilters are meant as an extension point to express 3668 processing that may be done in Gateway implementations. 3669 Some examples include request or response modification, 3670 implementing authentication strategies, rate-limiting, and 3671 traffic shaping. API guarantee/conformance is defined based 3672 on the type of the filter. 3673 properties: 3674 extensionRef: 3675 description: "ExtensionRef is an optional, implementation-specific 3676 extension to the \"filter\" behavior. For example, 3677 resource \"myroutefilter\" in group \"networking.example.net\"). 3678 ExtensionRef MUST NOT be used for core and extended 3679 filters. \n This filter can be used multiple times within 3680 the same rule. \n Support: Implementation-specific" 3681 properties: 3682 group: 3683 description: Group is the group of the referent. For 3684 example, "gateway.networking.k8s.io". When unspecified 3685 or empty string, core API group is inferred. 3686 maxLength: 253 3687 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3688 type: string 3689 kind: 3690 description: Kind is kind of the referent. For example 3691 "HTTPRoute" or "Service". 3692 maxLength: 63 3693 minLength: 1 3694 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 3695 type: string 3696 name: 3697 description: Name is the name of the referent. 3698 maxLength: 253 3699 minLength: 1 3700 type: string 3701 required: 3702 - group 3703 - kind 3704 - name 3705 type: object 3706 requestHeaderModifier: 3707 description: "RequestHeaderModifier defines a schema for 3708 a filter that modifies request headers. \n Support: 3709 Core" 3710 properties: 3711 add: 3712 description: "Add adds the given header(s) (name, 3713 value) to the request before the action. It appends 3714 to any existing values associated with the header 3715 name. \n Input: GET /foo HTTP/1.1 my-header: foo 3716 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 3717 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 3718 items: 3719 description: HTTPHeader represents an HTTP Header 3720 name and value as defined by RFC 7230. 3721 properties: 3722 name: 3723 description: "Name is the name of the HTTP Header 3724 to be matched. Name matching MUST be case 3725 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3726 \n If multiple entries specify equivalent 3727 header names, the first entry with an equivalent 3728 name MUST be considered for a match. Subsequent 3729 entries with an equivalent header name MUST 3730 be ignored. Due to the case-insensitivity 3731 of header names, \"foo\" and \"Foo\" are considered 3732 equivalent." 3733 maxLength: 256 3734 minLength: 1 3735 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3736 type: string 3737 value: 3738 description: Value is the value of HTTP Header 3739 to be matched. 3740 maxLength: 4096 3741 minLength: 1 3742 type: string 3743 required: 3744 - name 3745 - value 3746 type: object 3747 maxItems: 16 3748 type: array 3749 x-kubernetes-list-map-keys: 3750 - name 3751 x-kubernetes-list-type: map 3752 remove: 3753 description: "Remove the given header(s) from the 3754 HTTP request before the action. The value of Remove 3755 is a list of HTTP header names. Note that the header 3756 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 3757 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 3758 bar my-header3: baz \n Config: remove: [\"my-header1\", 3759 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 3760 bar" 3761 items: 3762 type: string 3763 maxItems: 16 3764 type: array 3765 x-kubernetes-list-type: set 3766 set: 3767 description: "Set overwrites the request with the 3768 given header (name, value) before the action. \n 3769 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 3770 set: - name: \"my-header\" value: \"bar\" \n Output: 3771 GET /foo HTTP/1.1 my-header: bar" 3772 items: 3773 description: HTTPHeader represents an HTTP Header 3774 name and value as defined by RFC 7230. 3775 properties: 3776 name: 3777 description: "Name is the name of the HTTP Header 3778 to be matched. Name matching MUST be case 3779 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3780 \n If multiple entries specify equivalent 3781 header names, the first entry with an equivalent 3782 name MUST be considered for a match. Subsequent 3783 entries with an equivalent header name MUST 3784 be ignored. Due to the case-insensitivity 3785 of header names, \"foo\" and \"Foo\" are considered 3786 equivalent." 3787 maxLength: 256 3788 minLength: 1 3789 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3790 type: string 3791 value: 3792 description: Value is the value of HTTP Header 3793 to be matched. 3794 maxLength: 4096 3795 minLength: 1 3796 type: string 3797 required: 3798 - name 3799 - value 3800 type: object 3801 maxItems: 16 3802 type: array 3803 x-kubernetes-list-map-keys: 3804 - name 3805 x-kubernetes-list-type: map 3806 type: object 3807 requestMirror: 3808 description: "RequestMirror defines a schema for a filter 3809 that mirrors requests. Requests are sent to the specified 3810 destination, but responses from that destination are 3811 ignored. \n This filter can be used multiple times within 3812 the same rule. Note that not all implementations will 3813 be able to support mirroring to multiple backends. \n 3814 Support: Extended" 3815 properties: 3816 backendRef: 3817 description: "BackendRef references a resource where 3818 mirrored requests are sent. \n Mirrored requests 3819 must be sent only to a single destination endpoint 3820 within this BackendRef, irrespective of how many 3821 endpoints are present within this BackendRef. \n 3822 If the referent cannot be found, this BackendRef 3823 is invalid and must be dropped from the Gateway. 3824 The controller must ensure the \"ResolvedRefs\" 3825 condition on the Route status is set to `status: 3826 False` and not configure this backend in the underlying 3827 implementation. \n If there is a cross-namespace 3828 reference to an *existing* object that is not allowed 3829 by a ReferenceGrant, the controller must ensure 3830 the \"ResolvedRefs\" condition on the Route is 3831 set to `status: False`, with the \"RefNotPermitted\" 3832 reason and not configure this backend in the underlying 3833 implementation. \n In either error case, the Message 3834 of the `ResolvedRefs` Condition should be used to 3835 provide more detail about the problem. \n Support: 3836 Extended for Kubernetes Service \n Support: Implementation-specific 3837 for any other resource" 3838 properties: 3839 group: 3840 default: "" 3841 description: Group is the group of the referent. 3842 For example, "gateway.networking.k8s.io". When 3843 unspecified or empty string, core API group 3844 is inferred. 3845 maxLength: 253 3846 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3847 type: string 3848 kind: 3849 default: Service 3850 description: "Kind is the Kubernetes resource 3851 kind of the referent. For example \"Service\". 3852 \n Defaults to \"Service\" when not specified. 3853 \n ExternalName services can refer to CNAME 3854 DNS records that may live outside of the cluster 3855 and as such are difficult to reason about in 3856 terms of conformance. They also may not be safe 3857 to forward to (see CVE-2021-25740 for more information). 3858 Implementations SHOULD NOT support ExternalName 3859 Services. \n Support: Core (Services with a 3860 type other than ExternalName) \n Support: Implementation-specific 3861 (Services with type ExternalName)" 3862 maxLength: 63 3863 minLength: 1 3864 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 3865 type: string 3866 name: 3867 description: Name is the name of the referent. 3868 maxLength: 253 3869 minLength: 1 3870 type: string 3871 namespace: 3872 description: "Namespace is the namespace of the 3873 backend. When unspecified, the local namespace 3874 is inferred. \n Note that when a namespace different 3875 than the local namespace is specified, a ReferenceGrant 3876 object is required in the referent namespace 3877 to allow that namespace's owner to accept the 3878 reference. See the ReferenceGrant documentation 3879 for details. \n Support: Core" 3880 maxLength: 63 3881 minLength: 1 3882 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 3883 type: string 3884 port: 3885 description: Port specifies the destination port 3886 number to use for this resource. Port is required 3887 when the referent is a Kubernetes Service. In 3888 this case, the port number is the service port 3889 number, not the target port. For other resources, 3890 destination port might be derived from the referent 3891 resource or this field. 3892 format: int32 3893 maximum: 65535 3894 minimum: 1 3895 type: integer 3896 required: 3897 - name 3898 type: object 3899 x-kubernetes-validations: 3900 - message: Must have port for Service reference 3901 rule: '(size(self.group) == 0 && self.kind == ''Service'') 3902 ? has(self.port) : true' 3903 required: 3904 - backendRef 3905 type: object 3906 requestRedirect: 3907 description: "RequestRedirect defines a schema for a filter 3908 that responds to the request with an HTTP redirection. 3909 \n Support: Core" 3910 properties: 3911 hostname: 3912 description: "Hostname is the hostname to be used 3913 in the value of the `Location` header in the response. 3914 When empty, the hostname in the `Host` header of 3915 the request is used. \n Support: Core" 3916 maxLength: 253 3917 minLength: 1 3918 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3919 type: string 3920 path: 3921 description: "Path defines parameters used to modify 3922 the path of the incoming request. The modified path 3923 is then used to construct the `Location` header. 3924 When empty, the request path is used as-is. \n Support: 3925 Extended" 3926 properties: 3927 replaceFullPath: 3928 description: ReplaceFullPath specifies the value 3929 with which to replace the full path of a request 3930 during a rewrite or redirect. 3931 maxLength: 1024 3932 type: string 3933 replacePrefixMatch: 3934 description: "ReplacePrefixMatch specifies the 3935 value with which to replace the prefix match 3936 of a request during a rewrite or redirect. For 3937 example, a request to \"/foo/bar\" with a prefix 3938 match of \"/foo\" and a ReplacePrefixMatch of 3939 \"/xyz\" would be modified to \"/xyz/bar\". 3940 \n Note that this matches the behavior of the 3941 PathPrefix match type. This matches full path 3942 elements. A path element refers to the list 3943 of labels in the path split by the `/` separator. 3944 When specified, a trailing `/` is ignored. For 3945 example, the paths `/abc`, `/abc/`, and `/abc/def` 3946 would all match the prefix `/abc`, but the path 3947 `/abcd` would not. \n ReplacePrefixMatch is 3948 only compatible with a `PathPrefix` HTTPRouteMatch. 3949 Using any other HTTPRouteMatch type on the same 3950 HTTPRouteRule will result in the implementation 3951 setting the Accepted Condition for the Route 3952 to `status: False`. \n Request Path | Prefix 3953 Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- 3954 /foo/bar | /foo | /xyz | 3955 /xyz/bar /foo/bar | /foo | /xyz/ 3956 \ | /xyz/bar /foo/bar | /foo/ | 3957 /xyz | /xyz/bar /foo/bar | /foo/ 3958 \ | /xyz/ | /xyz/bar /foo | 3959 /foo | /xyz | /xyz /foo/ | 3960 /foo | /xyz | /xyz/ /foo/bar 3961 \ | /foo | <empty string> | /bar 3962 /foo/ | /foo | <empty string> 3963 | / /foo | /foo | <empty string> 3964 | / /foo/ | /foo | / | 3965 / /foo | /foo | / | 3966 /" 3967 maxLength: 1024 3968 type: string 3969 type: 3970 description: "Type defines the type of path modifier. 3971 Additional types may be added in a future release 3972 of the API. \n Note that values may be added 3973 to this enum, implementations must ensure that 3974 unknown values will not cause a crash. \n Unknown 3975 values here must result in the implementation 3976 setting the Accepted Condition for the Route 3977 to `status: False`, with a Reason of `UnsupportedValue`." 3978 enum: 3979 - ReplaceFullPath 3980 - ReplacePrefixMatch 3981 type: string 3982 required: 3983 - type 3984 type: object 3985 x-kubernetes-validations: 3986 - message: replaceFullPath must be specified when 3987 type is set to 'ReplaceFullPath' 3988 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath) 3989 : true' 3990 - message: type must be 'ReplaceFullPath' when replaceFullPath 3991 is set 3992 rule: 'has(self.replaceFullPath) ? self.type == 3993 ''ReplaceFullPath'' : true' 3994 - message: replacePrefixMatch must be specified when 3995 type is set to 'ReplacePrefixMatch' 3996 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch) 3997 : true' 3998 - message: type must be 'ReplacePrefixMatch' when 3999 replacePrefixMatch is set 4000 rule: 'has(self.replacePrefixMatch) ? self.type 4001 == ''ReplacePrefixMatch'' : true' 4002 port: 4003 description: "Port is the port to be used in the value 4004 of the `Location` header in the response. \n If 4005 no port is specified, the redirect port MUST be 4006 derived using the following rules: \n * If redirect 4007 scheme is not-empty, the redirect port MUST be the 4008 well-known port associated with the redirect scheme. 4009 Specifically \"http\" to port 80 and \"https\" to 4010 port 443. If the redirect scheme does not have a 4011 well-known port, the listener port of the Gateway 4012 SHOULD be used. * If redirect scheme is empty, the 4013 redirect port MUST be the Gateway Listener port. 4014 \n Implementations SHOULD NOT add the port number 4015 in the 'Location' header in the following cases: 4016 \n * A Location header that will use HTTP (whether 4017 that is determined via the Listener protocol or 4018 the Scheme field) _and_ use port 80. * A Location 4019 header that will use HTTPS (whether that is determined 4020 via the Listener protocol or the Scheme field) _and_ 4021 use port 443. \n Support: Extended" 4022 format: int32 4023 maximum: 65535 4024 minimum: 1 4025 type: integer 4026 scheme: 4027 description: "Scheme is the scheme to be used in the 4028 value of the `Location` header in the response. 4029 When empty, the scheme of the request is used. \n 4030 Scheme redirects can affect the port of the redirect, 4031 for more information, refer to the documentation 4032 for the port field of this filter. \n Note that 4033 values may be added to this enum, implementations 4034 must ensure that unknown values will not cause a 4035 crash. \n Unknown values here must result in the 4036 implementation setting the Accepted Condition for 4037 the Route to `status: False`, with a Reason of `UnsupportedValue`. 4038 \n Support: Extended" 4039 enum: 4040 - http 4041 - https 4042 type: string 4043 statusCode: 4044 default: 302 4045 description: "StatusCode is the HTTP status code to 4046 be used in response. \n Note that values may be 4047 added to this enum, implementations must ensure 4048 that unknown values will not cause a crash. \n Unknown 4049 values here must result in the implementation setting 4050 the Accepted Condition for the Route to `status: 4051 False`, with a Reason of `UnsupportedValue`. \n 4052 Support: Core" 4053 enum: 4054 - 301 4055 - 302 4056 type: integer 4057 type: object 4058 responseHeaderModifier: 4059 description: "ResponseHeaderModifier defines a schema 4060 for a filter that modifies response headers. \n Support: 4061 Extended" 4062 properties: 4063 add: 4064 description: "Add adds the given header(s) (name, 4065 value) to the request before the action. It appends 4066 to any existing values associated with the header 4067 name. \n Input: GET /foo HTTP/1.1 my-header: foo 4068 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 4069 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 4070 items: 4071 description: HTTPHeader represents an HTTP Header 4072 name and value as defined by RFC 7230. 4073 properties: 4074 name: 4075 description: "Name is the name of the HTTP Header 4076 to be matched. Name matching MUST be case 4077 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 4078 \n If multiple entries specify equivalent 4079 header names, the first entry with an equivalent 4080 name MUST be considered for a match. Subsequent 4081 entries with an equivalent header name MUST 4082 be ignored. Due to the case-insensitivity 4083 of header names, \"foo\" and \"Foo\" are considered 4084 equivalent." 4085 maxLength: 256 4086 minLength: 1 4087 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 4088 type: string 4089 value: 4090 description: Value is the value of HTTP Header 4091 to be matched. 4092 maxLength: 4096 4093 minLength: 1 4094 type: string 4095 required: 4096 - name 4097 - value 4098 type: object 4099 maxItems: 16 4100 type: array 4101 x-kubernetes-list-map-keys: 4102 - name 4103 x-kubernetes-list-type: map 4104 remove: 4105 description: "Remove the given header(s) from the 4106 HTTP request before the action. The value of Remove 4107 is a list of HTTP header names. Note that the header 4108 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 4109 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 4110 bar my-header3: baz \n Config: remove: [\"my-header1\", 4111 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 4112 bar" 4113 items: 4114 type: string 4115 maxItems: 16 4116 type: array 4117 x-kubernetes-list-type: set 4118 set: 4119 description: "Set overwrites the request with the 4120 given header (name, value) before the action. \n 4121 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 4122 set: - name: \"my-header\" value: \"bar\" \n Output: 4123 GET /foo HTTP/1.1 my-header: bar" 4124 items: 4125 description: HTTPHeader represents an HTTP Header 4126 name and value as defined by RFC 7230. 4127 properties: 4128 name: 4129 description: "Name is the name of the HTTP Header 4130 to be matched. Name matching MUST be case 4131 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 4132 \n If multiple entries specify equivalent 4133 header names, the first entry with an equivalent 4134 name MUST be considered for a match. Subsequent 4135 entries with an equivalent header name MUST 4136 be ignored. Due to the case-insensitivity 4137 of header names, \"foo\" and \"Foo\" are considered 4138 equivalent." 4139 maxLength: 256 4140 minLength: 1 4141 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 4142 type: string 4143 value: 4144 description: Value is the value of HTTP Header 4145 to be matched. 4146 maxLength: 4096 4147 minLength: 1 4148 type: string 4149 required: 4150 - name 4151 - value 4152 type: object 4153 maxItems: 16 4154 type: array 4155 x-kubernetes-list-map-keys: 4156 - name 4157 x-kubernetes-list-type: map 4158 type: object 4159 type: 4160 description: "Type identifies the type of filter to apply. 4161 As with other API fields, types are classified into 4162 three conformance levels: \n - Core: Filter types and 4163 their corresponding configuration defined by \"Support: 4164 Core\" in this package, e.g. \"RequestHeaderModifier\". 4165 All implementations must support core filters. \n - 4166 Extended: Filter types and their corresponding configuration 4167 defined by \"Support: Extended\" in this package, e.g. 4168 \"RequestMirror\". Implementers are encouraged to support 4169 extended filters. \n - Implementation-specific: Filters 4170 that are defined and supported by specific vendors. 4171 In the future, filters showing convergence in behavior 4172 across multiple implementations will be considered for 4173 inclusion in extended or core conformance levels. Filter-specific 4174 configuration for such filters is specified using the 4175 ExtensionRef field. `Type` should be set to \"ExtensionRef\" 4176 for custom filters. \n Implementers are encouraged to 4177 define custom implementation types to extend the core 4178 API with implementation-specific behavior. \n If a reference 4179 to a custom filter type cannot be resolved, the filter 4180 MUST NOT be skipped. Instead, requests that would have 4181 been processed by that filter MUST receive a HTTP error 4182 response. \n Note that values may be added to this enum, 4183 implementations must ensure that unknown values will 4184 not cause a crash. \n Unknown values here must result 4185 in the implementation setting the Accepted Condition 4186 for the Route to `status: False`, with a Reason of `UnsupportedValue`." 4187 enum: 4188 - RequestHeaderModifier 4189 - ResponseHeaderModifier 4190 - RequestMirror 4191 - RequestRedirect 4192 - URLRewrite 4193 - ExtensionRef 4194 type: string 4195 urlRewrite: 4196 description: "URLRewrite defines a schema for a filter 4197 that modifies a request during forwarding. \n Support: 4198 Extended" 4199 properties: 4200 hostname: 4201 description: "Hostname is the value to be used to 4202 replace the Host header value during forwarding. 4203 \n Support: Extended" 4204 maxLength: 253 4205 minLength: 1 4206 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 4207 type: string 4208 path: 4209 description: "Path defines a path rewrite. \n Support: 4210 Extended" 4211 properties: 4212 replaceFullPath: 4213 description: ReplaceFullPath specifies the value 4214 with which to replace the full path of a request 4215 during a rewrite or redirect. 4216 maxLength: 1024 4217 type: string 4218 replacePrefixMatch: 4219 description: "ReplacePrefixMatch specifies the 4220 value with which to replace the prefix match 4221 of a request during a rewrite or redirect. For 4222 example, a request to \"/foo/bar\" with a prefix 4223 match of \"/foo\" and a ReplacePrefixMatch of 4224 \"/xyz\" would be modified to \"/xyz/bar\". 4225 \n Note that this matches the behavior of the 4226 PathPrefix match type. This matches full path 4227 elements. A path element refers to the list 4228 of labels in the path split by the `/` separator. 4229 When specified, a trailing `/` is ignored. For 4230 example, the paths `/abc`, `/abc/`, and `/abc/def` 4231 would all match the prefix `/abc`, but the path 4232 `/abcd` would not. \n ReplacePrefixMatch is 4233 only compatible with a `PathPrefix` HTTPRouteMatch. 4234 Using any other HTTPRouteMatch type on the same 4235 HTTPRouteRule will result in the implementation 4236 setting the Accepted Condition for the Route 4237 to `status: False`. \n Request Path | Prefix 4238 Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- 4239 /foo/bar | /foo | /xyz | 4240 /xyz/bar /foo/bar | /foo | /xyz/ 4241 \ | /xyz/bar /foo/bar | /foo/ | 4242 /xyz | /xyz/bar /foo/bar | /foo/ 4243 \ | /xyz/ | /xyz/bar /foo | 4244 /foo | /xyz | /xyz /foo/ | 4245 /foo | /xyz | /xyz/ /foo/bar 4246 \ | /foo | <empty string> | /bar 4247 /foo/ | /foo | <empty string> 4248 | / /foo | /foo | <empty string> 4249 | / /foo/ | /foo | / | 4250 / /foo | /foo | / | 4251 /" 4252 maxLength: 1024 4253 type: string 4254 type: 4255 description: "Type defines the type of path modifier. 4256 Additional types may be added in a future release 4257 of the API. \n Note that values may be added 4258 to this enum, implementations must ensure that 4259 unknown values will not cause a crash. \n Unknown 4260 values here must result in the implementation 4261 setting the Accepted Condition for the Route 4262 to `status: False`, with a Reason of `UnsupportedValue`." 4263 enum: 4264 - ReplaceFullPath 4265 - ReplacePrefixMatch 4266 type: string 4267 required: 4268 - type 4269 type: object 4270 x-kubernetes-validations: 4271 - message: replaceFullPath must be specified when 4272 type is set to 'ReplaceFullPath' 4273 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath) 4274 : true' 4275 - message: type must be 'ReplaceFullPath' when replaceFullPath 4276 is set 4277 rule: 'has(self.replaceFullPath) ? self.type == 4278 ''ReplaceFullPath'' : true' 4279 - message: replacePrefixMatch must be specified when 4280 type is set to 'ReplacePrefixMatch' 4281 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch) 4282 : true' 4283 - message: type must be 'ReplacePrefixMatch' when 4284 replacePrefixMatch is set 4285 rule: 'has(self.replacePrefixMatch) ? self.type 4286 == ''ReplacePrefixMatch'' : true' 4287 type: object 4288 required: 4289 - type 4290 type: object 4291 x-kubernetes-validations: 4292 - message: filter.requestHeaderModifier must be nil if the 4293 filter.type is not RequestHeaderModifier 4294 rule: '!(has(self.requestHeaderModifier) && self.type != 4295 ''RequestHeaderModifier'')' 4296 - message: filter.requestHeaderModifier must be specified 4297 for RequestHeaderModifier filter.type 4298 rule: '!(!has(self.requestHeaderModifier) && self.type == 4299 ''RequestHeaderModifier'')' 4300 - message: filter.responseHeaderModifier must be nil if the 4301 filter.type is not ResponseHeaderModifier 4302 rule: '!(has(self.responseHeaderModifier) && self.type != 4303 ''ResponseHeaderModifier'')' 4304 - message: filter.responseHeaderModifier must be specified 4305 for ResponseHeaderModifier filter.type 4306 rule: '!(!has(self.responseHeaderModifier) && self.type 4307 == ''ResponseHeaderModifier'')' 4308 - message: filter.requestMirror must be nil if the filter.type 4309 is not RequestMirror 4310 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 4311 - message: filter.requestMirror must be specified for RequestMirror 4312 filter.type 4313 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')' 4314 - message: filter.requestRedirect must be nil if the filter.type 4315 is not RequestRedirect 4316 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')' 4317 - message: filter.requestRedirect must be specified for RequestRedirect 4318 filter.type 4319 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')' 4320 - message: filter.urlRewrite must be nil if the filter.type 4321 is not URLRewrite 4322 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')' 4323 - message: filter.urlRewrite must be specified for URLRewrite 4324 filter.type 4325 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')' 4326 - message: filter.extensionRef must be nil if the filter.type 4327 is not ExtensionRef 4328 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 4329 - message: filter.extensionRef must be specified for ExtensionRef 4330 filter.type 4331 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 4332 maxItems: 16 4333 type: array 4334 x-kubernetes-validations: 4335 - message: May specify either httpRouteFilterRequestRedirect 4336 or httpRouteFilterRequestRewrite, but not both 4337 rule: '!(self.exists(f, f.type == ''RequestRedirect'') && 4338 self.exists(f, f.type == ''URLRewrite''))' 4339 - message: RequestHeaderModifier filter cannot be repeated 4340 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 4341 <= 1 4342 - message: ResponseHeaderModifier filter cannot be repeated 4343 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 4344 <= 1 4345 - message: RequestRedirect filter cannot be repeated 4346 rule: self.filter(f, f.type == 'RequestRedirect').size() <= 4347 1 4348 - message: URLRewrite filter cannot be repeated 4349 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1 4350 matches: 4351 default: 4352 - path: 4353 type: PathPrefix 4354 value: / 4355 description: "Matches define conditions used for matching the 4356 rule against incoming HTTP requests. Each match is independent, 4357 i.e. this rule will be matched if **any** one of the matches 4358 is satisfied. \n For example, take the following matches configuration: 4359 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" 4360 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request 4361 to match against this rule, a request must satisfy EITHER 4362 of the two conditions: \n - path prefixed with `/foo` AND 4363 contains the header `version: v2` - path prefix of `/v2/foo` 4364 \n See the documentation for HTTPRouteMatch on how to specify 4365 multiple match conditions that should be ANDed together. \n 4366 If no matches are specified, the default is a prefix path 4367 match on \"/\", which has the effect of matching every HTTP 4368 request. \n Proxy or Load Balancer routing configuration generated 4369 from HTTPRoutes MUST prioritize matches based on the following 4370 criteria, continuing on ties. Across all rules specified on 4371 applicable Routes, precedence must be given to the match having: 4372 \n * \"Exact\" path match. * \"Prefix\" path match with largest 4373 number of characters. * Method match. * Largest number of 4374 header matches. * Largest number of query param matches. \n 4375 Note: The precedence of RegularExpression path matches are 4376 implementation-specific. \n If ties still exist across multiple 4377 Routes, matching precedence MUST be determined in order of 4378 the following criteria, continuing on ties: \n * The oldest 4379 Route based on creation timestamp. * The Route appearing first 4380 in alphabetical order by \"{namespace}/{name}\". \n If ties 4381 still exist within an HTTPRoute, matching precedence MUST 4382 be granted to the FIRST matching rule (in list order) with 4383 a match meeting the above criteria. \n When no rules matching 4384 a request have been successfully attached to the parent a 4385 request is coming from, a HTTP 404 status code MUST be returned." 4386 items: 4387 description: "HTTPRouteMatch defines the predicate used to 4388 match requests to a given action. Multiple match types are 4389 ANDed together, i.e. the match will evaluate to true only 4390 if all conditions are satisfied. \n For example, the match 4391 below will match a HTTP request only if its path starts 4392 with `/foo` AND it contains the `version: v1` header: \n 4393 ``` match: \n path: value: \"/foo\" headers: - name: \"version\" 4394 value \"v1\" \n ```" 4395 properties: 4396 headers: 4397 description: Headers specifies HTTP request header matchers. 4398 Multiple match values are ANDed together, meaning, a 4399 request must match all the specified headers to select 4400 the route. 4401 items: 4402 description: HTTPHeaderMatch describes how to select 4403 a HTTP route by matching HTTP request headers. 4404 properties: 4405 name: 4406 description: "Name is the name of the HTTP Header 4407 to be matched. Name matching MUST be case insensitive. 4408 (See https://tools.ietf.org/html/rfc7230#section-3.2). 4409 \n If multiple entries specify equivalent header 4410 names, only the first entry with an equivalent 4411 name MUST be considered for a match. Subsequent 4412 entries with an equivalent header name MUST be 4413 ignored. Due to the case-insensitivity of header 4414 names, \"foo\" and \"Foo\" are considered equivalent. 4415 \n When a header is repeated in an HTTP request, 4416 it is implementation-specific behavior as to how 4417 this is represented. Generally, proxies should 4418 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 4419 regarding processing a repeated header, with special 4420 handling for \"Set-Cookie\"." 4421 maxLength: 256 4422 minLength: 1 4423 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 4424 type: string 4425 type: 4426 default: Exact 4427 description: "Type specifies how to match against 4428 the value of the header. \n Support: Core (Exact) 4429 \n Support: Implementation-specific (RegularExpression) 4430 \n Since RegularExpression HeaderMatchType has 4431 implementation-specific conformance, implementations 4432 can support POSIX, PCRE or any other dialects 4433 of regular expressions. Please read the implementation's 4434 documentation to determine the supported dialect." 4435 enum: 4436 - Exact 4437 - RegularExpression 4438 type: string 4439 value: 4440 description: Value is the value of HTTP Header to 4441 be matched. 4442 maxLength: 4096 4443 minLength: 1 4444 type: string 4445 required: 4446 - name 4447 - value 4448 type: object 4449 maxItems: 16 4450 type: array 4451 x-kubernetes-list-map-keys: 4452 - name 4453 x-kubernetes-list-type: map 4454 method: 4455 description: "Method specifies HTTP method matcher. When 4456 specified, this route will be matched only if the request 4457 has the specified method. \n Support: Extended" 4458 enum: 4459 - GET 4460 - HEAD 4461 - POST 4462 - PUT 4463 - DELETE 4464 - CONNECT 4465 - OPTIONS 4466 - TRACE 4467 - PATCH 4468 type: string 4469 path: 4470 default: 4471 type: PathPrefix 4472 value: / 4473 description: Path specifies a HTTP request path matcher. 4474 If this field is not specified, a default prefix match 4475 on the "/" path is provided. 4476 properties: 4477 type: 4478 default: PathPrefix 4479 description: "Type specifies how to match against 4480 the path Value. \n Support: Core (Exact, PathPrefix) 4481 \n Support: Implementation-specific (RegularExpression)" 4482 enum: 4483 - Exact 4484 - PathPrefix 4485 - RegularExpression 4486 type: string 4487 value: 4488 default: / 4489 description: Value of the HTTP path to match against. 4490 maxLength: 1024 4491 type: string 4492 type: object 4493 x-kubernetes-validations: 4494 - message: value must be an absolute path and start with 4495 '/' when type one of ['Exact', 'PathPrefix'] 4496 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'') 4497 : true' 4498 - message: must not contain '//' when type one of ['Exact', 4499 'PathPrefix'] 4500 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'') 4501 : true' 4502 - message: must not contain '/./' when type one of ['Exact', 4503 'PathPrefix'] 4504 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'') 4505 : true' 4506 - message: must not contain '/../' when type one of ['Exact', 4507 'PathPrefix'] 4508 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'') 4509 : true' 4510 - message: must not contain '%2f' when type one of ['Exact', 4511 'PathPrefix'] 4512 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'') 4513 : true' 4514 - message: must not contain '%2F' when type one of ['Exact', 4515 'PathPrefix'] 4516 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'') 4517 : true' 4518 - message: must not contain '#' when type one of ['Exact', 4519 'PathPrefix'] 4520 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'') 4521 : true' 4522 - message: must not end with '/..' when type one of ['Exact', 4523 'PathPrefix'] 4524 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'') 4525 : true' 4526 - message: must not end with '/.' when type one of ['Exact', 4527 'PathPrefix'] 4528 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'') 4529 : true' 4530 - message: type must be one of ['Exact', 'PathPrefix', 4531 'RegularExpression'] 4532 rule: self.type in ['Exact','PathPrefix'] || self.type 4533 == 'RegularExpression' 4534 - message: must only contain valid characters (matching 4535 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) 4536 for types ['Exact', 'PathPrefix'] 4537 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""") 4538 : true' 4539 queryParams: 4540 description: "QueryParams specifies HTTP query parameter 4541 matchers. Multiple match values are ANDed together, 4542 meaning, a request must match all the specified query 4543 parameters to select the route. \n Support: Extended" 4544 items: 4545 description: HTTPQueryParamMatch describes how to select 4546 a HTTP route by matching HTTP query parameters. 4547 properties: 4548 name: 4549 description: "Name is the name of the HTTP query 4550 param to be matched. This must be an exact string 4551 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). 4552 \n If multiple entries specify equivalent query 4553 param names, only the first entry with an equivalent 4554 name MUST be considered for a match. Subsequent 4555 entries with an equivalent query param name MUST 4556 be ignored. \n If a query param is repeated in 4557 an HTTP request, the behavior is purposely left 4558 undefined, since different data planes have different 4559 capabilities. However, it is *recommended* that 4560 implementations should match against the first 4561 value of the param if the data plane supports 4562 it, as this behavior is expected in other load 4563 balancing contexts outside of the Gateway API. 4564 \n Users SHOULD NOT route traffic based on repeated 4565 query params to guard themselves against potential 4566 differences in the implementations." 4567 maxLength: 256 4568 minLength: 1 4569 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 4570 type: string 4571 type: 4572 default: Exact 4573 description: "Type specifies how to match against 4574 the value of the query parameter. \n Support: 4575 Extended (Exact) \n Support: Implementation-specific 4576 (RegularExpression) \n Since RegularExpression 4577 QueryParamMatchType has Implementation-specific 4578 conformance, implementations can support POSIX, 4579 PCRE or any other dialects of regular expressions. 4580 Please read the implementation's documentation 4581 to determine the supported dialect." 4582 enum: 4583 - Exact 4584 - RegularExpression 4585 type: string 4586 value: 4587 description: Value is the value of HTTP query param 4588 to be matched. 4589 maxLength: 1024 4590 minLength: 1 4591 type: string 4592 required: 4593 - name 4594 - value 4595 type: object 4596 maxItems: 16 4597 type: array 4598 x-kubernetes-list-map-keys: 4599 - name 4600 x-kubernetes-list-type: map 4601 type: object 4602 maxItems: 8 4603 type: array 4604 timeouts: 4605 description: "Timeouts defines the timeouts that can be configured 4606 for an HTTP request. \n Support: Extended \n " 4607 properties: 4608 backendRequest: 4609 description: "BackendRequest specifies a timeout for an 4610 individual request from the gateway to a backend. This 4611 covers the time from when the request first starts being 4612 sent from the gateway to when the full response has been 4613 received from the backend. \n An entire client HTTP transaction 4614 with a gateway, covered by the Request timeout, may result 4615 in more than one call from the gateway to the destination 4616 backend, for example, if automatic retries are supported. 4617 \n Because the Request timeout encompasses the BackendRequest 4618 timeout, the value of BackendRequest must be <= the value 4619 of Request timeout. \n Support: Extended" 4620 pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$ 4621 type: string 4622 request: 4623 description: "Request specifies the maximum duration for 4624 a gateway to respond to an HTTP request. If the gateway 4625 has not been able to respond before this deadline is met, 4626 the gateway MUST return a timeout error. \n For example, 4627 setting the `rules.timeouts.request` field to the value 4628 `10s` in an `HTTPRoute` will cause a timeout if a client 4629 request is taking longer than 10 seconds to complete. 4630 \n This timeout is intended to cover as close to the whole 4631 request-response transaction as possible although an implementation 4632 MAY choose to start the timeout after the entire request 4633 stream has been received instead of immediately after 4634 the transaction is initiated by the client. \n When this 4635 field is unspecified, request timeout behavior is implementation-specific. 4636 \n Support: Extended" 4637 pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$ 4638 type: string 4639 type: object 4640 x-kubernetes-validations: 4641 - message: backendRequest timeout cannot be longer than request 4642 timeout 4643 rule: '!(has(self.request) && has(self.backendRequest) && 4644 duration(self.request) != duration(''0s'') && duration(self.backendRequest) 4645 > duration(self.request))' 4646 type: object 4647 x-kubernetes-validations: 4648 - message: RequestRedirect filter must not be used together with 4649 backendRefs 4650 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ? 4651 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): 4652 true' 4653 - message: When using RequestRedirect filter with path.replacePrefixMatch, 4654 exactly one PathPrefix match must be specified 4655 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) 4656 && has(f.requestRedirect.path) && f.requestRedirect.path.type 4657 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch))) 4658 ? ((size(self.matches) != 1 || !has(self.matches[0].path) || 4659 self.matches[0].path.type != ''PathPrefix'') ? false : true) 4660 : true' 4661 - message: When using URLRewrite filter with path.replacePrefixMatch, 4662 exactly one PathPrefix match must be specified 4663 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) 4664 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch'' 4665 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) 4666 != 1 || !has(self.matches[0].path) || self.matches[0].path.type 4667 != ''PathPrefix'') ? false : true) : true' 4668 - message: Within backendRefs, when using RequestRedirect filter 4669 with path.replacePrefixMatch, exactly one PathPrefix match must 4670 be specified 4671 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b, 4672 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) 4673 && has(f.requestRedirect.path) && f.requestRedirect.path.type 4674 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch))) 4675 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) 4676 || self.matches[0].path.type != ''PathPrefix'') ? false : true) 4677 : true' 4678 - message: Within backendRefs, When using URLRewrite filter with 4679 path.replacePrefixMatch, exactly one PathPrefix match must be 4680 specified 4681 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b, 4682 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) 4683 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch'' 4684 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) 4685 != 1 || !has(self.matches[0].path) || self.matches[0].path.type 4686 != ''PathPrefix'') ? false : true) : true' 4687 maxItems: 16 4688 type: array 4689 type: object 4690 status: 4691 description: Status defines the current state of HTTPRoute. 4692 properties: 4693 parents: 4694 description: "Parents is a list of parent resources (usually Gateways) 4695 that are associated with the route, and the status of the route 4696 with respect to each parent. When this route attaches to a parent, 4697 the controller that manages the parent must add an entry to this 4698 list when the controller first sees the route and should update 4699 the entry as appropriate when the route or gateway is modified. 4700 \n Note that parent references that cannot be resolved by an implementation 4701 of this API will not be added to this list. Implementations of this 4702 API can only populate Route status for the Gateways/parent resources 4703 they are responsible for. \n A maximum of 32 Gateways will be represented 4704 in this list. An empty list means the route has not been attached 4705 to any Gateway." 4706 items: 4707 description: RouteParentStatus describes the status of a route with 4708 respect to an associated Parent. 4709 properties: 4710 conditions: 4711 description: "Conditions describes the status of the route with 4712 respect to the Gateway. Note that the route's availability 4713 is also subject to the Gateway's own status conditions and 4714 listener status. \n If the Route's ParentRef specifies an 4715 existing Gateway that supports Routes of this kind AND that 4716 Gateway's controller has sufficient access, then that Gateway's 4717 controller MUST set the \"Accepted\" condition on the Route, 4718 to indicate whether the route has been accepted or rejected 4719 by the Gateway, and why. \n A Route MUST be considered \"Accepted\" 4720 if at least one of the Route's rules is implemented by the 4721 Gateway. \n There are a number of cases where the \"Accepted\" 4722 condition may not be set due to lack of controller visibility, 4723 that includes when: \n * The Route refers to a non-existent 4724 parent. * The Route is of a type that the controller does 4725 not support. * The Route is in a namespace the controller 4726 does not have access to." 4727 items: 4728 description: "Condition contains details for one aspect of 4729 the current state of this API Resource. --- This struct 4730 is intended for direct use as an array at the field path 4731 .status.conditions. For example, \n type FooStatus struct{ 4732 // Represents the observations of a foo's current state. 4733 // Known .status.conditions.type are: \"Available\", \"Progressing\", 4734 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 4735 // +listType=map // +listMapKey=type Conditions []metav1.Condition 4736 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 4737 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields 4738 }" 4739 properties: 4740 lastTransitionTime: 4741 description: lastTransitionTime is the last time the condition 4742 transitioned from one status to another. This should 4743 be when the underlying condition changed. If that is 4744 not known, then using the time when the API field changed 4745 is acceptable. 4746 format: date-time 4747 type: string 4748 message: 4749 description: message is a human readable message indicating 4750 details about the transition. This may be an empty string. 4751 maxLength: 32768 4752 type: string 4753 observedGeneration: 4754 description: observedGeneration represents the .metadata.generation 4755 that the condition was set based upon. For instance, 4756 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration 4757 is 9, the condition is out of date with respect to the 4758 current state of the instance. 4759 format: int64 4760 minimum: 0 4761 type: integer 4762 reason: 4763 description: reason contains a programmatic identifier 4764 indicating the reason for the condition's last transition. 4765 Producers of specific condition types may define expected 4766 values and meanings for this field, and whether the 4767 values are considered a guaranteed API. The value should 4768 be a CamelCase string. This field may not be empty. 4769 maxLength: 1024 4770 minLength: 1 4771 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 4772 type: string 4773 status: 4774 description: status of the condition, one of True, False, 4775 Unknown. 4776 enum: 4777 - "True" 4778 - "False" 4779 - Unknown 4780 type: string 4781 type: 4782 description: type of condition in CamelCase or in foo.example.com/CamelCase. 4783 --- Many .condition.type values are consistent across 4784 resources like Available, but because arbitrary conditions 4785 can be useful (see .node.status.conditions), the ability 4786 to deconflict is important. The regex it matches is 4787 (dns1123SubdomainFmt/)?(qualifiedNameFmt) 4788 maxLength: 316 4789 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 4790 type: string 4791 required: 4792 - lastTransitionTime 4793 - message 4794 - reason 4795 - status 4796 - type 4797 type: object 4798 maxItems: 8 4799 minItems: 1 4800 type: array 4801 x-kubernetes-list-map-keys: 4802 - type 4803 x-kubernetes-list-type: map 4804 controllerName: 4805 description: "ControllerName is a domain/path string that indicates 4806 the name of the controller that wrote this status. This corresponds 4807 with the controllerName field on GatewayClass. \n Example: 4808 \"example.net/gateway-controller\". \n The format of this 4809 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid 4810 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). 4811 \n Controllers MUST populate this field when writing status. 4812 Controllers should ensure that entries to status populated 4813 with their ControllerName are cleaned up when they are no 4814 longer necessary." 4815 maxLength: 253 4816 minLength: 1 4817 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 4818 type: string 4819 parentRef: 4820 description: ParentRef corresponds with a ParentRef in the spec 4821 that this RouteParentStatus struct describes the status of. 4822 properties: 4823 group: 4824 default: gateway.networking.k8s.io 4825 description: "Group is the group of the referent. When unspecified, 4826 \"gateway.networking.k8s.io\" is inferred. To set the 4827 core API group (such as for a \"Service\" kind referent), 4828 Group must be explicitly set to \"\" (empty string). \n 4829 Support: Core" 4830 maxLength: 253 4831 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 4832 type: string 4833 kind: 4834 default: Gateway 4835 description: "Kind is kind of the referent. \n There are 4836 two kinds of parent resources with \"Core\" support: \n 4837 * Gateway (Gateway conformance profile) * Service (Mesh 4838 conformance profile, experimental, ClusterIP Services 4839 only) \n Support for other resources is Implementation-Specific." 4840 maxLength: 63 4841 minLength: 1 4842 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 4843 type: string 4844 name: 4845 description: "Name is the name of the referent. \n Support: 4846 Core" 4847 maxLength: 253 4848 minLength: 1 4849 type: string 4850 namespace: 4851 description: "Namespace is the namespace of the referent. 4852 When unspecified, this refers to the local namespace of 4853 the Route. \n Note that there are specific rules for ParentRefs 4854 which cross namespace boundaries. Cross-namespace references 4855 are only valid if they are explicitly allowed by something 4856 in the namespace they are referring to. For example: Gateway 4857 has the AllowedRoutes field, and ReferenceGrant provides 4858 a generic way to enable any other kind of cross-namespace 4859 reference. \n ParentRefs from a Route to a Service in 4860 the same namespace are \"producer\" routes, which apply 4861 default routing rules to inbound connections from any 4862 namespace to the Service. \n ParentRefs from a Route to 4863 a Service in a different namespace are \"consumer\" routes, 4864 and these routing rules are only applied to outbound connections 4865 originating from the same namespace as the Route, for 4866 which the intended destination of the connections are 4867 a Service targeted as a ParentRef of the Route. \n Support: 4868 Core" 4869 maxLength: 63 4870 minLength: 1 4871 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 4872 type: string 4873 port: 4874 description: "Port is the network port this Route targets. 4875 It can be interpreted differently based on the type of 4876 parent resource. \n When the parent resource is a Gateway, 4877 this targets all listeners listening on the specified 4878 port that also support this kind of Route(and select this 4879 Route). It's not recommended to set `Port` unless the 4880 networking behaviors specified in a Route must apply to 4881 a specific port as opposed to a listener(s) whose port(s) 4882 may be changed. When both Port and SectionName are specified, 4883 the name and port of the selected listener must match 4884 both specified values. \n When the parent resource is 4885 a Service, this targets a specific port in the Service 4886 spec. When both Port (experimental) and SectionName are 4887 specified, the name and port of the selected port must 4888 match both specified values. \n Implementations MAY choose 4889 to support other parent resources. Implementations supporting 4890 other types of parent resources MUST clearly document 4891 how/if Port is interpreted. \n For the purpose of status, 4892 an attachment is considered successful as long as the 4893 parent resource accepts it partially. For example, Gateway 4894 listeners can restrict which Routes can attach to them 4895 by Route kind, namespace, or hostname. If 1 of 2 Gateway 4896 listeners accept attachment from the referencing Route, 4897 the Route MUST be considered successfully attached. If 4898 no Gateway listeners accept attachment from this Route, 4899 the Route MUST be considered detached from the Gateway. 4900 \n Support: Extended \n " 4901 format: int32 4902 maximum: 65535 4903 minimum: 1 4904 type: integer 4905 sectionName: 4906 description: "SectionName is the name of a section within 4907 the target resource. In the following resources, SectionName 4908 is interpreted as the following: \n * Gateway: Listener 4909 Name. When both Port (experimental) and SectionName are 4910 specified, the name and port of the selected listener 4911 must match both specified values. * Service: Port Name. 4912 When both Port (experimental) and SectionName are specified, 4913 the name and port of the selected listener must match 4914 both specified values. Note that attaching Routes to Services 4915 as Parents is part of experimental Mesh support and is 4916 not supported for any other purpose. \n Implementations 4917 MAY choose to support attaching Routes to other resources. 4918 If that is the case, they MUST clearly document how SectionName 4919 is interpreted. \n When unspecified (empty string), this 4920 will reference the entire resource. For the purpose of 4921 status, an attachment is considered successful if at least 4922 one section in the parent resource accepts it. For example, 4923 Gateway listeners can restrict which Routes can attach 4924 to them by Route kind, namespace, or hostname. If 1 of 4925 2 Gateway listeners accept attachment from the referencing 4926 Route, the Route MUST be considered successfully attached. 4927 If no Gateway listeners accept attachment from this Route, 4928 the Route MUST be considered detached from the Gateway. 4929 \n Support: Core" 4930 maxLength: 253 4931 minLength: 1 4932 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 4933 type: string 4934 required: 4935 - name 4936 type: object 4937 required: 4938 - controllerName 4939 - parentRef 4940 type: object 4941 maxItems: 32 4942 type: array 4943 required: 4944 - parents 4945 type: object 4946 required: 4947 - spec 4948 type: object 4949 served: true 4950 storage: true 4951 subresources: 4952 status: {} 4953 status: 4954 acceptedNames: 4955 kind: "" 4956 plural: "" 4957 conditions: null 4958 storedVersions: null