sigs.k8s.io/gateway-api@v1.0.0/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 6 gateway.networking.k8s.io/bundle-version: v1.0.0 7 gateway.networking.k8s.io/channel: experimental 8 creationTimestamp: null 9 name: tlsroutes.gateway.networking.k8s.io 10 spec: 11 group: gateway.networking.k8s.io 12 names: 13 categories: 14 - gateway-api 15 kind: TLSRoute 16 listKind: TLSRouteList 17 plural: tlsroutes 18 singular: tlsroute 19 scope: Namespaced 20 versions: 21 - additionalPrinterColumns: 22 - jsonPath: .metadata.creationTimestamp 23 name: Age 24 type: date 25 name: v1alpha2 26 schema: 27 openAPIV3Schema: 28 description: "The TLSRoute resource is similar to TCPRoute, but can be configured 29 to match against TLS-specific metadata. This allows more flexibility in 30 matching streams for a given TLS listener. \n If you need to forward traffic 31 to a single target for a TLS listener, you could choose to use a TCPRoute 32 with a TLS listener." 33 properties: 34 apiVersion: 35 description: 'APIVersion defines the versioned schema of this representation 36 of an object. Servers should convert recognized schemas to the latest 37 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 38 type: string 39 kind: 40 description: 'Kind is a string value representing the REST resource this 41 object represents. Servers may infer this from the endpoint the client 42 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 43 type: string 44 metadata: 45 type: object 46 spec: 47 description: Spec defines the desired state of TLSRoute. 48 properties: 49 hostnames: 50 description: "Hostnames defines a set of SNI names that should match 51 against the SNI attribute of TLS ClientHello message in TLS handshake. 52 This matches the RFC 1123 definition of a hostname with 2 notable 53 exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066. 54 2. A hostname may be prefixed with a wildcard label (`*.`). The 55 wildcard label must appear by itself as the first label. \n If a 56 hostname is specified by both the Listener and TLSRoute, there must 57 be at least one intersecting hostname for the TLSRoute to be attached 58 to the Listener. For example: \n * A Listener with `test.example.com` 59 as the hostname matches TLSRoutes that have either not specified 60 any hostnames, or have specified at least one of `test.example.com` 61 or `*.example.com`. * A Listener with `*.example.com` as the hostname 62 matches TLSRoutes that have either not specified any hostnames or 63 have specified at least one hostname that matches the Listener hostname. 64 For example, `test.example.com` and `*.example.com` would both match. 65 On the other hand, `example.com` and `test.example.net` would not 66 match. \n If both the Listener and TLSRoute have specified hostnames, 67 any TLSRoute hostnames that do not match the Listener hostname MUST 68 be ignored. For example, if a Listener specified `*.example.com`, 69 and the TLSRoute specified `test.example.com` and `test.example.net`, 70 `test.example.net` must not be considered for a match. \n If both 71 the Listener and TLSRoute have specified hostnames, and none match 72 with the criteria above, then the TLSRoute is not accepted. The 73 implementation must raise an 'Accepted' Condition with a status 74 of `False` in the corresponding RouteParentStatus. \n Support: Core" 75 items: 76 description: "Hostname is the fully qualified domain name of a network 77 host. This matches the RFC 1123 definition of a hostname with 78 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname 79 may be prefixed with a wildcard label (`*.`). The wildcard label 80 must appear by itself as the first label. \n Hostname can be \"precise\" 81 which is a domain name without the terminating dot of a network 82 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain 83 name prefixed with a single wildcard label (e.g. `*.example.com`). 84 \n Note that as per RFC1035 and RFC1123, a *label* must consist 85 of lower case alphanumeric characters or '-', and must start and 86 end with an alphanumeric character. No other punctuation is allowed." 87 maxLength: 253 88 minLength: 1 89 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 90 type: string 91 maxItems: 16 92 type: array 93 parentRefs: 94 description: "ParentRefs references the resources (usually Gateways) 95 that a Route wants to be attached to. Note that the referenced parent 96 resource needs to allow this for the attachment to be complete. 97 For Gateways, that means the Gateway needs to allow attachment from 98 Routes of this kind and namespace. For Services, that means the 99 Service must either be in the same namespace for a \"producer\" 100 route, or the mesh implementation must support and allow \"consumer\" 101 routes for the referenced Service. ReferenceGrant is not applicable 102 for governing ParentRefs to Services - it is not possible to create 103 a \"producer\" route for a Service in a different namespace from 104 the Route. \n There are two kinds of parent resources with \"Core\" 105 support: \n * Gateway (Gateway conformance profile) * Service (Mesh 106 conformance profile, experimental, ClusterIP Services only) This 107 API may be extended in the future to support additional kinds of 108 parent resources. \n ParentRefs must be _distinct_. This means either 109 that: \n * They select different objects. If this is the case, 110 then parentRef entries are distinct. In terms of fields, this means 111 that the multi-part key defined by `group`, `kind`, `namespace`, 112 and `name` must be unique across all parentRef entries in the Route. 113 * They do not select different objects, but for each optional field 114 used, each ParentRef that selects the same object must set the same 115 set of optional fields to different values. If one ParentRef sets 116 a combination of optional fields, all must set the same combination. 117 \n Some examples: \n * If one ParentRef sets `sectionName`, all 118 ParentRefs referencing the same object must also set `sectionName`. 119 * If one ParentRef sets `port`, all ParentRefs referencing the same 120 object must also set `port`. * If one ParentRef sets `sectionName` 121 and `port`, all ParentRefs referencing the same object must also 122 set `sectionName` and `port`. \n It is possible to separately reference 123 multiple distinct objects that may be collapsed by an implementation. 124 For example, some implementations may choose to merge compatible 125 Gateway Listeners together. If that is the case, the list of routes 126 attached to those resources should also be merged. \n Note that 127 for ParentRefs that cross namespace boundaries, there are specific 128 rules. Cross-namespace references are only valid if they are explicitly 129 allowed by something in the namespace they are referring to. For 130 example, Gateway has the AllowedRoutes field, and ReferenceGrant 131 provides a generic way to enable other kinds of cross-namespace 132 reference. \n ParentRefs from a Route to a Service in the same 133 namespace are \"producer\" routes, which apply default routing rules 134 to inbound connections from any namespace to the Service. \n ParentRefs 135 from a Route to a Service in a different namespace are \"consumer\" 136 routes, and these routing rules are only applied to outbound connections 137 originating from the same namespace as the Route, for which the 138 intended destination of the connections are a Service targeted as 139 a ParentRef of the Route. \n " 140 items: 141 description: "ParentReference identifies an API object (usually 142 a Gateway) that can be considered a parent of this resource (usually 143 a route). There are two kinds of parent resources with \"Core\" 144 support: \n * Gateway (Gateway conformance profile) * Service 145 (Mesh conformance profile, experimental, ClusterIP Services only) 146 \n This API may be extended in the future to support additional 147 kinds of parent resources. \n The API object must be valid in 148 the cluster; the Group and Kind must be registered in the cluster 149 for this reference to be valid." 150 properties: 151 group: 152 default: gateway.networking.k8s.io 153 description: "Group is the group of the referent. When unspecified, 154 \"gateway.networking.k8s.io\" is inferred. To set the core 155 API group (such as for a \"Service\" kind referent), Group 156 must be explicitly set to \"\" (empty string). \n Support: 157 Core" 158 maxLength: 253 159 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 160 type: string 161 kind: 162 default: Gateway 163 description: "Kind is kind of the referent. \n There are two 164 kinds of parent resources with \"Core\" support: \n * Gateway 165 (Gateway conformance profile) * Service (Mesh conformance 166 profile, experimental, ClusterIP Services only) \n Support 167 for other resources is Implementation-Specific." 168 maxLength: 63 169 minLength: 1 170 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 171 type: string 172 name: 173 description: "Name is the name of the referent. \n Support: 174 Core" 175 maxLength: 253 176 minLength: 1 177 type: string 178 namespace: 179 description: "Namespace is the namespace of the referent. When 180 unspecified, this refers to the local namespace of the Route. 181 \n Note that there are specific rules for ParentRefs which 182 cross namespace boundaries. Cross-namespace references are 183 only valid if they are explicitly allowed by something in 184 the namespace they are referring to. For example: Gateway 185 has the AllowedRoutes field, and ReferenceGrant provides a 186 generic way to enable any other kind of cross-namespace reference. 187 \n ParentRefs from a Route to a Service in the same namespace 188 are \"producer\" routes, which apply default routing rules 189 to inbound connections from any namespace to the Service. 190 \n ParentRefs from a Route to a Service in a different namespace 191 are \"consumer\" routes, and these routing rules are only 192 applied to outbound connections originating from the same 193 namespace as the Route, for which the intended destination 194 of the connections are a Service targeted as a ParentRef of 195 the Route. \n Support: Core" 196 maxLength: 63 197 minLength: 1 198 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 199 type: string 200 port: 201 description: "Port is the network port this Route targets. It 202 can be interpreted differently based on the type of parent 203 resource. \n When the parent resource is a Gateway, this targets 204 all listeners listening on the specified port that also support 205 this kind of Route(and select this Route). It's not recommended 206 to set `Port` unless the networking behaviors specified in 207 a Route must apply to a specific port as opposed to a listener(s) 208 whose port(s) may be changed. When both Port and SectionName 209 are specified, the name and port of the selected listener 210 must match both specified values. \n When the parent resource 211 is a Service, this targets a specific port in the Service 212 spec. When both Port (experimental) and SectionName are specified, 213 the name and port of the selected port must match both specified 214 values. \n Implementations MAY choose to support other parent 215 resources. Implementations supporting other types of parent 216 resources MUST clearly document how/if Port is interpreted. 217 \n For the purpose of status, an attachment is considered 218 successful as long as the parent resource accepts it partially. 219 For example, Gateway listeners can restrict which Routes can 220 attach to them by Route kind, namespace, or hostname. If 1 221 of 2 Gateway listeners accept attachment from the referencing 222 Route, the Route MUST be considered successfully attached. 223 If no Gateway listeners accept attachment from this Route, 224 the Route MUST be considered detached from the Gateway. \n 225 Support: Extended \n " 226 format: int32 227 maximum: 65535 228 minimum: 1 229 type: integer 230 sectionName: 231 description: "SectionName is the name of a section within the 232 target resource. In the following resources, SectionName is 233 interpreted as the following: \n * Gateway: Listener Name. 234 When both Port (experimental) and SectionName are specified, 235 the name and port of the selected listener must match both 236 specified values. * Service: Port Name. When both Port (experimental) 237 and SectionName are specified, the name and port of the selected 238 listener must match both specified values. Note that attaching 239 Routes to Services as Parents is part of experimental Mesh 240 support and is not supported for any other purpose. \n Implementations 241 MAY choose to support attaching Routes to other resources. 242 If that is the case, they MUST clearly document how SectionName 243 is interpreted. \n When unspecified (empty string), this will 244 reference the entire resource. For the purpose of status, 245 an attachment is considered successful if at least one section 246 in the parent resource accepts it. For example, Gateway listeners 247 can restrict which Routes can attach to them by Route kind, 248 namespace, or hostname. If 1 of 2 Gateway listeners accept 249 attachment from the referencing Route, the Route MUST be considered 250 successfully attached. If no Gateway listeners accept attachment 251 from this Route, the Route MUST be considered detached from 252 the Gateway. \n Support: Core" 253 maxLength: 253 254 minLength: 1 255 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 256 type: string 257 required: 258 - name 259 type: object 260 maxItems: 32 261 type: array 262 x-kubernetes-validations: 263 - message: sectionName or port must be specified when parentRefs includes 264 2 or more references to the same parent 265 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind 266 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 267 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ 268 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && 269 p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) 270 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName 271 == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) 272 || p2.port == 0)): true))' 273 - message: sectionName or port must be unique when parentRefs includes 274 2 or more references to the same parent 275 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind 276 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 277 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ 278 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && 279 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) 280 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName 281 == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName 282 == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) 283 || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port 284 == p2.port)))) 285 rules: 286 description: Rules are a list of TLS matchers and actions. 287 items: 288 description: TLSRouteRule is the configuration for a given rule. 289 properties: 290 backendRefs: 291 description: "BackendRefs defines the backend(s) where matching 292 requests should be sent. If unspecified or invalid (refers 293 to a non-existent resource or a Service with no endpoints), 294 the rule performs no forwarding; if no filters are specified 295 that would result in a response being sent, the underlying 296 implementation must actively reject request attempts to this 297 backend, by rejecting the connection or returning a 500 status 298 code. Request rejections must respect weight; if an invalid 299 backend is requested to have 80% of requests, then 80% of 300 requests must be rejected instead. \n Support: Core for Kubernetes 301 Service \n Support: Extended for Kubernetes ServiceImport 302 \n Support: Implementation-specific for any other resource 303 \n Support for weight: Extended" 304 items: 305 description: "BackendRef defines how a Route should forward 306 a request to a Kubernetes resource. \n Note that when a 307 namespace different than the local namespace is specified, 308 a ReferenceGrant object is required in the referent namespace 309 to allow that namespace's owner to accept the reference. 310 See the ReferenceGrant documentation for details. \n <gateway:experimental:description> 311 \n When the BackendRef points to a Kubernetes Service, implementations 312 SHOULD honor the appProtocol field if it is set for the 313 target Service Port. \n Implementations supporting appProtocol 314 SHOULD recognize the Kubernetes Standard Application Protocols 315 defined in KEP-3726. \n If a Service appProtocol isn't specified, 316 an implementation MAY infer the backend protocol through 317 its own means. Implementations MAY infer the protocol from 318 the Route type referring to the backend Service. \n If a 319 Route is not able to send traffic to the backend using the 320 specified protocol then the backend is considered invalid. 321 Implementations MUST set the \"ResolvedRefs\" condition 322 to \"False\" with the \"UnsupportedProtocol\" reason. \n 323 </gateway:experimental:description> \n Note that when the 324 BackendTLSPolicy object is enabled by the implementation, 325 there are some extra rules about validity to consider here. 326 See the fields where this struct is used for more information 327 about the exact behavior." 328 properties: 329 group: 330 default: "" 331 description: Group is the group of the referent. For example, 332 "gateway.networking.k8s.io". When unspecified or empty 333 string, core API group is inferred. 334 maxLength: 253 335 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 336 type: string 337 kind: 338 default: Service 339 description: "Kind is the Kubernetes resource kind of 340 the referent. For example \"Service\". \n Defaults to 341 \"Service\" when not specified. \n ExternalName services 342 can refer to CNAME DNS records that may live outside 343 of the cluster and as such are difficult to reason about 344 in terms of conformance. They also may not be safe to 345 forward to (see CVE-2021-25740 for more information). 346 Implementations SHOULD NOT support ExternalName Services. 347 \n Support: Core (Services with a type other than ExternalName) 348 \n Support: Implementation-specific (Services with type 349 ExternalName)" 350 maxLength: 63 351 minLength: 1 352 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 353 type: string 354 name: 355 description: Name is the name of the referent. 356 maxLength: 253 357 minLength: 1 358 type: string 359 namespace: 360 description: "Namespace is the namespace of the backend. 361 When unspecified, the local namespace is inferred. \n 362 Note that when a namespace different than the local 363 namespace is specified, a ReferenceGrant object is required 364 in the referent namespace to allow that namespace's 365 owner to accept the reference. See the ReferenceGrant 366 documentation for details. \n Support: Core" 367 maxLength: 63 368 minLength: 1 369 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 370 type: string 371 port: 372 description: Port specifies the destination port number 373 to use for this resource. Port is required when the 374 referent is a Kubernetes Service. In this case, the 375 port number is the service port number, not the target 376 port. For other resources, destination port might be 377 derived from the referent resource or this field. 378 format: int32 379 maximum: 65535 380 minimum: 1 381 type: integer 382 weight: 383 default: 1 384 description: "Weight specifies the proportion of requests 385 forwarded to the referenced backend. This is computed 386 as weight/(sum of all weights in this BackendRefs list). 387 For non-zero values, there may be some epsilon from 388 the exact proportion defined here depending on the precision 389 an implementation supports. Weight is not a percentage 390 and the sum of weights does not need to equal 100. \n 391 If only one backend is specified and it has a weight 392 greater than 0, 100% of the traffic is forwarded to 393 that backend. If weight is set to 0, no traffic should 394 be forwarded for this entry. If unspecified, weight 395 defaults to 1. \n Support for this field varies based 396 on the context where used." 397 format: int32 398 maximum: 1000000 399 minimum: 0 400 type: integer 401 required: 402 - name 403 type: object 404 x-kubernetes-validations: 405 - message: Must have port for Service reference 406 rule: '(size(self.group) == 0 && self.kind == ''Service'') 407 ? has(self.port) : true' 408 maxItems: 16 409 minItems: 1 410 type: array 411 type: object 412 maxItems: 16 413 minItems: 1 414 type: array 415 required: 416 - rules 417 type: object 418 status: 419 description: Status defines the current state of TLSRoute. 420 properties: 421 parents: 422 description: "Parents is a list of parent resources (usually Gateways) 423 that are associated with the route, and the status of the route 424 with respect to each parent. When this route attaches to a parent, 425 the controller that manages the parent must add an entry to this 426 list when the controller first sees the route and should update 427 the entry as appropriate when the route or gateway is modified. 428 \n Note that parent references that cannot be resolved by an implementation 429 of this API will not be added to this list. Implementations of this 430 API can only populate Route status for the Gateways/parent resources 431 they are responsible for. \n A maximum of 32 Gateways will be represented 432 in this list. An empty list means the route has not been attached 433 to any Gateway." 434 items: 435 description: RouteParentStatus describes the status of a route with 436 respect to an associated Parent. 437 properties: 438 conditions: 439 description: "Conditions describes the status of the route with 440 respect to the Gateway. Note that the route's availability 441 is also subject to the Gateway's own status conditions and 442 listener status. \n If the Route's ParentRef specifies an 443 existing Gateway that supports Routes of this kind AND that 444 Gateway's controller has sufficient access, then that Gateway's 445 controller MUST set the \"Accepted\" condition on the Route, 446 to indicate whether the route has been accepted or rejected 447 by the Gateway, and why. \n A Route MUST be considered \"Accepted\" 448 if at least one of the Route's rules is implemented by the 449 Gateway. \n There are a number of cases where the \"Accepted\" 450 condition may not be set due to lack of controller visibility, 451 that includes when: \n * The Route refers to a non-existent 452 parent. * The Route is of a type that the controller does 453 not support. * The Route is in a namespace the controller 454 does not have access to." 455 items: 456 description: "Condition contains details for one aspect of 457 the current state of this API Resource. --- This struct 458 is intended for direct use as an array at the field path 459 .status.conditions. For example, \n type FooStatus struct{ 460 // Represents the observations of a foo's current state. 461 // Known .status.conditions.type are: \"Available\", \"Progressing\", 462 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 463 // +listType=map // +listMapKey=type Conditions []metav1.Condition 464 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 465 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields 466 }" 467 properties: 468 lastTransitionTime: 469 description: lastTransitionTime is the last time the condition 470 transitioned from one status to another. This should 471 be when the underlying condition changed. If that is 472 not known, then using the time when the API field changed 473 is acceptable. 474 format: date-time 475 type: string 476 message: 477 description: message is a human readable message indicating 478 details about the transition. This may be an empty string. 479 maxLength: 32768 480 type: string 481 observedGeneration: 482 description: observedGeneration represents the .metadata.generation 483 that the condition was set based upon. For instance, 484 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration 485 is 9, the condition is out of date with respect to the 486 current state of the instance. 487 format: int64 488 minimum: 0 489 type: integer 490 reason: 491 description: reason contains a programmatic identifier 492 indicating the reason for the condition's last transition. 493 Producers of specific condition types may define expected 494 values and meanings for this field, and whether the 495 values are considered a guaranteed API. The value should 496 be a CamelCase string. This field may not be empty. 497 maxLength: 1024 498 minLength: 1 499 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 500 type: string 501 status: 502 description: status of the condition, one of True, False, 503 Unknown. 504 enum: 505 - "True" 506 - "False" 507 - Unknown 508 type: string 509 type: 510 description: type of condition in CamelCase or in foo.example.com/CamelCase. 511 --- Many .condition.type values are consistent across 512 resources like Available, but because arbitrary conditions 513 can be useful (see .node.status.conditions), the ability 514 to deconflict is important. The regex it matches is 515 (dns1123SubdomainFmt/)?(qualifiedNameFmt) 516 maxLength: 316 517 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 518 type: string 519 required: 520 - lastTransitionTime 521 - message 522 - reason 523 - status 524 - type 525 type: object 526 maxItems: 8 527 minItems: 1 528 type: array 529 x-kubernetes-list-map-keys: 530 - type 531 x-kubernetes-list-type: map 532 controllerName: 533 description: "ControllerName is a domain/path string that indicates 534 the name of the controller that wrote this status. This corresponds 535 with the controllerName field on GatewayClass. \n Example: 536 \"example.net/gateway-controller\". \n The format of this 537 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid 538 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). 539 \n Controllers MUST populate this field when writing status. 540 Controllers should ensure that entries to status populated 541 with their ControllerName are cleaned up when they are no 542 longer necessary." 543 maxLength: 253 544 minLength: 1 545 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 546 type: string 547 parentRef: 548 description: ParentRef corresponds with a ParentRef in the spec 549 that this RouteParentStatus struct describes the status of. 550 properties: 551 group: 552 default: gateway.networking.k8s.io 553 description: "Group is the group of the referent. When unspecified, 554 \"gateway.networking.k8s.io\" is inferred. To set the 555 core API group (such as for a \"Service\" kind referent), 556 Group must be explicitly set to \"\" (empty string). \n 557 Support: Core" 558 maxLength: 253 559 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 560 type: string 561 kind: 562 default: Gateway 563 description: "Kind is kind of the referent. \n There are 564 two kinds of parent resources with \"Core\" support: \n 565 * Gateway (Gateway conformance profile) * Service (Mesh 566 conformance profile, experimental, ClusterIP Services 567 only) \n Support for other resources is Implementation-Specific." 568 maxLength: 63 569 minLength: 1 570 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 571 type: string 572 name: 573 description: "Name is the name of the referent. \n Support: 574 Core" 575 maxLength: 253 576 minLength: 1 577 type: string 578 namespace: 579 description: "Namespace is the namespace of the referent. 580 When unspecified, this refers to the local namespace of 581 the Route. \n Note that there are specific rules for ParentRefs 582 which cross namespace boundaries. Cross-namespace references 583 are only valid if they are explicitly allowed by something 584 in the namespace they are referring to. For example: Gateway 585 has the AllowedRoutes field, and ReferenceGrant provides 586 a generic way to enable any other kind of cross-namespace 587 reference. \n ParentRefs from a Route to a Service in 588 the same namespace are \"producer\" routes, which apply 589 default routing rules to inbound connections from any 590 namespace to the Service. \n ParentRefs from a Route to 591 a Service in a different namespace are \"consumer\" routes, 592 and these routing rules are only applied to outbound connections 593 originating from the same namespace as the Route, for 594 which the intended destination of the connections are 595 a Service targeted as a ParentRef of the Route. \n Support: 596 Core" 597 maxLength: 63 598 minLength: 1 599 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 600 type: string 601 port: 602 description: "Port is the network port this Route targets. 603 It can be interpreted differently based on the type of 604 parent resource. \n When the parent resource is a Gateway, 605 this targets all listeners listening on the specified 606 port that also support this kind of Route(and select this 607 Route). It's not recommended to set `Port` unless the 608 networking behaviors specified in a Route must apply to 609 a specific port as opposed to a listener(s) whose port(s) 610 may be changed. When both Port and SectionName are specified, 611 the name and port of the selected listener must match 612 both specified values. \n When the parent resource is 613 a Service, this targets a specific port in the Service 614 spec. When both Port (experimental) and SectionName are 615 specified, the name and port of the selected port must 616 match both specified values. \n Implementations MAY choose 617 to support other parent resources. Implementations supporting 618 other types of parent resources MUST clearly document 619 how/if Port is interpreted. \n For the purpose of status, 620 an attachment is considered successful as long as the 621 parent resource accepts it partially. For example, Gateway 622 listeners can restrict which Routes can attach to them 623 by Route kind, namespace, or hostname. If 1 of 2 Gateway 624 listeners accept attachment from the referencing Route, 625 the Route MUST be considered successfully attached. If 626 no Gateway listeners accept attachment from this Route, 627 the Route MUST be considered detached from the Gateway. 628 \n Support: Extended \n " 629 format: int32 630 maximum: 65535 631 minimum: 1 632 type: integer 633 sectionName: 634 description: "SectionName is the name of a section within 635 the target resource. In the following resources, SectionName 636 is interpreted as the following: \n * Gateway: Listener 637 Name. When both Port (experimental) and SectionName are 638 specified, the name and port of the selected listener 639 must match both specified values. * Service: Port Name. 640 When both Port (experimental) and SectionName are specified, 641 the name and port of the selected listener must match 642 both specified values. Note that attaching Routes to Services 643 as Parents is part of experimental Mesh support and is 644 not supported for any other purpose. \n Implementations 645 MAY choose to support attaching Routes to other resources. 646 If that is the case, they MUST clearly document how SectionName 647 is interpreted. \n When unspecified (empty string), this 648 will reference the entire resource. For the purpose of 649 status, an attachment is considered successful if at least 650 one section in the parent resource accepts it. For example, 651 Gateway listeners can restrict which Routes can attach 652 to them by Route kind, namespace, or hostname. If 1 of 653 2 Gateway listeners accept attachment from the referencing 654 Route, the Route MUST be considered successfully attached. 655 If no Gateway listeners accept attachment from this Route, 656 the Route MUST be considered detached from the Gateway. 657 \n Support: Core" 658 maxLength: 253 659 minLength: 1 660 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 661 type: string 662 required: 663 - name 664 type: object 665 required: 666 - controllerName 667 - parentRef 668 type: object 669 maxItems: 32 670 type: array 671 required: 672 - parents 673 type: object 674 required: 675 - spec 676 type: object 677 served: true 678 storage: true 679 subresources: 680 status: {} 681 status: 682 acceptedNames: 683 kind: "" 684 plural: "" 685 conditions: null 686 storedVersions: null