sigs.k8s.io/gateway-api@v1.0.0/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 annotations: 5 api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466 6 gateway.networking.k8s.io/bundle-version: v1.0.0 7 gateway.networking.k8s.io/channel: standard 8 creationTimestamp: null 9 name: httproutes.gateway.networking.k8s.io 10 spec: 11 group: gateway.networking.k8s.io 12 names: 13 categories: 14 - gateway-api 15 kind: HTTPRoute 16 listKind: HTTPRouteList 17 plural: httproutes 18 singular: httproute 19 scope: Namespaced 20 versions: 21 - additionalPrinterColumns: 22 - jsonPath: .spec.hostnames 23 name: Hostnames 24 type: string 25 - jsonPath: .metadata.creationTimestamp 26 name: Age 27 type: date 28 name: v1 29 schema: 30 openAPIV3Schema: 31 description: HTTPRoute provides a way to route HTTP requests. This includes 32 the capability to match requests by hostname, path, header, or query param. 33 Filters can be used to specify additional processing steps. Backends specify 34 where matching requests should be routed. 35 properties: 36 apiVersion: 37 description: 'APIVersion defines the versioned schema of this representation 38 of an object. Servers should convert recognized schemas to the latest 39 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 40 type: string 41 kind: 42 description: 'Kind is a string value representing the REST resource this 43 object represents. Servers may infer this from the endpoint the client 44 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 45 type: string 46 metadata: 47 type: object 48 spec: 49 description: Spec defines the desired state of HTTPRoute. 50 properties: 51 hostnames: 52 description: "Hostnames defines a set of hostnames that should match 53 against the HTTP Host header to select a HTTPRoute used to process 54 the request. Implementations MUST ignore any port value specified 55 in the HTTP Host header while performing a match and (absent of 56 any applicable header modification configuration) MUST forward this 57 header unmodified to the backend. \n Valid values for Hostnames 58 are determined by RFC 1123 definition of a hostname with 2 notable 59 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed 60 with a wildcard label (`*.`). The wildcard label must appear by 61 itself as the first label. \n If a hostname is specified by both 62 the Listener and HTTPRoute, there must be at least one intersecting 63 hostname for the HTTPRoute to be attached to the Listener. For example: 64 \n * A Listener with `test.example.com` as the hostname matches 65 HTTPRoutes that have either not specified any hostnames, or have 66 specified at least one of `test.example.com` or `*.example.com`. 67 * A Listener with `*.example.com` as the hostname matches HTTPRoutes 68 that have either not specified any hostnames or have specified at 69 least one hostname that matches the Listener hostname. For example, 70 `*.example.com`, `test.example.com`, and `foo.test.example.com` 71 would all match. On the other hand, `example.com` and `test.example.net` 72 would not match. \n Hostnames that are prefixed with a wildcard 73 label (`*.`) are interpreted as a suffix match. That means that 74 a match for `*.example.com` would match both `test.example.com`, 75 and `foo.test.example.com`, but not `example.com`. \n If both the 76 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames 77 that do not match the Listener hostname MUST be ignored. For example, 78 if a Listener specified `*.example.com`, and the HTTPRoute specified 79 `test.example.com` and `test.example.net`, `test.example.net` must 80 not be considered for a match. \n If both the Listener and HTTPRoute 81 have specified hostnames, and none match with the criteria above, 82 then the HTTPRoute is not accepted. The implementation must raise 83 an 'Accepted' Condition with a status of `False` in the corresponding 84 RouteParentStatus. \n In the event that multiple HTTPRoutes specify 85 intersecting hostnames (e.g. overlapping wildcard matching and exact 86 matching hostnames), precedence must be given to rules from the 87 HTTPRoute with the largest number of: \n * Characters in a matching 88 non-wildcard hostname. * Characters in a matching hostname. \n If 89 ties exist across multiple Routes, the matching precedence rules 90 for HTTPRouteMatches takes over. \n Support: Core" 91 items: 92 description: "Hostname is the fully qualified domain name of a network 93 host. This matches the RFC 1123 definition of a hostname with 94 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname 95 may be prefixed with a wildcard label (`*.`). The wildcard label 96 must appear by itself as the first label. \n Hostname can be \"precise\" 97 which is a domain name without the terminating dot of a network 98 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain 99 name prefixed with a single wildcard label (e.g. `*.example.com`). 100 \n Note that as per RFC1035 and RFC1123, a *label* must consist 101 of lower case alphanumeric characters or '-', and must start and 102 end with an alphanumeric character. No other punctuation is allowed." 103 maxLength: 253 104 minLength: 1 105 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 106 type: string 107 maxItems: 16 108 type: array 109 parentRefs: 110 description: "ParentRefs references the resources (usually Gateways) 111 that a Route wants to be attached to. Note that the referenced parent 112 resource needs to allow this for the attachment to be complete. 113 For Gateways, that means the Gateway needs to allow attachment from 114 Routes of this kind and namespace. For Services, that means the 115 Service must either be in the same namespace for a \"producer\" 116 route, or the mesh implementation must support and allow \"consumer\" 117 routes for the referenced Service. ReferenceGrant is not applicable 118 for governing ParentRefs to Services - it is not possible to create 119 a \"producer\" route for a Service in a different namespace from 120 the Route. \n There are two kinds of parent resources with \"Core\" 121 support: \n * Gateway (Gateway conformance profile) This API may 122 be extended in the future to support additional kinds of parent 123 resources. \n ParentRefs must be _distinct_. This means either that: 124 \n * They select different objects. If this is the case, then parentRef 125 entries are distinct. In terms of fields, this means that the multi-part 126 key defined by `group`, `kind`, `namespace`, and `name` must be 127 unique across all parentRef entries in the Route. * They do not 128 select different objects, but for each optional field used, each 129 ParentRef that selects the same object must set the same set of 130 optional fields to different values. If one ParentRef sets a combination 131 of optional fields, all must set the same combination. \n Some examples: 132 \n * If one ParentRef sets `sectionName`, all ParentRefs referencing 133 the same object must also set `sectionName`. * If one ParentRef 134 sets `port`, all ParentRefs referencing the same object must also 135 set `port`. * If one ParentRef sets `sectionName` and `port`, all 136 ParentRefs referencing the same object must also set `sectionName` 137 and `port`. \n It is possible to separately reference multiple distinct 138 objects that may be collapsed by an implementation. For example, 139 some implementations may choose to merge compatible Gateway Listeners 140 together. If that is the case, the list of routes attached to those 141 resources should also be merged. \n Note that for ParentRefs that 142 cross namespace boundaries, there are specific rules. Cross-namespace 143 references are only valid if they are explicitly allowed by something 144 in the namespace they are referring to. For example, Gateway has 145 the AllowedRoutes field, and ReferenceGrant provides a generic way 146 to enable other kinds of cross-namespace reference. \n \n " 147 items: 148 description: "ParentReference identifies an API object (usually 149 a Gateway) that can be considered a parent of this resource (usually 150 a route). There are two kinds of parent resources with \"Core\" 151 support: \n * Gateway (Gateway conformance profile) * Service 152 (Mesh conformance profile, experimental, ClusterIP Services only) 153 \n This API may be extended in the future to support additional 154 kinds of parent resources. \n The API object must be valid in 155 the cluster; the Group and Kind must be registered in the cluster 156 for this reference to be valid." 157 properties: 158 group: 159 default: gateway.networking.k8s.io 160 description: "Group is the group of the referent. When unspecified, 161 \"gateway.networking.k8s.io\" is inferred. To set the core 162 API group (such as for a \"Service\" kind referent), Group 163 must be explicitly set to \"\" (empty string). \n Support: 164 Core" 165 maxLength: 253 166 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 167 type: string 168 kind: 169 default: Gateway 170 description: "Kind is kind of the referent. \n There are two 171 kinds of parent resources with \"Core\" support: \n * Gateway 172 (Gateway conformance profile) * Service (Mesh conformance 173 profile, experimental, ClusterIP Services only) \n Support 174 for other resources is Implementation-Specific." 175 maxLength: 63 176 minLength: 1 177 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 178 type: string 179 name: 180 description: "Name is the name of the referent. \n Support: 181 Core" 182 maxLength: 253 183 minLength: 1 184 type: string 185 namespace: 186 description: "Namespace is the namespace of the referent. When 187 unspecified, this refers to the local namespace of the Route. 188 \n Note that there are specific rules for ParentRefs which 189 cross namespace boundaries. Cross-namespace references are 190 only valid if they are explicitly allowed by something in 191 the namespace they are referring to. For example: Gateway 192 has the AllowedRoutes field, and ReferenceGrant provides a 193 generic way to enable any other kind of cross-namespace reference. 194 \n \n Support: Core" 195 maxLength: 63 196 minLength: 1 197 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 198 type: string 199 sectionName: 200 description: "SectionName is the name of a section within the 201 target resource. In the following resources, SectionName is 202 interpreted as the following: \n * Gateway: Listener Name. 203 When both Port (experimental) and SectionName are specified, 204 the name and port of the selected listener must match both 205 specified values. * Service: Port Name. When both Port (experimental) 206 and SectionName are specified, the name and port of the selected 207 listener must match both specified values. Note that attaching 208 Routes to Services as Parents is part of experimental Mesh 209 support and is not supported for any other purpose. \n Implementations 210 MAY choose to support attaching Routes to other resources. 211 If that is the case, they MUST clearly document how SectionName 212 is interpreted. \n When unspecified (empty string), this will 213 reference the entire resource. For the purpose of status, 214 an attachment is considered successful if at least one section 215 in the parent resource accepts it. For example, Gateway listeners 216 can restrict which Routes can attach to them by Route kind, 217 namespace, or hostname. If 1 of 2 Gateway listeners accept 218 attachment from the referencing Route, the Route MUST be considered 219 successfully attached. If no Gateway listeners accept attachment 220 from this Route, the Route MUST be considered detached from 221 the Gateway. \n Support: Core" 222 maxLength: 253 223 minLength: 1 224 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 225 type: string 226 required: 227 - name 228 type: object 229 maxItems: 32 230 type: array 231 x-kubernetes-validations: 232 - message: sectionName must be specified when parentRefs includes 233 2 or more references to the same parent 234 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind 235 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 236 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ 237 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && 238 p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName) 239 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName 240 == '''')) : true))' 241 - message: sectionName must be unique when parentRefs includes 2 or 242 more references to the same parent 243 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind 244 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 245 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ 246 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && 247 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) 248 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName 249 == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName 250 == p2.sectionName)))) 251 rules: 252 default: 253 - matches: 254 - path: 255 type: PathPrefix 256 value: / 257 description: Rules are a list of HTTP matchers, filters and actions. 258 items: 259 description: HTTPRouteRule defines semantics for matching an HTTP 260 request based on conditions (matches), processing it (filters), 261 and forwarding the request to an API object (backendRefs). 262 properties: 263 backendRefs: 264 description: "BackendRefs defines the backend(s) where matching 265 requests should be sent. \n Failure behavior here depends 266 on how many BackendRefs are specified and how many are invalid. 267 \n If *all* entries in BackendRefs are invalid, and there 268 are also no filters specified in this route rule, *all* traffic 269 which matches this rule MUST receive a 500 status code. \n 270 See the HTTPBackendRef definition for the rules about what 271 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef 272 is invalid, 500 status codes MUST be returned for requests 273 that would have otherwise been routed to an invalid backend. 274 If multiple backends are specified, and some are invalid, 275 the proportion of requests that would otherwise have been 276 routed to an invalid backend MUST receive a 500 status code. 277 \n For example, if two backends are specified with equal weights, 278 and one is invalid, 50 percent of traffic must receive a 500. 279 Implementations may choose how that 50 percent is determined. 280 \n Support: Core for Kubernetes Service \n Support: Extended 281 for Kubernetes ServiceImport \n Support: Implementation-specific 282 for any other resource \n Support for weight: Core" 283 items: 284 description: "HTTPBackendRef defines how a HTTPRoute forwards 285 a HTTP request. \n Note that when a namespace different 286 than the local namespace is specified, a ReferenceGrant 287 object is required in the referent namespace to allow that 288 namespace's owner to accept the reference. See the ReferenceGrant 289 documentation for details. \n <gateway:experimental:description> 290 \n When the BackendRef points to a Kubernetes Service, implementations 291 SHOULD honor the appProtocol field if it is set for the 292 target Service Port. \n Implementations supporting appProtocol 293 SHOULD recognize the Kubernetes Standard Application Protocols 294 defined in KEP-3726. \n If a Service appProtocol isn't specified, 295 an implementation MAY infer the backend protocol through 296 its own means. Implementations MAY infer the protocol from 297 the Route type referring to the backend Service. \n If a 298 Route is not able to send traffic to the backend using the 299 specified protocol then the backend is considered invalid. 300 Implementations MUST set the \"ResolvedRefs\" condition 301 to \"False\" with the \"UnsupportedProtocol\" reason. \n 302 </gateway:experimental:description>" 303 properties: 304 filters: 305 description: "Filters defined at this level should be 306 executed if and only if the request is being forwarded 307 to the backend defined here. \n Support: Implementation-specific 308 (For broader support of filters, use the Filters field 309 in HTTPRouteRule.)" 310 items: 311 description: HTTPRouteFilter defines processing steps 312 that must be completed during the request or response 313 lifecycle. HTTPRouteFilters are meant as an extension 314 point to express processing that may be done in Gateway 315 implementations. Some examples include request or 316 response modification, implementing authentication 317 strategies, rate-limiting, and traffic shaping. API 318 guarantee/conformance is defined based on the type 319 of the filter. 320 properties: 321 extensionRef: 322 description: "ExtensionRef is an optional, implementation-specific 323 extension to the \"filter\" behavior. For example, 324 resource \"myroutefilter\" in group \"networking.example.net\"). 325 ExtensionRef MUST NOT be used for core and extended 326 filters. \n This filter can be used multiple times 327 within the same rule. \n Support: Implementation-specific" 328 properties: 329 group: 330 description: Group is the group of the referent. 331 For example, "gateway.networking.k8s.io". 332 When unspecified or empty string, core API 333 group is inferred. 334 maxLength: 253 335 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 336 type: string 337 kind: 338 description: Kind is kind of the referent. For 339 example "HTTPRoute" or "Service". 340 maxLength: 63 341 minLength: 1 342 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 343 type: string 344 name: 345 description: Name is the name of the referent. 346 maxLength: 253 347 minLength: 1 348 type: string 349 required: 350 - group 351 - kind 352 - name 353 type: object 354 requestHeaderModifier: 355 description: "RequestHeaderModifier defines a schema 356 for a filter that modifies request headers. \n 357 Support: Core" 358 properties: 359 add: 360 description: "Add adds the given header(s) (name, 361 value) to the request before the action. It 362 appends to any existing values associated 363 with the header name. \n Input: GET /foo HTTP/1.1 364 my-header: foo \n Config: add: - name: \"my-header\" 365 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 366 my-header: foo,bar,baz" 367 items: 368 description: HTTPHeader represents an HTTP 369 Header name and value as defined by RFC 370 7230. 371 properties: 372 name: 373 description: "Name is the name of the 374 HTTP Header to be matched. Name matching 375 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 376 \n If multiple entries specify equivalent 377 header names, the first entry with an 378 equivalent name MUST be considered for 379 a match. Subsequent entries with an 380 equivalent header name MUST be ignored. 381 Due to the case-insensitivity of header 382 names, \"foo\" and \"Foo\" are considered 383 equivalent." 384 maxLength: 256 385 minLength: 1 386 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 387 type: string 388 value: 389 description: Value is the value of HTTP 390 Header to be matched. 391 maxLength: 4096 392 minLength: 1 393 type: string 394 required: 395 - name 396 - value 397 type: object 398 maxItems: 16 399 type: array 400 x-kubernetes-list-map-keys: 401 - name 402 x-kubernetes-list-type: map 403 remove: 404 description: "Remove the given header(s) from 405 the HTTP request before the action. The value 406 of Remove is a list of HTTP header names. 407 Note that the header names are case-insensitive 408 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 409 \n Input: GET /foo HTTP/1.1 my-header1: foo 410 my-header2: bar my-header3: baz \n Config: 411 remove: [\"my-header1\", \"my-header3\"] \n 412 Output: GET /foo HTTP/1.1 my-header2: bar" 413 items: 414 type: string 415 maxItems: 16 416 type: array 417 x-kubernetes-list-type: set 418 set: 419 description: "Set overwrites the request with 420 the given header (name, value) before the 421 action. \n Input: GET /foo HTTP/1.1 my-header: 422 foo \n Config: set: - name: \"my-header\" 423 value: \"bar\" \n Output: GET /foo HTTP/1.1 424 my-header: bar" 425 items: 426 description: HTTPHeader represents an HTTP 427 Header name and value as defined by RFC 428 7230. 429 properties: 430 name: 431 description: "Name is the name of the 432 HTTP Header to be matched. Name matching 433 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 434 \n If multiple entries specify equivalent 435 header names, the first entry with an 436 equivalent name MUST be considered for 437 a match. Subsequent entries with an 438 equivalent header name MUST be ignored. 439 Due to the case-insensitivity of header 440 names, \"foo\" and \"Foo\" are considered 441 equivalent." 442 maxLength: 256 443 minLength: 1 444 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 445 type: string 446 value: 447 description: Value is the value of HTTP 448 Header to be matched. 449 maxLength: 4096 450 minLength: 1 451 type: string 452 required: 453 - name 454 - value 455 type: object 456 maxItems: 16 457 type: array 458 x-kubernetes-list-map-keys: 459 - name 460 x-kubernetes-list-type: map 461 type: object 462 requestMirror: 463 description: "RequestMirror defines a schema for 464 a filter that mirrors requests. Requests are sent 465 to the specified destination, but responses from 466 that destination are ignored. \n This filter can 467 be used multiple times within the same rule. Note 468 that not all implementations will be able to support 469 mirroring to multiple backends. \n Support: Extended" 470 properties: 471 backendRef: 472 description: "BackendRef references a resource 473 where mirrored requests are sent. \n Mirrored 474 requests must be sent only to a single destination 475 endpoint within this BackendRef, irrespective 476 of how many endpoints are present within this 477 BackendRef. \n If the referent cannot be found, 478 this BackendRef is invalid and must be dropped 479 from the Gateway. The controller must ensure 480 the \"ResolvedRefs\" condition on the Route 481 status is set to `status: False` and not configure 482 this backend in the underlying implementation. 483 \n If there is a cross-namespace reference 484 to an *existing* object that is not allowed 485 by a ReferenceGrant, the controller must ensure 486 the \"ResolvedRefs\" condition on the Route 487 is set to `status: False`, with the \"RefNotPermitted\" 488 reason and not configure this backend in the 489 underlying implementation. \n In either error 490 case, the Message of the `ResolvedRefs` Condition 491 should be used to provide more detail about 492 the problem. \n Support: Extended for Kubernetes 493 Service \n Support: Implementation-specific 494 for any other resource" 495 properties: 496 group: 497 default: "" 498 description: Group is the group of the referent. 499 For example, "gateway.networking.k8s.io". 500 When unspecified or empty string, core 501 API group is inferred. 502 maxLength: 253 503 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 504 type: string 505 kind: 506 default: Service 507 description: "Kind is the Kubernetes resource 508 kind of the referent. For example \"Service\". 509 \n Defaults to \"Service\" when not specified. 510 \n ExternalName services can refer to 511 CNAME DNS records that may live outside 512 of the cluster and as such are difficult 513 to reason about in terms of conformance. 514 They also may not be safe to forward to 515 (see CVE-2021-25740 for more information). 516 Implementations SHOULD NOT support ExternalName 517 Services. \n Support: Core (Services with 518 a type other than ExternalName) \n Support: 519 Implementation-specific (Services with 520 type ExternalName)" 521 maxLength: 63 522 minLength: 1 523 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 524 type: string 525 name: 526 description: Name is the name of the referent. 527 maxLength: 253 528 minLength: 1 529 type: string 530 namespace: 531 description: "Namespace is the namespace 532 of the backend. When unspecified, the 533 local namespace is inferred. \n Note that 534 when a namespace different than the local 535 namespace is specified, a ReferenceGrant 536 object is required in the referent namespace 537 to allow that namespace's owner to accept 538 the reference. See the ReferenceGrant 539 documentation for details. \n Support: 540 Core" 541 maxLength: 63 542 minLength: 1 543 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 544 type: string 545 port: 546 description: Port specifies the destination 547 port number to use for this resource. 548 Port is required when the referent is 549 a Kubernetes Service. In this case, the 550 port number is the service port number, 551 not the target port. For other resources, 552 destination port might be derived from 553 the referent resource or this field. 554 format: int32 555 maximum: 65535 556 minimum: 1 557 type: integer 558 required: 559 - name 560 type: object 561 x-kubernetes-validations: 562 - message: Must have port for Service reference 563 rule: '(size(self.group) == 0 && self.kind 564 == ''Service'') ? has(self.port) : true' 565 required: 566 - backendRef 567 type: object 568 requestRedirect: 569 description: "RequestRedirect defines a schema for 570 a filter that responds to the request with an 571 HTTP redirection. \n Support: Core" 572 properties: 573 hostname: 574 description: "Hostname is the hostname to be 575 used in the value of the `Location` header 576 in the response. When empty, the hostname 577 in the `Host` header of the request is used. 578 \n Support: Core" 579 maxLength: 253 580 minLength: 1 581 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 582 type: string 583 path: 584 description: "Path defines parameters used to 585 modify the path of the incoming request. The 586 modified path is then used to construct the 587 `Location` header. When empty, the request 588 path is used as-is. \n Support: Extended" 589 properties: 590 replaceFullPath: 591 description: ReplaceFullPath specifies the 592 value with which to replace the full path 593 of a request during a rewrite or redirect. 594 maxLength: 1024 595 type: string 596 replacePrefixMatch: 597 description: "ReplacePrefixMatch specifies 598 the value with which to replace the prefix 599 match of a request during a rewrite or 600 redirect. For example, a request to \"/foo/bar\" 601 with a prefix match of \"/foo\" and a 602 ReplacePrefixMatch of \"/xyz\" would be 603 modified to \"/xyz/bar\". \n Note that 604 this matches the behavior of the PathPrefix 605 match type. This matches full path elements. 606 A path element refers to the list of labels 607 in the path split by the `/` separator. 608 When specified, a trailing `/` is ignored. 609 For example, the paths `/abc`, `/abc/`, 610 and `/abc/def` would all match the prefix 611 `/abc`, but the path `/abcd` would not. 612 \n ReplacePrefixMatch is only compatible 613 with a `PathPrefix` HTTPRouteMatch. Using 614 any other HTTPRouteMatch type on the same 615 HTTPRouteRule will result in the implementation 616 setting the Accepted Condition for the 617 Route to `status: False`. \n Request Path 618 | Prefix Match | Replace Prefix | Modified 619 Path -------------|--------------|----------------|---------- 620 /foo/bar | /foo | /xyz | 621 /xyz/bar /foo/bar | /foo | 622 /xyz/ | /xyz/bar /foo/bar | 623 /foo/ | /xyz | /xyz/bar 624 /foo/bar | /foo/ | /xyz/ | 625 /xyz/bar /foo | /foo | 626 /xyz | /xyz /foo/ | /foo 627 \ | /xyz | /xyz/ /foo/bar 628 \ | /foo | <empty string> | 629 /bar /foo/ | /foo | <empty 630 string> | / /foo | /foo | 631 <empty string> | / /foo/ | /foo 632 \ | / | / /foo | 633 /foo | / | /" 634 maxLength: 1024 635 type: string 636 type: 637 description: "Type defines the type of path 638 modifier. Additional types may be added 639 in a future release of the API. \n Note 640 that values may be added to this enum, 641 implementations must ensure that unknown 642 values will not cause a crash. \n Unknown 643 values here must result in the implementation 644 setting the Accepted Condition for the 645 Route to `status: False`, with a Reason 646 of `UnsupportedValue`." 647 enum: 648 - ReplaceFullPath 649 - ReplacePrefixMatch 650 type: string 651 required: 652 - type 653 type: object 654 x-kubernetes-validations: 655 - message: replaceFullPath must be specified 656 when type is set to 'ReplaceFullPath' 657 rule: 'self.type == ''ReplaceFullPath'' ? 658 has(self.replaceFullPath) : true' 659 - message: type must be 'ReplaceFullPath' when 660 replaceFullPath is set 661 rule: 'has(self.replaceFullPath) ? self.type 662 == ''ReplaceFullPath'' : true' 663 - message: replacePrefixMatch must be specified 664 when type is set to 'ReplacePrefixMatch' 665 rule: 'self.type == ''ReplacePrefixMatch'' 666 ? has(self.replacePrefixMatch) : true' 667 - message: type must be 'ReplacePrefixMatch' 668 when replacePrefixMatch is set 669 rule: 'has(self.replacePrefixMatch) ? self.type 670 == ''ReplacePrefixMatch'' : true' 671 port: 672 description: "Port is the port to be used in 673 the value of the `Location` header in the 674 response. \n If no port is specified, the 675 redirect port MUST be derived using the following 676 rules: \n * If redirect scheme is not-empty, 677 the redirect port MUST be the well-known port 678 associated with the redirect scheme. Specifically 679 \"http\" to port 80 and \"https\" to port 680 443. If the redirect scheme does not have 681 a well-known port, the listener port of the 682 Gateway SHOULD be used. * If redirect scheme 683 is empty, the redirect port MUST be the Gateway 684 Listener port. \n Implementations SHOULD NOT 685 add the port number in the 'Location' header 686 in the following cases: \n * A Location header 687 that will use HTTP (whether that is determined 688 via the Listener protocol or the Scheme field) 689 _and_ use port 80. * A Location header that 690 will use HTTPS (whether that is determined 691 via the Listener protocol or the Scheme field) 692 _and_ use port 443. \n Support: Extended" 693 format: int32 694 maximum: 65535 695 minimum: 1 696 type: integer 697 scheme: 698 description: "Scheme is the scheme to be used 699 in the value of the `Location` header in the 700 response. When empty, the scheme of the request 701 is used. \n Scheme redirects can affect the 702 port of the redirect, for more information, 703 refer to the documentation for the port field 704 of this filter. \n Note that values may be 705 added to this enum, implementations must ensure 706 that unknown values will not cause a crash. 707 \n Unknown values here must result in the 708 implementation setting the Accepted Condition 709 for the Route to `status: False`, with a Reason 710 of `UnsupportedValue`. \n Support: Extended" 711 enum: 712 - http 713 - https 714 type: string 715 statusCode: 716 default: 302 717 description: "StatusCode is the HTTP status 718 code to be used in response. \n Note that 719 values may be added to this enum, implementations 720 must ensure that unknown values will not cause 721 a crash. \n Unknown values here must result 722 in the implementation setting the Accepted 723 Condition for the Route to `status: False`, 724 with a Reason of `UnsupportedValue`. \n Support: 725 Core" 726 enum: 727 - 301 728 - 302 729 type: integer 730 type: object 731 responseHeaderModifier: 732 description: "ResponseHeaderModifier defines a schema 733 for a filter that modifies response headers. \n 734 Support: Extended" 735 properties: 736 add: 737 description: "Add adds the given header(s) (name, 738 value) to the request before the action. It 739 appends to any existing values associated 740 with the header name. \n Input: GET /foo HTTP/1.1 741 my-header: foo \n Config: add: - name: \"my-header\" 742 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 743 my-header: foo,bar,baz" 744 items: 745 description: HTTPHeader represents an HTTP 746 Header name and value as defined by RFC 747 7230. 748 properties: 749 name: 750 description: "Name is the name of the 751 HTTP Header to be matched. Name matching 752 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 753 \n If multiple entries specify equivalent 754 header names, the first entry with an 755 equivalent name MUST be considered for 756 a match. Subsequent entries with an 757 equivalent header name MUST be ignored. 758 Due to the case-insensitivity of header 759 names, \"foo\" and \"Foo\" are considered 760 equivalent." 761 maxLength: 256 762 minLength: 1 763 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 764 type: string 765 value: 766 description: Value is the value of HTTP 767 Header to be matched. 768 maxLength: 4096 769 minLength: 1 770 type: string 771 required: 772 - name 773 - value 774 type: object 775 maxItems: 16 776 type: array 777 x-kubernetes-list-map-keys: 778 - name 779 x-kubernetes-list-type: map 780 remove: 781 description: "Remove the given header(s) from 782 the HTTP request before the action. The value 783 of Remove is a list of HTTP header names. 784 Note that the header names are case-insensitive 785 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 786 \n Input: GET /foo HTTP/1.1 my-header1: foo 787 my-header2: bar my-header3: baz \n Config: 788 remove: [\"my-header1\", \"my-header3\"] \n 789 Output: GET /foo HTTP/1.1 my-header2: bar" 790 items: 791 type: string 792 maxItems: 16 793 type: array 794 x-kubernetes-list-type: set 795 set: 796 description: "Set overwrites the request with 797 the given header (name, value) before the 798 action. \n Input: GET /foo HTTP/1.1 my-header: 799 foo \n Config: set: - name: \"my-header\" 800 value: \"bar\" \n Output: GET /foo HTTP/1.1 801 my-header: bar" 802 items: 803 description: HTTPHeader represents an HTTP 804 Header name and value as defined by RFC 805 7230. 806 properties: 807 name: 808 description: "Name is the name of the 809 HTTP Header to be matched. Name matching 810 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 811 \n If multiple entries specify equivalent 812 header names, the first entry with an 813 equivalent name MUST be considered for 814 a match. Subsequent entries with an 815 equivalent header name MUST be ignored. 816 Due to the case-insensitivity of header 817 names, \"foo\" and \"Foo\" are considered 818 equivalent." 819 maxLength: 256 820 minLength: 1 821 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 822 type: string 823 value: 824 description: Value is the value of HTTP 825 Header to be matched. 826 maxLength: 4096 827 minLength: 1 828 type: string 829 required: 830 - name 831 - value 832 type: object 833 maxItems: 16 834 type: array 835 x-kubernetes-list-map-keys: 836 - name 837 x-kubernetes-list-type: map 838 type: object 839 type: 840 description: "Type identifies the type of filter 841 to apply. As with other API fields, types are 842 classified into three conformance levels: \n - 843 Core: Filter types and their corresponding configuration 844 defined by \"Support: Core\" in this package, 845 e.g. \"RequestHeaderModifier\". All implementations 846 must support core filters. \n - Extended: Filter 847 types and their corresponding configuration defined 848 by \"Support: Extended\" in this package, e.g. 849 \"RequestMirror\". Implementers are encouraged 850 to support extended filters. \n - Implementation-specific: 851 Filters that are defined and supported by specific 852 vendors. In the future, filters showing convergence 853 in behavior across multiple implementations will 854 be considered for inclusion in extended or core 855 conformance levels. Filter-specific configuration 856 for such filters is specified using the ExtensionRef 857 field. `Type` should be set to \"ExtensionRef\" 858 for custom filters. \n Implementers are encouraged 859 to define custom implementation types to extend 860 the core API with implementation-specific behavior. 861 \n If a reference to a custom filter type cannot 862 be resolved, the filter MUST NOT be skipped. Instead, 863 requests that would have been processed by that 864 filter MUST receive a HTTP error response. \n 865 Note that values may be added to this enum, implementations 866 must ensure that unknown values will not cause 867 a crash. \n Unknown values here must result in 868 the implementation setting the Accepted Condition 869 for the Route to `status: False`, with a Reason 870 of `UnsupportedValue`." 871 enum: 872 - RequestHeaderModifier 873 - ResponseHeaderModifier 874 - RequestMirror 875 - RequestRedirect 876 - URLRewrite 877 - ExtensionRef 878 type: string 879 urlRewrite: 880 description: "URLRewrite defines a schema for a 881 filter that modifies a request during forwarding. 882 \n Support: Extended" 883 properties: 884 hostname: 885 description: "Hostname is the value to be used 886 to replace the Host header value during forwarding. 887 \n Support: Extended" 888 maxLength: 253 889 minLength: 1 890 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 891 type: string 892 path: 893 description: "Path defines a path rewrite. \n 894 Support: Extended" 895 properties: 896 replaceFullPath: 897 description: ReplaceFullPath specifies the 898 value with which to replace the full path 899 of a request during a rewrite or redirect. 900 maxLength: 1024 901 type: string 902 replacePrefixMatch: 903 description: "ReplacePrefixMatch specifies 904 the value with which to replace the prefix 905 match of a request during a rewrite or 906 redirect. For example, a request to \"/foo/bar\" 907 with a prefix match of \"/foo\" and a 908 ReplacePrefixMatch of \"/xyz\" would be 909 modified to \"/xyz/bar\". \n Note that 910 this matches the behavior of the PathPrefix 911 match type. This matches full path elements. 912 A path element refers to the list of labels 913 in the path split by the `/` separator. 914 When specified, a trailing `/` is ignored. 915 For example, the paths `/abc`, `/abc/`, 916 and `/abc/def` would all match the prefix 917 `/abc`, but the path `/abcd` would not. 918 \n ReplacePrefixMatch is only compatible 919 with a `PathPrefix` HTTPRouteMatch. Using 920 any other HTTPRouteMatch type on the same 921 HTTPRouteRule will result in the implementation 922 setting the Accepted Condition for the 923 Route to `status: False`. \n Request Path 924 | Prefix Match | Replace Prefix | Modified 925 Path -------------|--------------|----------------|---------- 926 /foo/bar | /foo | /xyz | 927 /xyz/bar /foo/bar | /foo | 928 /xyz/ | /xyz/bar /foo/bar | 929 /foo/ | /xyz | /xyz/bar 930 /foo/bar | /foo/ | /xyz/ | 931 /xyz/bar /foo | /foo | 932 /xyz | /xyz /foo/ | /foo 933 \ | /xyz | /xyz/ /foo/bar 934 \ | /foo | <empty string> | 935 /bar /foo/ | /foo | <empty 936 string> | / /foo | /foo | 937 <empty string> | / /foo/ | /foo 938 \ | / | / /foo | 939 /foo | / | /" 940 maxLength: 1024 941 type: string 942 type: 943 description: "Type defines the type of path 944 modifier. Additional types may be added 945 in a future release of the API. \n Note 946 that values may be added to this enum, 947 implementations must ensure that unknown 948 values will not cause a crash. \n Unknown 949 values here must result in the implementation 950 setting the Accepted Condition for the 951 Route to `status: False`, with a Reason 952 of `UnsupportedValue`." 953 enum: 954 - ReplaceFullPath 955 - ReplacePrefixMatch 956 type: string 957 required: 958 - type 959 type: object 960 x-kubernetes-validations: 961 - message: replaceFullPath must be specified 962 when type is set to 'ReplaceFullPath' 963 rule: 'self.type == ''ReplaceFullPath'' ? 964 has(self.replaceFullPath) : true' 965 - message: type must be 'ReplaceFullPath' when 966 replaceFullPath is set 967 rule: 'has(self.replaceFullPath) ? self.type 968 == ''ReplaceFullPath'' : true' 969 - message: replacePrefixMatch must be specified 970 when type is set to 'ReplacePrefixMatch' 971 rule: 'self.type == ''ReplacePrefixMatch'' 972 ? has(self.replacePrefixMatch) : true' 973 - message: type must be 'ReplacePrefixMatch' 974 when replacePrefixMatch is set 975 rule: 'has(self.replacePrefixMatch) ? self.type 976 == ''ReplacePrefixMatch'' : true' 977 type: object 978 required: 979 - type 980 type: object 981 x-kubernetes-validations: 982 - message: filter.requestHeaderModifier must be nil 983 if the filter.type is not RequestHeaderModifier 984 rule: '!(has(self.requestHeaderModifier) && self.type 985 != ''RequestHeaderModifier'')' 986 - message: filter.requestHeaderModifier must be specified 987 for RequestHeaderModifier filter.type 988 rule: '!(!has(self.requestHeaderModifier) && self.type 989 == ''RequestHeaderModifier'')' 990 - message: filter.responseHeaderModifier must be nil 991 if the filter.type is not ResponseHeaderModifier 992 rule: '!(has(self.responseHeaderModifier) && self.type 993 != ''ResponseHeaderModifier'')' 994 - message: filter.responseHeaderModifier must be specified 995 for ResponseHeaderModifier filter.type 996 rule: '!(!has(self.responseHeaderModifier) && self.type 997 == ''ResponseHeaderModifier'')' 998 - message: filter.requestMirror must be nil if the filter.type 999 is not RequestMirror 1000 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 1001 - message: filter.requestMirror must be specified for 1002 RequestMirror filter.type 1003 rule: '!(!has(self.requestMirror) && self.type == 1004 ''RequestMirror'')' 1005 - message: filter.requestRedirect must be nil if the 1006 filter.type is not RequestRedirect 1007 rule: '!(has(self.requestRedirect) && self.type != 1008 ''RequestRedirect'')' 1009 - message: filter.requestRedirect must be specified 1010 for RequestRedirect filter.type 1011 rule: '!(!has(self.requestRedirect) && self.type == 1012 ''RequestRedirect'')' 1013 - message: filter.urlRewrite must be nil if the filter.type 1014 is not URLRewrite 1015 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')' 1016 - message: filter.urlRewrite must be specified for URLRewrite 1017 filter.type 1018 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')' 1019 - message: filter.extensionRef must be nil if the filter.type 1020 is not ExtensionRef 1021 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 1022 - message: filter.extensionRef must be specified for 1023 ExtensionRef filter.type 1024 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 1025 maxItems: 16 1026 type: array 1027 x-kubernetes-validations: 1028 - message: May specify either httpRouteFilterRequestRedirect 1029 or httpRouteFilterRequestRewrite, but not both 1030 rule: '!(self.exists(f, f.type == ''RequestRedirect'') 1031 && self.exists(f, f.type == ''URLRewrite''))' 1032 - message: May specify either httpRouteFilterRequestRedirect 1033 or httpRouteFilterRequestRewrite, but not both 1034 rule: '!(self.exists(f, f.type == ''RequestRedirect'') 1035 && self.exists(f, f.type == ''URLRewrite''))' 1036 - message: RequestHeaderModifier filter cannot be repeated 1037 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 1038 <= 1 1039 - message: ResponseHeaderModifier filter cannot be repeated 1040 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 1041 <= 1 1042 - message: RequestRedirect filter cannot be repeated 1043 rule: self.filter(f, f.type == 'RequestRedirect').size() 1044 <= 1 1045 - message: URLRewrite filter cannot be repeated 1046 rule: self.filter(f, f.type == 'URLRewrite').size() 1047 <= 1 1048 group: 1049 default: "" 1050 description: Group is the group of the referent. For example, 1051 "gateway.networking.k8s.io". When unspecified or empty 1052 string, core API group is inferred. 1053 maxLength: 253 1054 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1055 type: string 1056 kind: 1057 default: Service 1058 description: "Kind is the Kubernetes resource kind of 1059 the referent. For example \"Service\". \n Defaults to 1060 \"Service\" when not specified. \n ExternalName services 1061 can refer to CNAME DNS records that may live outside 1062 of the cluster and as such are difficult to reason about 1063 in terms of conformance. They also may not be safe to 1064 forward to (see CVE-2021-25740 for more information). 1065 Implementations SHOULD NOT support ExternalName Services. 1066 \n Support: Core (Services with a type other than ExternalName) 1067 \n Support: Implementation-specific (Services with type 1068 ExternalName)" 1069 maxLength: 63 1070 minLength: 1 1071 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1072 type: string 1073 name: 1074 description: Name is the name of the referent. 1075 maxLength: 253 1076 minLength: 1 1077 type: string 1078 namespace: 1079 description: "Namespace is the namespace of the backend. 1080 When unspecified, the local namespace is inferred. \n 1081 Note that when a namespace different than the local 1082 namespace is specified, a ReferenceGrant object is required 1083 in the referent namespace to allow that namespace's 1084 owner to accept the reference. See the ReferenceGrant 1085 documentation for details. \n Support: Core" 1086 maxLength: 63 1087 minLength: 1 1088 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 1089 type: string 1090 port: 1091 description: Port specifies the destination port number 1092 to use for this resource. Port is required when the 1093 referent is a Kubernetes Service. In this case, the 1094 port number is the service port number, not the target 1095 port. For other resources, destination port might be 1096 derived from the referent resource or this field. 1097 format: int32 1098 maximum: 65535 1099 minimum: 1 1100 type: integer 1101 weight: 1102 default: 1 1103 description: "Weight specifies the proportion of requests 1104 forwarded to the referenced backend. This is computed 1105 as weight/(sum of all weights in this BackendRefs list). 1106 For non-zero values, there may be some epsilon from 1107 the exact proportion defined here depending on the precision 1108 an implementation supports. Weight is not a percentage 1109 and the sum of weights does not need to equal 100. \n 1110 If only one backend is specified and it has a weight 1111 greater than 0, 100% of the traffic is forwarded to 1112 that backend. If weight is set to 0, no traffic should 1113 be forwarded for this entry. If unspecified, weight 1114 defaults to 1. \n Support for this field varies based 1115 on the context where used." 1116 format: int32 1117 maximum: 1000000 1118 minimum: 0 1119 type: integer 1120 required: 1121 - name 1122 type: object 1123 x-kubernetes-validations: 1124 - message: Must have port for Service reference 1125 rule: '(size(self.group) == 0 && self.kind == ''Service'') 1126 ? has(self.port) : true' 1127 maxItems: 16 1128 type: array 1129 filters: 1130 description: "Filters define the filters that are applied to 1131 requests that match this rule. \n The effects of ordering 1132 of multiple behaviors are currently unspecified. This can 1133 change in the future based on feedback during the alpha stage. 1134 \n Conformance-levels at this level are defined based on the 1135 type of filter: \n - ALL core filters MUST be supported by 1136 all implementations. - Implementers are encouraged to support 1137 extended filters. - Implementation-specific custom filters 1138 have no API guarantees across implementations. \n Specifying 1139 the same filter multiple times is not supported unless explicitly 1140 indicated in the filter. \n All filters are expected to be 1141 compatible with each other except for the URLRewrite and RequestRedirect 1142 filters, which may not be combined. If an implementation can 1143 not support other combinations of filters, they must clearly 1144 document that limitation. In cases where incompatible or unsupported 1145 filters are specified and cause the `Accepted` condition to 1146 be set to status `False`, implementations may use the `IncompatibleFilters` 1147 reason to specify this configuration error. \n Support: Core" 1148 items: 1149 description: HTTPRouteFilter defines processing steps that 1150 must be completed during the request or response lifecycle. 1151 HTTPRouteFilters are meant as an extension point to express 1152 processing that may be done in Gateway implementations. 1153 Some examples include request or response modification, 1154 implementing authentication strategies, rate-limiting, and 1155 traffic shaping. API guarantee/conformance is defined based 1156 on the type of the filter. 1157 properties: 1158 extensionRef: 1159 description: "ExtensionRef is an optional, implementation-specific 1160 extension to the \"filter\" behavior. For example, 1161 resource \"myroutefilter\" in group \"networking.example.net\"). 1162 ExtensionRef MUST NOT be used for core and extended 1163 filters. \n This filter can be used multiple times within 1164 the same rule. \n Support: Implementation-specific" 1165 properties: 1166 group: 1167 description: Group is the group of the referent. For 1168 example, "gateway.networking.k8s.io". When unspecified 1169 or empty string, core API group is inferred. 1170 maxLength: 253 1171 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1172 type: string 1173 kind: 1174 description: Kind is kind of the referent. For example 1175 "HTTPRoute" or "Service". 1176 maxLength: 63 1177 minLength: 1 1178 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1179 type: string 1180 name: 1181 description: Name is the name of the referent. 1182 maxLength: 253 1183 minLength: 1 1184 type: string 1185 required: 1186 - group 1187 - kind 1188 - name 1189 type: object 1190 requestHeaderModifier: 1191 description: "RequestHeaderModifier defines a schema for 1192 a filter that modifies request headers. \n Support: 1193 Core" 1194 properties: 1195 add: 1196 description: "Add adds the given header(s) (name, 1197 value) to the request before the action. It appends 1198 to any existing values associated with the header 1199 name. \n Input: GET /foo HTTP/1.1 my-header: foo 1200 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 1201 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 1202 items: 1203 description: HTTPHeader represents an HTTP Header 1204 name and value as defined by RFC 7230. 1205 properties: 1206 name: 1207 description: "Name is the name of the HTTP Header 1208 to be matched. Name matching MUST be case 1209 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1210 \n If multiple entries specify equivalent 1211 header names, the first entry with an equivalent 1212 name MUST be considered for a match. Subsequent 1213 entries with an equivalent header name MUST 1214 be ignored. Due to the case-insensitivity 1215 of header names, \"foo\" and \"Foo\" are considered 1216 equivalent." 1217 maxLength: 256 1218 minLength: 1 1219 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1220 type: string 1221 value: 1222 description: Value is the value of HTTP Header 1223 to be matched. 1224 maxLength: 4096 1225 minLength: 1 1226 type: string 1227 required: 1228 - name 1229 - value 1230 type: object 1231 maxItems: 16 1232 type: array 1233 x-kubernetes-list-map-keys: 1234 - name 1235 x-kubernetes-list-type: map 1236 remove: 1237 description: "Remove the given header(s) from the 1238 HTTP request before the action. The value of Remove 1239 is a list of HTTP header names. Note that the header 1240 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 1241 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 1242 bar my-header3: baz \n Config: remove: [\"my-header1\", 1243 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 1244 bar" 1245 items: 1246 type: string 1247 maxItems: 16 1248 type: array 1249 x-kubernetes-list-type: set 1250 set: 1251 description: "Set overwrites the request with the 1252 given header (name, value) before the action. \n 1253 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 1254 set: - name: \"my-header\" value: \"bar\" \n Output: 1255 GET /foo HTTP/1.1 my-header: bar" 1256 items: 1257 description: HTTPHeader represents an HTTP Header 1258 name and value as defined by RFC 7230. 1259 properties: 1260 name: 1261 description: "Name is the name of the HTTP Header 1262 to be matched. Name matching MUST be case 1263 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1264 \n If multiple entries specify equivalent 1265 header names, the first entry with an equivalent 1266 name MUST be considered for a match. Subsequent 1267 entries with an equivalent header name MUST 1268 be ignored. Due to the case-insensitivity 1269 of header names, \"foo\" and \"Foo\" are considered 1270 equivalent." 1271 maxLength: 256 1272 minLength: 1 1273 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1274 type: string 1275 value: 1276 description: Value is the value of HTTP Header 1277 to be matched. 1278 maxLength: 4096 1279 minLength: 1 1280 type: string 1281 required: 1282 - name 1283 - value 1284 type: object 1285 maxItems: 16 1286 type: array 1287 x-kubernetes-list-map-keys: 1288 - name 1289 x-kubernetes-list-type: map 1290 type: object 1291 requestMirror: 1292 description: "RequestMirror defines a schema for a filter 1293 that mirrors requests. Requests are sent to the specified 1294 destination, but responses from that destination are 1295 ignored. \n This filter can be used multiple times within 1296 the same rule. Note that not all implementations will 1297 be able to support mirroring to multiple backends. \n 1298 Support: Extended" 1299 properties: 1300 backendRef: 1301 description: "BackendRef references a resource where 1302 mirrored requests are sent. \n Mirrored requests 1303 must be sent only to a single destination endpoint 1304 within this BackendRef, irrespective of how many 1305 endpoints are present within this BackendRef. \n 1306 If the referent cannot be found, this BackendRef 1307 is invalid and must be dropped from the Gateway. 1308 The controller must ensure the \"ResolvedRefs\" 1309 condition on the Route status is set to `status: 1310 False` and not configure this backend in the underlying 1311 implementation. \n If there is a cross-namespace 1312 reference to an *existing* object that is not allowed 1313 by a ReferenceGrant, the controller must ensure 1314 the \"ResolvedRefs\" condition on the Route is 1315 set to `status: False`, with the \"RefNotPermitted\" 1316 reason and not configure this backend in the underlying 1317 implementation. \n In either error case, the Message 1318 of the `ResolvedRefs` Condition should be used to 1319 provide more detail about the problem. \n Support: 1320 Extended for Kubernetes Service \n Support: Implementation-specific 1321 for any other resource" 1322 properties: 1323 group: 1324 default: "" 1325 description: Group is the group of the referent. 1326 For example, "gateway.networking.k8s.io". When 1327 unspecified or empty string, core API group 1328 is inferred. 1329 maxLength: 253 1330 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1331 type: string 1332 kind: 1333 default: Service 1334 description: "Kind is the Kubernetes resource 1335 kind of the referent. For example \"Service\". 1336 \n Defaults to \"Service\" when not specified. 1337 \n ExternalName services can refer to CNAME 1338 DNS records that may live outside of the cluster 1339 and as such are difficult to reason about in 1340 terms of conformance. They also may not be safe 1341 to forward to (see CVE-2021-25740 for more information). 1342 Implementations SHOULD NOT support ExternalName 1343 Services. \n Support: Core (Services with a 1344 type other than ExternalName) \n Support: Implementation-specific 1345 (Services with type ExternalName)" 1346 maxLength: 63 1347 minLength: 1 1348 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 1349 type: string 1350 name: 1351 description: Name is the name of the referent. 1352 maxLength: 253 1353 minLength: 1 1354 type: string 1355 namespace: 1356 description: "Namespace is the namespace of the 1357 backend. When unspecified, the local namespace 1358 is inferred. \n Note that when a namespace different 1359 than the local namespace is specified, a ReferenceGrant 1360 object is required in the referent namespace 1361 to allow that namespace's owner to accept the 1362 reference. See the ReferenceGrant documentation 1363 for details. \n Support: Core" 1364 maxLength: 63 1365 minLength: 1 1366 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 1367 type: string 1368 port: 1369 description: Port specifies the destination port 1370 number to use for this resource. Port is required 1371 when the referent is a Kubernetes Service. In 1372 this case, the port number is the service port 1373 number, not the target port. For other resources, 1374 destination port might be derived from the referent 1375 resource or this field. 1376 format: int32 1377 maximum: 65535 1378 minimum: 1 1379 type: integer 1380 required: 1381 - name 1382 type: object 1383 x-kubernetes-validations: 1384 - message: Must have port for Service reference 1385 rule: '(size(self.group) == 0 && self.kind == ''Service'') 1386 ? has(self.port) : true' 1387 required: 1388 - backendRef 1389 type: object 1390 requestRedirect: 1391 description: "RequestRedirect defines a schema for a filter 1392 that responds to the request with an HTTP redirection. 1393 \n Support: Core" 1394 properties: 1395 hostname: 1396 description: "Hostname is the hostname to be used 1397 in the value of the `Location` header in the response. 1398 When empty, the hostname in the `Host` header of 1399 the request is used. \n Support: Core" 1400 maxLength: 253 1401 minLength: 1 1402 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1403 type: string 1404 path: 1405 description: "Path defines parameters used to modify 1406 the path of the incoming request. The modified path 1407 is then used to construct the `Location` header. 1408 When empty, the request path is used as-is. \n Support: 1409 Extended" 1410 properties: 1411 replaceFullPath: 1412 description: ReplaceFullPath specifies the value 1413 with which to replace the full path of a request 1414 during a rewrite or redirect. 1415 maxLength: 1024 1416 type: string 1417 replacePrefixMatch: 1418 description: "ReplacePrefixMatch specifies the 1419 value with which to replace the prefix match 1420 of a request during a rewrite or redirect. For 1421 example, a request to \"/foo/bar\" with a prefix 1422 match of \"/foo\" and a ReplacePrefixMatch of 1423 \"/xyz\" would be modified to \"/xyz/bar\". 1424 \n Note that this matches the behavior of the 1425 PathPrefix match type. This matches full path 1426 elements. A path element refers to the list 1427 of labels in the path split by the `/` separator. 1428 When specified, a trailing `/` is ignored. For 1429 example, the paths `/abc`, `/abc/`, and `/abc/def` 1430 would all match the prefix `/abc`, but the path 1431 `/abcd` would not. \n ReplacePrefixMatch is 1432 only compatible with a `PathPrefix` HTTPRouteMatch. 1433 Using any other HTTPRouteMatch type on the same 1434 HTTPRouteRule will result in the implementation 1435 setting the Accepted Condition for the Route 1436 to `status: False`. \n Request Path | Prefix 1437 Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- 1438 /foo/bar | /foo | /xyz | 1439 /xyz/bar /foo/bar | /foo | /xyz/ 1440 \ | /xyz/bar /foo/bar | /foo/ | 1441 /xyz | /xyz/bar /foo/bar | /foo/ 1442 \ | /xyz/ | /xyz/bar /foo | 1443 /foo | /xyz | /xyz /foo/ | 1444 /foo | /xyz | /xyz/ /foo/bar 1445 \ | /foo | <empty string> | /bar 1446 /foo/ | /foo | <empty string> 1447 | / /foo | /foo | <empty string> 1448 | / /foo/ | /foo | / | 1449 / /foo | /foo | / | 1450 /" 1451 maxLength: 1024 1452 type: string 1453 type: 1454 description: "Type defines the type of path modifier. 1455 Additional types may be added in a future release 1456 of the API. \n Note that values may be added 1457 to this enum, implementations must ensure that 1458 unknown values will not cause a crash. \n Unknown 1459 values here must result in the implementation 1460 setting the Accepted Condition for the Route 1461 to `status: False`, with a Reason of `UnsupportedValue`." 1462 enum: 1463 - ReplaceFullPath 1464 - ReplacePrefixMatch 1465 type: string 1466 required: 1467 - type 1468 type: object 1469 x-kubernetes-validations: 1470 - message: replaceFullPath must be specified when 1471 type is set to 'ReplaceFullPath' 1472 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath) 1473 : true' 1474 - message: type must be 'ReplaceFullPath' when replaceFullPath 1475 is set 1476 rule: 'has(self.replaceFullPath) ? self.type == 1477 ''ReplaceFullPath'' : true' 1478 - message: replacePrefixMatch must be specified when 1479 type is set to 'ReplacePrefixMatch' 1480 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch) 1481 : true' 1482 - message: type must be 'ReplacePrefixMatch' when 1483 replacePrefixMatch is set 1484 rule: 'has(self.replacePrefixMatch) ? self.type 1485 == ''ReplacePrefixMatch'' : true' 1486 port: 1487 description: "Port is the port to be used in the value 1488 of the `Location` header in the response. \n If 1489 no port is specified, the redirect port MUST be 1490 derived using the following rules: \n * If redirect 1491 scheme is not-empty, the redirect port MUST be the 1492 well-known port associated with the redirect scheme. 1493 Specifically \"http\" to port 80 and \"https\" to 1494 port 443. If the redirect scheme does not have a 1495 well-known port, the listener port of the Gateway 1496 SHOULD be used. * If redirect scheme is empty, the 1497 redirect port MUST be the Gateway Listener port. 1498 \n Implementations SHOULD NOT add the port number 1499 in the 'Location' header in the following cases: 1500 \n * A Location header that will use HTTP (whether 1501 that is determined via the Listener protocol or 1502 the Scheme field) _and_ use port 80. * A Location 1503 header that will use HTTPS (whether that is determined 1504 via the Listener protocol or the Scheme field) _and_ 1505 use port 443. \n Support: Extended" 1506 format: int32 1507 maximum: 65535 1508 minimum: 1 1509 type: integer 1510 scheme: 1511 description: "Scheme is the scheme to be used in the 1512 value of the `Location` header in the response. 1513 When empty, the scheme of the request is used. \n 1514 Scheme redirects can affect the port of the redirect, 1515 for more information, refer to the documentation 1516 for the port field of this filter. \n Note that 1517 values may be added to this enum, implementations 1518 must ensure that unknown values will not cause a 1519 crash. \n Unknown values here must result in the 1520 implementation setting the Accepted Condition for 1521 the Route to `status: False`, with a Reason of `UnsupportedValue`. 1522 \n Support: Extended" 1523 enum: 1524 - http 1525 - https 1526 type: string 1527 statusCode: 1528 default: 302 1529 description: "StatusCode is the HTTP status code to 1530 be used in response. \n Note that values may be 1531 added to this enum, implementations must ensure 1532 that unknown values will not cause a crash. \n Unknown 1533 values here must result in the implementation setting 1534 the Accepted Condition for the Route to `status: 1535 False`, with a Reason of `UnsupportedValue`. \n 1536 Support: Core" 1537 enum: 1538 - 301 1539 - 302 1540 type: integer 1541 type: object 1542 responseHeaderModifier: 1543 description: "ResponseHeaderModifier defines a schema 1544 for a filter that modifies response headers. \n Support: 1545 Extended" 1546 properties: 1547 add: 1548 description: "Add adds the given header(s) (name, 1549 value) to the request before the action. It appends 1550 to any existing values associated with the header 1551 name. \n Input: GET /foo HTTP/1.1 my-header: foo 1552 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 1553 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 1554 items: 1555 description: HTTPHeader represents an HTTP Header 1556 name and value as defined by RFC 7230. 1557 properties: 1558 name: 1559 description: "Name is the name of the HTTP Header 1560 to be matched. Name matching MUST be case 1561 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1562 \n If multiple entries specify equivalent 1563 header names, the first entry with an equivalent 1564 name MUST be considered for a match. Subsequent 1565 entries with an equivalent header name MUST 1566 be ignored. Due to the case-insensitivity 1567 of header names, \"foo\" and \"Foo\" are considered 1568 equivalent." 1569 maxLength: 256 1570 minLength: 1 1571 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1572 type: string 1573 value: 1574 description: Value is the value of HTTP Header 1575 to be matched. 1576 maxLength: 4096 1577 minLength: 1 1578 type: string 1579 required: 1580 - name 1581 - value 1582 type: object 1583 maxItems: 16 1584 type: array 1585 x-kubernetes-list-map-keys: 1586 - name 1587 x-kubernetes-list-type: map 1588 remove: 1589 description: "Remove the given header(s) from the 1590 HTTP request before the action. The value of Remove 1591 is a list of HTTP header names. Note that the header 1592 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 1593 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 1594 bar my-header3: baz \n Config: remove: [\"my-header1\", 1595 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 1596 bar" 1597 items: 1598 type: string 1599 maxItems: 16 1600 type: array 1601 x-kubernetes-list-type: set 1602 set: 1603 description: "Set overwrites the request with the 1604 given header (name, value) before the action. \n 1605 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 1606 set: - name: \"my-header\" value: \"bar\" \n Output: 1607 GET /foo HTTP/1.1 my-header: bar" 1608 items: 1609 description: HTTPHeader represents an HTTP Header 1610 name and value as defined by RFC 7230. 1611 properties: 1612 name: 1613 description: "Name is the name of the HTTP Header 1614 to be matched. Name matching MUST be case 1615 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 1616 \n If multiple entries specify equivalent 1617 header names, the first entry with an equivalent 1618 name MUST be considered for a match. Subsequent 1619 entries with an equivalent header name MUST 1620 be ignored. Due to the case-insensitivity 1621 of header names, \"foo\" and \"Foo\" are considered 1622 equivalent." 1623 maxLength: 256 1624 minLength: 1 1625 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1626 type: string 1627 value: 1628 description: Value is the value of HTTP Header 1629 to be matched. 1630 maxLength: 4096 1631 minLength: 1 1632 type: string 1633 required: 1634 - name 1635 - value 1636 type: object 1637 maxItems: 16 1638 type: array 1639 x-kubernetes-list-map-keys: 1640 - name 1641 x-kubernetes-list-type: map 1642 type: object 1643 type: 1644 description: "Type identifies the type of filter to apply. 1645 As with other API fields, types are classified into 1646 three conformance levels: \n - Core: Filter types and 1647 their corresponding configuration defined by \"Support: 1648 Core\" in this package, e.g. \"RequestHeaderModifier\". 1649 All implementations must support core filters. \n - 1650 Extended: Filter types and their corresponding configuration 1651 defined by \"Support: Extended\" in this package, e.g. 1652 \"RequestMirror\". Implementers are encouraged to support 1653 extended filters. \n - Implementation-specific: Filters 1654 that are defined and supported by specific vendors. 1655 In the future, filters showing convergence in behavior 1656 across multiple implementations will be considered for 1657 inclusion in extended or core conformance levels. Filter-specific 1658 configuration for such filters is specified using the 1659 ExtensionRef field. `Type` should be set to \"ExtensionRef\" 1660 for custom filters. \n Implementers are encouraged to 1661 define custom implementation types to extend the core 1662 API with implementation-specific behavior. \n If a reference 1663 to a custom filter type cannot be resolved, the filter 1664 MUST NOT be skipped. Instead, requests that would have 1665 been processed by that filter MUST receive a HTTP error 1666 response. \n Note that values may be added to this enum, 1667 implementations must ensure that unknown values will 1668 not cause a crash. \n Unknown values here must result 1669 in the implementation setting the Accepted Condition 1670 for the Route to `status: False`, with a Reason of `UnsupportedValue`." 1671 enum: 1672 - RequestHeaderModifier 1673 - ResponseHeaderModifier 1674 - RequestMirror 1675 - RequestRedirect 1676 - URLRewrite 1677 - ExtensionRef 1678 type: string 1679 urlRewrite: 1680 description: "URLRewrite defines a schema for a filter 1681 that modifies a request during forwarding. \n Support: 1682 Extended" 1683 properties: 1684 hostname: 1685 description: "Hostname is the value to be used to 1686 replace the Host header value during forwarding. 1687 \n Support: Extended" 1688 maxLength: 253 1689 minLength: 1 1690 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 1691 type: string 1692 path: 1693 description: "Path defines a path rewrite. \n Support: 1694 Extended" 1695 properties: 1696 replaceFullPath: 1697 description: ReplaceFullPath specifies the value 1698 with which to replace the full path of a request 1699 during a rewrite or redirect. 1700 maxLength: 1024 1701 type: string 1702 replacePrefixMatch: 1703 description: "ReplacePrefixMatch specifies the 1704 value with which to replace the prefix match 1705 of a request during a rewrite or redirect. For 1706 example, a request to \"/foo/bar\" with a prefix 1707 match of \"/foo\" and a ReplacePrefixMatch of 1708 \"/xyz\" would be modified to \"/xyz/bar\". 1709 \n Note that this matches the behavior of the 1710 PathPrefix match type. This matches full path 1711 elements. A path element refers to the list 1712 of labels in the path split by the `/` separator. 1713 When specified, a trailing `/` is ignored. For 1714 example, the paths `/abc`, `/abc/`, and `/abc/def` 1715 would all match the prefix `/abc`, but the path 1716 `/abcd` would not. \n ReplacePrefixMatch is 1717 only compatible with a `PathPrefix` HTTPRouteMatch. 1718 Using any other HTTPRouteMatch type on the same 1719 HTTPRouteRule will result in the implementation 1720 setting the Accepted Condition for the Route 1721 to `status: False`. \n Request Path | Prefix 1722 Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- 1723 /foo/bar | /foo | /xyz | 1724 /xyz/bar /foo/bar | /foo | /xyz/ 1725 \ | /xyz/bar /foo/bar | /foo/ | 1726 /xyz | /xyz/bar /foo/bar | /foo/ 1727 \ | /xyz/ | /xyz/bar /foo | 1728 /foo | /xyz | /xyz /foo/ | 1729 /foo | /xyz | /xyz/ /foo/bar 1730 \ | /foo | <empty string> | /bar 1731 /foo/ | /foo | <empty string> 1732 | / /foo | /foo | <empty string> 1733 | / /foo/ | /foo | / | 1734 / /foo | /foo | / | 1735 /" 1736 maxLength: 1024 1737 type: string 1738 type: 1739 description: "Type defines the type of path modifier. 1740 Additional types may be added in a future release 1741 of the API. \n Note that values may be added 1742 to this enum, implementations must ensure that 1743 unknown values will not cause a crash. \n Unknown 1744 values here must result in the implementation 1745 setting the Accepted Condition for the Route 1746 to `status: False`, with a Reason of `UnsupportedValue`." 1747 enum: 1748 - ReplaceFullPath 1749 - ReplacePrefixMatch 1750 type: string 1751 required: 1752 - type 1753 type: object 1754 x-kubernetes-validations: 1755 - message: replaceFullPath must be specified when 1756 type is set to 'ReplaceFullPath' 1757 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath) 1758 : true' 1759 - message: type must be 'ReplaceFullPath' when replaceFullPath 1760 is set 1761 rule: 'has(self.replaceFullPath) ? self.type == 1762 ''ReplaceFullPath'' : true' 1763 - message: replacePrefixMatch must be specified when 1764 type is set to 'ReplacePrefixMatch' 1765 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch) 1766 : true' 1767 - message: type must be 'ReplacePrefixMatch' when 1768 replacePrefixMatch is set 1769 rule: 'has(self.replacePrefixMatch) ? self.type 1770 == ''ReplacePrefixMatch'' : true' 1771 type: object 1772 required: 1773 - type 1774 type: object 1775 x-kubernetes-validations: 1776 - message: filter.requestHeaderModifier must be nil if the 1777 filter.type is not RequestHeaderModifier 1778 rule: '!(has(self.requestHeaderModifier) && self.type != 1779 ''RequestHeaderModifier'')' 1780 - message: filter.requestHeaderModifier must be specified 1781 for RequestHeaderModifier filter.type 1782 rule: '!(!has(self.requestHeaderModifier) && self.type == 1783 ''RequestHeaderModifier'')' 1784 - message: filter.responseHeaderModifier must be nil if the 1785 filter.type is not ResponseHeaderModifier 1786 rule: '!(has(self.responseHeaderModifier) && self.type != 1787 ''ResponseHeaderModifier'')' 1788 - message: filter.responseHeaderModifier must be specified 1789 for ResponseHeaderModifier filter.type 1790 rule: '!(!has(self.responseHeaderModifier) && self.type 1791 == ''ResponseHeaderModifier'')' 1792 - message: filter.requestMirror must be nil if the filter.type 1793 is not RequestMirror 1794 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 1795 - message: filter.requestMirror must be specified for RequestMirror 1796 filter.type 1797 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')' 1798 - message: filter.requestRedirect must be nil if the filter.type 1799 is not RequestRedirect 1800 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')' 1801 - message: filter.requestRedirect must be specified for RequestRedirect 1802 filter.type 1803 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')' 1804 - message: filter.urlRewrite must be nil if the filter.type 1805 is not URLRewrite 1806 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')' 1807 - message: filter.urlRewrite must be specified for URLRewrite 1808 filter.type 1809 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')' 1810 - message: filter.extensionRef must be nil if the filter.type 1811 is not ExtensionRef 1812 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 1813 - message: filter.extensionRef must be specified for ExtensionRef 1814 filter.type 1815 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 1816 maxItems: 16 1817 type: array 1818 x-kubernetes-validations: 1819 - message: May specify either httpRouteFilterRequestRedirect 1820 or httpRouteFilterRequestRewrite, but not both 1821 rule: '!(self.exists(f, f.type == ''RequestRedirect'') && 1822 self.exists(f, f.type == ''URLRewrite''))' 1823 - message: RequestHeaderModifier filter cannot be repeated 1824 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 1825 <= 1 1826 - message: ResponseHeaderModifier filter cannot be repeated 1827 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 1828 <= 1 1829 - message: RequestRedirect filter cannot be repeated 1830 rule: self.filter(f, f.type == 'RequestRedirect').size() <= 1831 1 1832 - message: URLRewrite filter cannot be repeated 1833 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1 1834 matches: 1835 default: 1836 - path: 1837 type: PathPrefix 1838 value: / 1839 description: "Matches define conditions used for matching the 1840 rule against incoming HTTP requests. Each match is independent, 1841 i.e. this rule will be matched if **any** one of the matches 1842 is satisfied. \n For example, take the following matches configuration: 1843 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" 1844 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request 1845 to match against this rule, a request must satisfy EITHER 1846 of the two conditions: \n - path prefixed with `/foo` AND 1847 contains the header `version: v2` - path prefix of `/v2/foo` 1848 \n See the documentation for HTTPRouteMatch on how to specify 1849 multiple match conditions that should be ANDed together. \n 1850 If no matches are specified, the default is a prefix path 1851 match on \"/\", which has the effect of matching every HTTP 1852 request. \n Proxy or Load Balancer routing configuration generated 1853 from HTTPRoutes MUST prioritize matches based on the following 1854 criteria, continuing on ties. Across all rules specified on 1855 applicable Routes, precedence must be given to the match having: 1856 \n * \"Exact\" path match. * \"Prefix\" path match with largest 1857 number of characters. * Method match. * Largest number of 1858 header matches. * Largest number of query param matches. \n 1859 Note: The precedence of RegularExpression path matches are 1860 implementation-specific. \n If ties still exist across multiple 1861 Routes, matching precedence MUST be determined in order of 1862 the following criteria, continuing on ties: \n * The oldest 1863 Route based on creation timestamp. * The Route appearing first 1864 in alphabetical order by \"{namespace}/{name}\". \n If ties 1865 still exist within an HTTPRoute, matching precedence MUST 1866 be granted to the FIRST matching rule (in list order) with 1867 a match meeting the above criteria. \n When no rules matching 1868 a request have been successfully attached to the parent a 1869 request is coming from, a HTTP 404 status code MUST be returned." 1870 items: 1871 description: "HTTPRouteMatch defines the predicate used to 1872 match requests to a given action. Multiple match types are 1873 ANDed together, i.e. the match will evaluate to true only 1874 if all conditions are satisfied. \n For example, the match 1875 below will match a HTTP request only if its path starts 1876 with `/foo` AND it contains the `version: v1` header: \n 1877 ``` match: \n path: value: \"/foo\" headers: - name: \"version\" 1878 value \"v1\" \n ```" 1879 properties: 1880 headers: 1881 description: Headers specifies HTTP request header matchers. 1882 Multiple match values are ANDed together, meaning, a 1883 request must match all the specified headers to select 1884 the route. 1885 items: 1886 description: HTTPHeaderMatch describes how to select 1887 a HTTP route by matching HTTP request headers. 1888 properties: 1889 name: 1890 description: "Name is the name of the HTTP Header 1891 to be matched. Name matching MUST be case insensitive. 1892 (See https://tools.ietf.org/html/rfc7230#section-3.2). 1893 \n If multiple entries specify equivalent header 1894 names, only the first entry with an equivalent 1895 name MUST be considered for a match. Subsequent 1896 entries with an equivalent header name MUST be 1897 ignored. Due to the case-insensitivity of header 1898 names, \"foo\" and \"Foo\" are considered equivalent. 1899 \n When a header is repeated in an HTTP request, 1900 it is implementation-specific behavior as to how 1901 this is represented. Generally, proxies should 1902 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 1903 regarding processing a repeated header, with special 1904 handling for \"Set-Cookie\"." 1905 maxLength: 256 1906 minLength: 1 1907 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 1908 type: string 1909 type: 1910 default: Exact 1911 description: "Type specifies how to match against 1912 the value of the header. \n Support: Core (Exact) 1913 \n Support: Implementation-specific (RegularExpression) 1914 \n Since RegularExpression HeaderMatchType has 1915 implementation-specific conformance, implementations 1916 can support POSIX, PCRE or any other dialects 1917 of regular expressions. Please read the implementation's 1918 documentation to determine the supported dialect." 1919 enum: 1920 - Exact 1921 - RegularExpression 1922 type: string 1923 value: 1924 description: Value is the value of HTTP Header to 1925 be matched. 1926 maxLength: 4096 1927 minLength: 1 1928 type: string 1929 required: 1930 - name 1931 - value 1932 type: object 1933 maxItems: 16 1934 type: array 1935 x-kubernetes-list-map-keys: 1936 - name 1937 x-kubernetes-list-type: map 1938 method: 1939 description: "Method specifies HTTP method matcher. When 1940 specified, this route will be matched only if the request 1941 has the specified method. \n Support: Extended" 1942 enum: 1943 - GET 1944 - HEAD 1945 - POST 1946 - PUT 1947 - DELETE 1948 - CONNECT 1949 - OPTIONS 1950 - TRACE 1951 - PATCH 1952 type: string 1953 path: 1954 default: 1955 type: PathPrefix 1956 value: / 1957 description: Path specifies a HTTP request path matcher. 1958 If this field is not specified, a default prefix match 1959 on the "/" path is provided. 1960 properties: 1961 type: 1962 default: PathPrefix 1963 description: "Type specifies how to match against 1964 the path Value. \n Support: Core (Exact, PathPrefix) 1965 \n Support: Implementation-specific (RegularExpression)" 1966 enum: 1967 - Exact 1968 - PathPrefix 1969 - RegularExpression 1970 type: string 1971 value: 1972 default: / 1973 description: Value of the HTTP path to match against. 1974 maxLength: 1024 1975 type: string 1976 type: object 1977 x-kubernetes-validations: 1978 - message: value must be an absolute path and start with 1979 '/' when type one of ['Exact', 'PathPrefix'] 1980 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'') 1981 : true' 1982 - message: must not contain '//' when type one of ['Exact', 1983 'PathPrefix'] 1984 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'') 1985 : true' 1986 - message: must not contain '/./' when type one of ['Exact', 1987 'PathPrefix'] 1988 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'') 1989 : true' 1990 - message: must not contain '/../' when type one of ['Exact', 1991 'PathPrefix'] 1992 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'') 1993 : true' 1994 - message: must not contain '%2f' when type one of ['Exact', 1995 'PathPrefix'] 1996 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'') 1997 : true' 1998 - message: must not contain '%2F' when type one of ['Exact', 1999 'PathPrefix'] 2000 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'') 2001 : true' 2002 - message: must not contain '#' when type one of ['Exact', 2003 'PathPrefix'] 2004 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'') 2005 : true' 2006 - message: must not end with '/..' when type one of ['Exact', 2007 'PathPrefix'] 2008 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'') 2009 : true' 2010 - message: must not end with '/.' when type one of ['Exact', 2011 'PathPrefix'] 2012 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'') 2013 : true' 2014 - message: type must be one of ['Exact', 'PathPrefix', 2015 'RegularExpression'] 2016 rule: self.type in ['Exact','PathPrefix'] || self.type 2017 == 'RegularExpression' 2018 - message: must only contain valid characters (matching 2019 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) 2020 for types ['Exact', 'PathPrefix'] 2021 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""") 2022 : true' 2023 queryParams: 2024 description: "QueryParams specifies HTTP query parameter 2025 matchers. Multiple match values are ANDed together, 2026 meaning, a request must match all the specified query 2027 parameters to select the route. \n Support: Extended" 2028 items: 2029 description: HTTPQueryParamMatch describes how to select 2030 a HTTP route by matching HTTP query parameters. 2031 properties: 2032 name: 2033 description: "Name is the name of the HTTP query 2034 param to be matched. This must be an exact string 2035 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). 2036 \n If multiple entries specify equivalent query 2037 param names, only the first entry with an equivalent 2038 name MUST be considered for a match. Subsequent 2039 entries with an equivalent query param name MUST 2040 be ignored. \n If a query param is repeated in 2041 an HTTP request, the behavior is purposely left 2042 undefined, since different data planes have different 2043 capabilities. However, it is *recommended* that 2044 implementations should match against the first 2045 value of the param if the data plane supports 2046 it, as this behavior is expected in other load 2047 balancing contexts outside of the Gateway API. 2048 \n Users SHOULD NOT route traffic based on repeated 2049 query params to guard themselves against potential 2050 differences in the implementations." 2051 maxLength: 256 2052 minLength: 1 2053 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 2054 type: string 2055 type: 2056 default: Exact 2057 description: "Type specifies how to match against 2058 the value of the query parameter. \n Support: 2059 Extended (Exact) \n Support: Implementation-specific 2060 (RegularExpression) \n Since RegularExpression 2061 QueryParamMatchType has Implementation-specific 2062 conformance, implementations can support POSIX, 2063 PCRE or any other dialects of regular expressions. 2064 Please read the implementation's documentation 2065 to determine the supported dialect." 2066 enum: 2067 - Exact 2068 - RegularExpression 2069 type: string 2070 value: 2071 description: Value is the value of HTTP query param 2072 to be matched. 2073 maxLength: 1024 2074 minLength: 1 2075 type: string 2076 required: 2077 - name 2078 - value 2079 type: object 2080 maxItems: 16 2081 type: array 2082 x-kubernetes-list-map-keys: 2083 - name 2084 x-kubernetes-list-type: map 2085 type: object 2086 maxItems: 8 2087 type: array 2088 type: object 2089 x-kubernetes-validations: 2090 - message: RequestRedirect filter must not be used together with 2091 backendRefs 2092 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ? 2093 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): 2094 true' 2095 - message: When using RequestRedirect filter with path.replacePrefixMatch, 2096 exactly one PathPrefix match must be specified 2097 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) 2098 && has(f.requestRedirect.path) && f.requestRedirect.path.type 2099 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch))) 2100 ? ((size(self.matches) != 1 || !has(self.matches[0].path) || 2101 self.matches[0].path.type != ''PathPrefix'') ? false : true) 2102 : true' 2103 - message: When using URLRewrite filter with path.replacePrefixMatch, 2104 exactly one PathPrefix match must be specified 2105 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) 2106 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch'' 2107 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) 2108 != 1 || !has(self.matches[0].path) || self.matches[0].path.type 2109 != ''PathPrefix'') ? false : true) : true' 2110 - message: Within backendRefs, when using RequestRedirect filter 2111 with path.replacePrefixMatch, exactly one PathPrefix match must 2112 be specified 2113 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b, 2114 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) 2115 && has(f.requestRedirect.path) && f.requestRedirect.path.type 2116 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch))) 2117 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) 2118 || self.matches[0].path.type != ''PathPrefix'') ? false : true) 2119 : true' 2120 - message: Within backendRefs, When using URLRewrite filter with 2121 path.replacePrefixMatch, exactly one PathPrefix match must be 2122 specified 2123 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b, 2124 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) 2125 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch'' 2126 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) 2127 != 1 || !has(self.matches[0].path) || self.matches[0].path.type 2128 != ''PathPrefix'') ? false : true) : true' 2129 maxItems: 16 2130 type: array 2131 type: object 2132 status: 2133 description: Status defines the current state of HTTPRoute. 2134 properties: 2135 parents: 2136 description: "Parents is a list of parent resources (usually Gateways) 2137 that are associated with the route, and the status of the route 2138 with respect to each parent. When this route attaches to a parent, 2139 the controller that manages the parent must add an entry to this 2140 list when the controller first sees the route and should update 2141 the entry as appropriate when the route or gateway is modified. 2142 \n Note that parent references that cannot be resolved by an implementation 2143 of this API will not be added to this list. Implementations of this 2144 API can only populate Route status for the Gateways/parent resources 2145 they are responsible for. \n A maximum of 32 Gateways will be represented 2146 in this list. An empty list means the route has not been attached 2147 to any Gateway." 2148 items: 2149 description: RouteParentStatus describes the status of a route with 2150 respect to an associated Parent. 2151 properties: 2152 conditions: 2153 description: "Conditions describes the status of the route with 2154 respect to the Gateway. Note that the route's availability 2155 is also subject to the Gateway's own status conditions and 2156 listener status. \n If the Route's ParentRef specifies an 2157 existing Gateway that supports Routes of this kind AND that 2158 Gateway's controller has sufficient access, then that Gateway's 2159 controller MUST set the \"Accepted\" condition on the Route, 2160 to indicate whether the route has been accepted or rejected 2161 by the Gateway, and why. \n A Route MUST be considered \"Accepted\" 2162 if at least one of the Route's rules is implemented by the 2163 Gateway. \n There are a number of cases where the \"Accepted\" 2164 condition may not be set due to lack of controller visibility, 2165 that includes when: \n * The Route refers to a non-existent 2166 parent. * The Route is of a type that the controller does 2167 not support. * The Route is in a namespace the controller 2168 does not have access to." 2169 items: 2170 description: "Condition contains details for one aspect of 2171 the current state of this API Resource. --- This struct 2172 is intended for direct use as an array at the field path 2173 .status.conditions. For example, \n type FooStatus struct{ 2174 // Represents the observations of a foo's current state. 2175 // Known .status.conditions.type are: \"Available\", \"Progressing\", 2176 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 2177 // +listType=map // +listMapKey=type Conditions []metav1.Condition 2178 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 2179 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields 2180 }" 2181 properties: 2182 lastTransitionTime: 2183 description: lastTransitionTime is the last time the condition 2184 transitioned from one status to another. This should 2185 be when the underlying condition changed. If that is 2186 not known, then using the time when the API field changed 2187 is acceptable. 2188 format: date-time 2189 type: string 2190 message: 2191 description: message is a human readable message indicating 2192 details about the transition. This may be an empty string. 2193 maxLength: 32768 2194 type: string 2195 observedGeneration: 2196 description: observedGeneration represents the .metadata.generation 2197 that the condition was set based upon. For instance, 2198 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration 2199 is 9, the condition is out of date with respect to the 2200 current state of the instance. 2201 format: int64 2202 minimum: 0 2203 type: integer 2204 reason: 2205 description: reason contains a programmatic identifier 2206 indicating the reason for the condition's last transition. 2207 Producers of specific condition types may define expected 2208 values and meanings for this field, and whether the 2209 values are considered a guaranteed API. The value should 2210 be a CamelCase string. This field may not be empty. 2211 maxLength: 1024 2212 minLength: 1 2213 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 2214 type: string 2215 status: 2216 description: status of the condition, one of True, False, 2217 Unknown. 2218 enum: 2219 - "True" 2220 - "False" 2221 - Unknown 2222 type: string 2223 type: 2224 description: type of condition in CamelCase or in foo.example.com/CamelCase. 2225 --- Many .condition.type values are consistent across 2226 resources like Available, but because arbitrary conditions 2227 can be useful (see .node.status.conditions), the ability 2228 to deconflict is important. The regex it matches is 2229 (dns1123SubdomainFmt/)?(qualifiedNameFmt) 2230 maxLength: 316 2231 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 2232 type: string 2233 required: 2234 - lastTransitionTime 2235 - message 2236 - reason 2237 - status 2238 - type 2239 type: object 2240 maxItems: 8 2241 minItems: 1 2242 type: array 2243 x-kubernetes-list-map-keys: 2244 - type 2245 x-kubernetes-list-type: map 2246 controllerName: 2247 description: "ControllerName is a domain/path string that indicates 2248 the name of the controller that wrote this status. This corresponds 2249 with the controllerName field on GatewayClass. \n Example: 2250 \"example.net/gateway-controller\". \n The format of this 2251 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid 2252 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). 2253 \n Controllers MUST populate this field when writing status. 2254 Controllers should ensure that entries to status populated 2255 with their ControllerName are cleaned up when they are no 2256 longer necessary." 2257 maxLength: 253 2258 minLength: 1 2259 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 2260 type: string 2261 parentRef: 2262 description: ParentRef corresponds with a ParentRef in the spec 2263 that this RouteParentStatus struct describes the status of. 2264 properties: 2265 group: 2266 default: gateway.networking.k8s.io 2267 description: "Group is the group of the referent. When unspecified, 2268 \"gateway.networking.k8s.io\" is inferred. To set the 2269 core API group (such as for a \"Service\" kind referent), 2270 Group must be explicitly set to \"\" (empty string). \n 2271 Support: Core" 2272 maxLength: 253 2273 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2274 type: string 2275 kind: 2276 default: Gateway 2277 description: "Kind is kind of the referent. \n There are 2278 two kinds of parent resources with \"Core\" support: \n 2279 * Gateway (Gateway conformance profile) * Service (Mesh 2280 conformance profile, experimental, ClusterIP Services 2281 only) \n Support for other resources is Implementation-Specific." 2282 maxLength: 63 2283 minLength: 1 2284 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 2285 type: string 2286 name: 2287 description: "Name is the name of the referent. \n Support: 2288 Core" 2289 maxLength: 253 2290 minLength: 1 2291 type: string 2292 namespace: 2293 description: "Namespace is the namespace of the referent. 2294 When unspecified, this refers to the local namespace of 2295 the Route. \n Note that there are specific rules for ParentRefs 2296 which cross namespace boundaries. Cross-namespace references 2297 are only valid if they are explicitly allowed by something 2298 in the namespace they are referring to. For example: Gateway 2299 has the AllowedRoutes field, and ReferenceGrant provides 2300 a generic way to enable any other kind of cross-namespace 2301 reference. \n \n Support: Core" 2302 maxLength: 63 2303 minLength: 1 2304 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 2305 type: string 2306 sectionName: 2307 description: "SectionName is the name of a section within 2308 the target resource. In the following resources, SectionName 2309 is interpreted as the following: \n * Gateway: Listener 2310 Name. When both Port (experimental) and SectionName are 2311 specified, the name and port of the selected listener 2312 must match both specified values. * Service: Port Name. 2313 When both Port (experimental) and SectionName are specified, 2314 the name and port of the selected listener must match 2315 both specified values. Note that attaching Routes to Services 2316 as Parents is part of experimental Mesh support and is 2317 not supported for any other purpose. \n Implementations 2318 MAY choose to support attaching Routes to other resources. 2319 If that is the case, they MUST clearly document how SectionName 2320 is interpreted. \n When unspecified (empty string), this 2321 will reference the entire resource. For the purpose of 2322 status, an attachment is considered successful if at least 2323 one section in the parent resource accepts it. For example, 2324 Gateway listeners can restrict which Routes can attach 2325 to them by Route kind, namespace, or hostname. If 1 of 2326 2 Gateway listeners accept attachment from the referencing 2327 Route, the Route MUST be considered successfully attached. 2328 If no Gateway listeners accept attachment from this Route, 2329 the Route MUST be considered detached from the Gateway. 2330 \n Support: Core" 2331 maxLength: 253 2332 minLength: 1 2333 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2334 type: string 2335 required: 2336 - name 2337 type: object 2338 required: 2339 - controllerName 2340 - parentRef 2341 type: object 2342 maxItems: 32 2343 type: array 2344 required: 2345 - parents 2346 type: object 2347 required: 2348 - spec 2349 type: object 2350 served: true 2351 storage: false 2352 subresources: 2353 status: {} 2354 - additionalPrinterColumns: 2355 - jsonPath: .spec.hostnames 2356 name: Hostnames 2357 type: string 2358 - jsonPath: .metadata.creationTimestamp 2359 name: Age 2360 type: date 2361 name: v1beta1 2362 schema: 2363 openAPIV3Schema: 2364 description: HTTPRoute provides a way to route HTTP requests. This includes 2365 the capability to match requests by hostname, path, header, or query param. 2366 Filters can be used to specify additional processing steps. Backends specify 2367 where matching requests should be routed. 2368 properties: 2369 apiVersion: 2370 description: 'APIVersion defines the versioned schema of this representation 2371 of an object. Servers should convert recognized schemas to the latest 2372 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2373 type: string 2374 kind: 2375 description: 'Kind is a string value representing the REST resource this 2376 object represents. Servers may infer this from the endpoint the client 2377 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2378 type: string 2379 metadata: 2380 type: object 2381 spec: 2382 description: Spec defines the desired state of HTTPRoute. 2383 properties: 2384 hostnames: 2385 description: "Hostnames defines a set of hostnames that should match 2386 against the HTTP Host header to select a HTTPRoute used to process 2387 the request. Implementations MUST ignore any port value specified 2388 in the HTTP Host header while performing a match and (absent of 2389 any applicable header modification configuration) MUST forward this 2390 header unmodified to the backend. \n Valid values for Hostnames 2391 are determined by RFC 1123 definition of a hostname with 2 notable 2392 exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed 2393 with a wildcard label (`*.`). The wildcard label must appear by 2394 itself as the first label. \n If a hostname is specified by both 2395 the Listener and HTTPRoute, there must be at least one intersecting 2396 hostname for the HTTPRoute to be attached to the Listener. For example: 2397 \n * A Listener with `test.example.com` as the hostname matches 2398 HTTPRoutes that have either not specified any hostnames, or have 2399 specified at least one of `test.example.com` or `*.example.com`. 2400 * A Listener with `*.example.com` as the hostname matches HTTPRoutes 2401 that have either not specified any hostnames or have specified at 2402 least one hostname that matches the Listener hostname. For example, 2403 `*.example.com`, `test.example.com`, and `foo.test.example.com` 2404 would all match. On the other hand, `example.com` and `test.example.net` 2405 would not match. \n Hostnames that are prefixed with a wildcard 2406 label (`*.`) are interpreted as a suffix match. That means that 2407 a match for `*.example.com` would match both `test.example.com`, 2408 and `foo.test.example.com`, but not `example.com`. \n If both the 2409 Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames 2410 that do not match the Listener hostname MUST be ignored. For example, 2411 if a Listener specified `*.example.com`, and the HTTPRoute specified 2412 `test.example.com` and `test.example.net`, `test.example.net` must 2413 not be considered for a match. \n If both the Listener and HTTPRoute 2414 have specified hostnames, and none match with the criteria above, 2415 then the HTTPRoute is not accepted. The implementation must raise 2416 an 'Accepted' Condition with a status of `False` in the corresponding 2417 RouteParentStatus. \n In the event that multiple HTTPRoutes specify 2418 intersecting hostnames (e.g. overlapping wildcard matching and exact 2419 matching hostnames), precedence must be given to rules from the 2420 HTTPRoute with the largest number of: \n * Characters in a matching 2421 non-wildcard hostname. * Characters in a matching hostname. \n If 2422 ties exist across multiple Routes, the matching precedence rules 2423 for HTTPRouteMatches takes over. \n Support: Core" 2424 items: 2425 description: "Hostname is the fully qualified domain name of a network 2426 host. This matches the RFC 1123 definition of a hostname with 2427 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname 2428 may be prefixed with a wildcard label (`*.`). The wildcard label 2429 must appear by itself as the first label. \n Hostname can be \"precise\" 2430 which is a domain name without the terminating dot of a network 2431 host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain 2432 name prefixed with a single wildcard label (e.g. `*.example.com`). 2433 \n Note that as per RFC1035 and RFC1123, a *label* must consist 2434 of lower case alphanumeric characters or '-', and must start and 2435 end with an alphanumeric character. No other punctuation is allowed." 2436 maxLength: 253 2437 minLength: 1 2438 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2439 type: string 2440 maxItems: 16 2441 type: array 2442 parentRefs: 2443 description: "ParentRefs references the resources (usually Gateways) 2444 that a Route wants to be attached to. Note that the referenced parent 2445 resource needs to allow this for the attachment to be complete. 2446 For Gateways, that means the Gateway needs to allow attachment from 2447 Routes of this kind and namespace. For Services, that means the 2448 Service must either be in the same namespace for a \"producer\" 2449 route, or the mesh implementation must support and allow \"consumer\" 2450 routes for the referenced Service. ReferenceGrant is not applicable 2451 for governing ParentRefs to Services - it is not possible to create 2452 a \"producer\" route for a Service in a different namespace from 2453 the Route. \n There are two kinds of parent resources with \"Core\" 2454 support: \n * Gateway (Gateway conformance profile) This API may 2455 be extended in the future to support additional kinds of parent 2456 resources. \n ParentRefs must be _distinct_. This means either that: 2457 \n * They select different objects. If this is the case, then parentRef 2458 entries are distinct. In terms of fields, this means that the multi-part 2459 key defined by `group`, `kind`, `namespace`, and `name` must be 2460 unique across all parentRef entries in the Route. * They do not 2461 select different objects, but for each optional field used, each 2462 ParentRef that selects the same object must set the same set of 2463 optional fields to different values. If one ParentRef sets a combination 2464 of optional fields, all must set the same combination. \n Some examples: 2465 \n * If one ParentRef sets `sectionName`, all ParentRefs referencing 2466 the same object must also set `sectionName`. * If one ParentRef 2467 sets `port`, all ParentRefs referencing the same object must also 2468 set `port`. * If one ParentRef sets `sectionName` and `port`, all 2469 ParentRefs referencing the same object must also set `sectionName` 2470 and `port`. \n It is possible to separately reference multiple distinct 2471 objects that may be collapsed by an implementation. For example, 2472 some implementations may choose to merge compatible Gateway Listeners 2473 together. If that is the case, the list of routes attached to those 2474 resources should also be merged. \n Note that for ParentRefs that 2475 cross namespace boundaries, there are specific rules. Cross-namespace 2476 references are only valid if they are explicitly allowed by something 2477 in the namespace they are referring to. For example, Gateway has 2478 the AllowedRoutes field, and ReferenceGrant provides a generic way 2479 to enable other kinds of cross-namespace reference. \n \n " 2480 items: 2481 description: "ParentReference identifies an API object (usually 2482 a Gateway) that can be considered a parent of this resource (usually 2483 a route). There are two kinds of parent resources with \"Core\" 2484 support: \n * Gateway (Gateway conformance profile) * Service 2485 (Mesh conformance profile, experimental, ClusterIP Services only) 2486 \n This API may be extended in the future to support additional 2487 kinds of parent resources. \n The API object must be valid in 2488 the cluster; the Group and Kind must be registered in the cluster 2489 for this reference to be valid." 2490 properties: 2491 group: 2492 default: gateway.networking.k8s.io 2493 description: "Group is the group of the referent. When unspecified, 2494 \"gateway.networking.k8s.io\" is inferred. To set the core 2495 API group (such as for a \"Service\" kind referent), Group 2496 must be explicitly set to \"\" (empty string). \n Support: 2497 Core" 2498 maxLength: 253 2499 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2500 type: string 2501 kind: 2502 default: Gateway 2503 description: "Kind is kind of the referent. \n There are two 2504 kinds of parent resources with \"Core\" support: \n * Gateway 2505 (Gateway conformance profile) * Service (Mesh conformance 2506 profile, experimental, ClusterIP Services only) \n Support 2507 for other resources is Implementation-Specific." 2508 maxLength: 63 2509 minLength: 1 2510 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 2511 type: string 2512 name: 2513 description: "Name is the name of the referent. \n Support: 2514 Core" 2515 maxLength: 253 2516 minLength: 1 2517 type: string 2518 namespace: 2519 description: "Namespace is the namespace of the referent. When 2520 unspecified, this refers to the local namespace of the Route. 2521 \n Note that there are specific rules for ParentRefs which 2522 cross namespace boundaries. Cross-namespace references are 2523 only valid if they are explicitly allowed by something in 2524 the namespace they are referring to. For example: Gateway 2525 has the AllowedRoutes field, and ReferenceGrant provides a 2526 generic way to enable any other kind of cross-namespace reference. 2527 \n \n Support: Core" 2528 maxLength: 63 2529 minLength: 1 2530 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 2531 type: string 2532 sectionName: 2533 description: "SectionName is the name of a section within the 2534 target resource. In the following resources, SectionName is 2535 interpreted as the following: \n * Gateway: Listener Name. 2536 When both Port (experimental) and SectionName are specified, 2537 the name and port of the selected listener must match both 2538 specified values. * Service: Port Name. When both Port (experimental) 2539 and SectionName are specified, the name and port of the selected 2540 listener must match both specified values. Note that attaching 2541 Routes to Services as Parents is part of experimental Mesh 2542 support and is not supported for any other purpose. \n Implementations 2543 MAY choose to support attaching Routes to other resources. 2544 If that is the case, they MUST clearly document how SectionName 2545 is interpreted. \n When unspecified (empty string), this will 2546 reference the entire resource. For the purpose of status, 2547 an attachment is considered successful if at least one section 2548 in the parent resource accepts it. For example, Gateway listeners 2549 can restrict which Routes can attach to them by Route kind, 2550 namespace, or hostname. If 1 of 2 Gateway listeners accept 2551 attachment from the referencing Route, the Route MUST be considered 2552 successfully attached. If no Gateway listeners accept attachment 2553 from this Route, the Route MUST be considered detached from 2554 the Gateway. \n Support: Core" 2555 maxLength: 253 2556 minLength: 1 2557 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2558 type: string 2559 required: 2560 - name 2561 type: object 2562 maxItems: 32 2563 type: array 2564 x-kubernetes-validations: 2565 - message: sectionName must be specified when parentRefs includes 2566 2 or more references to the same parent 2567 rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind 2568 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 2569 || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ 2570 == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && 2571 p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName) 2572 || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName 2573 == '''')) : true))' 2574 - message: sectionName must be unique when parentRefs includes 2 or 2575 more references to the same parent 2576 rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind 2577 == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) 2578 || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ 2579 == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && 2580 p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) 2581 || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName 2582 == '')) || (has(p1.sectionName) && has(p2.sectionName) && p1.sectionName 2583 == p2.sectionName)))) 2584 rules: 2585 default: 2586 - matches: 2587 - path: 2588 type: PathPrefix 2589 value: / 2590 description: Rules are a list of HTTP matchers, filters and actions. 2591 items: 2592 description: HTTPRouteRule defines semantics for matching an HTTP 2593 request based on conditions (matches), processing it (filters), 2594 and forwarding the request to an API object (backendRefs). 2595 properties: 2596 backendRefs: 2597 description: "BackendRefs defines the backend(s) where matching 2598 requests should be sent. \n Failure behavior here depends 2599 on how many BackendRefs are specified and how many are invalid. 2600 \n If *all* entries in BackendRefs are invalid, and there 2601 are also no filters specified in this route rule, *all* traffic 2602 which matches this rule MUST receive a 500 status code. \n 2603 See the HTTPBackendRef definition for the rules about what 2604 makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef 2605 is invalid, 500 status codes MUST be returned for requests 2606 that would have otherwise been routed to an invalid backend. 2607 If multiple backends are specified, and some are invalid, 2608 the proportion of requests that would otherwise have been 2609 routed to an invalid backend MUST receive a 500 status code. 2610 \n For example, if two backends are specified with equal weights, 2611 and one is invalid, 50 percent of traffic must receive a 500. 2612 Implementations may choose how that 50 percent is determined. 2613 \n Support: Core for Kubernetes Service \n Support: Extended 2614 for Kubernetes ServiceImport \n Support: Implementation-specific 2615 for any other resource \n Support for weight: Core" 2616 items: 2617 description: "HTTPBackendRef defines how a HTTPRoute forwards 2618 a HTTP request. \n Note that when a namespace different 2619 than the local namespace is specified, a ReferenceGrant 2620 object is required in the referent namespace to allow that 2621 namespace's owner to accept the reference. See the ReferenceGrant 2622 documentation for details. \n <gateway:experimental:description> 2623 \n When the BackendRef points to a Kubernetes Service, implementations 2624 SHOULD honor the appProtocol field if it is set for the 2625 target Service Port. \n Implementations supporting appProtocol 2626 SHOULD recognize the Kubernetes Standard Application Protocols 2627 defined in KEP-3726. \n If a Service appProtocol isn't specified, 2628 an implementation MAY infer the backend protocol through 2629 its own means. Implementations MAY infer the protocol from 2630 the Route type referring to the backend Service. \n If a 2631 Route is not able to send traffic to the backend using the 2632 specified protocol then the backend is considered invalid. 2633 Implementations MUST set the \"ResolvedRefs\" condition 2634 to \"False\" with the \"UnsupportedProtocol\" reason. \n 2635 </gateway:experimental:description>" 2636 properties: 2637 filters: 2638 description: "Filters defined at this level should be 2639 executed if and only if the request is being forwarded 2640 to the backend defined here. \n Support: Implementation-specific 2641 (For broader support of filters, use the Filters field 2642 in HTTPRouteRule.)" 2643 items: 2644 description: HTTPRouteFilter defines processing steps 2645 that must be completed during the request or response 2646 lifecycle. HTTPRouteFilters are meant as an extension 2647 point to express processing that may be done in Gateway 2648 implementations. Some examples include request or 2649 response modification, implementing authentication 2650 strategies, rate-limiting, and traffic shaping. API 2651 guarantee/conformance is defined based on the type 2652 of the filter. 2653 properties: 2654 extensionRef: 2655 description: "ExtensionRef is an optional, implementation-specific 2656 extension to the \"filter\" behavior. For example, 2657 resource \"myroutefilter\" in group \"networking.example.net\"). 2658 ExtensionRef MUST NOT be used for core and extended 2659 filters. \n This filter can be used multiple times 2660 within the same rule. \n Support: Implementation-specific" 2661 properties: 2662 group: 2663 description: Group is the group of the referent. 2664 For example, "gateway.networking.k8s.io". 2665 When unspecified or empty string, core API 2666 group is inferred. 2667 maxLength: 253 2668 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2669 type: string 2670 kind: 2671 description: Kind is kind of the referent. For 2672 example "HTTPRoute" or "Service". 2673 maxLength: 63 2674 minLength: 1 2675 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 2676 type: string 2677 name: 2678 description: Name is the name of the referent. 2679 maxLength: 253 2680 minLength: 1 2681 type: string 2682 required: 2683 - group 2684 - kind 2685 - name 2686 type: object 2687 requestHeaderModifier: 2688 description: "RequestHeaderModifier defines a schema 2689 for a filter that modifies request headers. \n 2690 Support: Core" 2691 properties: 2692 add: 2693 description: "Add adds the given header(s) (name, 2694 value) to the request before the action. It 2695 appends to any existing values associated 2696 with the header name. \n Input: GET /foo HTTP/1.1 2697 my-header: foo \n Config: add: - name: \"my-header\" 2698 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 2699 my-header: foo,bar,baz" 2700 items: 2701 description: HTTPHeader represents an HTTP 2702 Header name and value as defined by RFC 2703 7230. 2704 properties: 2705 name: 2706 description: "Name is the name of the 2707 HTTP Header to be matched. Name matching 2708 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 2709 \n If multiple entries specify equivalent 2710 header names, the first entry with an 2711 equivalent name MUST be considered for 2712 a match. Subsequent entries with an 2713 equivalent header name MUST be ignored. 2714 Due to the case-insensitivity of header 2715 names, \"foo\" and \"Foo\" are considered 2716 equivalent." 2717 maxLength: 256 2718 minLength: 1 2719 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 2720 type: string 2721 value: 2722 description: Value is the value of HTTP 2723 Header to be matched. 2724 maxLength: 4096 2725 minLength: 1 2726 type: string 2727 required: 2728 - name 2729 - value 2730 type: object 2731 maxItems: 16 2732 type: array 2733 x-kubernetes-list-map-keys: 2734 - name 2735 x-kubernetes-list-type: map 2736 remove: 2737 description: "Remove the given header(s) from 2738 the HTTP request before the action. The value 2739 of Remove is a list of HTTP header names. 2740 Note that the header names are case-insensitive 2741 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 2742 \n Input: GET /foo HTTP/1.1 my-header1: foo 2743 my-header2: bar my-header3: baz \n Config: 2744 remove: [\"my-header1\", \"my-header3\"] \n 2745 Output: GET /foo HTTP/1.1 my-header2: bar" 2746 items: 2747 type: string 2748 maxItems: 16 2749 type: array 2750 x-kubernetes-list-type: set 2751 set: 2752 description: "Set overwrites the request with 2753 the given header (name, value) before the 2754 action. \n Input: GET /foo HTTP/1.1 my-header: 2755 foo \n Config: set: - name: \"my-header\" 2756 value: \"bar\" \n Output: GET /foo HTTP/1.1 2757 my-header: bar" 2758 items: 2759 description: HTTPHeader represents an HTTP 2760 Header name and value as defined by RFC 2761 7230. 2762 properties: 2763 name: 2764 description: "Name is the name of the 2765 HTTP Header to be matched. Name matching 2766 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 2767 \n If multiple entries specify equivalent 2768 header names, the first entry with an 2769 equivalent name MUST be considered for 2770 a match. Subsequent entries with an 2771 equivalent header name MUST be ignored. 2772 Due to the case-insensitivity of header 2773 names, \"foo\" and \"Foo\" are considered 2774 equivalent." 2775 maxLength: 256 2776 minLength: 1 2777 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 2778 type: string 2779 value: 2780 description: Value is the value of HTTP 2781 Header to be matched. 2782 maxLength: 4096 2783 minLength: 1 2784 type: string 2785 required: 2786 - name 2787 - value 2788 type: object 2789 maxItems: 16 2790 type: array 2791 x-kubernetes-list-map-keys: 2792 - name 2793 x-kubernetes-list-type: map 2794 type: object 2795 requestMirror: 2796 description: "RequestMirror defines a schema for 2797 a filter that mirrors requests. Requests are sent 2798 to the specified destination, but responses from 2799 that destination are ignored. \n This filter can 2800 be used multiple times within the same rule. Note 2801 that not all implementations will be able to support 2802 mirroring to multiple backends. \n Support: Extended" 2803 properties: 2804 backendRef: 2805 description: "BackendRef references a resource 2806 where mirrored requests are sent. \n Mirrored 2807 requests must be sent only to a single destination 2808 endpoint within this BackendRef, irrespective 2809 of how many endpoints are present within this 2810 BackendRef. \n If the referent cannot be found, 2811 this BackendRef is invalid and must be dropped 2812 from the Gateway. The controller must ensure 2813 the \"ResolvedRefs\" condition on the Route 2814 status is set to `status: False` and not configure 2815 this backend in the underlying implementation. 2816 \n If there is a cross-namespace reference 2817 to an *existing* object that is not allowed 2818 by a ReferenceGrant, the controller must ensure 2819 the \"ResolvedRefs\" condition on the Route 2820 is set to `status: False`, with the \"RefNotPermitted\" 2821 reason and not configure this backend in the 2822 underlying implementation. \n In either error 2823 case, the Message of the `ResolvedRefs` Condition 2824 should be used to provide more detail about 2825 the problem. \n Support: Extended for Kubernetes 2826 Service \n Support: Implementation-specific 2827 for any other resource" 2828 properties: 2829 group: 2830 default: "" 2831 description: Group is the group of the referent. 2832 For example, "gateway.networking.k8s.io". 2833 When unspecified or empty string, core 2834 API group is inferred. 2835 maxLength: 253 2836 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2837 type: string 2838 kind: 2839 default: Service 2840 description: "Kind is the Kubernetes resource 2841 kind of the referent. For example \"Service\". 2842 \n Defaults to \"Service\" when not specified. 2843 \n ExternalName services can refer to 2844 CNAME DNS records that may live outside 2845 of the cluster and as such are difficult 2846 to reason about in terms of conformance. 2847 They also may not be safe to forward to 2848 (see CVE-2021-25740 for more information). 2849 Implementations SHOULD NOT support ExternalName 2850 Services. \n Support: Core (Services with 2851 a type other than ExternalName) \n Support: 2852 Implementation-specific (Services with 2853 type ExternalName)" 2854 maxLength: 63 2855 minLength: 1 2856 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 2857 type: string 2858 name: 2859 description: Name is the name of the referent. 2860 maxLength: 253 2861 minLength: 1 2862 type: string 2863 namespace: 2864 description: "Namespace is the namespace 2865 of the backend. When unspecified, the 2866 local namespace is inferred. \n Note that 2867 when a namespace different than the local 2868 namespace is specified, a ReferenceGrant 2869 object is required in the referent namespace 2870 to allow that namespace's owner to accept 2871 the reference. See the ReferenceGrant 2872 documentation for details. \n Support: 2873 Core" 2874 maxLength: 63 2875 minLength: 1 2876 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 2877 type: string 2878 port: 2879 description: Port specifies the destination 2880 port number to use for this resource. 2881 Port is required when the referent is 2882 a Kubernetes Service. In this case, the 2883 port number is the service port number, 2884 not the target port. For other resources, 2885 destination port might be derived from 2886 the referent resource or this field. 2887 format: int32 2888 maximum: 65535 2889 minimum: 1 2890 type: integer 2891 required: 2892 - name 2893 type: object 2894 x-kubernetes-validations: 2895 - message: Must have port for Service reference 2896 rule: '(size(self.group) == 0 && self.kind 2897 == ''Service'') ? has(self.port) : true' 2898 required: 2899 - backendRef 2900 type: object 2901 requestRedirect: 2902 description: "RequestRedirect defines a schema for 2903 a filter that responds to the request with an 2904 HTTP redirection. \n Support: Core" 2905 properties: 2906 hostname: 2907 description: "Hostname is the hostname to be 2908 used in the value of the `Location` header 2909 in the response. When empty, the hostname 2910 in the `Host` header of the request is used. 2911 \n Support: Core" 2912 maxLength: 253 2913 minLength: 1 2914 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 2915 type: string 2916 path: 2917 description: "Path defines parameters used to 2918 modify the path of the incoming request. The 2919 modified path is then used to construct the 2920 `Location` header. When empty, the request 2921 path is used as-is. \n Support: Extended" 2922 properties: 2923 replaceFullPath: 2924 description: ReplaceFullPath specifies the 2925 value with which to replace the full path 2926 of a request during a rewrite or redirect. 2927 maxLength: 1024 2928 type: string 2929 replacePrefixMatch: 2930 description: "ReplacePrefixMatch specifies 2931 the value with which to replace the prefix 2932 match of a request during a rewrite or 2933 redirect. For example, a request to \"/foo/bar\" 2934 with a prefix match of \"/foo\" and a 2935 ReplacePrefixMatch of \"/xyz\" would be 2936 modified to \"/xyz/bar\". \n Note that 2937 this matches the behavior of the PathPrefix 2938 match type. This matches full path elements. 2939 A path element refers to the list of labels 2940 in the path split by the `/` separator. 2941 When specified, a trailing `/` is ignored. 2942 For example, the paths `/abc`, `/abc/`, 2943 and `/abc/def` would all match the prefix 2944 `/abc`, but the path `/abcd` would not. 2945 \n ReplacePrefixMatch is only compatible 2946 with a `PathPrefix` HTTPRouteMatch. Using 2947 any other HTTPRouteMatch type on the same 2948 HTTPRouteRule will result in the implementation 2949 setting the Accepted Condition for the 2950 Route to `status: False`. \n Request Path 2951 | Prefix Match | Replace Prefix | Modified 2952 Path -------------|--------------|----------------|---------- 2953 /foo/bar | /foo | /xyz | 2954 /xyz/bar /foo/bar | /foo | 2955 /xyz/ | /xyz/bar /foo/bar | 2956 /foo/ | /xyz | /xyz/bar 2957 /foo/bar | /foo/ | /xyz/ | 2958 /xyz/bar /foo | /foo | 2959 /xyz | /xyz /foo/ | /foo 2960 \ | /xyz | /xyz/ /foo/bar 2961 \ | /foo | <empty string> | 2962 /bar /foo/ | /foo | <empty 2963 string> | / /foo | /foo | 2964 <empty string> | / /foo/ | /foo 2965 \ | / | / /foo | 2966 /foo | / | /" 2967 maxLength: 1024 2968 type: string 2969 type: 2970 description: "Type defines the type of path 2971 modifier. Additional types may be added 2972 in a future release of the API. \n Note 2973 that values may be added to this enum, 2974 implementations must ensure that unknown 2975 values will not cause a crash. \n Unknown 2976 values here must result in the implementation 2977 setting the Accepted Condition for the 2978 Route to `status: False`, with a Reason 2979 of `UnsupportedValue`." 2980 enum: 2981 - ReplaceFullPath 2982 - ReplacePrefixMatch 2983 type: string 2984 required: 2985 - type 2986 type: object 2987 x-kubernetes-validations: 2988 - message: replaceFullPath must be specified 2989 when type is set to 'ReplaceFullPath' 2990 rule: 'self.type == ''ReplaceFullPath'' ? 2991 has(self.replaceFullPath) : true' 2992 - message: type must be 'ReplaceFullPath' when 2993 replaceFullPath is set 2994 rule: 'has(self.replaceFullPath) ? self.type 2995 == ''ReplaceFullPath'' : true' 2996 - message: replacePrefixMatch must be specified 2997 when type is set to 'ReplacePrefixMatch' 2998 rule: 'self.type == ''ReplacePrefixMatch'' 2999 ? has(self.replacePrefixMatch) : true' 3000 - message: type must be 'ReplacePrefixMatch' 3001 when replacePrefixMatch is set 3002 rule: 'has(self.replacePrefixMatch) ? self.type 3003 == ''ReplacePrefixMatch'' : true' 3004 port: 3005 description: "Port is the port to be used in 3006 the value of the `Location` header in the 3007 response. \n If no port is specified, the 3008 redirect port MUST be derived using the following 3009 rules: \n * If redirect scheme is not-empty, 3010 the redirect port MUST be the well-known port 3011 associated with the redirect scheme. Specifically 3012 \"http\" to port 80 and \"https\" to port 3013 443. If the redirect scheme does not have 3014 a well-known port, the listener port of the 3015 Gateway SHOULD be used. * If redirect scheme 3016 is empty, the redirect port MUST be the Gateway 3017 Listener port. \n Implementations SHOULD NOT 3018 add the port number in the 'Location' header 3019 in the following cases: \n * A Location header 3020 that will use HTTP (whether that is determined 3021 via the Listener protocol or the Scheme field) 3022 _and_ use port 80. * A Location header that 3023 will use HTTPS (whether that is determined 3024 via the Listener protocol or the Scheme field) 3025 _and_ use port 443. \n Support: Extended" 3026 format: int32 3027 maximum: 65535 3028 minimum: 1 3029 type: integer 3030 scheme: 3031 description: "Scheme is the scheme to be used 3032 in the value of the `Location` header in the 3033 response. When empty, the scheme of the request 3034 is used. \n Scheme redirects can affect the 3035 port of the redirect, for more information, 3036 refer to the documentation for the port field 3037 of this filter. \n Note that values may be 3038 added to this enum, implementations must ensure 3039 that unknown values will not cause a crash. 3040 \n Unknown values here must result in the 3041 implementation setting the Accepted Condition 3042 for the Route to `status: False`, with a Reason 3043 of `UnsupportedValue`. \n Support: Extended" 3044 enum: 3045 - http 3046 - https 3047 type: string 3048 statusCode: 3049 default: 302 3050 description: "StatusCode is the HTTP status 3051 code to be used in response. \n Note that 3052 values may be added to this enum, implementations 3053 must ensure that unknown values will not cause 3054 a crash. \n Unknown values here must result 3055 in the implementation setting the Accepted 3056 Condition for the Route to `status: False`, 3057 with a Reason of `UnsupportedValue`. \n Support: 3058 Core" 3059 enum: 3060 - 301 3061 - 302 3062 type: integer 3063 type: object 3064 responseHeaderModifier: 3065 description: "ResponseHeaderModifier defines a schema 3066 for a filter that modifies response headers. \n 3067 Support: Extended" 3068 properties: 3069 add: 3070 description: "Add adds the given header(s) (name, 3071 value) to the request before the action. It 3072 appends to any existing values associated 3073 with the header name. \n Input: GET /foo HTTP/1.1 3074 my-header: foo \n Config: add: - name: \"my-header\" 3075 value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 3076 my-header: foo,bar,baz" 3077 items: 3078 description: HTTPHeader represents an HTTP 3079 Header name and value as defined by RFC 3080 7230. 3081 properties: 3082 name: 3083 description: "Name is the name of the 3084 HTTP Header to be matched. Name matching 3085 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3086 \n If multiple entries specify equivalent 3087 header names, the first entry with an 3088 equivalent name MUST be considered for 3089 a match. Subsequent entries with an 3090 equivalent header name MUST be ignored. 3091 Due to the case-insensitivity of header 3092 names, \"foo\" and \"Foo\" are considered 3093 equivalent." 3094 maxLength: 256 3095 minLength: 1 3096 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3097 type: string 3098 value: 3099 description: Value is the value of HTTP 3100 Header to be matched. 3101 maxLength: 4096 3102 minLength: 1 3103 type: string 3104 required: 3105 - name 3106 - value 3107 type: object 3108 maxItems: 16 3109 type: array 3110 x-kubernetes-list-map-keys: 3111 - name 3112 x-kubernetes-list-type: map 3113 remove: 3114 description: "Remove the given header(s) from 3115 the HTTP request before the action. The value 3116 of Remove is a list of HTTP header names. 3117 Note that the header names are case-insensitive 3118 (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 3119 \n Input: GET /foo HTTP/1.1 my-header1: foo 3120 my-header2: bar my-header3: baz \n Config: 3121 remove: [\"my-header1\", \"my-header3\"] \n 3122 Output: GET /foo HTTP/1.1 my-header2: bar" 3123 items: 3124 type: string 3125 maxItems: 16 3126 type: array 3127 x-kubernetes-list-type: set 3128 set: 3129 description: "Set overwrites the request with 3130 the given header (name, value) before the 3131 action. \n Input: GET /foo HTTP/1.1 my-header: 3132 foo \n Config: set: - name: \"my-header\" 3133 value: \"bar\" \n Output: GET /foo HTTP/1.1 3134 my-header: bar" 3135 items: 3136 description: HTTPHeader represents an HTTP 3137 Header name and value as defined by RFC 3138 7230. 3139 properties: 3140 name: 3141 description: "Name is the name of the 3142 HTTP Header to be matched. Name matching 3143 MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3144 \n If multiple entries specify equivalent 3145 header names, the first entry with an 3146 equivalent name MUST be considered for 3147 a match. Subsequent entries with an 3148 equivalent header name MUST be ignored. 3149 Due to the case-insensitivity of header 3150 names, \"foo\" and \"Foo\" are considered 3151 equivalent." 3152 maxLength: 256 3153 minLength: 1 3154 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3155 type: string 3156 value: 3157 description: Value is the value of HTTP 3158 Header to be matched. 3159 maxLength: 4096 3160 minLength: 1 3161 type: string 3162 required: 3163 - name 3164 - value 3165 type: object 3166 maxItems: 16 3167 type: array 3168 x-kubernetes-list-map-keys: 3169 - name 3170 x-kubernetes-list-type: map 3171 type: object 3172 type: 3173 description: "Type identifies the type of filter 3174 to apply. As with other API fields, types are 3175 classified into three conformance levels: \n - 3176 Core: Filter types and their corresponding configuration 3177 defined by \"Support: Core\" in this package, 3178 e.g. \"RequestHeaderModifier\". All implementations 3179 must support core filters. \n - Extended: Filter 3180 types and their corresponding configuration defined 3181 by \"Support: Extended\" in this package, e.g. 3182 \"RequestMirror\". Implementers are encouraged 3183 to support extended filters. \n - Implementation-specific: 3184 Filters that are defined and supported by specific 3185 vendors. In the future, filters showing convergence 3186 in behavior across multiple implementations will 3187 be considered for inclusion in extended or core 3188 conformance levels. Filter-specific configuration 3189 for such filters is specified using the ExtensionRef 3190 field. `Type` should be set to \"ExtensionRef\" 3191 for custom filters. \n Implementers are encouraged 3192 to define custom implementation types to extend 3193 the core API with implementation-specific behavior. 3194 \n If a reference to a custom filter type cannot 3195 be resolved, the filter MUST NOT be skipped. Instead, 3196 requests that would have been processed by that 3197 filter MUST receive a HTTP error response. \n 3198 Note that values may be added to this enum, implementations 3199 must ensure that unknown values will not cause 3200 a crash. \n Unknown values here must result in 3201 the implementation setting the Accepted Condition 3202 for the Route to `status: False`, with a Reason 3203 of `UnsupportedValue`." 3204 enum: 3205 - RequestHeaderModifier 3206 - ResponseHeaderModifier 3207 - RequestMirror 3208 - RequestRedirect 3209 - URLRewrite 3210 - ExtensionRef 3211 type: string 3212 urlRewrite: 3213 description: "URLRewrite defines a schema for a 3214 filter that modifies a request during forwarding. 3215 \n Support: Extended" 3216 properties: 3217 hostname: 3218 description: "Hostname is the value to be used 3219 to replace the Host header value during forwarding. 3220 \n Support: Extended" 3221 maxLength: 253 3222 minLength: 1 3223 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3224 type: string 3225 path: 3226 description: "Path defines a path rewrite. \n 3227 Support: Extended" 3228 properties: 3229 replaceFullPath: 3230 description: ReplaceFullPath specifies the 3231 value with which to replace the full path 3232 of a request during a rewrite or redirect. 3233 maxLength: 1024 3234 type: string 3235 replacePrefixMatch: 3236 description: "ReplacePrefixMatch specifies 3237 the value with which to replace the prefix 3238 match of a request during a rewrite or 3239 redirect. For example, a request to \"/foo/bar\" 3240 with a prefix match of \"/foo\" and a 3241 ReplacePrefixMatch of \"/xyz\" would be 3242 modified to \"/xyz/bar\". \n Note that 3243 this matches the behavior of the PathPrefix 3244 match type. This matches full path elements. 3245 A path element refers to the list of labels 3246 in the path split by the `/` separator. 3247 When specified, a trailing `/` is ignored. 3248 For example, the paths `/abc`, `/abc/`, 3249 and `/abc/def` would all match the prefix 3250 `/abc`, but the path `/abcd` would not. 3251 \n ReplacePrefixMatch is only compatible 3252 with a `PathPrefix` HTTPRouteMatch. Using 3253 any other HTTPRouteMatch type on the same 3254 HTTPRouteRule will result in the implementation 3255 setting the Accepted Condition for the 3256 Route to `status: False`. \n Request Path 3257 | Prefix Match | Replace Prefix | Modified 3258 Path -------------|--------------|----------------|---------- 3259 /foo/bar | /foo | /xyz | 3260 /xyz/bar /foo/bar | /foo | 3261 /xyz/ | /xyz/bar /foo/bar | 3262 /foo/ | /xyz | /xyz/bar 3263 /foo/bar | /foo/ | /xyz/ | 3264 /xyz/bar /foo | /foo | 3265 /xyz | /xyz /foo/ | /foo 3266 \ | /xyz | /xyz/ /foo/bar 3267 \ | /foo | <empty string> | 3268 /bar /foo/ | /foo | <empty 3269 string> | / /foo | /foo | 3270 <empty string> | / /foo/ | /foo 3271 \ | / | / /foo | 3272 /foo | / | /" 3273 maxLength: 1024 3274 type: string 3275 type: 3276 description: "Type defines the type of path 3277 modifier. Additional types may be added 3278 in a future release of the API. \n Note 3279 that values may be added to this enum, 3280 implementations must ensure that unknown 3281 values will not cause a crash. \n Unknown 3282 values here must result in the implementation 3283 setting the Accepted Condition for the 3284 Route to `status: False`, with a Reason 3285 of `UnsupportedValue`." 3286 enum: 3287 - ReplaceFullPath 3288 - ReplacePrefixMatch 3289 type: string 3290 required: 3291 - type 3292 type: object 3293 x-kubernetes-validations: 3294 - message: replaceFullPath must be specified 3295 when type is set to 'ReplaceFullPath' 3296 rule: 'self.type == ''ReplaceFullPath'' ? 3297 has(self.replaceFullPath) : true' 3298 - message: type must be 'ReplaceFullPath' when 3299 replaceFullPath is set 3300 rule: 'has(self.replaceFullPath) ? self.type 3301 == ''ReplaceFullPath'' : true' 3302 - message: replacePrefixMatch must be specified 3303 when type is set to 'ReplacePrefixMatch' 3304 rule: 'self.type == ''ReplacePrefixMatch'' 3305 ? has(self.replacePrefixMatch) : true' 3306 - message: type must be 'ReplacePrefixMatch' 3307 when replacePrefixMatch is set 3308 rule: 'has(self.replacePrefixMatch) ? self.type 3309 == ''ReplacePrefixMatch'' : true' 3310 type: object 3311 required: 3312 - type 3313 type: object 3314 x-kubernetes-validations: 3315 - message: filter.requestHeaderModifier must be nil 3316 if the filter.type is not RequestHeaderModifier 3317 rule: '!(has(self.requestHeaderModifier) && self.type 3318 != ''RequestHeaderModifier'')' 3319 - message: filter.requestHeaderModifier must be specified 3320 for RequestHeaderModifier filter.type 3321 rule: '!(!has(self.requestHeaderModifier) && self.type 3322 == ''RequestHeaderModifier'')' 3323 - message: filter.responseHeaderModifier must be nil 3324 if the filter.type is not ResponseHeaderModifier 3325 rule: '!(has(self.responseHeaderModifier) && self.type 3326 != ''ResponseHeaderModifier'')' 3327 - message: filter.responseHeaderModifier must be specified 3328 for ResponseHeaderModifier filter.type 3329 rule: '!(!has(self.responseHeaderModifier) && self.type 3330 == ''ResponseHeaderModifier'')' 3331 - message: filter.requestMirror must be nil if the filter.type 3332 is not RequestMirror 3333 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 3334 - message: filter.requestMirror must be specified for 3335 RequestMirror filter.type 3336 rule: '!(!has(self.requestMirror) && self.type == 3337 ''RequestMirror'')' 3338 - message: filter.requestRedirect must be nil if the 3339 filter.type is not RequestRedirect 3340 rule: '!(has(self.requestRedirect) && self.type != 3341 ''RequestRedirect'')' 3342 - message: filter.requestRedirect must be specified 3343 for RequestRedirect filter.type 3344 rule: '!(!has(self.requestRedirect) && self.type == 3345 ''RequestRedirect'')' 3346 - message: filter.urlRewrite must be nil if the filter.type 3347 is not URLRewrite 3348 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')' 3349 - message: filter.urlRewrite must be specified for URLRewrite 3350 filter.type 3351 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')' 3352 - message: filter.extensionRef must be nil if the filter.type 3353 is not ExtensionRef 3354 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 3355 - message: filter.extensionRef must be specified for 3356 ExtensionRef filter.type 3357 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 3358 maxItems: 16 3359 type: array 3360 x-kubernetes-validations: 3361 - message: May specify either httpRouteFilterRequestRedirect 3362 or httpRouteFilterRequestRewrite, but not both 3363 rule: '!(self.exists(f, f.type == ''RequestRedirect'') 3364 && self.exists(f, f.type == ''URLRewrite''))' 3365 - message: May specify either httpRouteFilterRequestRedirect 3366 or httpRouteFilterRequestRewrite, but not both 3367 rule: '!(self.exists(f, f.type == ''RequestRedirect'') 3368 && self.exists(f, f.type == ''URLRewrite''))' 3369 - message: RequestHeaderModifier filter cannot be repeated 3370 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 3371 <= 1 3372 - message: ResponseHeaderModifier filter cannot be repeated 3373 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 3374 <= 1 3375 - message: RequestRedirect filter cannot be repeated 3376 rule: self.filter(f, f.type == 'RequestRedirect').size() 3377 <= 1 3378 - message: URLRewrite filter cannot be repeated 3379 rule: self.filter(f, f.type == 'URLRewrite').size() 3380 <= 1 3381 group: 3382 default: "" 3383 description: Group is the group of the referent. For example, 3384 "gateway.networking.k8s.io". When unspecified or empty 3385 string, core API group is inferred. 3386 maxLength: 253 3387 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3388 type: string 3389 kind: 3390 default: Service 3391 description: "Kind is the Kubernetes resource kind of 3392 the referent. For example \"Service\". \n Defaults to 3393 \"Service\" when not specified. \n ExternalName services 3394 can refer to CNAME DNS records that may live outside 3395 of the cluster and as such are difficult to reason about 3396 in terms of conformance. They also may not be safe to 3397 forward to (see CVE-2021-25740 for more information). 3398 Implementations SHOULD NOT support ExternalName Services. 3399 \n Support: Core (Services with a type other than ExternalName) 3400 \n Support: Implementation-specific (Services with type 3401 ExternalName)" 3402 maxLength: 63 3403 minLength: 1 3404 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 3405 type: string 3406 name: 3407 description: Name is the name of the referent. 3408 maxLength: 253 3409 minLength: 1 3410 type: string 3411 namespace: 3412 description: "Namespace is the namespace of the backend. 3413 When unspecified, the local namespace is inferred. \n 3414 Note that when a namespace different than the local 3415 namespace is specified, a ReferenceGrant object is required 3416 in the referent namespace to allow that namespace's 3417 owner to accept the reference. See the ReferenceGrant 3418 documentation for details. \n Support: Core" 3419 maxLength: 63 3420 minLength: 1 3421 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 3422 type: string 3423 port: 3424 description: Port specifies the destination port number 3425 to use for this resource. Port is required when the 3426 referent is a Kubernetes Service. In this case, the 3427 port number is the service port number, not the target 3428 port. For other resources, destination port might be 3429 derived from the referent resource or this field. 3430 format: int32 3431 maximum: 65535 3432 minimum: 1 3433 type: integer 3434 weight: 3435 default: 1 3436 description: "Weight specifies the proportion of requests 3437 forwarded to the referenced backend. This is computed 3438 as weight/(sum of all weights in this BackendRefs list). 3439 For non-zero values, there may be some epsilon from 3440 the exact proportion defined here depending on the precision 3441 an implementation supports. Weight is not a percentage 3442 and the sum of weights does not need to equal 100. \n 3443 If only one backend is specified and it has a weight 3444 greater than 0, 100% of the traffic is forwarded to 3445 that backend. If weight is set to 0, no traffic should 3446 be forwarded for this entry. If unspecified, weight 3447 defaults to 1. \n Support for this field varies based 3448 on the context where used." 3449 format: int32 3450 maximum: 1000000 3451 minimum: 0 3452 type: integer 3453 required: 3454 - name 3455 type: object 3456 x-kubernetes-validations: 3457 - message: Must have port for Service reference 3458 rule: '(size(self.group) == 0 && self.kind == ''Service'') 3459 ? has(self.port) : true' 3460 maxItems: 16 3461 type: array 3462 filters: 3463 description: "Filters define the filters that are applied to 3464 requests that match this rule. \n The effects of ordering 3465 of multiple behaviors are currently unspecified. This can 3466 change in the future based on feedback during the alpha stage. 3467 \n Conformance-levels at this level are defined based on the 3468 type of filter: \n - ALL core filters MUST be supported by 3469 all implementations. - Implementers are encouraged to support 3470 extended filters. - Implementation-specific custom filters 3471 have no API guarantees across implementations. \n Specifying 3472 the same filter multiple times is not supported unless explicitly 3473 indicated in the filter. \n All filters are expected to be 3474 compatible with each other except for the URLRewrite and RequestRedirect 3475 filters, which may not be combined. If an implementation can 3476 not support other combinations of filters, they must clearly 3477 document that limitation. In cases where incompatible or unsupported 3478 filters are specified and cause the `Accepted` condition to 3479 be set to status `False`, implementations may use the `IncompatibleFilters` 3480 reason to specify this configuration error. \n Support: Core" 3481 items: 3482 description: HTTPRouteFilter defines processing steps that 3483 must be completed during the request or response lifecycle. 3484 HTTPRouteFilters are meant as an extension point to express 3485 processing that may be done in Gateway implementations. 3486 Some examples include request or response modification, 3487 implementing authentication strategies, rate-limiting, and 3488 traffic shaping. API guarantee/conformance is defined based 3489 on the type of the filter. 3490 properties: 3491 extensionRef: 3492 description: "ExtensionRef is an optional, implementation-specific 3493 extension to the \"filter\" behavior. For example, 3494 resource \"myroutefilter\" in group \"networking.example.net\"). 3495 ExtensionRef MUST NOT be used for core and extended 3496 filters. \n This filter can be used multiple times within 3497 the same rule. \n Support: Implementation-specific" 3498 properties: 3499 group: 3500 description: Group is the group of the referent. For 3501 example, "gateway.networking.k8s.io". When unspecified 3502 or empty string, core API group is inferred. 3503 maxLength: 253 3504 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3505 type: string 3506 kind: 3507 description: Kind is kind of the referent. For example 3508 "HTTPRoute" or "Service". 3509 maxLength: 63 3510 minLength: 1 3511 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 3512 type: string 3513 name: 3514 description: Name is the name of the referent. 3515 maxLength: 253 3516 minLength: 1 3517 type: string 3518 required: 3519 - group 3520 - kind 3521 - name 3522 type: object 3523 requestHeaderModifier: 3524 description: "RequestHeaderModifier defines a schema for 3525 a filter that modifies request headers. \n Support: 3526 Core" 3527 properties: 3528 add: 3529 description: "Add adds the given header(s) (name, 3530 value) to the request before the action. It appends 3531 to any existing values associated with the header 3532 name. \n Input: GET /foo HTTP/1.1 my-header: foo 3533 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 3534 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 3535 items: 3536 description: HTTPHeader represents an HTTP Header 3537 name and value as defined by RFC 7230. 3538 properties: 3539 name: 3540 description: "Name is the name of the HTTP Header 3541 to be matched. Name matching MUST be case 3542 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3543 \n If multiple entries specify equivalent 3544 header names, the first entry with an equivalent 3545 name MUST be considered for a match. Subsequent 3546 entries with an equivalent header name MUST 3547 be ignored. Due to the case-insensitivity 3548 of header names, \"foo\" and \"Foo\" are considered 3549 equivalent." 3550 maxLength: 256 3551 minLength: 1 3552 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3553 type: string 3554 value: 3555 description: Value is the value of HTTP Header 3556 to be matched. 3557 maxLength: 4096 3558 minLength: 1 3559 type: string 3560 required: 3561 - name 3562 - value 3563 type: object 3564 maxItems: 16 3565 type: array 3566 x-kubernetes-list-map-keys: 3567 - name 3568 x-kubernetes-list-type: map 3569 remove: 3570 description: "Remove the given header(s) from the 3571 HTTP request before the action. The value of Remove 3572 is a list of HTTP header names. Note that the header 3573 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 3574 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 3575 bar my-header3: baz \n Config: remove: [\"my-header1\", 3576 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 3577 bar" 3578 items: 3579 type: string 3580 maxItems: 16 3581 type: array 3582 x-kubernetes-list-type: set 3583 set: 3584 description: "Set overwrites the request with the 3585 given header (name, value) before the action. \n 3586 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 3587 set: - name: \"my-header\" value: \"bar\" \n Output: 3588 GET /foo HTTP/1.1 my-header: bar" 3589 items: 3590 description: HTTPHeader represents an HTTP Header 3591 name and value as defined by RFC 7230. 3592 properties: 3593 name: 3594 description: "Name is the name of the HTTP Header 3595 to be matched. Name matching MUST be case 3596 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3597 \n If multiple entries specify equivalent 3598 header names, the first entry with an equivalent 3599 name MUST be considered for a match. Subsequent 3600 entries with an equivalent header name MUST 3601 be ignored. Due to the case-insensitivity 3602 of header names, \"foo\" and \"Foo\" are considered 3603 equivalent." 3604 maxLength: 256 3605 minLength: 1 3606 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3607 type: string 3608 value: 3609 description: Value is the value of HTTP Header 3610 to be matched. 3611 maxLength: 4096 3612 minLength: 1 3613 type: string 3614 required: 3615 - name 3616 - value 3617 type: object 3618 maxItems: 16 3619 type: array 3620 x-kubernetes-list-map-keys: 3621 - name 3622 x-kubernetes-list-type: map 3623 type: object 3624 requestMirror: 3625 description: "RequestMirror defines a schema for a filter 3626 that mirrors requests. Requests are sent to the specified 3627 destination, but responses from that destination are 3628 ignored. \n This filter can be used multiple times within 3629 the same rule. Note that not all implementations will 3630 be able to support mirroring to multiple backends. \n 3631 Support: Extended" 3632 properties: 3633 backendRef: 3634 description: "BackendRef references a resource where 3635 mirrored requests are sent. \n Mirrored requests 3636 must be sent only to a single destination endpoint 3637 within this BackendRef, irrespective of how many 3638 endpoints are present within this BackendRef. \n 3639 If the referent cannot be found, this BackendRef 3640 is invalid and must be dropped from the Gateway. 3641 The controller must ensure the \"ResolvedRefs\" 3642 condition on the Route status is set to `status: 3643 False` and not configure this backend in the underlying 3644 implementation. \n If there is a cross-namespace 3645 reference to an *existing* object that is not allowed 3646 by a ReferenceGrant, the controller must ensure 3647 the \"ResolvedRefs\" condition on the Route is 3648 set to `status: False`, with the \"RefNotPermitted\" 3649 reason and not configure this backend in the underlying 3650 implementation. \n In either error case, the Message 3651 of the `ResolvedRefs` Condition should be used to 3652 provide more detail about the problem. \n Support: 3653 Extended for Kubernetes Service \n Support: Implementation-specific 3654 for any other resource" 3655 properties: 3656 group: 3657 default: "" 3658 description: Group is the group of the referent. 3659 For example, "gateway.networking.k8s.io". When 3660 unspecified or empty string, core API group 3661 is inferred. 3662 maxLength: 253 3663 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3664 type: string 3665 kind: 3666 default: Service 3667 description: "Kind is the Kubernetes resource 3668 kind of the referent. For example \"Service\". 3669 \n Defaults to \"Service\" when not specified. 3670 \n ExternalName services can refer to CNAME 3671 DNS records that may live outside of the cluster 3672 and as such are difficult to reason about in 3673 terms of conformance. They also may not be safe 3674 to forward to (see CVE-2021-25740 for more information). 3675 Implementations SHOULD NOT support ExternalName 3676 Services. \n Support: Core (Services with a 3677 type other than ExternalName) \n Support: Implementation-specific 3678 (Services with type ExternalName)" 3679 maxLength: 63 3680 minLength: 1 3681 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 3682 type: string 3683 name: 3684 description: Name is the name of the referent. 3685 maxLength: 253 3686 minLength: 1 3687 type: string 3688 namespace: 3689 description: "Namespace is the namespace of the 3690 backend. When unspecified, the local namespace 3691 is inferred. \n Note that when a namespace different 3692 than the local namespace is specified, a ReferenceGrant 3693 object is required in the referent namespace 3694 to allow that namespace's owner to accept the 3695 reference. See the ReferenceGrant documentation 3696 for details. \n Support: Core" 3697 maxLength: 63 3698 minLength: 1 3699 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 3700 type: string 3701 port: 3702 description: Port specifies the destination port 3703 number to use for this resource. Port is required 3704 when the referent is a Kubernetes Service. In 3705 this case, the port number is the service port 3706 number, not the target port. For other resources, 3707 destination port might be derived from the referent 3708 resource or this field. 3709 format: int32 3710 maximum: 65535 3711 minimum: 1 3712 type: integer 3713 required: 3714 - name 3715 type: object 3716 x-kubernetes-validations: 3717 - message: Must have port for Service reference 3718 rule: '(size(self.group) == 0 && self.kind == ''Service'') 3719 ? has(self.port) : true' 3720 required: 3721 - backendRef 3722 type: object 3723 requestRedirect: 3724 description: "RequestRedirect defines a schema for a filter 3725 that responds to the request with an HTTP redirection. 3726 \n Support: Core" 3727 properties: 3728 hostname: 3729 description: "Hostname is the hostname to be used 3730 in the value of the `Location` header in the response. 3731 When empty, the hostname in the `Host` header of 3732 the request is used. \n Support: Core" 3733 maxLength: 253 3734 minLength: 1 3735 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 3736 type: string 3737 path: 3738 description: "Path defines parameters used to modify 3739 the path of the incoming request. The modified path 3740 is then used to construct the `Location` header. 3741 When empty, the request path is used as-is. \n Support: 3742 Extended" 3743 properties: 3744 replaceFullPath: 3745 description: ReplaceFullPath specifies the value 3746 with which to replace the full path of a request 3747 during a rewrite or redirect. 3748 maxLength: 1024 3749 type: string 3750 replacePrefixMatch: 3751 description: "ReplacePrefixMatch specifies the 3752 value with which to replace the prefix match 3753 of a request during a rewrite or redirect. For 3754 example, a request to \"/foo/bar\" with a prefix 3755 match of \"/foo\" and a ReplacePrefixMatch of 3756 \"/xyz\" would be modified to \"/xyz/bar\". 3757 \n Note that this matches the behavior of the 3758 PathPrefix match type. This matches full path 3759 elements. A path element refers to the list 3760 of labels in the path split by the `/` separator. 3761 When specified, a trailing `/` is ignored. For 3762 example, the paths `/abc`, `/abc/`, and `/abc/def` 3763 would all match the prefix `/abc`, but the path 3764 `/abcd` would not. \n ReplacePrefixMatch is 3765 only compatible with a `PathPrefix` HTTPRouteMatch. 3766 Using any other HTTPRouteMatch type on the same 3767 HTTPRouteRule will result in the implementation 3768 setting the Accepted Condition for the Route 3769 to `status: False`. \n Request Path | Prefix 3770 Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- 3771 /foo/bar | /foo | /xyz | 3772 /xyz/bar /foo/bar | /foo | /xyz/ 3773 \ | /xyz/bar /foo/bar | /foo/ | 3774 /xyz | /xyz/bar /foo/bar | /foo/ 3775 \ | /xyz/ | /xyz/bar /foo | 3776 /foo | /xyz | /xyz /foo/ | 3777 /foo | /xyz | /xyz/ /foo/bar 3778 \ | /foo | <empty string> | /bar 3779 /foo/ | /foo | <empty string> 3780 | / /foo | /foo | <empty string> 3781 | / /foo/ | /foo | / | 3782 / /foo | /foo | / | 3783 /" 3784 maxLength: 1024 3785 type: string 3786 type: 3787 description: "Type defines the type of path modifier. 3788 Additional types may be added in a future release 3789 of the API. \n Note that values may be added 3790 to this enum, implementations must ensure that 3791 unknown values will not cause a crash. \n Unknown 3792 values here must result in the implementation 3793 setting the Accepted Condition for the Route 3794 to `status: False`, with a Reason of `UnsupportedValue`." 3795 enum: 3796 - ReplaceFullPath 3797 - ReplacePrefixMatch 3798 type: string 3799 required: 3800 - type 3801 type: object 3802 x-kubernetes-validations: 3803 - message: replaceFullPath must be specified when 3804 type is set to 'ReplaceFullPath' 3805 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath) 3806 : true' 3807 - message: type must be 'ReplaceFullPath' when replaceFullPath 3808 is set 3809 rule: 'has(self.replaceFullPath) ? self.type == 3810 ''ReplaceFullPath'' : true' 3811 - message: replacePrefixMatch must be specified when 3812 type is set to 'ReplacePrefixMatch' 3813 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch) 3814 : true' 3815 - message: type must be 'ReplacePrefixMatch' when 3816 replacePrefixMatch is set 3817 rule: 'has(self.replacePrefixMatch) ? self.type 3818 == ''ReplacePrefixMatch'' : true' 3819 port: 3820 description: "Port is the port to be used in the value 3821 of the `Location` header in the response. \n If 3822 no port is specified, the redirect port MUST be 3823 derived using the following rules: \n * If redirect 3824 scheme is not-empty, the redirect port MUST be the 3825 well-known port associated with the redirect scheme. 3826 Specifically \"http\" to port 80 and \"https\" to 3827 port 443. If the redirect scheme does not have a 3828 well-known port, the listener port of the Gateway 3829 SHOULD be used. * If redirect scheme is empty, the 3830 redirect port MUST be the Gateway Listener port. 3831 \n Implementations SHOULD NOT add the port number 3832 in the 'Location' header in the following cases: 3833 \n * A Location header that will use HTTP (whether 3834 that is determined via the Listener protocol or 3835 the Scheme field) _and_ use port 80. * A Location 3836 header that will use HTTPS (whether that is determined 3837 via the Listener protocol or the Scheme field) _and_ 3838 use port 443. \n Support: Extended" 3839 format: int32 3840 maximum: 65535 3841 minimum: 1 3842 type: integer 3843 scheme: 3844 description: "Scheme is the scheme to be used in the 3845 value of the `Location` header in the response. 3846 When empty, the scheme of the request is used. \n 3847 Scheme redirects can affect the port of the redirect, 3848 for more information, refer to the documentation 3849 for the port field of this filter. \n Note that 3850 values may be added to this enum, implementations 3851 must ensure that unknown values will not cause a 3852 crash. \n Unknown values here must result in the 3853 implementation setting the Accepted Condition for 3854 the Route to `status: False`, with a Reason of `UnsupportedValue`. 3855 \n Support: Extended" 3856 enum: 3857 - http 3858 - https 3859 type: string 3860 statusCode: 3861 default: 302 3862 description: "StatusCode is the HTTP status code to 3863 be used in response. \n Note that values may be 3864 added to this enum, implementations must ensure 3865 that unknown values will not cause a crash. \n Unknown 3866 values here must result in the implementation setting 3867 the Accepted Condition for the Route to `status: 3868 False`, with a Reason of `UnsupportedValue`. \n 3869 Support: Core" 3870 enum: 3871 - 301 3872 - 302 3873 type: integer 3874 type: object 3875 responseHeaderModifier: 3876 description: "ResponseHeaderModifier defines a schema 3877 for a filter that modifies response headers. \n Support: 3878 Extended" 3879 properties: 3880 add: 3881 description: "Add adds the given header(s) (name, 3882 value) to the request before the action. It appends 3883 to any existing values associated with the header 3884 name. \n Input: GET /foo HTTP/1.1 my-header: foo 3885 \n Config: add: - name: \"my-header\" value: \"bar,baz\" 3886 \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz" 3887 items: 3888 description: HTTPHeader represents an HTTP Header 3889 name and value as defined by RFC 7230. 3890 properties: 3891 name: 3892 description: "Name is the name of the HTTP Header 3893 to be matched. Name matching MUST be case 3894 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3895 \n If multiple entries specify equivalent 3896 header names, the first entry with an equivalent 3897 name MUST be considered for a match. Subsequent 3898 entries with an equivalent header name MUST 3899 be ignored. Due to the case-insensitivity 3900 of header names, \"foo\" and \"Foo\" are considered 3901 equivalent." 3902 maxLength: 256 3903 minLength: 1 3904 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3905 type: string 3906 value: 3907 description: Value is the value of HTTP Header 3908 to be matched. 3909 maxLength: 4096 3910 minLength: 1 3911 type: string 3912 required: 3913 - name 3914 - value 3915 type: object 3916 maxItems: 16 3917 type: array 3918 x-kubernetes-list-map-keys: 3919 - name 3920 x-kubernetes-list-type: map 3921 remove: 3922 description: "Remove the given header(s) from the 3923 HTTP request before the action. The value of Remove 3924 is a list of HTTP header names. Note that the header 3925 names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). 3926 \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: 3927 bar my-header3: baz \n Config: remove: [\"my-header1\", 3928 \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: 3929 bar" 3930 items: 3931 type: string 3932 maxItems: 16 3933 type: array 3934 x-kubernetes-list-type: set 3935 set: 3936 description: "Set overwrites the request with the 3937 given header (name, value) before the action. \n 3938 Input: GET /foo HTTP/1.1 my-header: foo \n Config: 3939 set: - name: \"my-header\" value: \"bar\" \n Output: 3940 GET /foo HTTP/1.1 my-header: bar" 3941 items: 3942 description: HTTPHeader represents an HTTP Header 3943 name and value as defined by RFC 7230. 3944 properties: 3945 name: 3946 description: "Name is the name of the HTTP Header 3947 to be matched. Name matching MUST be case 3948 insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). 3949 \n If multiple entries specify equivalent 3950 header names, the first entry with an equivalent 3951 name MUST be considered for a match. Subsequent 3952 entries with an equivalent header name MUST 3953 be ignored. Due to the case-insensitivity 3954 of header names, \"foo\" and \"Foo\" are considered 3955 equivalent." 3956 maxLength: 256 3957 minLength: 1 3958 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 3959 type: string 3960 value: 3961 description: Value is the value of HTTP Header 3962 to be matched. 3963 maxLength: 4096 3964 minLength: 1 3965 type: string 3966 required: 3967 - name 3968 - value 3969 type: object 3970 maxItems: 16 3971 type: array 3972 x-kubernetes-list-map-keys: 3973 - name 3974 x-kubernetes-list-type: map 3975 type: object 3976 type: 3977 description: "Type identifies the type of filter to apply. 3978 As with other API fields, types are classified into 3979 three conformance levels: \n - Core: Filter types and 3980 their corresponding configuration defined by \"Support: 3981 Core\" in this package, e.g. \"RequestHeaderModifier\". 3982 All implementations must support core filters. \n - 3983 Extended: Filter types and their corresponding configuration 3984 defined by \"Support: Extended\" in this package, e.g. 3985 \"RequestMirror\". Implementers are encouraged to support 3986 extended filters. \n - Implementation-specific: Filters 3987 that are defined and supported by specific vendors. 3988 In the future, filters showing convergence in behavior 3989 across multiple implementations will be considered for 3990 inclusion in extended or core conformance levels. Filter-specific 3991 configuration for such filters is specified using the 3992 ExtensionRef field. `Type` should be set to \"ExtensionRef\" 3993 for custom filters. \n Implementers are encouraged to 3994 define custom implementation types to extend the core 3995 API with implementation-specific behavior. \n If a reference 3996 to a custom filter type cannot be resolved, the filter 3997 MUST NOT be skipped. Instead, requests that would have 3998 been processed by that filter MUST receive a HTTP error 3999 response. \n Note that values may be added to this enum, 4000 implementations must ensure that unknown values will 4001 not cause a crash. \n Unknown values here must result 4002 in the implementation setting the Accepted Condition 4003 for the Route to `status: False`, with a Reason of `UnsupportedValue`." 4004 enum: 4005 - RequestHeaderModifier 4006 - ResponseHeaderModifier 4007 - RequestMirror 4008 - RequestRedirect 4009 - URLRewrite 4010 - ExtensionRef 4011 type: string 4012 urlRewrite: 4013 description: "URLRewrite defines a schema for a filter 4014 that modifies a request during forwarding. \n Support: 4015 Extended" 4016 properties: 4017 hostname: 4018 description: "Hostname is the value to be used to 4019 replace the Host header value during forwarding. 4020 \n Support: Extended" 4021 maxLength: 253 4022 minLength: 1 4023 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 4024 type: string 4025 path: 4026 description: "Path defines a path rewrite. \n Support: 4027 Extended" 4028 properties: 4029 replaceFullPath: 4030 description: ReplaceFullPath specifies the value 4031 with which to replace the full path of a request 4032 during a rewrite or redirect. 4033 maxLength: 1024 4034 type: string 4035 replacePrefixMatch: 4036 description: "ReplacePrefixMatch specifies the 4037 value with which to replace the prefix match 4038 of a request during a rewrite or redirect. For 4039 example, a request to \"/foo/bar\" with a prefix 4040 match of \"/foo\" and a ReplacePrefixMatch of 4041 \"/xyz\" would be modified to \"/xyz/bar\". 4042 \n Note that this matches the behavior of the 4043 PathPrefix match type. This matches full path 4044 elements. A path element refers to the list 4045 of labels in the path split by the `/` separator. 4046 When specified, a trailing `/` is ignored. For 4047 example, the paths `/abc`, `/abc/`, and `/abc/def` 4048 would all match the prefix `/abc`, but the path 4049 `/abcd` would not. \n ReplacePrefixMatch is 4050 only compatible with a `PathPrefix` HTTPRouteMatch. 4051 Using any other HTTPRouteMatch type on the same 4052 HTTPRouteRule will result in the implementation 4053 setting the Accepted Condition for the Route 4054 to `status: False`. \n Request Path | Prefix 4055 Match | Replace Prefix | Modified Path -------------|--------------|----------------|---------- 4056 /foo/bar | /foo | /xyz | 4057 /xyz/bar /foo/bar | /foo | /xyz/ 4058 \ | /xyz/bar /foo/bar | /foo/ | 4059 /xyz | /xyz/bar /foo/bar | /foo/ 4060 \ | /xyz/ | /xyz/bar /foo | 4061 /foo | /xyz | /xyz /foo/ | 4062 /foo | /xyz | /xyz/ /foo/bar 4063 \ | /foo | <empty string> | /bar 4064 /foo/ | /foo | <empty string> 4065 | / /foo | /foo | <empty string> 4066 | / /foo/ | /foo | / | 4067 / /foo | /foo | / | 4068 /" 4069 maxLength: 1024 4070 type: string 4071 type: 4072 description: "Type defines the type of path modifier. 4073 Additional types may be added in a future release 4074 of the API. \n Note that values may be added 4075 to this enum, implementations must ensure that 4076 unknown values will not cause a crash. \n Unknown 4077 values here must result in the implementation 4078 setting the Accepted Condition for the Route 4079 to `status: False`, with a Reason of `UnsupportedValue`." 4080 enum: 4081 - ReplaceFullPath 4082 - ReplacePrefixMatch 4083 type: string 4084 required: 4085 - type 4086 type: object 4087 x-kubernetes-validations: 4088 - message: replaceFullPath must be specified when 4089 type is set to 'ReplaceFullPath' 4090 rule: 'self.type == ''ReplaceFullPath'' ? has(self.replaceFullPath) 4091 : true' 4092 - message: type must be 'ReplaceFullPath' when replaceFullPath 4093 is set 4094 rule: 'has(self.replaceFullPath) ? self.type == 4095 ''ReplaceFullPath'' : true' 4096 - message: replacePrefixMatch must be specified when 4097 type is set to 'ReplacePrefixMatch' 4098 rule: 'self.type == ''ReplacePrefixMatch'' ? has(self.replacePrefixMatch) 4099 : true' 4100 - message: type must be 'ReplacePrefixMatch' when 4101 replacePrefixMatch is set 4102 rule: 'has(self.replacePrefixMatch) ? self.type 4103 == ''ReplacePrefixMatch'' : true' 4104 type: object 4105 required: 4106 - type 4107 type: object 4108 x-kubernetes-validations: 4109 - message: filter.requestHeaderModifier must be nil if the 4110 filter.type is not RequestHeaderModifier 4111 rule: '!(has(self.requestHeaderModifier) && self.type != 4112 ''RequestHeaderModifier'')' 4113 - message: filter.requestHeaderModifier must be specified 4114 for RequestHeaderModifier filter.type 4115 rule: '!(!has(self.requestHeaderModifier) && self.type == 4116 ''RequestHeaderModifier'')' 4117 - message: filter.responseHeaderModifier must be nil if the 4118 filter.type is not ResponseHeaderModifier 4119 rule: '!(has(self.responseHeaderModifier) && self.type != 4120 ''ResponseHeaderModifier'')' 4121 - message: filter.responseHeaderModifier must be specified 4122 for ResponseHeaderModifier filter.type 4123 rule: '!(!has(self.responseHeaderModifier) && self.type 4124 == ''ResponseHeaderModifier'')' 4125 - message: filter.requestMirror must be nil if the filter.type 4126 is not RequestMirror 4127 rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')' 4128 - message: filter.requestMirror must be specified for RequestMirror 4129 filter.type 4130 rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')' 4131 - message: filter.requestRedirect must be nil if the filter.type 4132 is not RequestRedirect 4133 rule: '!(has(self.requestRedirect) && self.type != ''RequestRedirect'')' 4134 - message: filter.requestRedirect must be specified for RequestRedirect 4135 filter.type 4136 rule: '!(!has(self.requestRedirect) && self.type == ''RequestRedirect'')' 4137 - message: filter.urlRewrite must be nil if the filter.type 4138 is not URLRewrite 4139 rule: '!(has(self.urlRewrite) && self.type != ''URLRewrite'')' 4140 - message: filter.urlRewrite must be specified for URLRewrite 4141 filter.type 4142 rule: '!(!has(self.urlRewrite) && self.type == ''URLRewrite'')' 4143 - message: filter.extensionRef must be nil if the filter.type 4144 is not ExtensionRef 4145 rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')' 4146 - message: filter.extensionRef must be specified for ExtensionRef 4147 filter.type 4148 rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')' 4149 maxItems: 16 4150 type: array 4151 x-kubernetes-validations: 4152 - message: May specify either httpRouteFilterRequestRedirect 4153 or httpRouteFilterRequestRewrite, but not both 4154 rule: '!(self.exists(f, f.type == ''RequestRedirect'') && 4155 self.exists(f, f.type == ''URLRewrite''))' 4156 - message: RequestHeaderModifier filter cannot be repeated 4157 rule: self.filter(f, f.type == 'RequestHeaderModifier').size() 4158 <= 1 4159 - message: ResponseHeaderModifier filter cannot be repeated 4160 rule: self.filter(f, f.type == 'ResponseHeaderModifier').size() 4161 <= 1 4162 - message: RequestRedirect filter cannot be repeated 4163 rule: self.filter(f, f.type == 'RequestRedirect').size() <= 4164 1 4165 - message: URLRewrite filter cannot be repeated 4166 rule: self.filter(f, f.type == 'URLRewrite').size() <= 1 4167 matches: 4168 default: 4169 - path: 4170 type: PathPrefix 4171 value: / 4172 description: "Matches define conditions used for matching the 4173 rule against incoming HTTP requests. Each match is independent, 4174 i.e. this rule will be matched if **any** one of the matches 4175 is satisfied. \n For example, take the following matches configuration: 4176 \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\" 4177 value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request 4178 to match against this rule, a request must satisfy EITHER 4179 of the two conditions: \n - path prefixed with `/foo` AND 4180 contains the header `version: v2` - path prefix of `/v2/foo` 4181 \n See the documentation for HTTPRouteMatch on how to specify 4182 multiple match conditions that should be ANDed together. \n 4183 If no matches are specified, the default is a prefix path 4184 match on \"/\", which has the effect of matching every HTTP 4185 request. \n Proxy or Load Balancer routing configuration generated 4186 from HTTPRoutes MUST prioritize matches based on the following 4187 criteria, continuing on ties. Across all rules specified on 4188 applicable Routes, precedence must be given to the match having: 4189 \n * \"Exact\" path match. * \"Prefix\" path match with largest 4190 number of characters. * Method match. * Largest number of 4191 header matches. * Largest number of query param matches. \n 4192 Note: The precedence of RegularExpression path matches are 4193 implementation-specific. \n If ties still exist across multiple 4194 Routes, matching precedence MUST be determined in order of 4195 the following criteria, continuing on ties: \n * The oldest 4196 Route based on creation timestamp. * The Route appearing first 4197 in alphabetical order by \"{namespace}/{name}\". \n If ties 4198 still exist within an HTTPRoute, matching precedence MUST 4199 be granted to the FIRST matching rule (in list order) with 4200 a match meeting the above criteria. \n When no rules matching 4201 a request have been successfully attached to the parent a 4202 request is coming from, a HTTP 404 status code MUST be returned." 4203 items: 4204 description: "HTTPRouteMatch defines the predicate used to 4205 match requests to a given action. Multiple match types are 4206 ANDed together, i.e. the match will evaluate to true only 4207 if all conditions are satisfied. \n For example, the match 4208 below will match a HTTP request only if its path starts 4209 with `/foo` AND it contains the `version: v1` header: \n 4210 ``` match: \n path: value: \"/foo\" headers: - name: \"version\" 4211 value \"v1\" \n ```" 4212 properties: 4213 headers: 4214 description: Headers specifies HTTP request header matchers. 4215 Multiple match values are ANDed together, meaning, a 4216 request must match all the specified headers to select 4217 the route. 4218 items: 4219 description: HTTPHeaderMatch describes how to select 4220 a HTTP route by matching HTTP request headers. 4221 properties: 4222 name: 4223 description: "Name is the name of the HTTP Header 4224 to be matched. Name matching MUST be case insensitive. 4225 (See https://tools.ietf.org/html/rfc7230#section-3.2). 4226 \n If multiple entries specify equivalent header 4227 names, only the first entry with an equivalent 4228 name MUST be considered for a match. Subsequent 4229 entries with an equivalent header name MUST be 4230 ignored. Due to the case-insensitivity of header 4231 names, \"foo\" and \"Foo\" are considered equivalent. 4232 \n When a header is repeated in an HTTP request, 4233 it is implementation-specific behavior as to how 4234 this is represented. Generally, proxies should 4235 follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 4236 regarding processing a repeated header, with special 4237 handling for \"Set-Cookie\"." 4238 maxLength: 256 4239 minLength: 1 4240 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 4241 type: string 4242 type: 4243 default: Exact 4244 description: "Type specifies how to match against 4245 the value of the header. \n Support: Core (Exact) 4246 \n Support: Implementation-specific (RegularExpression) 4247 \n Since RegularExpression HeaderMatchType has 4248 implementation-specific conformance, implementations 4249 can support POSIX, PCRE or any other dialects 4250 of regular expressions. Please read the implementation's 4251 documentation to determine the supported dialect." 4252 enum: 4253 - Exact 4254 - RegularExpression 4255 type: string 4256 value: 4257 description: Value is the value of HTTP Header to 4258 be matched. 4259 maxLength: 4096 4260 minLength: 1 4261 type: string 4262 required: 4263 - name 4264 - value 4265 type: object 4266 maxItems: 16 4267 type: array 4268 x-kubernetes-list-map-keys: 4269 - name 4270 x-kubernetes-list-type: map 4271 method: 4272 description: "Method specifies HTTP method matcher. When 4273 specified, this route will be matched only if the request 4274 has the specified method. \n Support: Extended" 4275 enum: 4276 - GET 4277 - HEAD 4278 - POST 4279 - PUT 4280 - DELETE 4281 - CONNECT 4282 - OPTIONS 4283 - TRACE 4284 - PATCH 4285 type: string 4286 path: 4287 default: 4288 type: PathPrefix 4289 value: / 4290 description: Path specifies a HTTP request path matcher. 4291 If this field is not specified, a default prefix match 4292 on the "/" path is provided. 4293 properties: 4294 type: 4295 default: PathPrefix 4296 description: "Type specifies how to match against 4297 the path Value. \n Support: Core (Exact, PathPrefix) 4298 \n Support: Implementation-specific (RegularExpression)" 4299 enum: 4300 - Exact 4301 - PathPrefix 4302 - RegularExpression 4303 type: string 4304 value: 4305 default: / 4306 description: Value of the HTTP path to match against. 4307 maxLength: 1024 4308 type: string 4309 type: object 4310 x-kubernetes-validations: 4311 - message: value must be an absolute path and start with 4312 '/' when type one of ['Exact', 'PathPrefix'] 4313 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.startsWith(''/'') 4314 : true' 4315 - message: must not contain '//' when type one of ['Exact', 4316 'PathPrefix'] 4317 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''//'') 4318 : true' 4319 - message: must not contain '/./' when type one of ['Exact', 4320 'PathPrefix'] 4321 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/./'') 4322 : true' 4323 - message: must not contain '/../' when type one of ['Exact', 4324 'PathPrefix'] 4325 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''/../'') 4326 : true' 4327 - message: must not contain '%2f' when type one of ['Exact', 4328 'PathPrefix'] 4329 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2f'') 4330 : true' 4331 - message: must not contain '%2F' when type one of ['Exact', 4332 'PathPrefix'] 4333 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''%2F'') 4334 : true' 4335 - message: must not contain '#' when type one of ['Exact', 4336 'PathPrefix'] 4337 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.contains(''#'') 4338 : true' 4339 - message: must not end with '/..' when type one of ['Exact', 4340 'PathPrefix'] 4341 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/..'') 4342 : true' 4343 - message: must not end with '/.' when type one of ['Exact', 4344 'PathPrefix'] 4345 rule: '(self.type in [''Exact'',''PathPrefix'']) ? !self.value.endsWith(''/.'') 4346 : true' 4347 - message: type must be one of ['Exact', 'PathPrefix', 4348 'RegularExpression'] 4349 rule: self.type in ['Exact','PathPrefix'] || self.type 4350 == 'RegularExpression' 4351 - message: must only contain valid characters (matching 4352 ^(?:[-A-Za-z0-9/._~!$&'()*+,;=:@]|[%][0-9a-fA-F]{2})+$) 4353 for types ['Exact', 'PathPrefix'] 4354 rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""") 4355 : true' 4356 queryParams: 4357 description: "QueryParams specifies HTTP query parameter 4358 matchers. Multiple match values are ANDed together, 4359 meaning, a request must match all the specified query 4360 parameters to select the route. \n Support: Extended" 4361 items: 4362 description: HTTPQueryParamMatch describes how to select 4363 a HTTP route by matching HTTP query parameters. 4364 properties: 4365 name: 4366 description: "Name is the name of the HTTP query 4367 param to be matched. This must be an exact string 4368 match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). 4369 \n If multiple entries specify equivalent query 4370 param names, only the first entry with an equivalent 4371 name MUST be considered for a match. Subsequent 4372 entries with an equivalent query param name MUST 4373 be ignored. \n If a query param is repeated in 4374 an HTTP request, the behavior is purposely left 4375 undefined, since different data planes have different 4376 capabilities. However, it is *recommended* that 4377 implementations should match against the first 4378 value of the param if the data plane supports 4379 it, as this behavior is expected in other load 4380 balancing contexts outside of the Gateway API. 4381 \n Users SHOULD NOT route traffic based on repeated 4382 query params to guard themselves against potential 4383 differences in the implementations." 4384 maxLength: 256 4385 minLength: 1 4386 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ 4387 type: string 4388 type: 4389 default: Exact 4390 description: "Type specifies how to match against 4391 the value of the query parameter. \n Support: 4392 Extended (Exact) \n Support: Implementation-specific 4393 (RegularExpression) \n Since RegularExpression 4394 QueryParamMatchType has Implementation-specific 4395 conformance, implementations can support POSIX, 4396 PCRE or any other dialects of regular expressions. 4397 Please read the implementation's documentation 4398 to determine the supported dialect." 4399 enum: 4400 - Exact 4401 - RegularExpression 4402 type: string 4403 value: 4404 description: Value is the value of HTTP query param 4405 to be matched. 4406 maxLength: 1024 4407 minLength: 1 4408 type: string 4409 required: 4410 - name 4411 - value 4412 type: object 4413 maxItems: 16 4414 type: array 4415 x-kubernetes-list-map-keys: 4416 - name 4417 x-kubernetes-list-type: map 4418 type: object 4419 maxItems: 8 4420 type: array 4421 type: object 4422 x-kubernetes-validations: 4423 - message: RequestRedirect filter must not be used together with 4424 backendRefs 4425 rule: '(has(self.backendRefs) && size(self.backendRefs) > 0) ? 4426 (!has(self.filters) || self.filters.all(f, !has(f.requestRedirect))): 4427 true' 4428 - message: When using RequestRedirect filter with path.replacePrefixMatch, 4429 exactly one PathPrefix match must be specified 4430 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.requestRedirect) 4431 && has(f.requestRedirect.path) && f.requestRedirect.path.type 4432 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch))) 4433 ? ((size(self.matches) != 1 || !has(self.matches[0].path) || 4434 self.matches[0].path.type != ''PathPrefix'') ? false : true) 4435 : true' 4436 - message: When using URLRewrite filter with path.replacePrefixMatch, 4437 exactly one PathPrefix match must be specified 4438 rule: '(has(self.filters) && self.filters.exists_one(f, has(f.urlRewrite) 4439 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch'' 4440 && has(f.urlRewrite.path.replacePrefixMatch))) ? ((size(self.matches) 4441 != 1 || !has(self.matches[0].path) || self.matches[0].path.type 4442 != ''PathPrefix'') ? false : true) : true' 4443 - message: Within backendRefs, when using RequestRedirect filter 4444 with path.replacePrefixMatch, exactly one PathPrefix match must 4445 be specified 4446 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b, 4447 (has(b.filters) && b.filters.exists_one(f, has(f.requestRedirect) 4448 && has(f.requestRedirect.path) && f.requestRedirect.path.type 4449 == ''ReplacePrefixMatch'' && has(f.requestRedirect.path.replacePrefixMatch))) 4450 )) ? ((size(self.matches) != 1 || !has(self.matches[0].path) 4451 || self.matches[0].path.type != ''PathPrefix'') ? false : true) 4452 : true' 4453 - message: Within backendRefs, When using URLRewrite filter with 4454 path.replacePrefixMatch, exactly one PathPrefix match must be 4455 specified 4456 rule: '(has(self.backendRefs) && self.backendRefs.exists_one(b, 4457 (has(b.filters) && b.filters.exists_one(f, has(f.urlRewrite) 4458 && has(f.urlRewrite.path) && f.urlRewrite.path.type == ''ReplacePrefixMatch'' 4459 && has(f.urlRewrite.path.replacePrefixMatch))) )) ? ((size(self.matches) 4460 != 1 || !has(self.matches[0].path) || self.matches[0].path.type 4461 != ''PathPrefix'') ? false : true) : true' 4462 maxItems: 16 4463 type: array 4464 type: object 4465 status: 4466 description: Status defines the current state of HTTPRoute. 4467 properties: 4468 parents: 4469 description: "Parents is a list of parent resources (usually Gateways) 4470 that are associated with the route, and the status of the route 4471 with respect to each parent. When this route attaches to a parent, 4472 the controller that manages the parent must add an entry to this 4473 list when the controller first sees the route and should update 4474 the entry as appropriate when the route or gateway is modified. 4475 \n Note that parent references that cannot be resolved by an implementation 4476 of this API will not be added to this list. Implementations of this 4477 API can only populate Route status for the Gateways/parent resources 4478 they are responsible for. \n A maximum of 32 Gateways will be represented 4479 in this list. An empty list means the route has not been attached 4480 to any Gateway." 4481 items: 4482 description: RouteParentStatus describes the status of a route with 4483 respect to an associated Parent. 4484 properties: 4485 conditions: 4486 description: "Conditions describes the status of the route with 4487 respect to the Gateway. Note that the route's availability 4488 is also subject to the Gateway's own status conditions and 4489 listener status. \n If the Route's ParentRef specifies an 4490 existing Gateway that supports Routes of this kind AND that 4491 Gateway's controller has sufficient access, then that Gateway's 4492 controller MUST set the \"Accepted\" condition on the Route, 4493 to indicate whether the route has been accepted or rejected 4494 by the Gateway, and why. \n A Route MUST be considered \"Accepted\" 4495 if at least one of the Route's rules is implemented by the 4496 Gateway. \n There are a number of cases where the \"Accepted\" 4497 condition may not be set due to lack of controller visibility, 4498 that includes when: \n * The Route refers to a non-existent 4499 parent. * The Route is of a type that the controller does 4500 not support. * The Route is in a namespace the controller 4501 does not have access to." 4502 items: 4503 description: "Condition contains details for one aspect of 4504 the current state of this API Resource. --- This struct 4505 is intended for direct use as an array at the field path 4506 .status.conditions. For example, \n type FooStatus struct{ 4507 // Represents the observations of a foo's current state. 4508 // Known .status.conditions.type are: \"Available\", \"Progressing\", 4509 and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge 4510 // +listType=map // +listMapKey=type Conditions []metav1.Condition 4511 `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" 4512 protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields 4513 }" 4514 properties: 4515 lastTransitionTime: 4516 description: lastTransitionTime is the last time the condition 4517 transitioned from one status to another. This should 4518 be when the underlying condition changed. If that is 4519 not known, then using the time when the API field changed 4520 is acceptable. 4521 format: date-time 4522 type: string 4523 message: 4524 description: message is a human readable message indicating 4525 details about the transition. This may be an empty string. 4526 maxLength: 32768 4527 type: string 4528 observedGeneration: 4529 description: observedGeneration represents the .metadata.generation 4530 that the condition was set based upon. For instance, 4531 if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration 4532 is 9, the condition is out of date with respect to the 4533 current state of the instance. 4534 format: int64 4535 minimum: 0 4536 type: integer 4537 reason: 4538 description: reason contains a programmatic identifier 4539 indicating the reason for the condition's last transition. 4540 Producers of specific condition types may define expected 4541 values and meanings for this field, and whether the 4542 values are considered a guaranteed API. The value should 4543 be a CamelCase string. This field may not be empty. 4544 maxLength: 1024 4545 minLength: 1 4546 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ 4547 type: string 4548 status: 4549 description: status of the condition, one of True, False, 4550 Unknown. 4551 enum: 4552 - "True" 4553 - "False" 4554 - Unknown 4555 type: string 4556 type: 4557 description: type of condition in CamelCase or in foo.example.com/CamelCase. 4558 --- Many .condition.type values are consistent across 4559 resources like Available, but because arbitrary conditions 4560 can be useful (see .node.status.conditions), the ability 4561 to deconflict is important. The regex it matches is 4562 (dns1123SubdomainFmt/)?(qualifiedNameFmt) 4563 maxLength: 316 4564 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ 4565 type: string 4566 required: 4567 - lastTransitionTime 4568 - message 4569 - reason 4570 - status 4571 - type 4572 type: object 4573 maxItems: 8 4574 minItems: 1 4575 type: array 4576 x-kubernetes-list-map-keys: 4577 - type 4578 x-kubernetes-list-type: map 4579 controllerName: 4580 description: "ControllerName is a domain/path string that indicates 4581 the name of the controller that wrote this status. This corresponds 4582 with the controllerName field on GatewayClass. \n Example: 4583 \"example.net/gateway-controller\". \n The format of this 4584 field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid 4585 Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). 4586 \n Controllers MUST populate this field when writing status. 4587 Controllers should ensure that entries to status populated 4588 with their ControllerName are cleaned up when they are no 4589 longer necessary." 4590 maxLength: 253 4591 minLength: 1 4592 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ 4593 type: string 4594 parentRef: 4595 description: ParentRef corresponds with a ParentRef in the spec 4596 that this RouteParentStatus struct describes the status of. 4597 properties: 4598 group: 4599 default: gateway.networking.k8s.io 4600 description: "Group is the group of the referent. When unspecified, 4601 \"gateway.networking.k8s.io\" is inferred. To set the 4602 core API group (such as for a \"Service\" kind referent), 4603 Group must be explicitly set to \"\" (empty string). \n 4604 Support: Core" 4605 maxLength: 253 4606 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 4607 type: string 4608 kind: 4609 default: Gateway 4610 description: "Kind is kind of the referent. \n There are 4611 two kinds of parent resources with \"Core\" support: \n 4612 * Gateway (Gateway conformance profile) * Service (Mesh 4613 conformance profile, experimental, ClusterIP Services 4614 only) \n Support for other resources is Implementation-Specific." 4615 maxLength: 63 4616 minLength: 1 4617 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ 4618 type: string 4619 name: 4620 description: "Name is the name of the referent. \n Support: 4621 Core" 4622 maxLength: 253 4623 minLength: 1 4624 type: string 4625 namespace: 4626 description: "Namespace is the namespace of the referent. 4627 When unspecified, this refers to the local namespace of 4628 the Route. \n Note that there are specific rules for ParentRefs 4629 which cross namespace boundaries. Cross-namespace references 4630 are only valid if they are explicitly allowed by something 4631 in the namespace they are referring to. For example: Gateway 4632 has the AllowedRoutes field, and ReferenceGrant provides 4633 a generic way to enable any other kind of cross-namespace 4634 reference. \n \n Support: Core" 4635 maxLength: 63 4636 minLength: 1 4637 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ 4638 type: string 4639 sectionName: 4640 description: "SectionName is the name of a section within 4641 the target resource. In the following resources, SectionName 4642 is interpreted as the following: \n * Gateway: Listener 4643 Name. When both Port (experimental) and SectionName are 4644 specified, the name and port of the selected listener 4645 must match both specified values. * Service: Port Name. 4646 When both Port (experimental) and SectionName are specified, 4647 the name and port of the selected listener must match 4648 both specified values. Note that attaching Routes to Services 4649 as Parents is part of experimental Mesh support and is 4650 not supported for any other purpose. \n Implementations 4651 MAY choose to support attaching Routes to other resources. 4652 If that is the case, they MUST clearly document how SectionName 4653 is interpreted. \n When unspecified (empty string), this 4654 will reference the entire resource. For the purpose of 4655 status, an attachment is considered successful if at least 4656 one section in the parent resource accepts it. For example, 4657 Gateway listeners can restrict which Routes can attach 4658 to them by Route kind, namespace, or hostname. If 1 of 4659 2 Gateway listeners accept attachment from the referencing 4660 Route, the Route MUST be considered successfully attached. 4661 If no Gateway listeners accept attachment from this Route, 4662 the Route MUST be considered detached from the Gateway. 4663 \n Support: Core" 4664 maxLength: 253 4665 minLength: 1 4666 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ 4667 type: string 4668 required: 4669 - name 4670 type: object 4671 required: 4672 - controllerName 4673 - parentRef 4674 type: object 4675 maxItems: 32 4676 type: array 4677 required: 4678 - parents 4679 type: object 4680 required: 4681 - spec 4682 type: object 4683 served: true 4684 storage: true 4685 subresources: 4686 status: {} 4687 status: 4688 acceptedNames: 4689 kind: "" 4690 plural: "" 4691 conditions: null 4692 storedVersions: null