From 920e3028695b88960ba6432cdc9975705bf90488 Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Tue, 12 Jul 2022 13:08:34 -0600 Subject: [PATCH] Update Gateway API to v0.5.0-rc2 (#4613) Signed-off-by: Steve Kriss --- Makefile | 2 - examples/gateway/00-crds.yaml | 697 +++++++++++------- .../render/contour-gateway-provisioner.yaml | 697 +++++++++++------- examples/render/contour-gateway.yaml | 697 +++++++++++------- go.mod | 2 +- go.sum | 4 +- 6 files changed, 1260 insertions(+), 839 deletions(-) diff --git a/Makefile b/Makefile index 29eb79a3ebf..326984cb7b0 100644 --- a/Makefile +++ b/Makefile @@ -236,8 +236,6 @@ generate-crd-yaml: generate-gateway-yaml: @echo "Generating Gateway API CRD YAML documents..." @kubectl kustomize -o examples/gateway/00-crds.yaml "github.com/kubernetes-sigs/gateway-api/config/crd/experimental?ref=${GATEWAY_API_VERSION}" - @echo "---" >> examples/gateway/00-crds.yaml - @curl -s https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/${GATEWAY_API_VERSION}/config/crd/experimental/gateway.networking.k8s.io_referencepolicies.yaml >> examples/gateway/00-crds.yaml @echo "Generating Gateway API webhook documents..." @curl -s -o examples/gateway/01-admission_webhook.yaml https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/${GATEWAY_API_VERSION}/config/webhook/admission_webhook.yaml @curl -s -o examples/gateway/02-certificate_config.yaml https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/${GATEWAY_API_VERSION}/config/webhook/certificate_config.yaml diff --git a/examples/gateway/00-crds.yaml b/examples/gateway/00-crds.yaml index dc7ce627541..d3e1d557817 100644 --- a/examples/gateway/00-crds.yaml +++ b/examples/gateway/00-crds.yaml @@ -3,7 +3,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gatewayclasses.gateway.networking.k8s.io @@ -434,7 +434,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gateways.gateway.networking.k8s.io @@ -511,7 +511,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -808,11 +808,12 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. - \n Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to - allow that namespace's owner to accept the reference. - See the ReferenceGrant documentation for details. - \n Support: Core" + \n Note that when a different namespace is specified, + a ReferenceGrant object with ReferenceGrantTo.Kind=Secret + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. \n Support: + Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -899,7 +900,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -1205,7 +1206,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -1593,7 +1594,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -1851,7 +1852,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: httproutes.gateway.networking.k8s.io @@ -1979,7 +1980,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -2066,21 +2067,22 @@ spec: properties: backendRefs: description: "BackendRefs defines the backend(s) where matching - requests should be sent. \n A 500 status code MUST be returned - if there are no BackendRefs or filters specified that would - result in a response being sent. \n A BackendRef is considered - invalid when it refers to: \n * an unknown or unsupported - kind of resource * a resource that does not exist * a resource - in another namespace when the reference has not been explicitly - allowed by a ReferenceGrant (or equivalent concept). \n When - a BackendRef is invalid, 500 status codes MUST be returned - for requests that would have otherwise been routed to an invalid - backend. If multiple backends are specified, and some are - invalid, the proportion of requests that would otherwise have - been routed to an invalid backend MUST receive a 500 status - code. \n When a BackendRef refers to a Service that has no - ready endpoints, it is recommended to return a 503 status - code. \n Support: Core for Kubernetes Service Support: Custom + requests should be sent. \n Failure behavior here depends + on how many BackendRefs are specified and how many are invalid. + \n If *all* entries in BackendRefs are invalid, and there + are also no filters specified in this route rule, *all* traffic + which matches this rule MUST receive a 500 status code. \n + See the HTTPBackendRef definition for the rules about what + makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef + is invalid, 500 status codes MUST be returned for requests + that would have otherwise been routed to an invalid backend. + If multiple backends are specified, and some are invalid, + the proportion of requests that would otherwise have been + routed to an invalid backend MUST receive a 500 status code. + \n For example, if two backends are specified with equal weights, + and one is invalid, 50 percent of traffic must receive a 500. + Implementations may choose how that 50 percent is determined. + \n Support: Core for Kubernetes Service \n Support: Custom for any other resource \n Support for weight: Core" items: description: HTTPBackendRef defines how a HTTPRoute should @@ -2268,7 +2270,7 @@ spec: Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service - Support: Custom for any other resource" + \n Support: Custom for any other resource" properties: group: default: "" @@ -2297,8 +2299,9 @@ spec: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that - when a namespace is specified, a ReferenceGrant - object is required in the referent namespace + when a different namespace is specified, + a ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: @@ -2374,7 +2377,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -2395,7 +2405,13 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request - is used. \n Support: Extended" + is used. \n Support: Extended \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result + in the implementation setting the Attached + Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -2403,7 +2419,13 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status - code to be used in response. \n Support: Core" + code to be used in response. \n Support: Core + \n Note that values may be added to this enum, + implementations must ensure that unknown values + will not cause a crash. \n Unknown values + here must result in the implementation setting + the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -2434,7 +2456,13 @@ spec: \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that - filter MUST receive a HTTP error response. \n " + filter MUST receive a HTTP error response. \n + Note that values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result in + the implementation setting the Attached Condition + for the Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -2445,7 +2473,7 @@ spec: urlRewrite: description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. - Support: Extended \n " + \n Support: Extended \n " properties: hostname: description: "Hostname is the value to be used @@ -2487,7 +2515,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -2526,11 +2561,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -2752,7 +2787,7 @@ spec: In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes - Service Support: Custom for any other resource" + Service \n Support: Custom for any other resource" properties: group: default: "" @@ -2779,11 +2814,12 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace - is inferred. \n Note that when a namespace is - specified, a ReferenceGrant object is required - in the referent namespace to allow that namespace's - owner to accept the reference. See the ReferenceGrant - documentation for details. \n Support: Core" + is inferred. \n Note that when a different namespace + is specified, a ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow + that namespace's owner to accept the reference. + See the ReferenceGrant documentation for details. + \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -2850,7 +2886,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -2871,7 +2913,12 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n - Support: Extended" + Support: Extended \n Note that values may be added + to this enum, implementations must ensure that unknown + values will not cause a crash. \n Unknown values + here must result in the implementation setting the + Attached Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -2879,7 +2926,12 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status code to - be used in response. \n Support: Core" + be used in response. \n Support: Core \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause a + crash. \n Unknown values here must result in the + implementation setting the Attached Condition for + the Route to `status: False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -2908,7 +2960,12 @@ spec: behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by - that filter MUST receive a HTTP error response. \n " + that filter MUST receive a HTTP error response. \n Note + that values may be added to this enum, implementations + must ensure that unknown values will not cause a crash. + \n Unknown values here must result in the implementation + setting the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -2918,7 +2975,7 @@ spec: type: string urlRewrite: description: "URLRewrite defines a schema for a filter - that modifies a request during forwarding. Support: + that modifies a request during forwarding. \n Support: Extended \n " properties: hostname: @@ -2958,7 +3015,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -2993,7 +3056,7 @@ spec: every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be - given to the the Rule with the largest number of: \n * Characters + given to the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple @@ -3123,9 +3186,14 @@ spec: a HTTP route by matching HTTP query parameters. properties: name: - description: Name is the name of the HTTP query + description: "Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). + \n If multiple entries specify equivalent query + param names, only the first entry with an equivalent + name MUST be considered for a match. Subsequent + entries with an equivalent query param name MUST + be ignored." maxLength: 256 minLength: 1 type: string @@ -3200,7 +3268,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -3308,7 +3376,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -3511,7 +3579,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -3598,21 +3666,22 @@ spec: properties: backendRefs: description: "BackendRefs defines the backend(s) where matching - requests should be sent. \n A 500 status code MUST be returned - if there are no BackendRefs or filters specified that would - result in a response being sent. \n A BackendRef is considered - invalid when it refers to: \n * an unknown or unsupported - kind of resource * a resource that does not exist * a resource - in another namespace when the reference has not been explicitly - allowed by a ReferenceGrant (or equivalent concept). \n When - a BackendRef is invalid, 500 status codes MUST be returned - for requests that would have otherwise been routed to an invalid - backend. If multiple backends are specified, and some are - invalid, the proportion of requests that would otherwise have - been routed to an invalid backend MUST receive a 500 status - code. \n When a BackendRef refers to a Service that has no - ready endpoints, it is recommended to return a 503 status - code. \n Support: Core for Kubernetes Service Support: Custom + requests should be sent. \n Failure behavior here depends + on how many BackendRefs are specified and how many are invalid. + \n If *all* entries in BackendRefs are invalid, and there + are also no filters specified in this route rule, *all* traffic + which matches this rule MUST receive a 500 status code. \n + See the HTTPBackendRef definition for the rules about what + makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef + is invalid, 500 status codes MUST be returned for requests + that would have otherwise been routed to an invalid backend. + If multiple backends are specified, and some are invalid, + the proportion of requests that would otherwise have been + routed to an invalid backend MUST receive a 500 status code. + \n For example, if two backends are specified with equal weights, + and one is invalid, 50 percent of traffic must receive a 500. + Implementations may choose how that 50 percent is determined. + \n Support: Core for Kubernetes Service \n Support: Custom for any other resource \n Support for weight: Core" items: description: HTTPBackendRef defines how a HTTPRoute should @@ -3800,7 +3869,7 @@ spec: Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service - Support: Custom for any other resource" + \n Support: Custom for any other resource" properties: group: default: "" @@ -3906,7 +3975,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -3927,7 +4003,13 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request - is used. \n Support: Extended" + is used. \n Support: Extended \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result + in the implementation setting the Attached + Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -3935,7 +4017,13 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status - code to be used in response. \n Support: Core" + code to be used in response. \n Support: Core + \n Note that values may be added to this enum, + implementations must ensure that unknown values + will not cause a crash. \n Unknown values + here must result in the implementation setting + the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -3966,7 +4054,13 @@ spec: \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that - filter MUST receive a HTTP error response. \n " + filter MUST receive a HTTP error response. \n + Note that values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result in + the implementation setting the Attached Condition + for the Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -3977,7 +4071,7 @@ spec: urlRewrite: description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. - Support: Extended \n " + \n Support: Extended \n " properties: hostname: description: "Hostname is the value to be used @@ -4019,7 +4113,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -4284,7 +4385,7 @@ spec: In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes - Service Support: Custom for any other resource" + Service \n Support: Custom for any other resource" properties: group: default: "" @@ -4382,7 +4483,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -4403,7 +4510,12 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n - Support: Extended" + Support: Extended \n Note that values may be added + to this enum, implementations must ensure that unknown + values will not cause a crash. \n Unknown values + here must result in the implementation setting the + Attached Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -4411,7 +4523,12 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status code to - be used in response. \n Support: Core" + be used in response. \n Support: Core \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause a + crash. \n Unknown values here must result in the + implementation setting the Attached Condition for + the Route to `status: False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -4440,7 +4557,12 @@ spec: behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by - that filter MUST receive a HTTP error response. \n " + that filter MUST receive a HTTP error response. \n Note + that values may be added to this enum, implementations + must ensure that unknown values will not cause a crash. + \n Unknown values here must result in the implementation + setting the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -4450,7 +4572,7 @@ spec: type: string urlRewrite: description: "URLRewrite defines a schema for a filter - that modifies a request during forwarding. Support: + that modifies a request during forwarding. \n Support: Extended \n " properties: hostname: @@ -4490,7 +4612,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -4525,7 +4653,7 @@ spec: every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be - given to the the Rule with the largest number of: \n * Characters + given to the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple @@ -4655,9 +4783,14 @@ spec: a HTTP route by matching HTTP query parameters. properties: name: - description: Name is the name of the HTTP query + description: "Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). + \n If multiple entries specify equivalent query + param names, only the first entry with an equivalent + name MUST be considered for a match. Subsequent + entries with an equivalent query param name MUST + be ignored." maxLength: 256 minLength: 1 type: string @@ -4732,7 +4865,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -4840,7 +4973,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -4942,7 +5075,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: referencegrants.gateway.networking.k8s.io @@ -5008,9 +5141,166 @@ spec: type: string kind: description: "Kind is the kind of the referent. Although implementations - may support additional resources, the following Route types - are part of the \"Core\" support level for this field: \n - * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" + may support additional resources, the following types are + part of the \"Core\" support level for this field. \n When + used to permit a SecretObjectReference: \n * Gateway \n When + used to permit a BackendObjectReference: \n * HTTPRoute * + TCPRoute * TLSRoute * UDPRoute" + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + namespace: + description: "Namespace is the namespace of the referent. \n + Support: Core" + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - group + - kind + - namespace + type: object + maxItems: 16 + minItems: 1 + type: array + to: + description: "To describes the resources that may be referenced by + the resources described in \"From\". Each entry in this list must + be considered to be an additional place that references can be valid + to, or to put this another way, entries must be combined using OR. + \n Support: Core" + items: + description: ReferenceGrantTo describes what Kinds are allowed as + targets of the references. + properties: + group: + description: "Group is the group of the referent. When empty, + the Kubernetes core API group is inferred. \n Support: Core" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: "Kind is the kind of the referent. Although implementations + may support additional resources, the following types are + part of the \"Core\" support level for this field: \n * Secret + when used to permit a SecretObjectReference * Service when + used to permit a BackendObjectReference" + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. When unspecified, + this policy refers to all resources of the specified Group + and Kind in the local namespace. + maxLength: 253 + minLength: 1 + type: string + required: + - group + - kind + type: object + maxItems: 16 + minItems: 1 + type: array + required: + - from + - to + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null + name: referencepolicies.gateway.networking.k8s.io +spec: + group: gateway.networking.k8s.io + names: + categories: + - gateway-api + kind: ReferencePolicy + listKind: ReferencePolicyList + plural: referencepolicies + shortNames: + - refpol + singular: referencepolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: ReferencePolicy has been renamed to ReferenceGrant. ReferencePolicy + will be removed in v0.6.0 in favor of the identical ReferenceGrant resource. + name: v1alpha2 + schema: + openAPIV3Schema: + description: "ReferencePolicy identifies kinds of resources in other namespaces + that are trusted to reference the specified kinds of resources in the same + namespace as the policy. \n Note: This resource has been renamed to ReferenceGrant. + ReferencePolicy will be removed in v0.6.0 in favor of the identical ReferenceGrant + resource. \n Each ReferencePolicy can be used to represent a unique trust + relationship. Additional Reference Policies can be used to add to the set + of trusted sources of inbound references for the namespace they are defined + within. \n All cross-namespace references in Gateway API (with the exception + of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n + Support: Core" + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of ReferencePolicy. + properties: + from: + description: "From describes the trusted namespaces and kinds that + can reference the resources described in \"To\". Each entry in this + list must be considered to be an additional place that references + can be valid from, or to put this another way, entries must be combined + using OR. \n Support: Core" + items: + description: ReferenceGrantFrom describes trusted namespaces and + kinds. + properties: + group: + description: "Group is the group of the referent. When empty, + the Kubernetes core API group is inferred. \n Support: Core" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: "Kind is the kind of the referent. Although implementations + may support additional resources, the following types are + part of the \"Core\" support level for this field. \n When + used to permit a SecretObjectReference: \n * Gateway \n When + used to permit a BackendObjectReference: \n * HTTPRoute * + TCPRoute * TLSRoute * UDPRoute" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -5049,7 +5339,9 @@ spec: kind: description: "Kind is the kind of the referent. Although implementations may support additional resources, the following types are - part of the \"Core\" support level for this field: \n * Service" + part of the \"Core\" support level for this field: \n * Secret + when used to permit a SecretObjectReference * Service when + used to permit a BackendObjectReference" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -5088,7 +5380,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tcproutes.gateway.networking.k8s.io @@ -5164,7 +5456,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -5250,8 +5542,8 @@ spec: attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. - \n Support: Core for Kubernetes Service Support: Custom for - any other resource \n Support for weight: Extended" + \n Support: Core for Kubernetes Service \n Support: Custom + for any other resource \n Support for weight: Extended" items: description: "BackendRef defines how a Route should forward a request to a Kubernetes resource. \n Note that when a @@ -5285,11 +5577,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -5371,7 +5663,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -5479,7 +5771,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -5581,7 +5873,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tlsroutes.gateway.networking.k8s.io @@ -5703,7 +5995,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -5792,7 +6084,7 @@ spec: code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes - Service Support: Custom for any other resource \n Support + Service \n Support: Custom for any other resource \n Support for weight: Extended" items: description: "BackendRef defines how a Route should forward @@ -5827,11 +6119,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -5913,7 +6205,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -6021,7 +6313,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -6123,7 +6415,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: udproutes.gateway.networking.k8s.io @@ -6199,7 +6491,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -6320,11 +6612,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -6406,7 +6698,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -6514,7 +6806,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -6610,154 +6902,3 @@ status: plural: "" conditions: [] storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null - name: referencepolicies.gateway.networking.k8s.io -spec: - group: gateway.networking.k8s.io - names: - categories: - - gateway-api - kind: ReferencePolicy - listKind: ReferencePolicyList - plural: referencepolicies - shortNames: - - refpol - singular: referencepolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: ReferencePolicy has been renamed to ReferenceGrant. ReferencePolicy - will be removed in v0.6.0 in favor of the identical ReferenceGrant resource. - name: v1alpha2 - schema: - openAPIV3Schema: - description: "ReferencePolicy identifies kinds of resources in other namespaces - that are trusted to reference the specified kinds of resources in the same - namespace as the policy. \n Note: This resource has been renamed to ReferenceGrant. - ReferencePolicy will be removed in v0.6.0 in favor of the identical ReferenceGrant - resource. \n Each ReferencePolicy can be used to represent a unique trust - relationship. Additional Reference Policies can be used to add to the set - of trusted sources of inbound references for the namespace they are defined - within. \n All cross-namespace references in Gateway API (with the exception - of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n - Support: Core" - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired state of ReferencePolicy. - properties: - from: - description: "From describes the trusted namespaces and kinds that - can reference the resources described in \"To\". Each entry in this - list must be considered to be an additional place that references - can be valid from, or to put this another way, entries must be combined - using OR. \n Support: Core" - items: - description: ReferenceGrantFrom describes trusted namespaces and - kinds. - properties: - group: - description: "Group is the group of the referent. When empty, - the Kubernetes core API group is inferred. \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - description: "Kind is the kind of the referent. Although implementations - may support additional resources, the following Route types - are part of the \"Core\" support level for this field: \n - * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - namespace: - description: "Namespace is the namespace of the referent. \n - Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - group - - kind - - namespace - type: object - maxItems: 16 - minItems: 1 - type: array - to: - description: "To describes the resources that may be referenced by - the resources described in \"From\". Each entry in this list must - be considered to be an additional place that references can be valid - to, or to put this another way, entries must be combined using OR. - \n Support: Core" - items: - description: ReferenceGrantTo describes what Kinds are allowed as - targets of the references. - properties: - group: - description: "Group is the group of the referent. When empty, - the Kubernetes core API group is inferred. \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - description: "Kind is the kind of the referent. Although implementations - may support additional resources, the following types are - part of the \"Core\" support level for this field: \n * Service" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: Name is the name of the referent. When unspecified, - this policy refers to all resources of the specified Group - and Kind in the local namespace. - maxLength: 253 - minLength: 1 - type: string - required: - - group - - kind - type: object - maxItems: 16 - minItems: 1 - type: array - required: - - from - - to - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml index 1ac180b71de..caf61eec447 100644 --- a/examples/render/contour-gateway-provisioner.yaml +++ b/examples/render/contour-gateway-provisioner.yaml @@ -4550,7 +4550,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gatewayclasses.gateway.networking.k8s.io @@ -4981,7 +4981,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gateways.gateway.networking.k8s.io @@ -5058,7 +5058,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -5355,11 +5355,12 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. - \n Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to - allow that namespace's owner to accept the reference. - See the ReferenceGrant documentation for details. - \n Support: Core" + \n Note that when a different namespace is specified, + a ReferenceGrant object with ReferenceGrantTo.Kind=Secret + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. \n Support: + Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -5446,7 +5447,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -5752,7 +5753,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -6140,7 +6141,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -6398,7 +6399,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: httproutes.gateway.networking.k8s.io @@ -6526,7 +6527,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -6613,21 +6614,22 @@ spec: properties: backendRefs: description: "BackendRefs defines the backend(s) where matching - requests should be sent. \n A 500 status code MUST be returned - if there are no BackendRefs or filters specified that would - result in a response being sent. \n A BackendRef is considered - invalid when it refers to: \n * an unknown or unsupported - kind of resource * a resource that does not exist * a resource - in another namespace when the reference has not been explicitly - allowed by a ReferenceGrant (or equivalent concept). \n When - a BackendRef is invalid, 500 status codes MUST be returned - for requests that would have otherwise been routed to an invalid - backend. If multiple backends are specified, and some are - invalid, the proportion of requests that would otherwise have - been routed to an invalid backend MUST receive a 500 status - code. \n When a BackendRef refers to a Service that has no - ready endpoints, it is recommended to return a 503 status - code. \n Support: Core for Kubernetes Service Support: Custom + requests should be sent. \n Failure behavior here depends + on how many BackendRefs are specified and how many are invalid. + \n If *all* entries in BackendRefs are invalid, and there + are also no filters specified in this route rule, *all* traffic + which matches this rule MUST receive a 500 status code. \n + See the HTTPBackendRef definition for the rules about what + makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef + is invalid, 500 status codes MUST be returned for requests + that would have otherwise been routed to an invalid backend. + If multiple backends are specified, and some are invalid, + the proportion of requests that would otherwise have been + routed to an invalid backend MUST receive a 500 status code. + \n For example, if two backends are specified with equal weights, + and one is invalid, 50 percent of traffic must receive a 500. + Implementations may choose how that 50 percent is determined. + \n Support: Core for Kubernetes Service \n Support: Custom for any other resource \n Support for weight: Core" items: description: HTTPBackendRef defines how a HTTPRoute should @@ -6815,7 +6817,7 @@ spec: Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service - Support: Custom for any other resource" + \n Support: Custom for any other resource" properties: group: default: "" @@ -6844,8 +6846,9 @@ spec: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that - when a namespace is specified, a ReferenceGrant - object is required in the referent namespace + when a different namespace is specified, + a ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: @@ -6921,7 +6924,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -6942,7 +6952,13 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request - is used. \n Support: Extended" + is used. \n Support: Extended \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result + in the implementation setting the Attached + Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -6950,7 +6966,13 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status - code to be used in response. \n Support: Core" + code to be used in response. \n Support: Core + \n Note that values may be added to this enum, + implementations must ensure that unknown values + will not cause a crash. \n Unknown values + here must result in the implementation setting + the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -6981,7 +7003,13 @@ spec: \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that - filter MUST receive a HTTP error response. \n " + filter MUST receive a HTTP error response. \n + Note that values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result in + the implementation setting the Attached Condition + for the Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -6992,7 +7020,7 @@ spec: urlRewrite: description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. - Support: Extended \n " + \n Support: Extended \n " properties: hostname: description: "Hostname is the value to be used @@ -7034,7 +7062,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -7073,11 +7108,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -7299,7 +7334,7 @@ spec: In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes - Service Support: Custom for any other resource" + Service \n Support: Custom for any other resource" properties: group: default: "" @@ -7326,11 +7361,12 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace - is inferred. \n Note that when a namespace is - specified, a ReferenceGrant object is required - in the referent namespace to allow that namespace's - owner to accept the reference. See the ReferenceGrant - documentation for details. \n Support: Core" + is inferred. \n Note that when a different namespace + is specified, a ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow + that namespace's owner to accept the reference. + See the ReferenceGrant documentation for details. + \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -7397,7 +7433,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -7418,7 +7460,12 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n - Support: Extended" + Support: Extended \n Note that values may be added + to this enum, implementations must ensure that unknown + values will not cause a crash. \n Unknown values + here must result in the implementation setting the + Attached Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -7426,7 +7473,12 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status code to - be used in response. \n Support: Core" + be used in response. \n Support: Core \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause a + crash. \n Unknown values here must result in the + implementation setting the Attached Condition for + the Route to `status: False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -7455,7 +7507,12 @@ spec: behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by - that filter MUST receive a HTTP error response. \n " + that filter MUST receive a HTTP error response. \n Note + that values may be added to this enum, implementations + must ensure that unknown values will not cause a crash. + \n Unknown values here must result in the implementation + setting the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -7465,7 +7522,7 @@ spec: type: string urlRewrite: description: "URLRewrite defines a schema for a filter - that modifies a request during forwarding. Support: + that modifies a request during forwarding. \n Support: Extended \n " properties: hostname: @@ -7505,7 +7562,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -7540,7 +7603,7 @@ spec: every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be - given to the the Rule with the largest number of: \n * Characters + given to the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple @@ -7670,9 +7733,14 @@ spec: a HTTP route by matching HTTP query parameters. properties: name: - description: Name is the name of the HTTP query + description: "Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). + \n If multiple entries specify equivalent query + param names, only the first entry with an equivalent + name MUST be considered for a match. Subsequent + entries with an equivalent query param name MUST + be ignored." maxLength: 256 minLength: 1 type: string @@ -7747,7 +7815,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -7855,7 +7923,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -8058,7 +8126,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -8145,21 +8213,22 @@ spec: properties: backendRefs: description: "BackendRefs defines the backend(s) where matching - requests should be sent. \n A 500 status code MUST be returned - if there are no BackendRefs or filters specified that would - result in a response being sent. \n A BackendRef is considered - invalid when it refers to: \n * an unknown or unsupported - kind of resource * a resource that does not exist * a resource - in another namespace when the reference has not been explicitly - allowed by a ReferenceGrant (or equivalent concept). \n When - a BackendRef is invalid, 500 status codes MUST be returned - for requests that would have otherwise been routed to an invalid - backend. If multiple backends are specified, and some are - invalid, the proportion of requests that would otherwise have - been routed to an invalid backend MUST receive a 500 status - code. \n When a BackendRef refers to a Service that has no - ready endpoints, it is recommended to return a 503 status - code. \n Support: Core for Kubernetes Service Support: Custom + requests should be sent. \n Failure behavior here depends + on how many BackendRefs are specified and how many are invalid. + \n If *all* entries in BackendRefs are invalid, and there + are also no filters specified in this route rule, *all* traffic + which matches this rule MUST receive a 500 status code. \n + See the HTTPBackendRef definition for the rules about what + makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef + is invalid, 500 status codes MUST be returned for requests + that would have otherwise been routed to an invalid backend. + If multiple backends are specified, and some are invalid, + the proportion of requests that would otherwise have been + routed to an invalid backend MUST receive a 500 status code. + \n For example, if two backends are specified with equal weights, + and one is invalid, 50 percent of traffic must receive a 500. + Implementations may choose how that 50 percent is determined. + \n Support: Core for Kubernetes Service \n Support: Custom for any other resource \n Support for weight: Core" items: description: HTTPBackendRef defines how a HTTPRoute should @@ -8347,7 +8416,7 @@ spec: Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service - Support: Custom for any other resource" + \n Support: Custom for any other resource" properties: group: default: "" @@ -8453,7 +8522,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -8474,7 +8550,13 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request - is used. \n Support: Extended" + is used. \n Support: Extended \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result + in the implementation setting the Attached + Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -8482,7 +8564,13 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status - code to be used in response. \n Support: Core" + code to be used in response. \n Support: Core + \n Note that values may be added to this enum, + implementations must ensure that unknown values + will not cause a crash. \n Unknown values + here must result in the implementation setting + the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -8513,7 +8601,13 @@ spec: \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that - filter MUST receive a HTTP error response. \n " + filter MUST receive a HTTP error response. \n + Note that values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result in + the implementation setting the Attached Condition + for the Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -8524,7 +8618,7 @@ spec: urlRewrite: description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. - Support: Extended \n " + \n Support: Extended \n " properties: hostname: description: "Hostname is the value to be used @@ -8566,7 +8660,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -8831,7 +8932,7 @@ spec: In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes - Service Support: Custom for any other resource" + Service \n Support: Custom for any other resource" properties: group: default: "" @@ -8929,7 +9030,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -8950,7 +9057,12 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n - Support: Extended" + Support: Extended \n Note that values may be added + to this enum, implementations must ensure that unknown + values will not cause a crash. \n Unknown values + here must result in the implementation setting the + Attached Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -8958,7 +9070,12 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status code to - be used in response. \n Support: Core" + be used in response. \n Support: Core \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause a + crash. \n Unknown values here must result in the + implementation setting the Attached Condition for + the Route to `status: False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -8987,7 +9104,12 @@ spec: behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by - that filter MUST receive a HTTP error response. \n " + that filter MUST receive a HTTP error response. \n Note + that values may be added to this enum, implementations + must ensure that unknown values will not cause a crash. + \n Unknown values here must result in the implementation + setting the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -8997,7 +9119,7 @@ spec: type: string urlRewrite: description: "URLRewrite defines a schema for a filter - that modifies a request during forwarding. Support: + that modifies a request during forwarding. \n Support: Extended \n " properties: hostname: @@ -9037,7 +9159,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -9072,7 +9200,7 @@ spec: every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be - given to the the Rule with the largest number of: \n * Characters + given to the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple @@ -9202,9 +9330,14 @@ spec: a HTTP route by matching HTTP query parameters. properties: name: - description: Name is the name of the HTTP query + description: "Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). + \n If multiple entries specify equivalent query + param names, only the first entry with an equivalent + name MUST be considered for a match. Subsequent + entries with an equivalent query param name MUST + be ignored." maxLength: 256 minLength: 1 type: string @@ -9279,7 +9412,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -9387,7 +9520,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -9489,7 +9622,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: referencegrants.gateway.networking.k8s.io @@ -9555,9 +9688,166 @@ spec: type: string kind: description: "Kind is the kind of the referent. Although implementations - may support additional resources, the following Route types - are part of the \"Core\" support level for this field: \n - * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" + may support additional resources, the following types are + part of the \"Core\" support level for this field. \n When + used to permit a SecretObjectReference: \n * Gateway \n When + used to permit a BackendObjectReference: \n * HTTPRoute * + TCPRoute * TLSRoute * UDPRoute" + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + namespace: + description: "Namespace is the namespace of the referent. \n + Support: Core" + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - group + - kind + - namespace + type: object + maxItems: 16 + minItems: 1 + type: array + to: + description: "To describes the resources that may be referenced by + the resources described in \"From\". Each entry in this list must + be considered to be an additional place that references can be valid + to, or to put this another way, entries must be combined using OR. + \n Support: Core" + items: + description: ReferenceGrantTo describes what Kinds are allowed as + targets of the references. + properties: + group: + description: "Group is the group of the referent. When empty, + the Kubernetes core API group is inferred. \n Support: Core" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: "Kind is the kind of the referent. Although implementations + may support additional resources, the following types are + part of the \"Core\" support level for this field: \n * Secret + when used to permit a SecretObjectReference * Service when + used to permit a BackendObjectReference" + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. When unspecified, + this policy refers to all resources of the specified Group + and Kind in the local namespace. + maxLength: 253 + minLength: 1 + type: string + required: + - group + - kind + type: object + maxItems: 16 + minItems: 1 + type: array + required: + - from + - to + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null + name: referencepolicies.gateway.networking.k8s.io +spec: + group: gateway.networking.k8s.io + names: + categories: + - gateway-api + kind: ReferencePolicy + listKind: ReferencePolicyList + plural: referencepolicies + shortNames: + - refpol + singular: referencepolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: ReferencePolicy has been renamed to ReferenceGrant. ReferencePolicy + will be removed in v0.6.0 in favor of the identical ReferenceGrant resource. + name: v1alpha2 + schema: + openAPIV3Schema: + description: "ReferencePolicy identifies kinds of resources in other namespaces + that are trusted to reference the specified kinds of resources in the same + namespace as the policy. \n Note: This resource has been renamed to ReferenceGrant. + ReferencePolicy will be removed in v0.6.0 in favor of the identical ReferenceGrant + resource. \n Each ReferencePolicy can be used to represent a unique trust + relationship. Additional Reference Policies can be used to add to the set + of trusted sources of inbound references for the namespace they are defined + within. \n All cross-namespace references in Gateway API (with the exception + of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n + Support: Core" + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of ReferencePolicy. + properties: + from: + description: "From describes the trusted namespaces and kinds that + can reference the resources described in \"To\". Each entry in this + list must be considered to be an additional place that references + can be valid from, or to put this another way, entries must be combined + using OR. \n Support: Core" + items: + description: ReferenceGrantFrom describes trusted namespaces and + kinds. + properties: + group: + description: "Group is the group of the referent. When empty, + the Kubernetes core API group is inferred. \n Support: Core" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: "Kind is the kind of the referent. Although implementations + may support additional resources, the following types are + part of the \"Core\" support level for this field. \n When + used to permit a SecretObjectReference: \n * Gateway \n When + used to permit a BackendObjectReference: \n * HTTPRoute * + TCPRoute * TLSRoute * UDPRoute" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -9596,7 +9886,9 @@ spec: kind: description: "Kind is the kind of the referent. Although implementations may support additional resources, the following types are - part of the \"Core\" support level for this field: \n * Service" + part of the \"Core\" support level for this field: \n * Secret + when used to permit a SecretObjectReference * Service when + used to permit a BackendObjectReference" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -9635,7 +9927,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tcproutes.gateway.networking.k8s.io @@ -9711,7 +10003,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -9797,8 +10089,8 @@ spec: attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. - \n Support: Core for Kubernetes Service Support: Custom for - any other resource \n Support for weight: Extended" + \n Support: Core for Kubernetes Service \n Support: Custom + for any other resource \n Support for weight: Extended" items: description: "BackendRef defines how a Route should forward a request to a Kubernetes resource. \n Note that when a @@ -9832,11 +10124,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -9918,7 +10210,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -10026,7 +10318,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -10128,7 +10420,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tlsroutes.gateway.networking.k8s.io @@ -10250,7 +10542,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -10339,7 +10631,7 @@ spec: code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes - Service Support: Custom for any other resource \n Support + Service \n Support: Custom for any other resource \n Support for weight: Extended" items: description: "BackendRef defines how a Route should forward @@ -10374,11 +10666,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -10460,7 +10752,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -10568,7 +10860,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -10670,7 +10962,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: udproutes.gateway.networking.k8s.io @@ -10746,7 +11038,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -10867,11 +11159,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -10953,7 +11245,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -11061,7 +11353,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -11157,157 +11449,6 @@ status: plural: "" conditions: [] storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null - name: referencepolicies.gateway.networking.k8s.io -spec: - group: gateway.networking.k8s.io - names: - categories: - - gateway-api - kind: ReferencePolicy - listKind: ReferencePolicyList - plural: referencepolicies - shortNames: - - refpol - singular: referencepolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: ReferencePolicy has been renamed to ReferenceGrant. ReferencePolicy - will be removed in v0.6.0 in favor of the identical ReferenceGrant resource. - name: v1alpha2 - schema: - openAPIV3Schema: - description: "ReferencePolicy identifies kinds of resources in other namespaces - that are trusted to reference the specified kinds of resources in the same - namespace as the policy. \n Note: This resource has been renamed to ReferenceGrant. - ReferencePolicy will be removed in v0.6.0 in favor of the identical ReferenceGrant - resource. \n Each ReferencePolicy can be used to represent a unique trust - relationship. Additional Reference Policies can be used to add to the set - of trusted sources of inbound references for the namespace they are defined - within. \n All cross-namespace references in Gateway API (with the exception - of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n - Support: Core" - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired state of ReferencePolicy. - properties: - from: - description: "From describes the trusted namespaces and kinds that - can reference the resources described in \"To\". Each entry in this - list must be considered to be an additional place that references - can be valid from, or to put this another way, entries must be combined - using OR. \n Support: Core" - items: - description: ReferenceGrantFrom describes trusted namespaces and - kinds. - properties: - group: - description: "Group is the group of the referent. When empty, - the Kubernetes core API group is inferred. \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - description: "Kind is the kind of the referent. Although implementations - may support additional resources, the following Route types - are part of the \"Core\" support level for this field: \n - * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - namespace: - description: "Namespace is the namespace of the referent. \n - Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - group - - kind - - namespace - type: object - maxItems: 16 - minItems: 1 - type: array - to: - description: "To describes the resources that may be referenced by - the resources described in \"From\". Each entry in this list must - be considered to be an additional place that references can be valid - to, or to put this another way, entries must be combined using OR. - \n Support: Core" - items: - description: ReferenceGrantTo describes what Kinds are allowed as - targets of the references. - properties: - group: - description: "Group is the group of the referent. When empty, - the Kubernetes core API group is inferred. \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - description: "Kind is the kind of the referent. Although implementations - may support additional resources, the following types are - part of the \"Core\" support level for this field: \n * Service" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: Name is the name of the referent. When unspecified, - this policy refers to all resources of the specified Group - and Kind in the local namespace. - maxLength: 253 - minLength: 1 - type: string - required: - - group - - kind - type: object - maxItems: 16 - minItems: 1 - type: array - required: - - from - - to - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: v1 diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index 9cac59f4747..3fdca661bf2 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -5256,7 +5256,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gatewayclasses.gateway.networking.k8s.io @@ -5687,7 +5687,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: gateways.gateway.networking.k8s.io @@ -5764,7 +5764,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -6061,11 +6061,12 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. - \n Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to - allow that namespace's owner to accept the reference. - See the ReferenceGrant documentation for details. - \n Support: Core" + \n Note that when a different namespace is specified, + a ReferenceGrant object with ReferenceGrantTo.Kind=Secret + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. \n Support: + Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -6152,7 +6153,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -6458,7 +6459,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -6846,7 +6847,7 @@ spec: description: Type of the address. maxLength: 253 minLength: 1 - pattern: ^Hostname|IPAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ type: string value: description: "Value of the address. The validity of the values @@ -7104,7 +7105,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: httproutes.gateway.networking.k8s.io @@ -7232,7 +7233,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -7319,21 +7320,22 @@ spec: properties: backendRefs: description: "BackendRefs defines the backend(s) where matching - requests should be sent. \n A 500 status code MUST be returned - if there are no BackendRefs or filters specified that would - result in a response being sent. \n A BackendRef is considered - invalid when it refers to: \n * an unknown or unsupported - kind of resource * a resource that does not exist * a resource - in another namespace when the reference has not been explicitly - allowed by a ReferenceGrant (or equivalent concept). \n When - a BackendRef is invalid, 500 status codes MUST be returned - for requests that would have otherwise been routed to an invalid - backend. If multiple backends are specified, and some are - invalid, the proportion of requests that would otherwise have - been routed to an invalid backend MUST receive a 500 status - code. \n When a BackendRef refers to a Service that has no - ready endpoints, it is recommended to return a 503 status - code. \n Support: Core for Kubernetes Service Support: Custom + requests should be sent. \n Failure behavior here depends + on how many BackendRefs are specified and how many are invalid. + \n If *all* entries in BackendRefs are invalid, and there + are also no filters specified in this route rule, *all* traffic + which matches this rule MUST receive a 500 status code. \n + See the HTTPBackendRef definition for the rules about what + makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef + is invalid, 500 status codes MUST be returned for requests + that would have otherwise been routed to an invalid backend. + If multiple backends are specified, and some are invalid, + the proportion of requests that would otherwise have been + routed to an invalid backend MUST receive a 500 status code. + \n For example, if two backends are specified with equal weights, + and one is invalid, 50 percent of traffic must receive a 500. + Implementations may choose how that 50 percent is determined. + \n Support: Core for Kubernetes Service \n Support: Custom for any other resource \n Support for weight: Core" items: description: HTTPBackendRef defines how a HTTPRoute should @@ -7521,7 +7523,7 @@ spec: Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service - Support: Custom for any other resource" + \n Support: Custom for any other resource" properties: group: default: "" @@ -7550,8 +7552,9 @@ spec: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that - when a namespace is specified, a ReferenceGrant - object is required in the referent namespace + when a different namespace is specified, + a ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: @@ -7627,7 +7630,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -7648,7 +7658,13 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request - is used. \n Support: Extended" + is used. \n Support: Extended \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result + in the implementation setting the Attached + Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -7656,7 +7672,13 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status - code to be used in response. \n Support: Core" + code to be used in response. \n Support: Core + \n Note that values may be added to this enum, + implementations must ensure that unknown values + will not cause a crash. \n Unknown values + here must result in the implementation setting + the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -7687,7 +7709,13 @@ spec: \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that - filter MUST receive a HTTP error response. \n " + filter MUST receive a HTTP error response. \n + Note that values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result in + the implementation setting the Attached Condition + for the Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -7698,7 +7726,7 @@ spec: urlRewrite: description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. - Support: Extended \n " + \n Support: Extended \n " properties: hostname: description: "Hostname is the value to be used @@ -7740,7 +7768,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -7779,11 +7814,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -8005,7 +8040,7 @@ spec: In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes - Service Support: Custom for any other resource" + Service \n Support: Custom for any other resource" properties: group: default: "" @@ -8032,11 +8067,12 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace - is inferred. \n Note that when a namespace is - specified, a ReferenceGrant object is required - in the referent namespace to allow that namespace's - owner to accept the reference. See the ReferenceGrant - documentation for details. \n Support: Core" + is inferred. \n Note that when a different namespace + is specified, a ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow + that namespace's owner to accept the reference. + See the ReferenceGrant documentation for details. + \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -8103,7 +8139,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -8124,7 +8166,12 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n - Support: Extended" + Support: Extended \n Note that values may be added + to this enum, implementations must ensure that unknown + values will not cause a crash. \n Unknown values + here must result in the implementation setting the + Attached Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -8132,7 +8179,12 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status code to - be used in response. \n Support: Core" + be used in response. \n Support: Core \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause a + crash. \n Unknown values here must result in the + implementation setting the Attached Condition for + the Route to `status: False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -8161,7 +8213,12 @@ spec: behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by - that filter MUST receive a HTTP error response. \n " + that filter MUST receive a HTTP error response. \n Note + that values may be added to this enum, implementations + must ensure that unknown values will not cause a crash. + \n Unknown values here must result in the implementation + setting the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -8171,7 +8228,7 @@ spec: type: string urlRewrite: description: "URLRewrite defines a schema for a filter - that modifies a request during forwarding. Support: + that modifies a request during forwarding. \n Support: Extended \n " properties: hostname: @@ -8211,7 +8268,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -8246,7 +8309,7 @@ spec: every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be - given to the the Rule with the largest number of: \n * Characters + given to the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple @@ -8376,9 +8439,14 @@ spec: a HTTP route by matching HTTP query parameters. properties: name: - description: Name is the name of the HTTP query + description: "Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). + \n If multiple entries specify equivalent query + param names, only the first entry with an equivalent + name MUST be considered for a match. Subsequent + entries with an equivalent query param name MUST + be ignored." maxLength: 256 minLength: 1 type: string @@ -8453,7 +8521,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -8561,7 +8629,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -8764,7 +8832,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -8851,21 +8919,22 @@ spec: properties: backendRefs: description: "BackendRefs defines the backend(s) where matching - requests should be sent. \n A 500 status code MUST be returned - if there are no BackendRefs or filters specified that would - result in a response being sent. \n A BackendRef is considered - invalid when it refers to: \n * an unknown or unsupported - kind of resource * a resource that does not exist * a resource - in another namespace when the reference has not been explicitly - allowed by a ReferenceGrant (or equivalent concept). \n When - a BackendRef is invalid, 500 status codes MUST be returned - for requests that would have otherwise been routed to an invalid - backend. If multiple backends are specified, and some are - invalid, the proportion of requests that would otherwise have - been routed to an invalid backend MUST receive a 500 status - code. \n When a BackendRef refers to a Service that has no - ready endpoints, it is recommended to return a 503 status - code. \n Support: Core for Kubernetes Service Support: Custom + requests should be sent. \n Failure behavior here depends + on how many BackendRefs are specified and how many are invalid. + \n If *all* entries in BackendRefs are invalid, and there + are also no filters specified in this route rule, *all* traffic + which matches this rule MUST receive a 500 status code. \n + See the HTTPBackendRef definition for the rules about what + makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef + is invalid, 500 status codes MUST be returned for requests + that would have otherwise been routed to an invalid backend. + If multiple backends are specified, and some are invalid, + the proportion of requests that would otherwise have been + routed to an invalid backend MUST receive a 500 status code. + \n For example, if two backends are specified with equal weights, + and one is invalid, 50 percent of traffic must receive a 500. + Implementations may choose how that 50 percent is determined. + \n Support: Core for Kubernetes Service \n Support: Custom for any other resource \n Support for weight: Core" items: description: HTTPBackendRef defines how a HTTPRoute should @@ -9053,7 +9122,7 @@ spec: Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service - Support: Custom for any other resource" + \n Support: Custom for any other resource" properties: group: default: "" @@ -9159,7 +9228,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -9180,7 +9256,13 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request - is used. \n Support: Extended" + is used. \n Support: Extended \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result + in the implementation setting the Attached + Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -9188,7 +9270,13 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status - code to be used in response. \n Support: Core" + code to be used in response. \n Support: Core + \n Note that values may be added to this enum, + implementations must ensure that unknown values + will not cause a crash. \n Unknown values + here must result in the implementation setting + the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -9219,7 +9307,13 @@ spec: \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that - filter MUST receive a HTTP error response. \n " + filter MUST receive a HTTP error response. \n + Note that values may be added to this enum, implementations + must ensure that unknown values will not cause + a crash. \n Unknown values here must result in + the implementation setting the Attached Condition + for the Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -9230,7 +9324,7 @@ spec: urlRewrite: description: "URLRewrite defines a schema for a filter that modifies a request during forwarding. - Support: Extended \n " + \n Support: Extended \n " properties: hostname: description: "Hostname is the value to be used @@ -9272,7 +9366,14 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added - in a future release of the API. \n " + in a future release of the API. \n Note + that values may be added to this enum, + implementations must ensure that unknown + values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the + Route to `status: False`, with a Reason + of `UnsupportedValue`. \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -9537,7 +9638,7 @@ spec: In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes - Service Support: Custom for any other resource" + Service \n Support: Custom for any other resource" properties: group: default: "" @@ -9635,7 +9736,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -9656,7 +9763,12 @@ spec: description: "Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used. \n - Support: Extended" + Support: Extended \n Note that values may be added + to this enum, implementations must ensure that unknown + values will not cause a crash. \n Unknown values + here must result in the implementation setting the + Attached Condition for the Route to `status: False`, + with a Reason of `UnsupportedValue`." enum: - http - https @@ -9664,7 +9776,12 @@ spec: statusCode: default: 302 description: "StatusCode is the HTTP status code to - be used in response. \n Support: Core" + be used in response. \n Support: Core \n Note that + values may be added to this enum, implementations + must ensure that unknown values will not cause a + crash. \n Unknown values here must result in the + implementation setting the Attached Condition for + the Route to `status: False`, with a Reason of `UnsupportedValue`." enum: - 301 - 302 @@ -9693,7 +9810,12 @@ spec: behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by - that filter MUST receive a HTTP error response. \n " + that filter MUST receive a HTTP error response. \n Note + that values may be added to this enum, implementations + must ensure that unknown values will not cause a crash. + \n Unknown values here must result in the implementation + setting the Attached Condition for the Route to `status: + False`, with a Reason of `UnsupportedValue`. \n " enum: - RequestHeaderModifier - RequestMirror @@ -9703,7 +9825,7 @@ spec: type: string urlRewrite: description: "URLRewrite defines a schema for a filter - that modifies a request during forwarding. Support: + that modifies a request during forwarding. \n Support: Extended \n " properties: hostname: @@ -9743,7 +9865,13 @@ spec: type: description: "Type defines the type of path modifier. Additional types may be added in a future release - of the API. \n " + of the API. \n Note that values may be added + to this enum, implementations must ensure that + unknown values will not cause a crash. \n Unknown + values here must result in the implementation + setting the Attached Condition for the Route + to `status: False`, with a Reason of `UnsupportedValue`. + \n " enum: - ReplaceFullPath - ReplacePrefixMatch @@ -9778,7 +9906,7 @@ spec: every HTTP request. \n Proxy or Load Balancer routing configuration generated from HTTPRoutes MUST prioritize rules based on the following criteria, continuing on ties. Precedence must be - given to the the Rule with the largest number of: \n * Characters + given to the Rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching path. * Header matches. * Query param matches. \n If ties still exist across multiple @@ -9908,9 +10036,14 @@ spec: a HTTP route by matching HTTP query parameters. properties: name: - description: Name is the name of the HTTP query + description: "Name is the name of the HTTP query param to be matched. This must be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). + \n If multiple entries specify equivalent query + param names, only the first entry with an equivalent + name MUST be considered for a match. Subsequent + entries with an equivalent query param name MUST + be ignored." maxLength: 256 minLength: 1 type: string @@ -9985,7 +10118,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -10093,7 +10226,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -10195,7 +10328,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: referencegrants.gateway.networking.k8s.io @@ -10261,9 +10394,166 @@ spec: type: string kind: description: "Kind is the kind of the referent. Although implementations - may support additional resources, the following Route types - are part of the \"Core\" support level for this field: \n - * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" + may support additional resources, the following types are + part of the \"Core\" support level for this field. \n When + used to permit a SecretObjectReference: \n * Gateway \n When + used to permit a BackendObjectReference: \n * HTTPRoute * + TCPRoute * TLSRoute * UDPRoute" + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + namespace: + description: "Namespace is the namespace of the referent. \n + Support: Core" + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - group + - kind + - namespace + type: object + maxItems: 16 + minItems: 1 + type: array + to: + description: "To describes the resources that may be referenced by + the resources described in \"From\". Each entry in this list must + be considered to be an additional place that references can be valid + to, or to put this another way, entries must be combined using OR. + \n Support: Core" + items: + description: ReferenceGrantTo describes what Kinds are allowed as + targets of the references. + properties: + group: + description: "Group is the group of the referent. When empty, + the Kubernetes core API group is inferred. \n Support: Core" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: "Kind is the kind of the referent. Although implementations + may support additional resources, the following types are + part of the \"Core\" support level for this field: \n * Secret + when used to permit a SecretObjectReference * Service when + used to permit a BackendObjectReference" + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. When unspecified, + this policy refers to all resources of the specified Group + and Kind in the local namespace. + maxLength: 253 + minLength: 1 + type: string + required: + - group + - kind + type: object + maxItems: 16 + minItems: 1 + type: array + required: + - from + - to + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 + gateway.networking.k8s.io/channel: experimental + creationTimestamp: null + name: referencepolicies.gateway.networking.k8s.io +spec: + group: gateway.networking.k8s.io + names: + categories: + - gateway-api + kind: ReferencePolicy + listKind: ReferencePolicyList + plural: referencepolicies + shortNames: + - refpol + singular: referencepolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: ReferencePolicy has been renamed to ReferenceGrant. ReferencePolicy + will be removed in v0.6.0 in favor of the identical ReferenceGrant resource. + name: v1alpha2 + schema: + openAPIV3Schema: + description: "ReferencePolicy identifies kinds of resources in other namespaces + that are trusted to reference the specified kinds of resources in the same + namespace as the policy. \n Note: This resource has been renamed to ReferenceGrant. + ReferencePolicy will be removed in v0.6.0 in favor of the identical ReferenceGrant + resource. \n Each ReferencePolicy can be used to represent a unique trust + relationship. Additional Reference Policies can be used to add to the set + of trusted sources of inbound references for the namespace they are defined + within. \n All cross-namespace references in Gateway API (with the exception + of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n + Support: Core" + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of ReferencePolicy. + properties: + from: + description: "From describes the trusted namespaces and kinds that + can reference the resources described in \"To\". Each entry in this + list must be considered to be an additional place that references + can be valid from, or to put this another way, entries must be combined + using OR. \n Support: Core" + items: + description: ReferenceGrantFrom describes trusted namespaces and + kinds. + properties: + group: + description: "Group is the group of the referent. When empty, + the Kubernetes core API group is inferred. \n Support: Core" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: "Kind is the kind of the referent. Although implementations + may support additional resources, the following types are + part of the \"Core\" support level for this field. \n When + used to permit a SecretObjectReference: \n * Gateway \n When + used to permit a BackendObjectReference: \n * HTTPRoute * + TCPRoute * TLSRoute * UDPRoute" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -10302,7 +10592,9 @@ spec: kind: description: "Kind is the kind of the referent. Although implementations may support additional resources, the following types are - part of the \"Core\" support level for this field: \n * Service" + part of the \"Core\" support level for this field: \n * Secret + when used to permit a SecretObjectReference * Service when + used to permit a BackendObjectReference" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -10341,7 +10633,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tcproutes.gateway.networking.k8s.io @@ -10417,7 +10709,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -10503,8 +10795,8 @@ spec: attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. - \n Support: Core for Kubernetes Service Support: Custom for - any other resource \n Support for weight: Extended" + \n Support: Core for Kubernetes Service \n Support: Custom + for any other resource \n Support for weight: Extended" items: description: "BackendRef defines how a Route should forward a request to a Kubernetes resource. \n Note that when a @@ -10538,11 +10830,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -10624,7 +10916,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -10732,7 +11024,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -10834,7 +11126,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: tlsroutes.gateway.networking.k8s.io @@ -10956,7 +11248,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -11045,7 +11337,7 @@ spec: code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes - Service Support: Custom for any other resource \n Support + Service \n Support: Custom for any other resource \n Support for weight: Extended" items: description: "BackendRef defines how a Route should forward @@ -11080,11 +11372,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -11166,7 +11458,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -11274,7 +11566,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -11376,7 +11668,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 + gateway.networking.k8s.io/bundle-version: v0.5.0-rc2 gateway.networking.k8s.io/channel: experimental creationTimestamp: null name: udproutes.gateway.networking.k8s.io @@ -11452,7 +11744,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: Core - (Gateway) Support: Custom (Other Resources)" + (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -11573,11 +11865,11 @@ spec: namespace: description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n - Note that when a namespace is specified, a ReferenceGrant - object is required in the referent namespace to allow - that namespace's owner to accept the reference. See - the ReferenceGrant documentation for details. \n Support: - Core" + Note that when a different namespace is specified, a + ReferenceGrant object with ReferenceGrantTo.Kind=Service + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -11659,7 +11951,7 @@ spec: condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the the controller + not support. * The Route is in a namespace the controller does not have access to." items: description: "Condition contains details for one aspect of @@ -11767,7 +12059,7 @@ spec: kind: default: Gateway description: "Kind is kind of the referent. \n Support: - Core (Gateway) Support: Custom (Other Resources)" + Core (Gateway) \n Support: Custom (Other Resources)" maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -11863,157 +12155,6 @@ status: plural: "" conditions: [] storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1086 - gateway.networking.k8s.io/bundle-version: v0.5.0-rc1 - gateway.networking.k8s.io/channel: experimental - creationTimestamp: null - name: referencepolicies.gateway.networking.k8s.io -spec: - group: gateway.networking.k8s.io - names: - categories: - - gateway-api - kind: ReferencePolicy - listKind: ReferencePolicyList - plural: referencepolicies - shortNames: - - refpol - singular: referencepolicy - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: ReferencePolicy has been renamed to ReferenceGrant. ReferencePolicy - will be removed in v0.6.0 in favor of the identical ReferenceGrant resource. - name: v1alpha2 - schema: - openAPIV3Schema: - description: "ReferencePolicy identifies kinds of resources in other namespaces - that are trusted to reference the specified kinds of resources in the same - namespace as the policy. \n Note: This resource has been renamed to ReferenceGrant. - ReferencePolicy will be removed in v0.6.0 in favor of the identical ReferenceGrant - resource. \n Each ReferencePolicy can be used to represent a unique trust - relationship. Additional Reference Policies can be used to add to the set - of trusted sources of inbound references for the namespace they are defined - within. \n All cross-namespace references in Gateway API (with the exception - of cross-namespace Gateway-route attachment) require a ReferenceGrant. \n - Support: Core" - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired state of ReferencePolicy. - properties: - from: - description: "From describes the trusted namespaces and kinds that - can reference the resources described in \"To\". Each entry in this - list must be considered to be an additional place that references - can be valid from, or to put this another way, entries must be combined - using OR. \n Support: Core" - items: - description: ReferenceGrantFrom describes trusted namespaces and - kinds. - properties: - group: - description: "Group is the group of the referent. When empty, - the Kubernetes core API group is inferred. \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - description: "Kind is the kind of the referent. Although implementations - may support additional resources, the following Route types - are part of the \"Core\" support level for this field: \n - * HTTPRoute * TCPRoute * TLSRoute * UDPRoute" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - namespace: - description: "Namespace is the namespace of the referent. \n - Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - group - - kind - - namespace - type: object - maxItems: 16 - minItems: 1 - type: array - to: - description: "To describes the resources that may be referenced by - the resources described in \"From\". Each entry in this list must - be considered to be an additional place that references can be valid - to, or to put this another way, entries must be combined using OR. - \n Support: Core" - items: - description: ReferenceGrantTo describes what Kinds are allowed as - targets of the references. - properties: - group: - description: "Group is the group of the referent. When empty, - the Kubernetes core API group is inferred. \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - description: "Kind is the kind of the referent. Although implementations - may support additional resources, the following types are - part of the \"Core\" support level for this field: \n * Service" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: Name is the name of the referent. When unspecified, - this policy refers to all resources of the specified Group - and Kind in the local namespace. - maxLength: 253 - minLength: 1 - type: string - required: - - group - - kind - type: object - maxItems: 16 - minItems: 1 - type: array - required: - - from - - to - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- apiVersion: v1 diff --git a/go.mod b/go.mod index 83ff8f69606..4d1041f79a3 100644 --- a/go.mod +++ b/go.mod @@ -39,6 +39,6 @@ require ( k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 sigs.k8s.io/controller-runtime v0.12.1 sigs.k8s.io/controller-tools v0.7.0 - sigs.k8s.io/gateway-api v0.5.0-rc1 + sigs.k8s.io/gateway-api v0.5.0-rc2 sigs.k8s.io/kustomize/kyaml v0.10.17 ) diff --git a/go.sum b/go.sum index 9812a938478..675faf00443 100644 --- a/go.sum +++ b/go.sum @@ -1993,8 +1993,8 @@ sigs.k8s.io/controller-tools v0.6.0/go.mod h1:baRMVPrctU77F+rfAuH2uPqW93k6yQnZA2 sigs.k8s.io/controller-tools v0.7.0 h1:iZIz1vEcavyEfxjcTLs1WH/MPf4vhPCtTKhoHqV8/G0= sigs.k8s.io/controller-tools v0.7.0/go.mod h1:bpBAo0VcSDDLuWt47evLhMLPxRPxMDInTEH/YbdeMK0= sigs.k8s.io/gateway-api v0.3.0/go.mod h1:Wb8bx7QhGVZxOSEU3i9vw/JqTB5Nlai9MLMYVZeDmRQ= -sigs.k8s.io/gateway-api v0.5.0-rc1 h1:r5+fm/ErAJp9fyKMpra5PDUPpOWDbNF5uQuaHrCScOM= -sigs.k8s.io/gateway-api v0.5.0-rc1/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA= +sigs.k8s.io/gateway-api v0.5.0-rc2 h1:jzcILFbW0b7EFTk1SRpOi3dDnrkC2D69WYj+Yjh9PJY= +sigs.k8s.io/gateway-api v0.5.0-rc2/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 h1:kDi4JBNAsJWfz1aEXhO8Jg87JJaPNLh5tIzYHgStQ9Y= sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= sigs.k8s.io/kustomize/api v0.8.5/go.mod h1:M377apnKT5ZHJS++6H4rQoCHmWtt6qTpp3mbe7p6OLY=