API specification

Packages:

networking.x-k8s.io/v1alpha1

Package v1alpha1 contains API Schema definitions for the networking v1alpha1 API group

Resource Types:

Gateway

Gateway represents an instantiation of a service-traffic handling infrastructure by binding Listeners to a set of IP addresses.

Field Description
apiVersion
string
networking.x-k8s.io/v1alpha1
kind
string
Gateway
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
GatewaySpec


class
string

Class used for this Gateway. This is the name of a GatewayClass resource.

listeners
[]Listener

Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway’s addresses. At least one Listener MUST be specified.

Each Listener in this array must have a unique Port field, however a GatewayClass may collapse compatible Listener definitions into single implementation-defined acceptor configuration even if their Port fields would otherwise conflict.

Listeners are compatible if all of the following conditions are true:

  1. all their Protocol fields are “HTTP”, or all their Protocol fields are “HTTPS” or TLS”
  2. their Hostname fields are specified with a match type other than “Any”
  3. their Hostname fields are not an exact match for any other Listener

As a special case, each group of compatible listeners may contain exactly one Listener with a match type of “Any”.

If the GatewayClass collapses compatible Listeners, the host name provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming host name MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, “Exact” matches must be processed before “Domain” matches, which must be processed before “Any” matches.

If this field specifies multiple Listeners that have the same Port value but are not compatible, the GatewayClass must raise a “PortConflict” condition on the Gateway.

Support: Core

addresses
[]GatewayAddress
(Optional)

Addresses requested for this gateway. This is optional and behavior can depend on the GatewayClass. If a value is set in the spec and the requested address is invalid, the GatewayClass MUST indicate this in the associated entry in GatewayStatus.Listeners.

If no ListenerAddresses are specified, the GatewayClass may schedule the Gateway in an implementation-defined manner, assigning an appropriate set of ListenerAddresses.

The GatewayClass MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway.

Support: Core

status
GatewayStatus

GatewayClass

GatewayClass describes a class of Gateways available to the user for creating Gateway resources.

GatewayClass is a Cluster level resource.

Support: Core.

Field Description
apiVersion
string
networking.x-k8s.io/v1alpha1
kind
string
GatewayClass
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
GatewayClassSpec

Spec for this GatewayClass.



controller
string

Controller is a domain/path string that indicates the controller that managing Gateways of this class.

Example: “acme.io/gateway-controller”.

This field is not mutable and cannot be empty.

The format of this field is DOMAIN “/” PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).

Support: Core

allowedGatewayNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

AllowedGatewayNamespaceSelector is a selector of namespaces that Gateways can use this GatewayClass from. This is a standard Kubernetes LabelSelector, a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. Controllers must not support Gateways in namespaces outside this selector.

An empty selector (default) indicates that Gateways can use this GatewayClass from any namespace.

When a Gateway attempts to use this class from a namespace that is not allowed by this selector, the controller implementing the GatewayClass may add a new “ForbiddenNamespaceForClass” condition to the Gateway status. Adding this condition is considered optional since not all controllers will have access to all namespaces.

Support: Core

allowedRouteNamespaces
RouteNamespaces
(Optional)

AllowedRouteNamespaces indicates in which namespaces Routes can be selected for Gateways of this class. This is restricted to the namespace of the Gateway by default.

When any Routes are selected by a Gateway in a namespace that is not allowed by this selector, the controller implementing the GatewayClass may add a new “ForbiddenRoutesForClass” condition to the Gateway status. Adding this condition is considered optional since not all controllers will have access to all namespaces.

Support: Core

parametersRef
ConfigMapsDefaultLocalObjectReference
(Optional)

ParametersRef is a controller specific resource containing the configuration parameters corresponding to this class. This is optional if the controller does not require any additional configuration.

Valid resources for reference are up to the Controller. Examples include “configmaps” (omit or specify the empty string for the group to indicate the core API group) or a custom resource (CRD). Omitting or specifying the empty string for both the resource and group indicates that the resource is “configmaps”. If the referent cannot be found, the GatewayClass’s “InvalidParameters” status condition will be true.

Support: Custom

status
GatewayClassStatus

Status of the GatewayClass.

HTTPRoute

HTTPRoute is the Schema for the httproutes API

Field Description
apiVersion
string
networking.x-k8s.io/v1alpha1
kind
string
HTTPRoute
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
HTTPRouteSpec


hosts
[]HTTPRouteHost

Hosts is a list of Host definitions.

default
HTTPRouteHost
(Optional)

Default is the default host to use. Default.Hostnames must be an empty list.

status
HTTPRouteStatus

TcpRoute

TcpRoute is the Schema for the tcproutes API

Field Description
apiVersion
string
networking.x-k8s.io/v1alpha1
kind
string
TcpRoute
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
TcpRouteSpec


status
TcpRouteStatus

TrafficSplit

TrafficSplit is the Schema for the trafficsplits API

Field Description
apiVersion
string
networking.x-k8s.io/v1alpha1
kind
string
TrafficSplit
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
TrafficSplitSpec


status
TrafficSplitStatus

AddressType (string alias)

(Appears on: GatewayAddress)

AddressType defines how a network address is represented as a text string.

ConfigMapsDefaultLocalObjectReference

(Appears on: GatewayClassSpec, HTTPRouteAction, HTTPRouteFilter, HTTPRouteHost, HTTPRouteMatch)

RouteMatchExtensionObjectReference identifies a route-match extension object within a known namespace.

Field Description
group
string

Group is the group of the referent. Omitting the value or specifying the empty string indicates the core API group. For example, use the following to specify a configmaps:

fooRef: resource: configmaps name: myconfigmap

Otherwise, if the core API group is not desired, specify the desired group:

fooRef: group: acme.io resource: foos name: myfoo

resource
string

Resource is the API resource name of the referent. Omitting the value or specifying the empty string indicates the configmaps resource. For example, use the following to specify a configmaps resource:

fooRef: name: myconfigmap

Otherwise, if the configmaps resource is not desired, specify the desired group:

fooRef: group: acme.io resource: foos name: myfoo

name
string

Name is the name of the referent.

ForwardToTarget

(Appears on: HTTPRouteAction)

ForwardToTarget identifies a target object within a known namespace.

Field Description
targetRef
ServicesDefaultLocalObjectReference

TargetRef is an object reference to forward matched requests to.

Support: Core (Kubernetes Services) Support: Implementation-specific (Other resource types)

targetPort
TargetPort
(Optional)

TargetPort specifies the destination port number to use for the TargetRef. If unspecified and TargetRef is a Service object consisting of a single port definition, that port will be used. If unspecified and TargetRef is a Service object consisting of multiple port definitions, an error is surfaced in status.

Support: Core

GatewayAddress

(Appears on: GatewaySpec, GatewayStatus)

GatewayAddress describes an address that can be bound to a Gateway.

Field Description
type
AddressType
(Optional)

Type of the Address. This is either “IPAddress” or “NamedAddress”.

Support: Extended

value
string

Value. Examples: “1.2.3.4”, “128::1”, “my-ip-address”. Validity of the values will depend on Type and support by the controller.

GatewayClassCondition

(Appears on: GatewayClassStatus)

GatewayClassCondition contains the details for the current condition of this GatewayClass.

Support: Core, unless otherwise specified.

Field Description
type
GatewayClassConditionType

Type of this condition.

status
Kubernetes core/v1.ConditionStatus

Status of this condition.

reason
string

Reason is a machine consumable string for the last transition. It should be a one-word, CamelCase string. Reason will be defined by the controller.

Support: Custom; values will be controller-specific. This field must not be empty.

message
string

Message is a human readable reason for last transition. This field may be empty.

lastTransitionTime
Kubernetes meta/v1.Time

LastTransitionTime is the time of the last change to this condition. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

observedGeneration
int64
(Optional)

If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

GatewayClassConditionType (string alias)

(Appears on: GatewayClassCondition)

GatewayClassConditionType is the type of status conditions.

GatewayClassSpec

(Appears on: GatewayClass)

GatewayClassSpec reflects the configuration of a class of Gateways.

Field Description
controller
string

Controller is a domain/path string that indicates the controller that managing Gateways of this class.

Example: “acme.io/gateway-controller”.

This field is not mutable and cannot be empty.

The format of this field is DOMAIN “/” PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).

Support: Core

allowedGatewayNamespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

AllowedGatewayNamespaceSelector is a selector of namespaces that Gateways can use this GatewayClass from. This is a standard Kubernetes LabelSelector, a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. Controllers must not support Gateways in namespaces outside this selector.

An empty selector (default) indicates that Gateways can use this GatewayClass from any namespace.

When a Gateway attempts to use this class from a namespace that is not allowed by this selector, the controller implementing the GatewayClass may add a new “ForbiddenNamespaceForClass” condition to the Gateway status. Adding this condition is considered optional since not all controllers will have access to all namespaces.

Support: Core

allowedRouteNamespaces
RouteNamespaces
(Optional)

AllowedRouteNamespaces indicates in which namespaces Routes can be selected for Gateways of this class. This is restricted to the namespace of the Gateway by default.

When any Routes are selected by a Gateway in a namespace that is not allowed by this selector, the controller implementing the GatewayClass may add a new “ForbiddenRoutesForClass” condition to the Gateway status. Adding this condition is considered optional since not all controllers will have access to all namespaces.

Support: Core

parametersRef
ConfigMapsDefaultLocalObjectReference
(Optional)

ParametersRef is a controller specific resource containing the configuration parameters corresponding to this class. This is optional if the controller does not require any additional configuration.

Valid resources for reference are up to the Controller. Examples include “configmaps” (omit or specify the empty string for the group to indicate the core API group) or a custom resource (CRD). Omitting or specifying the empty string for both the resource and group indicates that the resource is “configmaps”. If the referent cannot be found, the GatewayClass’s “InvalidParameters” status condition will be true.

Support: Custom

GatewayClassStatus

(Appears on: GatewayClass)

GatewayClassStatus is the current status for the GatewayClass.

Field Description
conditions
[]GatewayClassCondition
(Optional)

Conditions is the current status from the controller for this GatewayClass.

GatewayCondition

(Appears on: GatewayStatus)

GatewayCondition is an error status for a given route.

Field Description
type
GatewayConditionType

Type indicates the type of condition.

status
Kubernetes core/v1.ConditionStatus

Status describes the current state of this condition. Can be “True”, “False”, or “Unknown”.

message
string

Message is a human-understandable message describing the condition. This field may be empty.

reason
string

Reason indicates why the condition is in this state. This field must not be empty.

lastTransitionTime
Kubernetes meta/v1.Time

LastTransitionTime indicates the last time this condition changed. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

observedGeneration
int64
(Optional)

If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

GatewayConditionType (string alias)

(Appears on: GatewayCondition)

GatewayConditionType is a type of condition associated with a Gateway.

GatewayObjectReference

(Appears on: HTTPRouteStatus)

GatewayObjectReference identifies a Gateway object.

Field Description
namespace
string
(Optional)

Namespace is the namespace of the referent.

name
string

Name is the name of the referent.

GatewaySpec

(Appears on: Gateway)

GatewaySpec defines the desired state of Gateway.

The Spec is split into two major pieces: listeners describing client-facing properties and routes that describe application-level routing.

Not all possible combinations of options specified in the Spec are valid. Some invalid configurations can be caught synchronously via a webhook, but there are many cases that will require asynchronous signaling via the GatewayStatus block.

Field Description
class
string

Class used for this Gateway. This is the name of a GatewayClass resource.

listeners
[]Listener

Listeners associated with this Gateway. Listeners define logical endpoints that are bound on this Gateway’s addresses. At least one Listener MUST be specified.

Each Listener in this array must have a unique Port field, however a GatewayClass may collapse compatible Listener definitions into single implementation-defined acceptor configuration even if their Port fields would otherwise conflict.

Listeners are compatible if all of the following conditions are true:

  1. all their Protocol fields are “HTTP”, or all their Protocol fields are “HTTPS” or TLS”
  2. their Hostname fields are specified with a match type other than “Any”
  3. their Hostname fields are not an exact match for any other Listener

As a special case, each group of compatible listeners may contain exactly one Listener with a match type of “Any”.

If the GatewayClass collapses compatible Listeners, the host name provided in the incoming client request MUST be matched to a Listener to find the correct set of Routes. The incoming host name MUST be matched using the Hostname field for each Listener in order of most to least specific. That is, “Exact” matches must be processed before “Domain” matches, which must be processed before “Any” matches.

If this field specifies multiple Listeners that have the same Port value but are not compatible, the GatewayClass must raise a “PortConflict” condition on the Gateway.

Support: Core

addresses
[]GatewayAddress
(Optional)

Addresses requested for this gateway. This is optional and behavior can depend on the GatewayClass. If a value is set in the spec and the requested address is invalid, the GatewayClass MUST indicate this in the associated entry in GatewayStatus.Listeners.

If no ListenerAddresses are specified, the GatewayClass may schedule the Gateway in an implementation-defined manner, assigning an appropriate set of ListenerAddresses.

The GatewayClass MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway.

Support: Core

GatewayStatus

(Appears on: Gateway)

GatewayStatus defines the observed state of Gateway.

Field Description
addresses
[]GatewayAddress

Addresses lists the IP addresses that have actually been bound to the Gateway. These addresses may differ from the addresses in the Spec, e.g. if the Gateway automatically assigns an address from a reserved pool.

These addresses should all be of type “IPAddress”.

conditions
[]GatewayCondition
(Optional)

Conditions describe the current conditions of the Gateway.

listeners
[]ListenerStatus
(Optional)

Listeners provides status for each unique listener port defined in the Spec.

HTTPHeaderFilter

(Appears on: HTTPRouteFilter)

HTTPHeaderFilter defines the filter behavior for a request match.

Field Description
add
map[string]string

Add adds the given header (name, value) to the request before the action.

Input: GET /foo HTTP/1.1

Config: add: {“my-header”: “foo”}

Output: GET /foo HTTP/1.1 my-header: foo

Support: extended?

remove
[]string

Remove the given header(s) on the HTTP request before the action. The value of RemoveHeader is a list of HTTP header names. Note that the header names are case-insensitive [RFC-2616 4.2].

Input: GET /foo HTTP/1.1 My-Header1: ABC My-Header2: DEF My-Header2: GHI

Config: remove: [“my-header1”, “my-header3”]

Output: GET /foo HTTP/1.1 My-Header2: DEF

Support: extended?

HTTPRouteAction

(Appears on: HTTPRouteRule)

HTTPRouteAction is the action taken given a match.

Field Description
forwardTo
ForwardToTarget

ForwardTo sends requests to the referenced object. The resource may be “services” (omit or use the empty string for the group), or an implementation may support other resources (for example, resource “myroutetargets” in group “networking.acme.io”). Omitting or specifying the empty string for both the resource and group indicates that the resource is “services”. If the referent cannot be found, the “InvalidRoutes” status condition on any Gateway that includes the HTTPRoute will be true.

extensionRef
ConfigMapsDefaultLocalObjectReference
(Optional)

ExtensionRef is an optional, implementation-specific extension to the “action” behavior. The resource may be “configmaps” (use the empty string for the group) or an implementation-defined resource (for example, resource “myrouteactions” in group “networking.acme.io”). Omitting or specifying the empty string for both the resource and group indicates that the resource is “configmaps”. If the referent cannot be found, the “InvalidRoutes” status condition on any Gateway that includes the HTTPRoute will be true.

Support: custom

HTTPRouteFilter

(Appears on: HTTPRouteRule)

HTTPRouteFilter defines a filter-like action to be applied to requests.

Field Description
headers
HTTPHeaderFilter
(Optional)

Headers related filters.

Support: extended

extensionRef
ConfigMapsDefaultLocalObjectReference
(Optional)

ExtensionRef is an optional, implementation-specific extension to the “filter” behavior. The resource may be “configmap” (use the empty string for the group) or an implementation-defined resource (for example, resource “myroutefilters” in group “networking.acme.io”). Omitting or specifying the empty string for both the resource and group indicates that the resource is “configmaps”. If the referent cannot be found, the “InvalidRoutes” status condition on any Gateway that includes the HTTPRoute will be true.

Support: custom

HTTPRouteHost

(Appears on: HTTPRouteSpec)

HTTPRouteHost is the configuration for a given set of hosts.

Field Description
hostnames
[]string
(Optional)

Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process a the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the “host” part of the URI as defined in the RFC:

  1. IPs are not allowed.
  2. The : delimiter is not respected because ports are not allowed.

Incoming requests are matched against the hostnames before the HTTPRoute rules. If no hostname is specified, traffic is routed based on the HTTPRouteRules.

Hostname can be “precise” which is a domain name without the terminating dot of a network host (e.g. “foo.example.com”) or “wildcard”, which is a domain name prefixed with a single wildcard label (e.g. “.example.com”). The wildcard character ‘’ must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == “”). Requests will be matched against the Host field in the following order: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule.

Support: Core

rules
[]HTTPRouteRule

Rules are a list of HTTP matchers, filters and actions.

extensionRef
ConfigMapsDefaultLocalObjectReference
(Optional)

ExtensionRef is an optional, implementation-specific extension to the “host” block. The resource may be “configmaps” (omit or specify the empty string for the group) or an implementation-defined resource (for example, resource “myroutehosts” in group “networking.acme.io”). Omitting or specifying the empty string for both the resource and group indicates that the resource is “configmaps”. If the referent cannot be found, the “InvalidRoutes” status condition on any Gateway that includes the HTTPRoute will be true.

Support: custom

HTTPRouteMatch

(Appears on: HTTPRouteRule)

HTTPRouteMatch defines the predicate used to match requests to a given action.

Field Description
pathType
string
(Optional)

PathType is defines the semantics of the Path matcher.

Support: core (Exact, Prefix) Support: extended (RegularExpression) Support: custom (ImplementationSpecific)

Default: “Exact”

path
string

Path is the value of the HTTP path as interpreted via PathType.

Default: “/”

headerMatchType
string
(Optional)

HeaderMatchType defines the semantics of the Header matcher.

Support: core (Exact) Support: custom (ImplementationSpecific)

Default: “Exact”

headers
map[string]string
(Optional)

Headers are the HTTP Headers to match as interpreted via HeaderMatchType. Multiple headers are ANDed together, meaning, a request must contain all the headers specified in order to select this route.

extensionRef
ConfigMapsDefaultLocalObjectReference
(Optional)

ExtensionRef is an optional, implementation-specific extension to the “match” behavior. The resource may be “configmap” (use the empty string for the group) or an implementation-defined resource (for example, resource “myroutematchers” in group “networking.acme.io”). Omitting or specifying the empty string for both the resource and group indicates that the resource is “configmaps”. If the referent cannot be found, the “InvalidRoutes” status condition on any Gateway that includes the HTTPRoute will be true.

Support: custom

HTTPRouteRule

(Appears on: HTTPRouteHost)

HTTPRouteRule is the configuration for a given path.

Field Description
match
HTTPRouteMatch
(Optional)

Match defines which requests match this path.

filter
HTTPRouteFilter
(Optional)

Filter defines what filters are applied to the request.

action
HTTPRouteAction
(Optional)

Action defines what happens to the request.

HTTPRouteSpec

(Appears on: HTTPRoute)

HTTPRouteSpec defines the desired state of HTTPRoute

Field Description
hosts
[]HTTPRouteHost

Hosts is a list of Host definitions.

default
HTTPRouteHost
(Optional)

Default is the default host to use. Default.Hostnames must be an empty list.

HTTPRouteStatus

(Appears on: HTTPRoute)

HTTPRouteStatus defines the observed state of HTTPRoute.

Field Description
gatewayRefs
[]GatewayObjectReference

HostnameMatch

(Appears on: Listener)

HostnameMatch specifies how a Listener should match the incoming host name from a client request. Depending on the incoming protocol, the match must apply to names provided by the client at both the TLS and the HTTP protocol layers.

Field Description
match
HostnameMatchType
(Optional)

Match specifies how the host name provided by the client should be matched against the given value.

name
string
(Optional)

Name contains the name to match against. This value must be a fully qualified host or domain name conforming to the preferred name syntax defined in RFC 1034

In addition to any RFC rules, this field MUST NOT contain

  1. IP address literals
  2. Colon-delimited port numbers
  3. Percent-encoded octets

This field is required for the “Domain” and “Exact” match types.

HostnameMatchType (string alias)

(Appears on: HostnameMatch)

HostnameMatchType specifies the types of matches that are valid for host names.

Listener

(Appears on: GatewaySpec)

Listener embodies the concept of a logical endpoint where a Gateway can accept network connections.

Field Description
hostname
HostnameMatch

Hostname specifies to match the virtual host name for protocol types that define this concept.

Incoming requests that include a host name are matched according to the given HostnameMatchType to select the Routes from this Listener.

If a match type other than “Any” is supplied, it MUST be compatible with the specified Protocol field.

Support: Core

port
int32

Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules.

Support: Core

protocol
ProtocolType

Protocol specifies the network protocol this listener expects to receive. The GatewayClass MUST validate that match type specified in the Hostname field is appropriate for the protocol.

  • For the “TLS” protocol, the Hostname match MUST be applied to the SNI server name offered by the client.
  • For the “HTTP” protocol, the Hostname match MUST be applied to the host portion of the effective request URI or the :authority pseudo-header
  • For the “HTTPS” protocol, the Hostname match MUST be applied at both the TLS and HTTP protocol layers.

Support: Core

tls
TLSConfig
(Optional)

TLS is the TLS configuration for the Listener. This field is required if the Protocol field is “HTTPS” or “TLS”.

Support: Core

routes
RouteBindingSelector

Routes specifies a schema for associating routes with the Listener using selectors. A Route is a resource capable of servicing a request and allows a cluster operator to expose a cluster resource (i.e. Service) by externally-reachable URL, load-balance traffic and terminate SSL/TLS. Typically, a route is a “HTTPRoute” or “TCPRoute” in group “networking.x-k8s.io”, however, an implementation may support other types of resources.

The Routes selector MUST select a set of objects that are compatible with the application protocol specified in the Protocol field.

Support: Core

ListenerCondition

(Appears on: ListenerStatus)

ListenerCondition is an error status for a given listener.

Field Description
type
ListenerConditionType

Type indicates the type of condition.

status
Kubernetes core/v1.ConditionStatus

Status describes the current state of this condition. Can be “True”, “False”, or “Unknown”.

message
string

Message is a human-understandable message describing the condition. This field may be empty.

reason
string

Reason indicates why the condition is in this state. This field must not be empty.

lastTransitionTime
Kubernetes meta/v1.Time

LastTransitionTime indicates the last time this condition changed. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

observedGeneration
int64
(Optional)

If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

ListenerConditionType (string alias)

(Appears on: ListenerCondition)

ListenerConditionType is a type of condition associated with the listener.

ListenerStatus

(Appears on: GatewayStatus)

ListenerStatus is the status associated with a Listener port.

Field Description
port
string

Port is the unique Listener port value for which this message is reporting the status. If more than one Gateway Listener shares the same port value, this message reports the combined status of all such Listeners.

conditions
[]ListenerCondition

Conditions describe the current condition of this listener.

ProtocolType (string alias)

(Appears on: Listener)

ProtocolType defines the application protocol accepted by a Listener.

RouteBindingSelector

(Appears on: Listener)

RouteBindingSelector defines a schema for associating routes with the Gateway. If NamespaceSelector and RouteSelector are defined, only routes matching both selectors are associated with the Gateway.

Field Description
routeNamespaces
RouteNamespaces
(Optional)

RouteNamespaces indicates in which namespaces Routes should be selected for this Gateway. This is restricted to the namespace of this Gateway by default.

Support: Core

routeSelector
Kubernetes meta/v1.LabelSelector
(Optional)

RouteSelector specifies a set of route labels used for selecting routes to associate with the Gateway. If RouteSelector is defined, only routes matching the RouteSelector are associated with the Gateway. An empty RouteSelector matches all routes.

Support: Core

group
string

Group is the group of the route resource to select. Omitting the value or specifying the empty string indicates the networking.x-k8s.io API group. For example, use the following to select an HTTPRoute:

routes: resource: httproutes

Otherwise, if an alternative API group is desired, specify the desired group:

routes: group: acme.io resource: fooroutes

Support: Core

resource
string

Resource is the API resource name of the route resource to select.

Resource MUST correspond to route resources that are compatible with the application protocol specified in the Listener’s Protocol field.

Support: Core

RouteNamespaces

(Appears on: GatewayClassSpec, RouteBindingSelector)

RouteNamespaces is used by Gateway and GatewayClass to indicate which namespaces Routes should be selected from.

Field Description
namespaceSelector
Kubernetes meta/v1.LabelSelector
(Optional)

NamespaceSelector is a selector of namespaces that Routes should be selected from. This is a standard Kubernetes LabelSelector, a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. Controllers must not support Routes in namespaces outside this selector.

An empty selector (default) indicates that Routes in any namespace can be selected.

The OnlySameNamespace field takes precedence over this field. This selector will only take effect when OnlySameNamespace is false.

Support: Core

onlySameNamespace
bool
(Optional)

OnlySameNamespace is a boolean used to indicate if Route references are limited to the same Namespace as the Gateway. When true, only Routes within the same Namespace as the Gateway should be selected.

This field takes precedence over the NamespaceSelector field. That selector should only take effect when this field is set to false.

Support: Core

SecretsDefaultLocalObjectReference

(Appears on: TLSConfig)

SecretsDefaultLocalObjectReference identifies an API object within a known namespace that defaults group to core and resource to secrets if unspecified.

Field Description
group
string

Group is the group of the referent. Omitting the value or specifying the empty string indicates the core API group. For example, use the following to specify a secrets resource:

fooRef: resource: secrets name: mysecret

Otherwise, if the core API group is not desired, specify the desired group:

fooRef: group: acme.io resource: foos name: myfoo

resource
string

Resource is the API resource name of the referent. Omitting the value or specifying the empty string indicates the secrets resource. For example, use the following to specify a secrets resource:

fooRef: name: mysecret

Otherwise, if the secrets resource is not desired, specify the desired group:

fooRef: group: acme.io resource: foos name: myfoo

name
string

Name is the name of the referent.

ServicesDefaultLocalObjectReference

(Appears on: ForwardToTarget)

ServicesDefaultLocalObjectReference identifies an API object within a known namespace that defaults group to core and resource to services if unspecified.

Field Description
group
string

Group is the group of the referent. Omitting the value or specifying the empty string indicates the core API group. For example, use the following to specify a service:

fooRef: resource: services name: myservice

Otherwise, if the core API group is not desired, specify the desired group:

fooRef: group: acme.io resource: foos name: myfoo

resource
string

Resource is the API resource name of the referent. Omitting the value or specifying the empty string indicates the services resource. For example, use the following to specify a services resource:

fooRef: name: myservice

Otherwise, if the services resource is not desired, specify the desired group:

fooRef: group: acme.io resource: foos name: myfoo

name
string

Name is the name of the referent.

TLSConfig

(Appears on: Listener)

TLSConfig describes a TLS configuration.

References - nginx: https://nginx.org/en/docs/http/configuring_https_servers.html - envoy: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto - haproxy: https://www.haproxy.com/documentation/aloha/9-5/traffic-management/lb-layer7/tls/ - gcp: https://cloud.google.com/load-balancing/docs/use-ssl-policies#creating_an_ssl_policy_with_a_custom_profile - aws: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies - azure: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-tls-1112

Field Description
certificateRefs
[]SecretsDefaultLocalObjectReference

CertificateRefs is a list of references to Kubernetes objects that each contain an identity certificate. The host name in a TLS SNI client hello message is used for certificate matching and route host name selection. The SNI server_name must match a route host name for the Gateway to route the TLS request. If an entry in this list omits or specifies the empty string for both the group and the resource, the resource defaults to “secrets”. An implementation may support other resources (for example, resource “mycertificates” in group “networking.acme.io”).

Support: Core (Kubernetes Secrets) Support: Implementation-specific (Other resource types)

minimumVersion
string
(Optional)

MinimumVersion of TLS allowed. It is recommended to use one of the TLS constants above. Note: MinimumVersion is not strongly typed to allow implementation-specific versions to be used without requiring updates to the API types. String must be of the form “”.

Support: Core for TLS1_{1,2,3}. Implementation-specific for all other values.

options
map[string]string

Options are a list of key/value pairs to give extended options to the provider.

There variation among providers as to how ciphersuites are expressed. If there is a common subset for expressing ciphers then it will make sense to loft that as a core API construct.

Support: Implementation-specific.

TargetPort (int32 alias)

(Appears on: ForwardToTarget)

TargetPort specifies the destination port number to use for a TargetRef.

TcpRouteSpec

(Appears on: TcpRoute)

TcpRouteSpec defines the desired state of TcpRoute

TcpRouteStatus

(Appears on: TcpRoute)

TcpRouteStatus defines the observed state of TcpRoute

TrafficSplitSpec

(Appears on: TrafficSplit)

TrafficSplitSpec defines the desired state of TrafficSplit

TrafficSplitStatus

(Appears on: TrafficSplit)

TrafficSplitStatus defines the observed state of TrafficSplit


Generated with gen-crd-api-reference-docs.