-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
Copy pathgateway.networking.k8s.io_httproutes.yaml
3881 lines (3880 loc) · 256 KB
/
gateway.networking.k8s.io_httproutes.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
{{- if .Values.enableHttpRoutes }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
gateway.networking.k8s.io/bundle-version: v0.7.1
gateway.networking.k8s.io/channel: experimental
{{ include "partials.annotations.created-by" . }}
labels:
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
linkerd.io/control-plane-ns: {{.Release.Namespace}}
creationTimestamp: null
name: httproutes.gateway.networking.k8s.io
spec:
group: gateway.networking.k8s.io
names:
categories:
- gateway-api
kind: HTTPRoute
listKind: HTTPRouteList
plural: httproutes
singular: httproute
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.hostnames
name: Hostnames
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
deprecationWarning: The v1alpha2 version of HTTPRoute has been deprecated and
will be removed in a future release of the API. Please upgrade to v1beta1.
name: v1alpha2
schema:
openAPIV3Schema:
description: HTTPRoute provides a way to route HTTP requests. This includes
the capability to match requests by hostname, path, header, or query param.
Filters can be used to specify additional processing steps. Backends specify
where matching requests should be routed.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the desired state of HTTPRoute.
properties:
hostnames:
description: "Hostnames defines a set of hostname that should match
against the HTTP Host header to select a HTTPRoute used to process
the request. Implementations MUST ignore any port value specified
in the HTTP Host header while performing a match. \n Valid values
for Hostnames are determined by RFC 1123 definition of a hostname
with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
may be prefixed with a wildcard label (`*.`). The wildcard label
must appear by itself as the first label. \n If a hostname is specified
by both the Listener and HTTPRoute, there must be at least one intersecting
hostname for the HTTPRoute to be attached to the Listener. For example:
\n * A Listener with `test.example.com` as the hostname matches
HTTPRoutes that have either not specified any hostnames, or have
specified at least one of `test.example.com` or `*.example.com`.
* A Listener with `*.example.com` as the hostname matches HTTPRoutes
that have either not specified any hostnames or have specified at
least one hostname that matches the Listener hostname. For example,
`*.example.com`, `test.example.com`, and `foo.test.example.com`
would all match. On the other hand, `example.com` and `test.example.net`
would not match. \n Hostnames that are prefixed with a wildcard
label (`*.`) are interpreted as a suffix match. That means that
a match for `*.example.com` would match both `test.example.com`,
and `foo.test.example.com`, but not `example.com`. \n If both the
Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
that do not match the Listener hostname MUST be ignored. For example,
if a Listener specified `*.example.com`, and the HTTPRoute specified
`test.example.com` and `test.example.net`, `test.example.net` must
not be considered for a match. \n If both the Listener and HTTPRoute
have specified hostnames, and none match with the criteria above,
then the HTTPRoute is not accepted. The implementation must raise
an 'Accepted' Condition with a status of `False` in the corresponding
RouteParentStatus. \n In the event that multiple HTTPRoutes specify
intersecting hostnames (e.g. overlapping wildcard matching and exact
matching hostnames), precedence must be given to rules from the
HTTPRoute with the largest number of: \n * Characters in a matching
non-wildcard hostname. * Characters in a matching hostname. \n If
ties exist across multiple Routes, the matching precedence rules
for HTTPRouteMatches takes over. \n Support: Core"
items:
description: "Hostname is the fully qualified domain name of a network
host. This matches the RFC 1123 definition of a hostname with
2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
may be prefixed with a wildcard label (`*.`). The wildcard label
must appear by itself as the first label. \n Hostname can be \"precise\"
which is a domain name without the terminating dot of a network
host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
name prefixed with a single wildcard label (e.g. `*.example.com`).
\n Note that as per RFC1035 and RFC1123, a *label* must consist
of lower case alphanumeric characters or '-', and must start and
end with an alphanumeric character. No other punctuation is allowed."
maxLength: 253
minLength: 1
pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
maxItems: 16
type: array
parentRefs:
description: "ParentRefs references the resources (usually Gateways)
that a Route wants to be attached to. Note that the referenced parent
resource needs to allow this for the attachment to be complete.
For Gateways, that means the Gateway needs to allow attachment from
Routes of this kind and namespace. \n The only kind of parent resource
with \"Core\" support is Gateway. This API may be extended in the
future to support additional kinds of parent resources such as one
of the route kinds. \n It is invalid to reference an identical parent
more than once. It is valid to reference multiple distinct sections
within the same parent resource, such as 2 Listeners within a Gateway.
\n It is possible to separately reference multiple distinct objects
that may be collapsed by an implementation. For example, some implementations
may choose to merge compatible Gateway Listeners together. If that
is the case, the list of routes attached to those resources should
also be merged. \n Note that for ParentRefs that cross namespace
boundaries, there are specific rules. Cross-namespace references
are only valid if they are explicitly allowed by something in the
namespace they are referring to. For example, Gateway has the AllowedRoutes
field, and ReferenceGrant provides a generic way to enable any other
kind of cross-namespace reference."
items:
description: "ParentReference identifies an API object (usually
a Gateway) that can be considered a parent of this resource (usually
a route). The only kind of parent resource with \"Core\" support
is Gateway. This API may be extended in the future to support
additional kinds of parent resources, such as HTTPRoute. \n The
API object must be valid in the cluster; the Group and Kind must
be registered in the cluster for this reference to be valid."
properties:
group:
default: gateway.networking.k8s.io
description: "Group is the group of the referent. When unspecified,
\"gateway.networking.k8s.io\" is inferred. To set the core
API group (such as for a \"Service\" kind referent), Group
must be explicitly set to \"\" (empty string). \n Support:
Core"
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
description: "Kind is kind of the referent. \n Support: Core
(Gateway) \n Support: Implementation-specific (Other Resources)"
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: "Name is the name of the referent. \n Support:
Core"
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace of the referent. When
unspecified, this refers to the local namespace of the Route.
\n Note that there are specific rules for ParentRefs which
cross namespace boundaries. Cross-namespace references are
only valid if they are explicitly allowed by something in
the namespace they are referring to. For example: Gateway
has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
\n Support: Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: "Port is the network port this Route targets. It
can be interpreted differently based on the type of parent
resource. \n When the parent resource is a Gateway, this targets
all listeners listening on the specified port that also support
this kind of Route(and select this Route). It's not recommended
to set `Port` unless the networking behaviors specified in
a Route must apply to a specific port as opposed to a listener(s)
whose port(s) may be changed. When both Port and SectionName
are specified, the name and port of the selected listener
must match both specified values. \n Implementations MAY choose
to support other parent resources. Implementations supporting
other types of parent resources MUST clearly document how/if
Port is interpreted. \n For the purpose of status, an attachment
is considered successful as long as the parent resource accepts
it partially. For example, Gateway listeners can restrict
which Routes can attach to them by Route kind, namespace,
or hostname. If 1 of 2 Gateway listeners accept attachment
from the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this
Route, the Route MUST be considered detached from the Gateway.
\n Support: Extended \n <gateway:experimental>"
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
description: "SectionName is the name of a section within the
target resource. In the following resources, SectionName is
interpreted as the following: \n * Gateway: Listener Name.
When both Port (experimental) and SectionName are specified,
the name and port of the selected listener must match both
specified values. \n Implementations MAY choose to support
attaching Routes to other resources. If that is the case,
they MUST clearly document how SectionName is interpreted.
\n When unspecified (empty string), this will reference the
entire resource. For the purpose of status, an attachment
is considered successful if at least one section in the parent
resource accepts it. For example, Gateway listeners can restrict
which Routes can attach to them by Route kind, namespace,
or hostname. If 1 of 2 Gateway listeners accept attachment
from the referencing Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment from this
Route, the Route MUST be considered detached from the Gateway.
\n Support: Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- name
type: object
maxItems: 32
type: array
rules:
default:
- matches:
- path:
type: PathPrefix
value: /
description: Rules are a list of HTTP matchers, filters and actions.
items:
description: HTTPRouteRule defines semantics for matching an HTTP
request based on conditions (matches), processing it (filters),
and forwarding the request to an API object (backendRefs).
properties:
backendRefs:
description: "BackendRefs defines the backend(s) where matching
requests should be sent. \n Failure behavior here depends
on how many BackendRefs are specified and how many are invalid.
\n If *all* entries in BackendRefs are invalid, and there
are also no filters specified in this route rule, *all* traffic
which matches this rule MUST receive a 500 status code. \n
See the HTTPBackendRef definition for the rules about what
makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
is invalid, 500 status codes MUST be returned for requests
that would have otherwise been routed to an invalid backend.
If multiple backends are specified, and some are invalid,
the proportion of requests that would otherwise have been
routed to an invalid backend MUST receive a 500 status code.
\n For example, if two backends are specified with equal weights,
and one is invalid, 50 percent of traffic must receive a 500.
Implementations may choose how that 50 percent is determined.
\n Support: Core for Kubernetes Service \n Support: Extended
for Kubernetes ServiceImport \n Support: Implementation-specific
for any other resource \n Support for weight: Core"
items:
description: HTTPBackendRef defines how a HTTPRoute should
forward an HTTP request.
properties:
filters:
description: "Filters defined at this level should be
executed if and only if the request is being forwarded
to the backend defined here. \n Support: Implementation-specific
(For broader support of filters, use the Filters field
in HTTPRouteRule.)"
items:
description: HTTPRouteFilter defines processing steps
that must be completed during the request or response
lifecycle. HTTPRouteFilters are meant as an extension
point to express processing that may be done in Gateway
implementations. Some examples include request or
response modification, implementing authentication
strategies, rate-limiting, and traffic shaping. API
guarantee/conformance is defined based on the type
of the filter.
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific
extension to the \"filter\" behavior. For example,
resource \"myroutefilter\" in group \"networking.example.net\").
ExtensionRef MUST NOT be used for core and extended
filters. \n Support: Implementation-specific"
properties:
group:
description: Group is the group of the referent.
For example, "gateway.networking.k8s.io".
When unspecified or empty string, core API
group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: Kind is kind of the referent. For
example "HTTPRoute" or "Service".
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
requestHeaderModifier:
description: "RequestHeaderModifier defines a schema
for a filter that modifies request headers. \n
Support: Core"
properties:
add:
description: "Add adds the given header(s) (name,
value) to the request before the action. It
appends to any existing values associated
with the header name. \n Input: GET /foo HTTP/1.1
my-header: foo \n Config: add: - name: \"my-header\"
value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
my-header: foo,bar,baz"
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
description: "Name is the name of the
HTTP Header to be matched. Name matching
MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
\n If multiple entries specify equivalent
header names, the first entry with an
equivalent name MUST be considered for
a match. Subsequent entries with an
equivalent header name MUST be ignored.
Due to the case-insensitivity of header
names, \"foo\" and \"Foo\" are considered
equivalent."
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
description: Value is the value of HTTP
Header to be matched.
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
remove:
description: "Remove the given header(s) from
the HTTP request before the action. The value
of Remove is a list of HTTP header names.
Note that the header names are case-insensitive
(see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
\n Input: GET /foo HTTP/1.1 my-header1: foo
my-header2: bar my-header3: baz \n Config:
remove: [\"my-header1\", \"my-header3\"] \n
Output: GET /foo HTTP/1.1 my-header2: bar"
items:
type: string
maxItems: 16
type: array
set:
description: "Set overwrites the request with
the given header (name, value) before the
action. \n Input: GET /foo HTTP/1.1 my-header:
foo \n Config: set: - name: \"my-header\"
value: \"bar\" \n Output: GET /foo HTTP/1.1
my-header: bar"
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
description: "Name is the name of the
HTTP Header to be matched. Name matching
MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
\n If multiple entries specify equivalent
header names, the first entry with an
equivalent name MUST be considered for
a match. Subsequent entries with an
equivalent header name MUST be ignored.
Due to the case-insensitivity of header
names, \"foo\" and \"Foo\" are considered
equivalent."
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
description: Value is the value of HTTP
Header to be matched.
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
requestMirror:
description: "RequestMirror defines a schema for
a filter that mirrors requests. Requests are sent
to the specified destination, but responses from
that destination are ignored. \n Support: Extended"
properties:
backendRef:
description: "BackendRef references a resource
where mirrored requests are sent. \n If the
referent cannot be found, this BackendRef
is invalid and must be dropped from the Gateway.
The controller must ensure the \"ResolvedRefs\"
condition on the Route status is set to `status:
False` and not configure this backend in the
underlying implementation. \n If there is
a cross-namespace reference to an *existing*
object that is not allowed by a ReferenceGrant,
the controller must ensure the \"ResolvedRefs\"
\ condition on the Route is set to `status:
False`, with the \"RefNotPermitted\" reason
and not configure this backend in the underlying
implementation. \n In either error case, the
Message of the `ResolvedRefs` Condition should
be used to provide more detail about the problem.
\n Support: Extended for Kubernetes Service
\n Support: Implementation-specific for any
other resource"
properties:
group:
default: ""
description: Group is the group of the referent.
For example, "gateway.networking.k8s.io".
When unspecified or empty string, core
API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: "Kind is the Kubernetes resource
kind of the referent. For example \"Service\".
\n Defaults to \"Service\" when not specified.
\n ExternalName services can refer to
CNAME DNS records that may live outside
of the cluster and as such are difficult
to reason about in terms of conformance.
They also may not be safe to forward to
(see CVE-2021-25740 for more information).
Implementations SHOULD NOT support ExternalName
Services. \n Support: Core (Services with
a type other than ExternalName) \n Support:
Implementation-specific (Services with
type ExternalName)"
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace
of the backend. When unspecified, the
local namespace is inferred. \n Note that
when a namespace different than the local
namespace is specified, a ReferenceGrant
object is required in the referent namespace
to allow that namespace's owner to accept
the reference. See the ReferenceGrant
documentation for details. \n Support:
Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: Port specifies the destination
port number to use for this resource.
Port is required when the referent is
a Kubernetes Service. In this case, the
port number is the service port number,
not the target port. For other resources,
destination port might be derived from
the referent resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- name
type: object
required:
- backendRef
type: object
requestRedirect:
description: "RequestRedirect defines a schema for
a filter that responds to the request with an
HTTP redirection. \n Support: Core"
properties:
hostname:
description: "Hostname is the hostname to be
used in the value of the `Location` header
in the response. When empty, the hostname
in the `Host` header of the request is used.
\n Support: Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
description: "Path defines parameters used to
modify the path of the incoming request. The
modified path is then used to construct the
`Location` header. When empty, the request
path is used as-is. \n Support: Extended"
properties:
replaceFullPath:
description: ReplaceFullPath specifies the
value with which to replace the full path
of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
description: "ReplacePrefixMatch specifies
the value with which to replace the prefix
match of a request during a rewrite or
redirect. For example, a request to \"/foo/bar\"
with a prefix match of \"/foo\" would
be modified to \"/bar\". \n Note that
this matches the behavior of the PathPrefix
match type. This matches full path elements.
A path element refers to the list of labels
in the path split by the `/` separator.
When specified, a trailing `/` is ignored.
For example, the paths `/abc`, `/abc/`,
and `/abc/def` would all match the prefix
`/abc`, but the path `/abcd` would not."
maxLength: 1024
type: string
type:
description: "Type defines the type of path
modifier. Additional types may be added
in a future release of the API. \n Note
that values may be added to this enum,
implementations must ensure that unknown
values will not cause a crash. \n Unknown
values here must result in the implementation
setting the Accepted Condition for the
Route to `status: False`, with a Reason
of `UnsupportedValue`."
enum:
- ReplaceFullPath
- ReplacePrefixMatch
type: string
required:
- type
type: object
port:
description: "Port is the port to be used in
the value of the `Location` header in the
response. \n If no port is specified, the
redirect port MUST be derived using the following
rules: \n * If redirect scheme is not-empty,
the redirect port MUST be the well-known port
associated with the redirect scheme. Specifically
\"http\" to port 80 and \"https\" to port
443. If the redirect scheme does not have
a well-known port, the listener port of the
Gateway SHOULD be used. * If redirect scheme
is empty, the redirect port MUST be the Gateway
Listener port. \n Implementations SHOULD NOT
add the port number in the 'Location' header
in the following cases: \n * A Location header
that will use HTTP (whether that is determined
via the Listener protocol or the Scheme field)
_and_ use port 80. * A Location header that
will use HTTPS (whether that is determined
via the Listener protocol or the Scheme field)
_and_ use port 443. \n Support: Extended"
format: int32
maximum: 65535
minimum: 1
type: integer
scheme:
description: "Scheme is the scheme to be used
in the value of the `Location` header in the
response. When empty, the scheme of the request
is used. \n Scheme redirects can affect the
port of the redirect, for more information,
refer to the documentation for the port field
of this filter. \n Note that values may be
added to this enum, implementations must ensure
that unknown values will not cause a crash.
\n Unknown values here must result in the
implementation setting the Accepted Condition
for the Route to `status: False`, with a Reason
of `UnsupportedValue`. \n Support: Extended"
enum:
- http
- https
type: string
statusCode:
default: 302
description: "StatusCode is the HTTP status
code to be used in response. \n Note that
values may be added to this enum, implementations
must ensure that unknown values will not cause
a crash. \n Unknown values here must result
in the implementation setting the Accepted
Condition for the Route to `status: False`,
with a Reason of `UnsupportedValue`. \n Support:
Core"
enum:
- 301
- 302
type: integer
type: object
responseHeaderModifier:
description: "ResponseHeaderModifier defines a schema
for a filter that modifies response headers. \n
Support: Extended"
properties:
add:
description: "Add adds the given header(s) (name,
value) to the request before the action. It
appends to any existing values associated
with the header name. \n Input: GET /foo HTTP/1.1
my-header: foo \n Config: add: - name: \"my-header\"
value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
my-header: foo,bar,baz"
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
description: "Name is the name of the
HTTP Header to be matched. Name matching
MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
\n If multiple entries specify equivalent
header names, the first entry with an
equivalent name MUST be considered for
a match. Subsequent entries with an
equivalent header name MUST be ignored.
Due to the case-insensitivity of header
names, \"foo\" and \"Foo\" are considered
equivalent."
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
description: Value is the value of HTTP
Header to be matched.
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
remove:
description: "Remove the given header(s) from
the HTTP request before the action. The value
of Remove is a list of HTTP header names.
Note that the header names are case-insensitive
(see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
\n Input: GET /foo HTTP/1.1 my-header1: foo
my-header2: bar my-header3: baz \n Config:
remove: [\"my-header1\", \"my-header3\"] \n
Output: GET /foo HTTP/1.1 my-header2: bar"
items:
type: string
maxItems: 16
type: array
set:
description: "Set overwrites the request with
the given header (name, value) before the
action. \n Input: GET /foo HTTP/1.1 my-header:
foo \n Config: set: - name: \"my-header\"
value: \"bar\" \n Output: GET /foo HTTP/1.1
my-header: bar"
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
description: "Name is the name of the
HTTP Header to be matched. Name matching
MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
\n If multiple entries specify equivalent
header names, the first entry with an
equivalent name MUST be considered for
a match. Subsequent entries with an
equivalent header name MUST be ignored.
Due to the case-insensitivity of header
names, \"foo\" and \"Foo\" are considered
equivalent."
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
description: Value is the value of HTTP
Header to be matched.
maxLength: 4096
minLength: 1
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
type:
description: "Type identifies the type of filter
to apply. As with other API fields, types are
classified into three conformance levels: \n -
Core: Filter types and their corresponding configuration
defined by \"Support: Core\" in this package,
e.g. \"RequestHeaderModifier\". All implementations
must support core filters. \n - Extended: Filter
types and their corresponding configuration defined
by \"Support: Extended\" in this package, e.g.
\"RequestMirror\". Implementers are encouraged
to support extended filters. \n - Implementation-specific:
Filters that are defined and supported by specific
vendors. In the future, filters showing convergence
in behavior across multiple implementations will
be considered for inclusion in extended or core
conformance levels. Filter-specific configuration
for such filters is specified using the ExtensionRef
field. `Type` should be set to \"ExtensionRef\"
for custom filters. \n Implementers are encouraged
to define custom implementation types to extend
the core API with implementation-specific behavior.
\n If a reference to a custom filter type cannot
be resolved, the filter MUST NOT be skipped. Instead,
requests that would have been processed by that
filter MUST receive a HTTP error response. \n
Note that values may be added to this enum, implementations
must ensure that unknown values will not cause
a crash. \n Unknown values here must result in
the implementation setting the Accepted Condition
for the Route to `status: False`, with a Reason
of `UnsupportedValue`."
enum:
- RequestHeaderModifier
- ResponseHeaderModifier
- RequestMirror
- RequestRedirect
- URLRewrite
- ExtensionRef
type: string
urlRewrite:
description: "URLRewrite defines a schema for a
filter that modifies a request during forwarding.
\n Support: Extended"
properties:
hostname:
description: "Hostname is the value to be used
to replace the Host header value during forwarding.
\n Support: Extended"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
description: "Path defines a path rewrite. \n
Support: Extended"
properties:
replaceFullPath:
description: ReplaceFullPath specifies the
value with which to replace the full path
of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
description: "ReplacePrefixMatch specifies
the value with which to replace the prefix
match of a request during a rewrite or
redirect. For example, a request to \"/foo/bar\"
with a prefix match of \"/foo\" would
be modified to \"/bar\". \n Note that
this matches the behavior of the PathPrefix
match type. This matches full path elements.
A path element refers to the list of labels
in the path split by the `/` separator.
When specified, a trailing `/` is ignored.
For example, the paths `/abc`, `/abc/`,
and `/abc/def` would all match the prefix
`/abc`, but the path `/abcd` would not."
maxLength: 1024
type: string
type:
description: "Type defines the type of path
modifier. Additional types may be added
in a future release of the API. \n Note
that values may be added to this enum,
implementations must ensure that unknown
values will not cause a crash. \n Unknown
values here must result in the implementation
setting the Accepted Condition for the
Route to `status: False`, with a Reason
of `UnsupportedValue`."
enum:
- ReplaceFullPath
- ReplacePrefixMatch
type: string
required:
- type
type: object
type: object
required:
- type
type: object
maxItems: 16
type: array
group:
default: ""
description: Group is the group of the referent. For example,
"gateway.networking.k8s.io". When unspecified or empty
string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: "Kind is the Kubernetes resource kind of
the referent. For example \"Service\". \n Defaults to
\"Service\" when not specified. \n ExternalName services
can refer to CNAME DNS records that may live outside
of the cluster and as such are difficult to reason about
in terms of conformance. They also may not be safe to
forward to (see CVE-2021-25740 for more information).
Implementations SHOULD NOT support ExternalName Services.
\n Support: Core (Services with a type other than ExternalName)
\n Support: Implementation-specific (Services with type
ExternalName)"
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace of the backend.
When unspecified, the local namespace is inferred. \n
Note that when a namespace different than the local
namespace is specified, a ReferenceGrant object is required
in the referent namespace to allow that namespace's
owner to accept the reference. See the ReferenceGrant
documentation for details. \n Support: Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: Port specifies the destination port number
to use for this resource. Port is required when the
referent is a Kubernetes Service. In this case, the
port number is the service port number, not the target
port. For other resources, destination port might be
derived from the referent resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
weight:
default: 1
description: "Weight specifies the proportion of requests
forwarded to the referenced backend. This is computed
as weight/(sum of all weights in this BackendRefs list).
For non-zero values, there may be some epsilon from
the exact proportion defined here depending on the precision
an implementation supports. Weight is not a percentage
and the sum of weights does not need to equal 100. \n
If only one backend is specified and it has a weight
greater than 0, 100% of the traffic is forwarded to
that backend. If weight is set to 0, no traffic should
be forwarded for this entry. If unspecified, weight
defaults to 1. \n Support for this field varies based
on the context where used."
format: int32
maximum: 1000000
minimum: 0
type: integer
required:
- name
type: object
maxItems: 16
type: array
filters:
description: "Filters define the filters that are applied to
requests that match this rule. \n The effects of ordering
of multiple behaviors are currently unspecified. This can
change in the future based on feedback during the alpha stage.
\n Conformance-levels at this level are defined based on the
type of filter: \n - ALL core filters MUST be supported by
all implementations. - Implementers are encouraged to support
extended filters. - Implementation-specific custom filters
have no API guarantees across implementations. \n Specifying
a core filter multiple times has unspecified or implementation-specific
conformance. \n All filters are expected to be compatible
with each other except for the URLRewrite and RequestRedirect
filters, which may not be combined. If an implementation can
not support other combinations of filters, they must clearly
document that limitation. In all cases where incompatible
or unsupported filters are specified, implementations MUST
add a warning condition to status. \n Support: Core"
items:
description: HTTPRouteFilter defines processing steps that
must be completed during the request or response lifecycle.
HTTPRouteFilters are meant as an extension point to express
processing that may be done in Gateway implementations.
Some examples include request or response modification,
implementing authentication strategies, rate-limiting, and
traffic shaping. API guarantee/conformance is defined based
on the type of the filter.
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific
extension to the \"filter\" behavior. For example,
resource \"myroutefilter\" in group \"networking.example.net\").
ExtensionRef MUST NOT be used for core and extended
filters. \n Support: Implementation-specific"
properties:
group:
description: Group is the group of the referent. For
example, "gateway.networking.k8s.io". When unspecified
or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: Kind is kind of the referent. For example
"HTTPRoute" or "Service".
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
requestHeaderModifier:
description: "RequestHeaderModifier defines a schema for
a filter that modifies request headers. \n Support:
Core"
properties: