Skip to content

Commit

Permalink
Merge pull request #472 from solidDoWant/update-gateway-api-crds-1
Browse files Browse the repository at this point in the history 
Update Gateway API CRDs
  • Loading branch information
@ElanHasson
ElanHasson authored Feb 21, 2025
2 parents dc904d5 + 7b13208 commit e6b639c
Showing 12 changed files with 2,395 additions and 27 deletions.
273 changes: 273 additions & 0 deletions gateway.networking.k8s.io/backendlbpolicy_v1alpha2.json
View file

Large diffs are not rendered by default.

358 changes: 358 additions & 0 deletions gateway.networking.k8s.io/backendtlspolicy_v1alpha3.json
View file

Large diffs are not rendered by default.

96 changes: 96 additions & 0 deletions gateway.networking.k8s.io/gateway_v1.json
View file
Original file line number Diff line number Diff line change
@@ -92,6 +92,51 @@
}
]
},
"backendTLS": {
"description": "BackendTLS configures TLS settings for when this Gateway is connecting to\nbackends with TLS.\n\nSupport: Core\n\n",
"properties": {
"clientCertificateRef": {
"description": "ClientCertificateRef is a reference to an object that contains a Client\nCertificate and the associated private key.\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\nClientCertificateRef can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\nThis setting can be overridden on the service level by use of BackendTLSPolicy.\n\nSupport: Core\n\n",
"properties": {
"group": {
"default": "",
"description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.",
"maxLength": 253,
"pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
"type": "string"
},
"kind": {
"default": "Secret",
"description": "Kind is kind of the referent. For example \"Secret\".",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$",
"type": "string"
},
"name": {
"description": "Name is the name of the referent.",
"maxLength": 253,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"gatewayClassName": {
"description": "GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource.",
"maxLength": 253,
@@ -366,6 +411,57 @@
"maxItems": 64,
"type": "array"
},
"frontendValidation": {
"description": "FrontendValidation holds configuration information for validating the frontend (client).\nSetting this field will require clients to send a client certificate\nrequired for validation during the TLS handshake. In browsers this may result in a dialog appearing\nthat requests a user to specify the client certificate.\nThe maximum depth of a certificate chain accepted in verification is Implementation specific.\n\nSupport: Extended\n\n",
"properties": {
"caCertificateRefs": {
"description": "CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.",
"items": {
"description": "ObjectReference identifies an API object including its namespace.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.\n\nReferences to objects with invalid Group and Kind are not valid, and must\nbe rejected by the implementation, with appropriate Conditions set\non the containing object.",
"properties": {
"group": {
"description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.",
"maxLength": 253,
"pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
"type": "string"
},
"kind": {
"description": "Kind is kind of the referent. For example \"ConfigMap\" or \"Service\".",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$",
"type": "string"
},
"name": {
"description": "Name is the name of the referent.",
"maxLength": 253,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
"type": "string"
}
},
"required": [
"group",
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"maxItems": 8,
"minItems": 1,
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"mode": {
"default": "Terminate",
"description": "Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\nSupport: Core",
96 changes: 96 additions & 0 deletions gateway.networking.k8s.io/gateway_v1beta1.json
View file
Original file line number Diff line number Diff line change
@@ -92,6 +92,51 @@
}
]
},
"backendTLS": {
"description": "BackendTLS configures TLS settings for when this Gateway is connecting to\nbackends with TLS.\n\nSupport: Core\n\n",
"properties": {
"clientCertificateRef": {
"description": "ClientCertificateRef is a reference to an object that contains a Client\nCertificate and the associated private key.\n\nReferences to a resource in different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.\n\nClientCertificateRef can reference to standard Kubernetes resources, i.e.\nSecret, or implementation-specific custom resources.\n\nThis setting can be overridden on the service level by use of BackendTLSPolicy.\n\nSupport: Core\n\n",
"properties": {
"group": {
"default": "",
"description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.",
"maxLength": 253,
"pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
"type": "string"
},
"kind": {
"default": "Secret",
"description": "Kind is kind of the referent. For example \"Secret\".",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$",
"type": "string"
},
"name": {
"description": "Name is the name of the referent.",
"maxLength": 253,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
}
},
"type": "object",
"additionalProperties": false
},
"gatewayClassName": {
"description": "GatewayClassName used for this Gateway. This is the name of a\nGatewayClass resource.",
"maxLength": 253,
@@ -366,6 +411,57 @@
"maxItems": 64,
"type": "array"
},
"frontendValidation": {
"description": "FrontendValidation holds configuration information for validating the frontend (client).\nSetting this field will require clients to send a client certificate\nrequired for validation during the TLS handshake. In browsers this may result in a dialog appearing\nthat requests a user to specify the client certificate.\nThe maximum depth of a certificate chain accepted in verification is Implementation specific.\n\nSupport: Extended\n\n",
"properties": {
"caCertificateRefs": {
"description": "CACertificateRefs contains one or more references to\nKubernetes objects that contain TLS certificates of\nthe Certificate Authorities that can be used\nas a trust anchor to validate the certificates presented by the client.\n\nA single CA certificate reference to a Kubernetes ConfigMap\nhas \"Core\" support.\nImplementations MAY choose to support attaching multiple CA certificates to\na Listener, but this behavior is implementation-specific.\n\nSupport: Core - A single reference to a Kubernetes ConfigMap\nwith the CA certificate in a key named `ca.crt`.\n\nSupport: Implementation-specific (More than one reference, or other kinds\nof resources).\n\nReferences to a resource in a different namespace are invalid UNLESS there\nis a ReferenceGrant in the target namespace that allows the certificate\nto be attached. If a ReferenceGrant does not allow this reference, the\n\"ResolvedRefs\" condition MUST be set to False for this listener with the\n\"RefNotPermitted\" reason.",
"items": {
"description": "ObjectReference identifies an API object including its namespace.\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.\n\nReferences to objects with invalid Group and Kind are not valid, and must\nbe rejected by the implementation, with appropriate Conditions set\non the containing object.",
"properties": {
"group": {
"description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.",
"maxLength": 253,
"pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$",
"type": "string"
},
"kind": {
"description": "Kind is kind of the referent. For example \"ConfigMap\" or \"Service\".",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$",
"type": "string"
},
"name": {
"description": "Name is the name of the referent.",
"maxLength": 253,
"minLength": 1,
"type": "string"
},
"namespace": {
"description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core",
"maxLength": 63,
"minLength": 1,
"pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$",
"type": "string"
}
},
"required": [
"group",
"kind",
"name"
],
"type": "object",
"additionalProperties": false
},
"maxItems": 8,
"minItems": 1,
"type": "array"
}
},
"type": "object",
"additionalProperties": false
},
"mode": {
"default": "Terminate",
"description": "Mode defines the TLS behavior for the TLS session initiated by the client.\nThere are two possible modes:\n\n- Terminate: The TLS session between the downstream client and the\n Gateway is terminated at the Gateway. This mode requires certificates\n to be specified in some way, such as populating the certificateRefs\n field.\n- Passthrough: The TLS session is NOT terminated by the Gateway. This\n implies that the Gateway can't decipher the TLS stream except for\n the ClientHello message of the TLS protocol. The certificateRefs field\n is ignored in this mode.\n\nSupport: Core",
22 changes: 22 additions & 0 deletions gateway.networking.k8s.io/gatewayclass_v1.json
View file
Original file line number Diff line number Diff line change
@@ -161,6 +161,28 @@
"type"
],
"x-kubernetes-list-type": "map"
},
"supportedFeatures": {
"description": "SupportedFeatures is the set of features the GatewayClass support.\nIt MUST be sorted in ascending alphabetical order by the Name key.\n",
"items": {
"properties": {
"name": {
"description": "FeatureName is used to describe distinct features that are covered by\nconformance tests.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"maxItems": 64,
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map"
}
},
"type": "object",
22 changes: 22 additions & 0 deletions gateway.networking.k8s.io/gatewayclass_v1beta1.json
View file
Original file line number Diff line number Diff line change
@@ -161,6 +161,28 @@
"type"
],
"x-kubernetes-list-type": "map"
},
"supportedFeatures": {
"description": "SupportedFeatures is the set of features the GatewayClass support.\nIt MUST be sorted in ascending alphabetical order by the Name key.\n",
"items": {
"properties": {
"name": {
"description": "FeatureName is used to describe distinct features that are covered by\nconformance tests.",
"type": "string"
}
},
"required": [
"name"
],
"type": "object",
"additionalProperties": false
},
"maxItems": 64,
"type": "array",
"x-kubernetes-list-map-keys": [
"name"
],
"x-kubernetes-list-type": "map"
}
},
"type": "object",
Loading
Oops, something went wrong.

0 comments on commit e6b639c

Please sign in to comment.