534 lines
32 KiB
YAML
534 lines
32 KiB
YAML
{{- if .Values.enableTcpRoutes }}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/1923
|
|
gateway.networking.k8s.io/bundle-version: v0.7.1
|
|
gateway.networking.k8s.io/channel: experimental
|
|
{{ include "partials.annotations.created-by" . }}
|
|
labels:
|
|
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
|
|
linkerd.io/control-plane-ns: {{.Release.Namespace}}
|
|
creationTimestamp: null
|
|
name: tcproutes.gateway.networking.k8s.io
|
|
spec:
|
|
group: gateway.networking.k8s.io
|
|
names:
|
|
categories:
|
|
- gateway-api
|
|
kind: TCPRoute
|
|
listKind: TCPRouteList
|
|
plural: tcproutes
|
|
singular: tcproute
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1alpha2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: TCPRoute provides a way to route TCP requests. When combined
|
|
with a Gateway listener, it can be used to forward connections on the port
|
|
specified by the listener to a set of backends specified by the TCPRoute.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: Spec defines the desired state of TCPRoute.
|
|
properties:
|
|
parentRefs:
|
|
description: "ParentRefs references the resources (usually Gateways)
|
|
that a Route wants to be attached to. Note that the referenced parent
|
|
resource needs to allow this for the attachment to be complete.
|
|
For Gateways, that means the Gateway needs to allow attachment from
|
|
Routes of this kind and namespace. \n The only kind of parent resource
|
|
with \"Core\" support is Gateway. This API may be extended in the
|
|
future to support additional kinds of parent resources such as one
|
|
of the route kinds. \n It is invalid to reference an identical parent
|
|
more than once. It is valid to reference multiple distinct sections
|
|
within the same parent resource, such as 2 Listeners within a Gateway.
|
|
\n It is possible to separately reference multiple distinct objects
|
|
that may be collapsed by an implementation. For example, some implementations
|
|
may choose to merge compatible Gateway Listeners together. If that
|
|
is the case, the list of routes attached to those resources should
|
|
also be merged. \n Note that for ParentRefs that cross namespace
|
|
boundaries, there are specific rules. Cross-namespace references
|
|
are only valid if they are explicitly allowed by something in the
|
|
namespace they are referring to. For example, Gateway has the AllowedRoutes
|
|
field, and ReferenceGrant provides a generic way to enable any other
|
|
kind of cross-namespace reference."
|
|
items:
|
|
description: "ParentReference identifies an API object (usually
|
|
a Gateway) that can be considered a parent of this resource (usually
|
|
a route). The only kind of parent resource with \"Core\" support
|
|
is Gateway. This API may be extended in the future to support
|
|
additional kinds of parent resources, such as HTTPRoute. \n The
|
|
API object must be valid in the cluster; the Group and Kind must
|
|
be registered in the cluster for this reference to be valid."
|
|
properties:
|
|
group:
|
|
default: gateway.networking.k8s.io
|
|
description: "Group is the group of the referent. When unspecified,
|
|
\"gateway.networking.k8s.io\" is inferred. To set the core
|
|
API group (such as for a \"Service\" kind referent), Group
|
|
must be explicitly set to \"\" (empty string). \n Support:
|
|
Core"
|
|
maxLength: 253
|
|
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
type: string
|
|
kind:
|
|
default: Gateway
|
|
description: "Kind is kind of the referent. \n Support: Core
|
|
(Gateway) \n Support: Implementation-specific (Other Resources)"
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
|
|
type: string
|
|
name:
|
|
description: "Name is the name of the referent. \n Support:
|
|
Core"
|
|
maxLength: 253
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: "Namespace is the namespace of the referent. When
|
|
unspecified, this refers to the local namespace of the Route.
|
|
\n Note that there are specific rules for ParentRefs which
|
|
cross namespace boundaries. Cross-namespace references are
|
|
only valid if they are explicitly allowed by something in
|
|
the namespace they are referring to. For example: Gateway
|
|
has the AllowedRoutes field, and ReferenceGrant provides a
|
|
generic way to enable any other kind of cross-namespace reference.
|
|
\n Support: Core"
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
port:
|
|
description: "Port is the network port this Route targets. It
|
|
can be interpreted differently based on the type of parent
|
|
resource. \n When the parent resource is a Gateway, this targets
|
|
all listeners listening on the specified port that also support
|
|
this kind of Route(and select this Route). It's not recommended
|
|
to set `Port` unless the networking behaviors specified in
|
|
a Route must apply to a specific port as opposed to a listener(s)
|
|
whose port(s) may be changed. When both Port and SectionName
|
|
are specified, the name and port of the selected listener
|
|
must match both specified values. \n Implementations MAY choose
|
|
to support other parent resources. Implementations supporting
|
|
other types of parent resources MUST clearly document how/if
|
|
Port is interpreted. \n For the purpose of status, an attachment
|
|
is considered successful as long as the parent resource accepts
|
|
it partially. For example, Gateway listeners can restrict
|
|
which Routes can attach to them by Route kind, namespace,
|
|
or hostname. If 1 of 2 Gateway listeners accept attachment
|
|
from the referencing Route, the Route MUST be considered successfully
|
|
attached. If no Gateway listeners accept attachment from this
|
|
Route, the Route MUST be considered detached from the Gateway.
|
|
\n Support: Extended \n <gateway:experimental>"
|
|
format: int32
|
|
maximum: 65535
|
|
minimum: 1
|
|
type: integer
|
|
sectionName:
|
|
description: "SectionName is the name of a section within the
|
|
target resource. In the following resources, SectionName is
|
|
interpreted as the following: \n * Gateway: Listener Name.
|
|
When both Port (experimental) and SectionName are specified,
|
|
the name and port of the selected listener must match both
|
|
specified values. \n Implementations MAY choose to support
|
|
attaching Routes to other resources. If that is the case,
|
|
they MUST clearly document how SectionName is interpreted.
|
|
\n When unspecified (empty string), this will reference the
|
|
entire resource. For the purpose of status, an attachment
|
|
is considered successful if at least one section in the parent
|
|
resource accepts it. For example, Gateway listeners can restrict
|
|
which Routes can attach to them by Route kind, namespace,
|
|
or hostname. If 1 of 2 Gateway listeners accept attachment
|
|
from the referencing Route, the Route MUST be considered successfully
|
|
attached. If no Gateway listeners accept attachment from this
|
|
Route, the Route MUST be considered detached from the Gateway.
|
|
\n Support: Core"
|
|
maxLength: 253
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
maxItems: 32
|
|
type: array
|
|
rules:
|
|
description: Rules are a list of TCP matchers and actions.
|
|
items:
|
|
description: TCPRouteRule is the configuration for a given rule.
|
|
properties:
|
|
backendRefs:
|
|
description: "BackendRefs defines the backend(s) where matching
|
|
requests should be sent. If unspecified or invalid (refers
|
|
to a non-existent resource or a Service with no endpoints),
|
|
the underlying implementation MUST actively reject connection
|
|
attempts to this backend. Connection rejections must respect
|
|
weight; if an invalid backend is requested to have 80% of
|
|
connections, then 80% of connections must be rejected instead.
|
|
\n Support: Core for Kubernetes Service \n Support: Extended
|
|
for Kubernetes ServiceImport \n Support: Implementation-specific
|
|
for any other resource \n Support for weight: Extended"
|
|
items:
|
|
description: "BackendRef defines how a Route should forward
|
|
a request to a Kubernetes resource. \n Note that when a
|
|
namespace different than the local namespace is specified,
|
|
a ReferenceGrant object is required in the referent namespace
|
|
to allow that namespace's owner to accept the reference.
|
|
See the ReferenceGrant documentation for details."
|
|
properties:
|
|
group:
|
|
default: ""
|
|
description: Group is the group of the referent. For example,
|
|
"gateway.networking.k8s.io". When unspecified or empty
|
|
string, core API group is inferred.
|
|
maxLength: 253
|
|
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
type: string
|
|
kind:
|
|
default: Service
|
|
description: "Kind is the Kubernetes resource kind of
|
|
the referent. For example \"Service\". \n Defaults to
|
|
\"Service\" when not specified. \n ExternalName services
|
|
can refer to CNAME DNS records that may live outside
|
|
of the cluster and as such are difficult to reason about
|
|
in terms of conformance. They also may not be safe to
|
|
forward to (see CVE-2021-25740 for more information).
|
|
Implementations SHOULD NOT support ExternalName Services.
|
|
\n Support: Core (Services with a type other than ExternalName)
|
|
\n Support: Implementation-specific (Services with type
|
|
ExternalName)"
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
|
|
type: string
|
|
name:
|
|
description: Name is the name of the referent.
|
|
maxLength: 253
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: "Namespace is the namespace of the backend.
|
|
When unspecified, the local namespace is inferred. \n
|
|
Note that when a namespace different than the local
|
|
namespace is specified, a ReferenceGrant object is required
|
|
in the referent namespace to allow that namespace's
|
|
owner to accept the reference. See the ReferenceGrant
|
|
documentation for details. \n Support: Core"
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
port:
|
|
description: Port specifies the destination port number
|
|
to use for this resource. Port is required when the
|
|
referent is a Kubernetes Service. In this case, the
|
|
port number is the service port number, not the target
|
|
port. For other resources, destination port might be
|
|
derived from the referent resource or this field.
|
|
format: int32
|
|
maximum: 65535
|
|
minimum: 1
|
|
type: integer
|
|
weight:
|
|
default: 1
|
|
description: "Weight specifies the proportion of requests
|
|
forwarded to the referenced backend. This is computed
|
|
as weight/(sum of all weights in this BackendRefs list).
|
|
For non-zero values, there may be some epsilon from
|
|
the exact proportion defined here depending on the precision
|
|
an implementation supports. Weight is not a percentage
|
|
and the sum of weights does not need to equal 100. \n
|
|
If only one backend is specified and it has a weight
|
|
greater than 0, 100% of the traffic is forwarded to
|
|
that backend. If weight is set to 0, no traffic should
|
|
be forwarded for this entry. If unspecified, weight
|
|
defaults to 1. \n Support for this field varies based
|
|
on the context where used."
|
|
format: int32
|
|
maximum: 1000000
|
|
minimum: 0
|
|
type: integer
|
|
required:
|
|
- name
|
|
type: object
|
|
maxItems: 16
|
|
minItems: 1
|
|
type: array
|
|
type: object
|
|
maxItems: 16
|
|
minItems: 1
|
|
type: array
|
|
required:
|
|
- rules
|
|
type: object
|
|
status:
|
|
description: Status defines the current state of TCPRoute.
|
|
properties:
|
|
parents:
|
|
description: "Parents is a list of parent resources (usually Gateways)
|
|
that are associated with the route, and the status of the route
|
|
with respect to each parent. When this route attaches to a parent,
|
|
the controller that manages the parent must add an entry to this
|
|
list when the controller first sees the route and should update
|
|
the entry as appropriate when the route or gateway is modified.
|
|
\n Note that parent references that cannot be resolved by an implementation
|
|
of this API will not be added to this list. Implementations of this
|
|
API can only populate Route status for the Gateways/parent resources
|
|
they are responsible for. \n A maximum of 32 Gateways will be represented
|
|
in this list. An empty list means the route has not been attached
|
|
to any Gateway."
|
|
items:
|
|
description: RouteParentStatus describes the status of a route with
|
|
respect to an associated Parent.
|
|
properties:
|
|
conditions:
|
|
description: "Conditions describes the status of the route with
|
|
respect to the Gateway. Note that the route's availability
|
|
is also subject to the Gateway's own status conditions and
|
|
listener status. \n If the Route's ParentRef specifies an
|
|
existing Gateway that supports Routes of this kind AND that
|
|
Gateway's controller has sufficient access, then that Gateway's
|
|
controller MUST set the \"Accepted\" condition on the Route,
|
|
to indicate whether the route has been accepted or rejected
|
|
by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
|
|
if at least one of the Route's rules is implemented by the
|
|
Gateway. \n There are a number of cases where the \"Accepted\"
|
|
condition may not be set due to lack of controller visibility,
|
|
that includes when: \n * The Route refers to a non-existent
|
|
parent. * The Route is of a type that the controller does
|
|
not support. * The Route is in a namespace the controller
|
|
does not have access to."
|
|
items:
|
|
description: "Condition contains details for one aspect of
|
|
the current state of this API Resource. --- This struct
|
|
is intended for direct use as an array at the field path
|
|
.status.conditions. For example, \n type FooStatus struct{
|
|
// Represents the observations of a foo's current state.
|
|
// Known .status.conditions.type are: \"Available\", \"Progressing\",
|
|
and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
|
|
// +listType=map // +listMapKey=type Conditions []metav1.Condition
|
|
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
|
|
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
|
|
}"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should
|
|
be when the underlying condition changed. If that is
|
|
not known, then using the time when the API field changed
|
|
is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating
|
|
details about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance,
|
|
if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the
|
|
current state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier
|
|
indicating the reason for the condition's last transition.
|
|
Producers of specific condition types may define expected
|
|
values and meanings for this field, and whether the
|
|
values are considered a guaranteed API. The value should
|
|
be a CamelCase string. This field may not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False,
|
|
Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across
|
|
resources like Available, but because arbitrary conditions
|
|
can be useful (see .node.status.conditions), the ability
|
|
to deconflict is important. The regex it matches is
|
|
(dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
maxItems: 8
|
|
minItems: 1
|
|
type: array
|
|
x-kubernetes-list-map-keys:
|
|
- type
|
|
x-kubernetes-list-type: map
|
|
controllerName:
|
|
description: "ControllerName is a domain/path string that indicates
|
|
the name of the controller that wrote this status. This corresponds
|
|
with the controllerName field on GatewayClass. \n Example:
|
|
\"example.net/gateway-controller\". \n The format of this
|
|
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
|
|
Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
|
|
\n Controllers MUST populate this field when writing status.
|
|
Controllers should ensure that entries to status populated
|
|
with their ControllerName are cleaned up when they are no
|
|
longer necessary."
|
|
maxLength: 253
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
|
|
type: string
|
|
parentRef:
|
|
description: ParentRef corresponds with a ParentRef in the spec
|
|
that this RouteParentStatus struct describes the status of.
|
|
properties:
|
|
group:
|
|
default: gateway.networking.k8s.io
|
|
description: "Group is the group of the referent. When unspecified,
|
|
\"gateway.networking.k8s.io\" is inferred. To set the
|
|
core API group (such as for a \"Service\" kind referent),
|
|
Group must be explicitly set to \"\" (empty string). \n
|
|
Support: Core"
|
|
maxLength: 253
|
|
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
type: string
|
|
kind:
|
|
default: Gateway
|
|
description: "Kind is kind of the referent. \n Support:
|
|
Core (Gateway) \n Support: Implementation-specific (Other
|
|
Resources)"
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
|
|
type: string
|
|
name:
|
|
description: "Name is the name of the referent. \n Support:
|
|
Core"
|
|
maxLength: 253
|
|
minLength: 1
|
|
type: string
|
|
namespace:
|
|
description: "Namespace is the namespace of the referent.
|
|
When unspecified, this refers to the local namespace of
|
|
the Route. \n Note that there are specific rules for ParentRefs
|
|
which cross namespace boundaries. Cross-namespace references
|
|
are only valid if they are explicitly allowed by something
|
|
in the namespace they are referring to. For example: Gateway
|
|
has the AllowedRoutes field, and ReferenceGrant provides
|
|
a generic way to enable any other kind of cross-namespace
|
|
reference. \n Support: Core"
|
|
maxLength: 63
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
|
|
type: string
|
|
port:
|
|
description: "Port is the network port this Route targets.
|
|
It can be interpreted differently based on the type of
|
|
parent resource. \n When the parent resource is a Gateway,
|
|
this targets all listeners listening on the specified
|
|
port that also support this kind of Route(and select this
|
|
Route). It's not recommended to set `Port` unless the
|
|
networking behaviors specified in a Route must apply to
|
|
a specific port as opposed to a listener(s) whose port(s)
|
|
may be changed. When both Port and SectionName are specified,
|
|
the name and port of the selected listener must match
|
|
both specified values. \n Implementations MAY choose to
|
|
support other parent resources. Implementations supporting
|
|
other types of parent resources MUST clearly document
|
|
how/if Port is interpreted. \n For the purpose of status,
|
|
an attachment is considered successful as long as the
|
|
parent resource accepts it partially. For example, Gateway
|
|
listeners can restrict which Routes can attach to them
|
|
by Route kind, namespace, or hostname. If 1 of 2 Gateway
|
|
listeners accept attachment from the referencing Route,
|
|
the Route MUST be considered successfully attached. If
|
|
no Gateway listeners accept attachment from this Route,
|
|
the Route MUST be considered detached from the Gateway.
|
|
\n Support: Extended \n <gateway:experimental>"
|
|
format: int32
|
|
maximum: 65535
|
|
minimum: 1
|
|
type: integer
|
|
sectionName:
|
|
description: "SectionName is the name of a section within
|
|
the target resource. In the following resources, SectionName
|
|
is interpreted as the following: \n * Gateway: Listener
|
|
Name. When both Port (experimental) and SectionName are
|
|
specified, the name and port of the selected listener
|
|
must match both specified values. \n Implementations MAY
|
|
choose to support attaching Routes to other resources.
|
|
If that is the case, they MUST clearly document how SectionName
|
|
is interpreted. \n When unspecified (empty string), this
|
|
will reference the entire resource. For the purpose of
|
|
status, an attachment is considered successful if at least
|
|
one section in the parent resource accepts it. For example,
|
|
Gateway listeners can restrict which Routes can attach
|
|
to them by Route kind, namespace, or hostname. If 1 of
|
|
2 Gateway listeners accept attachment from the referencing
|
|
Route, the Route MUST be considered successfully attached.
|
|
If no Gateway listeners accept attachment from this Route,
|
|
the Route MUST be considered detached from the Gateway.
|
|
\n Support: Core"
|
|
maxLength: 253
|
|
minLength: 1
|
|
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
required:
|
|
- controllerName
|
|
- parentRef
|
|
type: object
|
|
maxItems: 32
|
|
type: array
|
|
required:
|
|
- parents
|
|
type: object
|
|
required:
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: null
|
|
storedVersions: null
|
|
{{- end }}
|