diff --git a/apis/v1/gateway_types.go b/apis/v1/gateway_types.go index 967f4a23e6..ebede09cbc 100644 --- a/apis/v1/gateway_types.go +++ b/apis/v1/gateway_types.go @@ -307,14 +307,22 @@ type ListenerNamespaces struct { // values are: // // * Same: Only ListenerSets in the same namespace may be attached to this Gateway. + // * Selector: ListenerSets in namespaces selected by the selector may be attached to this Gateway. + // * All: ListenerSets in all namespaces may be attached to this Gateway. // * None: Only listeners defined in the Gateway's spec are allowed // // While this feature is experimental, the default value None // // +optional // +kubebuilder:default=None - // +kubebuilder:validation:Enum=Same;None From *FromNamespaces `json:"from,omitempty"` + + // Selector must be specified when From is set to "Selector". In that case, + // only ListenerSets in Namespaces matching this Selector will be selected by this + // Gateway. This field is ignored for other values of "From". + // + // +optional + Selector *metav1.LabelSelector `json:"selector,omitempty"` } // Listener embodies the concept of a logical endpoint where a Gateway accepts diff --git a/apis/v1/zz_generated.deepcopy.go b/apis/v1/zz_generated.deepcopy.go index dca536cf74..1e7d996b4d 100644 --- a/apis/v1/zz_generated.deepcopy.go +++ b/apis/v1/zz_generated.deepcopy.go @@ -1464,6 +1464,11 @@ func (in *ListenerNamespaces) DeepCopyInto(out *ListenerNamespaces) { *out = new(FromNamespaces) **out = **in } + if in.Selector != nil { + in, out := &in.Selector, &out.Selector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ListenerNamespaces. diff --git a/apisx/v1alpha1/listenerset_types.go b/apisx/v1alpha1/listenerset_types.go index 4fa7bcd22f..a46cc3abd7 100644 --- a/apisx/v1alpha1/listenerset_types.go +++ b/apisx/v1alpha1/listenerset_types.go @@ -95,8 +95,6 @@ type ListenerEntry struct { // Name is not required to be unique across a Gateway and ListenerSets. // Routes can attach to a Listener by having a ListenerSet as a parentRef // and setting the SectionName - // - // Support: Core Name SectionName `json:"name"` // Hostname specifies the virtual hostname to match for protocol types that @@ -124,22 +122,16 @@ type ListenerEntry struct { // as a suffix match. That means that a match for `*.example.com` would match // both `test.example.com`, and `foo.test.example.com`, but not `example.com`. // - // Support: Core - // // +optional Hostname *Hostname `json:"hostname,omitempty"` // Port is the network port. Multiple listeners may use the // same port, subject to the Listener compatibility rules. // - // Support: Core - // // +optional Port PortNumber `json:"port,omitempty"` // Protocol specifies the network protocol this listener expects to receive. - // - // Support: Core Protocol ProtocolType `json:"protocol"` // TLS is the TLS configuration for the Listener. This field is required if @@ -152,8 +144,6 @@ type ListenerEntry struct { // The GatewayClass MUST use the longest matching SNI out of all // available certificates for any TLS handshake. // - // Support: Core - // // +optional TLS *GatewayTLSConfig `json:"tls,omitempty"` @@ -180,7 +170,6 @@ type ListenerEntry struct { // example, even if a filter specified by a Route rule is invalid, the rest // of the rules within that Route should still be supported. // - // Support: Core // +kubebuilder:default={namespaces:{from: Same}} // +optional AllowedRoutes *AllowedRoutes `json:"allowedRoutes,omitempty"` diff --git a/apisx/v1alpha1/shared_types.go b/apisx/v1alpha1/shared_types.go index fe5cf7b29d..190eeaecb7 100644 --- a/apisx/v1alpha1/shared_types.go +++ b/apisx/v1alpha1/shared_types.go @@ -39,6 +39,8 @@ type ( RouteGroupKind = v1.RouteGroupKind // +k8s:deepcopy-gen=false SectionName = v1.SectionName + // +k8s:deepcopy-gen=false + Namespace = v1.Namespace ) // ParentGatewayReference identifies an API object including its namespace, @@ -58,4 +60,11 @@ type ParentGatewayReference struct { // Name is the name of the referent. Name ObjectName `json:"name"` + + // Namespace is the namespace of the referent. If not present, + // the namespace of the referent is assumed to be the same as + // the namespace of the referring object. + // + // +optional + Namespace *Namespace `json:"namespace,omitempty"` } diff --git a/apisx/v1alpha1/zz_generated.deepcopy.go b/apisx/v1alpha1/zz_generated.deepcopy.go index 0eeca2e595..c3a547570d 100644 --- a/apisx/v1alpha1/zz_generated.deepcopy.go +++ b/apisx/v1alpha1/zz_generated.deepcopy.go @@ -209,6 +209,11 @@ func (in *ParentGatewayReference) DeepCopyInto(out *ParentGatewayReference) { *out = new(v1.Kind) **out = **in } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(v1.Namespace) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParentGatewayReference. diff --git a/applyconfiguration/apis/v1/listenernamespaces.go b/applyconfiguration/apis/v1/listenernamespaces.go index 33d0be045a..d6869648bb 100644 --- a/applyconfiguration/apis/v1/listenernamespaces.go +++ b/applyconfiguration/apis/v1/listenernamespaces.go @@ -19,13 +19,15 @@ limitations under the License. package v1 import ( + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" v1 "sigs.k8s.io/gateway-api/apis/v1" ) // ListenerNamespacesApplyConfiguration represents a declarative configuration of the ListenerNamespaces type for use // with apply. type ListenerNamespacesApplyConfiguration struct { - From *v1.FromNamespaces `json:"from,omitempty"` + From *v1.FromNamespaces `json:"from,omitempty"` + Selector *metav1.LabelSelectorApplyConfiguration `json:"selector,omitempty"` } // ListenerNamespacesApplyConfiguration constructs a declarative configuration of the ListenerNamespaces type for use with @@ -41,3 +43,11 @@ func (b *ListenerNamespacesApplyConfiguration) WithFrom(value v1.FromNamespaces) b.From = &value return b } + +// WithSelector sets the Selector field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Selector field is set to the value of the last call. +func (b *ListenerNamespacesApplyConfiguration) WithSelector(value *metav1.LabelSelectorApplyConfiguration) *ListenerNamespacesApplyConfiguration { + b.Selector = value + return b +} diff --git a/applyconfiguration/apisx/v1alpha1/parentgatewayreference.go b/applyconfiguration/apisx/v1alpha1/parentgatewayreference.go index 0571c27934..7001085d2e 100644 --- a/applyconfiguration/apisx/v1alpha1/parentgatewayreference.go +++ b/applyconfiguration/apisx/v1alpha1/parentgatewayreference.go @@ -25,9 +25,10 @@ import ( // ParentGatewayReferenceApplyConfiguration represents a declarative configuration of the ParentGatewayReference type for use // with apply. type ParentGatewayReferenceApplyConfiguration struct { - Group *v1.Group `json:"group,omitempty"` - Kind *v1.Kind `json:"kind,omitempty"` - Name *v1.ObjectName `json:"name,omitempty"` + Group *v1.Group `json:"group,omitempty"` + Kind *v1.Kind `json:"kind,omitempty"` + Name *v1.ObjectName `json:"name,omitempty"` + Namespace *v1.Namespace `json:"namespace,omitempty"` } // ParentGatewayReferenceApplyConfiguration constructs a declarative configuration of the ParentGatewayReference type for use with @@ -59,3 +60,11 @@ func (b *ParentGatewayReferenceApplyConfiguration) WithName(value v1.ObjectName) b.Name = &value return b } + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *ParentGatewayReferenceApplyConfiguration) WithNamespace(value v1.Namespace) *ParentGatewayReferenceApplyConfiguration { + b.Namespace = &value + return b +} diff --git a/applyconfiguration/internal/internal.go b/applyconfiguration/internal/internal.go index 6032674e66..e1856e547e 100644 --- a/applyconfiguration/internal/internal.go +++ b/applyconfiguration/internal/internal.go @@ -1005,6 +1005,9 @@ var schemaYAML = typed.YAMLObject(`types: - name: from type: scalar: string + - name: selector + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - name: io.k8s.sigs.gateway-api.apis.v1.ListenerStatus map: fields: @@ -1828,6 +1831,9 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: namespace + type: + scalar: string - name: __untyped_atomic_ scalar: untyped list: diff --git a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml index d102819b72..f66bb4672b 100644 --- a/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml +++ b/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml @@ -146,25 +146,72 @@ spec: While this feature is experimental, the default value is to allow no ListenerSets. properties: from: - allOf: - - enum: - - All - - Selector - - Same - - None - - enum: - - Same - - None default: None description: |- From indicates where ListenerSets can attach to this Gateway. Possible values are: * Same: Only ListenerSets in the same namespace may be attached to this Gateway. + * Selector: ListenerSets in namespaces selected by the selector may be attached to this Gateway. + * All: ListenerSets in all namespaces may be attached to this Gateway. * None: Only listeners defined in the Gateway's spec are allowed While this feature is experimental, the default value None + enum: + - All + - Selector + - Same + - None type: string + selector: + description: |- + Selector must be specified when From is set to "Selector". In that case, + only ListenerSets in Namespaces matching this Selector will be selected by this + Gateway. This field is ignored for other values of "From". + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic type: object type: object backendTLS: @@ -1417,25 +1464,72 @@ spec: While this feature is experimental, the default value is to allow no ListenerSets. properties: from: - allOf: - - enum: - - All - - Selector - - Same - - None - - enum: - - Same - - None default: None description: |- From indicates where ListenerSets can attach to this Gateway. Possible values are: * Same: Only ListenerSets in the same namespace may be attached to this Gateway. + * Selector: ListenerSets in namespaces selected by the selector may be attached to this Gateway. + * All: ListenerSets in all namespaces may be attached to this Gateway. * None: Only listeners defined in the Gateway's spec are allowed While this feature is experimental, the default value None + enum: + - All + - Selector + - Same + - None type: string + selector: + description: |- + Selector must be specified when From is set to "Selector". In that case, + only ListenerSets in Namespaces matching this Selector will be selected by this + Gateway. This field is ignored for other values of "From". + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic type: object type: object backendTLS: diff --git a/config/crd/experimental/gateway.networking.x-k8s.io_listenersets.yaml b/config/crd/experimental/gateway.networking.x-k8s.io_listenersets.yaml index db20ffdbb6..e1eaff23e4 100644 --- a/config/crd/experimental/gateway.networking.x-k8s.io_listenersets.yaml +++ b/config/crd/experimental/gateway.networking.x-k8s.io_listenersets.yaml @@ -114,8 +114,6 @@ spec: support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported. - - Support: Core properties: kinds: description: |- @@ -257,8 +255,6 @@ spec: Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. - - Support: Core maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ @@ -271,8 +267,6 @@ spec: Name is not required to be unique across a Gateway and ListenerSets. Routes can attach to a Listener by having a ListenerSet as a parentRef and setting the SectionName - - Support: Core maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ @@ -281,17 +275,13 @@ spec: description: |- Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. - - Support: Core format: int32 maximum: 65535 minimum: 1 type: integer protocol: - description: |- - Protocol specifies the network protocol this listener expects to receive. - - Support: Core + description: Protocol specifies the network protocol this listener + expects to receive. maxLength: 255 minLength: 1 pattern: ^[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$ @@ -307,8 +297,6 @@ spec: The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. - - Support: Core properties: certificateRefs: description: |- @@ -576,6 +564,15 @@ spec: maxLength: 253 minLength: 1 type: string + namespace: + description: |- + Namespace is the namespace of the referent. If not present, + the namespace of the referent is assumed to be the same as + the namespace of the referring object. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string required: - name type: object diff --git a/geps/gep-1713/index.md b/geps/gep-1713/index.md index d769b990e6..f77be93441 100644 --- a/geps/gep-1713/index.md +++ b/geps/gep-1713/index.md @@ -11,14 +11,14 @@ The `Gateway` Resource is a point of contention since it is the only place to at ## Goals - Define a mechanism to merge listeners into a single `Gateway` +- Attaching listeners to `Gateways` in different namespaces +- Standardize merging multiple lists of Listeners together ([\#1863](https://github.com/kubernetes-sigs/gateway-api/pull/1863)) +- Increase the number of Gateway Listeners that are supported ([\#2869](https://github.com/kubernetes-sigs/gateway-api/issues/2869)) ## Future Potential Goals (Beyond the GEP) From [Gateway Hiearchy Brainstorming](https://docs.google.com/document/d/1qj7Xog2t2fWRuzOeTsWkabUaVeOF7_2t_7appe8EXwA/edit#heading=h.w311n4l5qmwk): -- Attaching listeners to `Gateways` in different namespaces -- Standardize merging multiple lists of Listeners together ([\#1863](https://github.com/kubernetes-sigs/gateway-api/pull/1863)) -- Increase the number of Gateway Listeners that are supported ([\#2869](https://github.com/kubernetes-sigs/gateway-api/issues/2869)) - Provide a mechanism for third party components to generate listeners and attach them to a Gateway ([\#1863](https://github.com/kubernetes-sigs/gateway-api/pull/1863)) - Delegate TLS certificate management to App Owners and/or different namespaces ([\#102](https://github.com/kubernetes-sigs/gateway-api/issues/102), [\#103](https://github.com/kubernetes-sigs/gateway-api/issues/103)) - Delegate domains to different namespaces, but allow those namespace to define TLS and routing configuration within those namespaces with Gateway-like resources ([\#102](https://github.com/kubernetes-sigs/gateway-api/issues/102), [\#103](https://github.com/kubernetes-sigs/gateway-api/issues/103)) @@ -59,8 +59,7 @@ type GatewaySpec struct { } type AllowedListeners struct { - // TODO - discuss changing this to Same in the future - // +kubebuilder:default={from: None} + // +kubebuilder:default={from:Same} Namespaces *ListenerNamespaces `json:"namespaces,omitempty"` } @@ -70,12 +69,21 @@ type ListenerNamespaces struct { // values are: // // * Same: Only ListenerSets in the same namespace may be attached to this Gateway. + // * Selector: ListenerSets in namespaces selected by the selector may be attached to this Gateway.:w + // * All: ListenerSets in all namespaces may be attached to this Gateway. // * None: Only listeners defined in the Gateway's spec are allowed // // +optional // +kubebuilder:default=None - // +kubebuilder:validation:Enum=Same;None + // +kubebuilder:validation:Enum=Same;None;Selector;All From *FromNamespaces `json:"from,omitempty"` + + // Selector must be specified when From is set to "Selector". In that case, + // only ListenerSets in Namespaces matching this Selector will be selected by this + // Gateway. This field is ignored for other values of "From". + // + // +optional + Selector *metav1.LabelSelector `json:"selector,omitempty"` } // ListenerSet defines a set of additional listeners to attach to an existing Gateway. @@ -93,7 +101,7 @@ type ListenerSet struct { // ListenerSetSpec defines the desired state of a ListenerSet. type ListenerSetSpec struct { // ParentRef references the Gateway that the listeners are attached to. - ParentRef ParentGatewayReference `json:"parentRef,omitempty"` + ParentRef ParentGatewayReference `json:"parentRef"` // Listeners associated with this ListenerSet. Listeners define // logical endpoints that are bound on this referenced parent Gateway's addresses. @@ -118,9 +126,11 @@ type ListenerSetSpec struct { // network connections. type ListenerEntry struct { // Name is the name of the Listener. This name MUST be unique within a - // Gateway. + // ListenerSet. // - // Support: Core + // Name is not required to be unique across a Gateway and ListenerSets. + // Routes can attach to a Listener by having a ListenerSet as a parentRef + // and setting the SectionName Name SectionName `json:"name"` // Hostname specifies the virtual hostname to match for protocol types that @@ -148,8 +158,6 @@ type ListenerEntry struct { // as a suffix match. That means that a match for `*.example.com` would match // both `test.example.com`, and `foo.test.example.com`, but not `example.com`. // - // Support: Core - // // +optional Hostname *Hostname `json:"hostname,omitempty"` @@ -309,6 +317,10 @@ type ParentGatewayReference struct { // Name is the name of the referent. Name ObjectName `json:"name"` + + // Namespace is the name of the referent. + // +optional + Name *ObjectName `json:"namespace"` } ``` diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index d8c4e35a09..2003ad06a0 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -5150,14 +5150,22 @@ func schema_sigsk8sio_gateway_api_apis_v1_ListenerNamespaces(ref common.Referenc Properties: map[string]spec.Schema{ "from": { SchemaProps: spec.SchemaProps{ - Description: "From indicates where ListenerSets can attach to this Gateway. Possible values are:\n\n* Same: Only ListenerSets in the same namespace may be attached to this Gateway. * None: Only listeners defined in the Gateway's spec are allowed\n\nWhile this feature is experimental, the default value None", + Description: "From indicates where ListenerSets can attach to this Gateway. Possible values are:\n\n* Same: Only ListenerSets in the same namespace may be attached to this Gateway. * Selector: ListenerSets in namespaces selected by the selector may be attached to this Gateway. * All: ListenerSets in all namespaces may be attached to this Gateway. * None: Only listeners defined in the Gateway's spec are allowed\n\nWhile this feature is experimental, the default value None", Type: []string{"string"}, Format: "", }, }, + "selector": { + SchemaProps: spec.SchemaProps{ + Description: "Selector must be specified when From is set to \"Selector\". In that case, only ListenerSets in Namespaces matching this Selector will be selected by this Gateway. This field is ignored for other values of \"From\".", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + }, + }, }, }, }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -7671,7 +7679,7 @@ func schema_sigsk8sio_gateway_api_apisx_v1alpha1_ListenerEntry(ref common.Refere Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "Name is the name of the Listener. This name MUST be unique within a ListenerSet.\n\nName is not required to be unique across a Gateway and ListenerSets. Routes can attach to a Listener by having a ListenerSet as a parentRef and setting the SectionName\n\nSupport: Core", + Description: "Name is the name of the Listener. This name MUST be unique within a ListenerSet.\n\nName is not required to be unique across a Gateway and ListenerSets. Routes can attach to a Listener by having a ListenerSet as a parentRef and setting the SectionName", Default: "", Type: []string{"string"}, Format: "", @@ -7679,21 +7687,21 @@ func schema_sigsk8sio_gateway_api_apisx_v1alpha1_ListenerEntry(ref common.Refere }, "hostname": { SchemaProps: spec.SchemaProps{ - Description: "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching.\n\nImplementations MUST apply Hostname matching appropriately for each of the following protocols:\n\n* TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\n protocol layers as described above. If an implementation does not\n ensure that both the SNI and Host header match the Listener hostname,\n it MUST clearly document that.\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\nSupport: Core", + Description: "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, all hostnames are matched. This field is ignored for protocols that don't require hostname based matching.\n\nImplementations MUST apply Hostname matching appropriately for each of the following protocols:\n\n* TLS: The Listener Hostname MUST match the SNI. * HTTP: The Listener Hostname MUST match the Host header of the request. * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP\n protocol layers as described above. If an implementation does not\n ensure that both the SNI and Host header match the Listener hostname,\n it MUST clearly document that.\n\nFor HTTPRoute and TLSRoute resources, there is an interaction with the `spec.hostnames` array. When both listener and route specify hostnames, there MUST be an intersection between the values for a Route to be accepted. For more information, refer to the Route specific Hostnames documentation.\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`.", Type: []string{"string"}, Format: "", }, }, "port": { SchemaProps: spec.SchemaProps{ - Description: "Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules.\n\nSupport: Core", + Description: "Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules.", Type: []string{"integer"}, Format: "int32", }, }, "protocol": { SchemaProps: spec.SchemaProps{ - Description: "Protocol specifies the network protocol this listener expects to receive.\n\nSupport: Core", + Description: "Protocol specifies the network protocol this listener expects to receive.", Default: "", Type: []string{"string"}, Format: "", @@ -7701,13 +7709,13 @@ func schema_sigsk8sio_gateway_api_apisx_v1alpha1_ListenerEntry(ref common.Refere }, "tls": { SchemaProps: spec.SchemaProps{ - Description: "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field if the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener.\n\nThe GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake.\n\nSupport: Core", + Description: "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\". It is invalid to set this field if the Protocol field is \"HTTP\", \"TCP\", or \"UDP\".\n\nThe association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener.\n\nThe GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake.", Ref: ref("sigs.k8s.io/gateway-api/apis/v1.GatewayTLSConfig"), }, }, "allowedRoutes": { SchemaProps: spec.SchemaProps{ - Description: "AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present.\n\nAlthough a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria:\n\n* The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\nAll valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported.\n\nSupport: Core", + Description: "AllowedRoutes defines the types of routes that MAY be attached to a Listener and the trusted namespaces where those Route resources MAY be present.\n\nAlthough a client request may match multiple route rules, only one rule may ultimately receive the request. Matching precedence MUST be determined in order of the following criteria:\n\n* The most specific match as defined by the Route type. * The oldest Route based on creation timestamp. For example, a Route with\n a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over\n a Route with a creation timestamp of \"2020-09-08 01:02:04\".\n* If everything else is equivalent, the Route appearing first in\n alphabetical order (namespace/name) should be given precedence. For\n example, foo/bar is given precedence over foo/baz.\n\nAll valid rules within a Route attached to this Listener should be implemented. Invalid Route rules can be ignored (sometimes that will mean the full Route). If a Route rule transitions from valid to invalid, support for that Route rule should be dropped to ensure consistency. For example, even if a filter specified by a Route rule is invalid, the rest of the rules within that Route should still be supported.", Ref: ref("sigs.k8s.io/gateway-api/apis/v1.AllowedRoutes"), }, }, @@ -8026,6 +8034,13 @@ func schema_sigsk8sio_gateway_api_apisx_v1alpha1_ParentGatewayReference(ref comm Format: "", }, }, + "namespace": { + SchemaProps: spec.SchemaProps{ + Description: "Namespace is the namespace of the referent. If not present, the namespace of the referent is assumed to be the same as the namespace of the referring object.", + Type: []string{"string"}, + Format: "", + }, + }, }, Required: []string{"name"}, },