Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-15 14:57:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/contour-operator] Adapt Helm chart to Contour 1.20 (#9419)

Browse Source 
* [bitnami/contour-operator] Adapt Helm chart to Contour 1.20

Signed-off-by: Carlos Rodriguez Hernandez <carlosrh@vmware.com>

* Update crd-tlscertificatedelegation.yaml

* Bump major version

Signed-off-by: Carlos Rodriguez Hernandez <carlosrh@vmware.com>

* Sync CRDs

Signed-off-by: Carlos Rodriguez Hernandez <carlosrh@vmware.com>

* Sync RBAC

Signed-off-by: Carlos Rodriguez Hernandez <carlosrh@vmware.com>

* [bitnami/contour-operator] Update components versions

Signed-off-by: Bitnami Containers <containers@bitnami.com>

Co-authored-by: Bitnami Containers <containers@bitnami.com>
This commit is contained in:
Carlos Rodríguez Hernández
2022-03-15 17:57:50 +01:00
committed by GitHub
parent 43e8285f55
commit 6c597ba7e1
17 changed files with 2331 additions and 1756 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bitnami/contour-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.10.4
digest: sha256:e177cdcd71e67a1e64e95260c4b780374e1d66e85be405d5dc58459654e49ffa
generated: "2022-01-24T17:07:01.412496192Z"
version: 1.11.3
digest: sha256:d5f850d857edd58b32c0e10652f6ec3ce5018def5542f2bcef38fd7fa0079d6b
generated: "2022-03-15T16:03:31.635580327Z"

4
bitnami/contour-operator/Chart.yaml
View File

@@ -1,7 +1,7 @@
annotations:
category: Infrastructure
apiVersion: v2
appVersion: 1.19.1
appVersion: 1.20.1
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
@@ -24,4 +24,4 @@ name: contour-operator
sources:
- https://github.com/projectcontour/contour-operator
- https://github.com/bitnami/bitnami-docker-contour-operator
version: 0.2.7
version: 1.0.0

12
bitnami/contour-operator/README.md
View File

@@ -7,7 +7,7 @@ The Contour Operator extends the Kubernetes API to create, configure and manage
[Overview of Contour Operator](https://github.com/projectcontour/contour-operator)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## TL;DR
```console
@@ -357,6 +357,14 @@ extraDeploy:
name: {{ .Release.Namespace | quote }}
```
## Upgrading
### To 1.0.0
This version updates the chart to use Contour's latest release, `1.20.1`. Among other features, exisiting CRDs have been syncronised with the official [Contour repository](https://github.com/projectcontour/contour/blob/main/examples/render/contour.yaml)
This version bumps the Envoy and Contour container to the ones matching the Contour Operator requirements.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
@@ -375,4 +383,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.

2
bitnami/contour-operator/crds/crd-contour.yaml
View File

@@ -1,4 +1,4 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

108
bitnami/contour-operator/crds/crd-contourconfiguration.yaml
View File

@@ -1,9 +1,9 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: contourconfigurations.projectcontour.io
spec:
@@ -83,6 +83,9 @@ spec:
defaultHTTPVersions:
- HTTP/1.1
- HTTP/2
health:
address: 0.0.0.0
port: 8002
http:
accessLog: /dev/stdout
address: 0.0.0.0
@@ -166,6 +169,24 @@ spec:
- HTTP/2
type: string
type: array
health:
default:
address: 0.0.0.0
port: 8002
description: Health defines the endpoint Envoy uses to serve health
checks.
properties:
address:
description: Defines the health address interface.
minLength: 1
type: string
port:
description: Defines the health port.
type: integer
required:
- address
- port
type: object
http:
default:
accessLog: /dev/stdout
@@ -311,8 +332,8 @@ spec:
default:
address: 0.0.0.0
port: 8002
description: Metrics defines the endpoints Envoy use to serve
to metrics.
description: Metrics defines the endpoint Envoy uses to serve
metrics.
properties:
address:
description: Defines the metrics address interface.
@@ -322,6 +343,21 @@ spec:
port:
description: Defines the metrics port.
type: integer
tls:
description: TLS holds TLS file config details. Metrics and
health endpoints cannot have same port number when metrics
is served over HTTPS.
properties:
caFile:
description: CA filename.
type: string
certFile:
description: Client certificate filename.
type: string
keyFile:
description: Client key filename.
type: string
type: object
required:
- address
- port
@@ -339,7 +375,7 @@ spec:
numTrustedHops:
description: "XffNumTrustedHops defines the number of additional
ingress proxy hops from the right side of the x-forwarded-for
HTTP header to trust when determining the origin client's
HTTP header to trust when determining the origin clients
IP address. \n See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops
for more information."
format: int32
@@ -447,15 +483,15 @@ spec:
default:
address: 0.0.0.0
port: 8000
description: Health contains parameters to configure endpoints which
Contour exposes to respond to Kubernetes health checks.
description: Health defines the endpoints Contour uses to serve health
checks.
properties:
address:
description: Defines the Contour health address interface.
description: Defines the health address interface.
minLength: 1
type: string
port:
description: Defines the Contour health port.
description: Defines the health port.
type: integer
required:
- address
@@ -502,48 +538,11 @@ spec:
description: Address to set in Ingress object status.
type: string
type: object
leaderElection:
default:
configmap:
name: leader-elect
namespace: projectcontour
disableLeaderElection: false
leaseDuration: 15s
renewDeadline: 10s
retryPeriod: 2s
description: LeaderElection contains leader election parameters.
properties:
configmap:
description: NamespacedName defines the namespace/name of the
Kubernetes resource referred from the config file. Used for
Contour config YAML file parsing, otherwise we could use K8s
types.NamespacedName.
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
disableLeaderElection:
type: boolean
leaseDuration:
type: string
renewDeadline:
type: string
retryPeriod:
type: string
required:
- disableLeaderElection
type: object
metrics:
default:
address: 0.0.0.0
port: 8000
description: Metrics defines the endpoints Contour uses to serve to
metrics.
description: Metrics defines the endpoint Contour uses to serve metrics.
properties:
address:
description: Defines the metrics address interface.
@@ -553,6 +552,21 @@ spec:
port:
description: Defines the metrics port.
type: integer
tls:
description: TLS holds TLS file config details. Metrics and health
endpoints cannot have same port number when metrics is served
over HTTPS.
properties:
caFile:
description: CA filename.
type: string
certFile:
description: Client certificate filename.
type: string
keyFile:
description: Client key filename.
type: string
type: object
required:
- address
- port

109
bitnami/contour-operator/crds/crd-contourdeployment.yaml
View File

@@ -1,9 +1,9 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: contourdeployments.projectcontour.io
spec:
@@ -86,6 +86,9 @@ spec:
defaultHTTPVersions:
- HTTP/1.1
- HTTP/2
health:
address: 0.0.0.0
port: 8002
http:
accessLog: /dev/stdout
address: 0.0.0.0
@@ -169,6 +172,24 @@ spec:
- HTTP/2
type: string
type: array
health:
default:
address: 0.0.0.0
port: 8002
description: Health defines the endpoint Envoy uses to serve
health checks.
properties:
address:
description: Defines the health address interface.
minLength: 1
type: string
port:
description: Defines the health port.
type: integer
required:
- address
- port
type: object
http:
default:
accessLog: /dev/stdout
@@ -317,8 +338,8 @@ spec:
default:
address: 0.0.0.0
port: 8002
description: Metrics defines the endpoints Envoy use to serve
to metrics.
description: Metrics defines the endpoint Envoy uses to serve
metrics.
properties:
address:
description: Defines the metrics address interface.
@@ -328,6 +349,21 @@ spec:
port:
description: Defines the metrics port.
type: integer
tls:
description: TLS holds TLS file config details. Metrics
and health endpoints cannot have same port number when
metrics is served over HTTPS.
properties:
caFile:
description: CA filename.
type: string
certFile:
description: Client certificate filename.
type: string
keyFile:
description: Client key filename.
type: string
type: object
required:
- address
- port
@@ -346,7 +382,7 @@ spec:
description: "XffNumTrustedHops defines the number of
additional ingress proxy hops from the right side of
the x-forwarded-for HTTP header to trust when determining
the origin client's IP address. \n See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops
the origin clients IP address. \n See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops
for more information."
format: int32
type: integer
@@ -456,15 +492,15 @@ spec:
default:
address: 0.0.0.0
port: 8000
description: Health contains parameters to configure endpoints
which Contour exposes to respond to Kubernetes health checks.
description: Health defines the endpoints Contour uses to serve
health checks.
properties:
address:
description: Defines the Contour health address interface.
description: Defines the health address interface.
minLength: 1
type: string
port:
description: Defines the Contour health port.
description: Defines the health port.
type: integer
required:
- address
@@ -511,48 +547,12 @@ spec:
description: Address to set in Ingress object status.
type: string
type: object
leaderElection:
default:
configmap:
name: leader-elect
namespace: projectcontour
disableLeaderElection: false
leaseDuration: 15s
renewDeadline: 10s
retryPeriod: 2s
description: LeaderElection contains leader election parameters.
properties:
configmap:
description: NamespacedName defines the namespace/name of
the Kubernetes resource referred from the config file. Used
for Contour config YAML file parsing, otherwise we could
use K8s types.NamespacedName.
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
disableLeaderElection:
type: boolean
leaseDuration:
type: string
renewDeadline:
type: string
retryPeriod:
type: string
required:
- disableLeaderElection
type: object
metrics:
default:
address: 0.0.0.0
port: 8000
description: Metrics defines the endpoints Contour uses to serve
to metrics.
description: Metrics defines the endpoint Contour uses to serve
metrics.
properties:
address:
description: Defines the metrics address interface.
@@ -562,6 +562,21 @@ spec:
port:
description: Defines the metrics port.
type: integer
tls:
description: TLS holds TLS file config details. Metrics and
health endpoints cannot have same port number when metrics
is served over HTTPS.
properties:
caFile:
description: CA filename.
type: string
certFile:
description: Client certificate filename.
type: string
keyFile:
description: Client key filename.
type: string
type: object
required:
- address
- port

10
bitnami/contour-operator/crds/crd-extensionservice.yaml
View File

@@ -1,9 +1,9 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: extensionservices.projectcontour.io
spec:
@@ -58,6 +58,12 @@ spec:
description: RequestHashPolicy contains configuration for an
individual hash policy on a request attribute.
properties:
hashSourceIP:
description: HashSourceIP should be set to true when request
source IP hash based load balancing is desired. It must
be the only hash option field set, otherwise this request
hash policy object will be ignored.
type: boolean
headerHashOptions:
description: HeaderHashOptions should be set when request
header hash based load balancing is desired. It must be

594
bitnami/contour-operator/crds/crd-gateway.yaml
View File

@@ -1,13 +1,13 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.5.0
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891
creationTimestamp: null
name: gateways.networking.x-k8s.io
name: gateways.gateway.networking.k8s.io
spec:
group: networking.x-k8s.io
group: gateway.networking.k8s.io
names:
categories:
- gateway-api
@@ -23,18 +23,20 @@ spec:
- jsonPath: .spec.gatewayClassName
name: Class
type: string
- jsonPath: .status.addresses[*].value
name: Address
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
name: v1alpha2
schema:
openAPIV3Schema:
description: "Gateway represents an instantiation of a service-traffic handling
infrastructure by binding Listeners to a set of IP addresses. \n Implementations
should add the `gateway-exists-finalizer.networking.x-k8s.io` finalizer
on the associated GatewayClass whenever Gateway(s) is running. This ensures
that a GatewayClass associated with a Gateway(s) is not deleted while in
use."
description: Gateway represents an instance of a service-traffic handling
infrastructure by binding Listeners to a set of IP addresses.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -52,24 +54,32 @@ spec:
description: Spec defines the desired state of Gateway.
properties:
addresses:
description: "Addresses requested for this gateway. This is optional
and behavior can depend on the GatewayClass. If a value is set in
the spec and the requested address is invalid, the GatewayClass
MUST indicate this in the associated entry in GatewayStatus.Addresses.
\n If no Addresses are specified, the GatewayClass may schedule
the Gateway in an implementation-defined manner, assigning an appropriate
set of Addresses. \n The GatewayClass MUST bind all Listeners to
every GatewayAddress that it assigns to the Gateway. \n Support:
Core"
description: "Addresses requested for this Gateway. This is optional
and behavior can depend on the implementation. If a value is set
in the spec and the requested address is invalid or unavailable,
the implementation MUST indicate this in the associated entry in
GatewayStatus.Addresses. \n The Addresses field represents a request
for the address(es) on the \"outside of the Gateway\", that traffic
bound for this Gateway will use. This could be the IP address or
hostname of an external load balancer or other networking infrastructure,
or some other address that traffic will be sent to. \n The .listener.hostname
field is used to route traffic that has already arrived at the Gateway
to the correct in-cluster destination. \n If no Addresses are specified,
the implementation MAY schedule the Gateway in an implementation-specific
manner, assigning an appropriate set of Addresses. \n The implementation
MUST bind all Listeners to every GatewayAddress that it assigns
to the Gateway and add a corresponding entry in GatewayStatus.Addresses.
\n Support: Core"
items:
description: GatewayAddress describes an address that can be bound
to a Gateway.
properties:
type:
default: IPAddress
description: "Type of the address. \n Support: Extended"
description: Type of the address.
enum:
- IPAddress
- Hostname
- NamedAddress
type: string
value:
@@ -93,130 +103,96 @@ spec:
listeners:
description: "Listeners associated with this Gateway. Listeners define
logical endpoints that are bound on this Gateway's addresses. At
least one Listener MUST be specified. \n An implementation MAY group
Listeners by Port and then collapse each group of Listeners into
a single Listener if the implementation determines that the Listeners
in the group are \"compatible\". An implementation MAY also group
together and collapse compatible Listeners belonging to different
Gateways. \n For example, an implementation might consider Listeners
to be compatible with each other if all of the following conditions
are met: \n 1. Either each Listener within the group specifies the
\"HTTP\" Protocol or each Listener within the group specifies
either the \"HTTPS\" or \"TLS\" Protocol. \n 2. Each Listener
within the group specifies a Hostname that is unique within the
group. \n 3. As a special case, one Listener within a group may
omit Hostname, in which case this Listener matches when no other
Listener matches. \n If the implementation does collapse compatible
Listeners, the hostname provided in the incoming client request
MUST be matched to a Listener to find the correct set of Routes.
The incoming hostname MUST be matched using the Hostname field for
each Listener in order of most to least specific. That is, exact
matches must be processed before wildcard matches. \n If this field
specifies multiple Listeners that have the same Port value but are
not compatible, the implementation must raise a \"Conflicted\" condition
in the Listener status. \n Support: Core"
least one Listener MUST be specified. \n Each listener in a Gateway
must have a unique combination of Hostname, Port, and Protocol.
\n An implementation MAY group Listeners by Port and then collapse
each group of Listeners into a single Listener if the implementation
determines that the Listeners in the group are \"compatible\". An
implementation MAY also group together and collapse compatible Listeners
belonging to different Gateways. \n For example, an implementation
might consider Listeners to be compatible with each other if all
of the following conditions are met: \n 1. Either each Listener
within the group specifies the \"HTTP\" Protocol or each Listener
within the group specifies either the \"HTTPS\" or \"TLS\" Protocol.
\n 2. Each Listener within the group specifies a Hostname that is
unique within the group. \n 3. As a special case, one Listener
within a group may omit Hostname, in which case this Listener
matches when no other Listener matches. \n If the implementation
does collapse compatible Listeners, the hostname provided in the
incoming client request MUST be matched to a Listener to find the
correct set of Routes. The incoming hostname MUST be matched using
the Hostname field for each Listener in order of most to least specific.
That is, exact matches must be processed before wildcard matches.
\n If this field specifies multiple Listeners that have the same
Port value but are not compatible, the implementation must raise
a \"Conflicted\" condition in the Listener status. \n Support: Core"
items:
description: Listener embodies the concept of a logical endpoint
where a Gateway can accept network connections. Each listener
in a Gateway must have a unique combination of Hostname, Port,
and Protocol. This will be enforced by a validating webhook.
where a Gateway accepts network connections.
properties:
hostname:
description: "Hostname specifies the virtual hostname to match
for protocol types that define this concept. When unspecified,
\"\", or `*`, all hostnames are matched. This field can be
omitted for protocols that don't require hostname based matching.
\n Hostname is the fully qualified domain name of a network
host, as defined by RFC 3986. Note the following deviations
from the \"host\" part of the URI as defined in the RFC: \n
1. IP literals are not allowed. 2. The `:` delimiter is not
respected because ports are not allowed. \n Hostname can be
\"precise\" which is a domain name without the terminating
dot of a network host (e.g. \"foo.example.com\") or \"wildcard\",
which is a domain name prefixed with a single wildcard label
(e.g. `*.example.com`). The wildcard character `*` must appear
by itself as the first DNS label and matches only a single
label. \n Support: Core"
maxLength: 253
minLength: 1
type: string
port:
description: "Port is the network port. Multiple listeners may
use the same port, subject to the Listener compatibility rules.
allowedRoutes:
default:
namespaces:
from: Same
description: "AllowedRoutes defines the types of routes that
MAY be attached to a Listener and the trusted namespaces where
those Route resources MAY be present. \n Although a client
request may match multiple route rules, only one rule may
ultimately receive the request. Matching precedence MUST be
determined in order of the following criteria: \n * The most
specific match as defined by the Route type. * The oldest
Route based on creation timestamp. For example, a Route with
\ a creation timestamp of \"2020-09-08 01:02:03\" is given
precedence over a Route with a creation timestamp of \"2020-09-08
01:02:04\". * If everything else is equivalent, the Route
appearing first in alphabetical order (namespace/name) should
be given precedence. For example, foo/bar is given precedence
over foo/baz. \n All valid rules within a Route attached to
this Listener should be implemented. Invalid Route rules can
be ignored (sometimes that will mean the full Route). If a
Route rule transitions from valid to invalid, support for
that Route rule should be dropped to ensure consistency. For
example, even if a filter specified by a Route rule is invalid,
the rest of the rules within that Route should still be supported.
\n Support: Core"
format: int32
maximum: 65535
minimum: 1
type: integer
protocol:
description: "Protocol specifies the network protocol this listener
expects to receive. The GatewayClass MUST apply the Hostname
match appropriately for each protocol: \n * For the \"TLS\"
protocol, the Hostname match MUST be applied to the [SNI](https://tools.ietf.org/html/rfc6066#section-3)
\ server name offered by the client. * For the \"HTTP\" protocol,
the Hostname match MUST be applied to the host portion of
the [effective request URI](https://tools.ietf.org/html/rfc7230#section-5.5)
\ or the [:authority pseudo-header](https://tools.ietf.org/html/rfc7540#section-8.1.2.3)
* For the \"HTTPS\" protocol, the Hostname match MUST be applied
at both the TLS and HTTP protocol layers. \n Support: Core"
type: string
routes:
description: "Routes specifies a schema for associating routes
with the Listener using selectors. A Route is a resource capable
of servicing a request and allows a cluster operator to expose
a cluster resource (i.e. Service) by externally-reachable
URL, load-balance traffic and terminate SSL/TLS. Typically,
a route is a \"HTTPRoute\" or \"TCPRoute\" in group \"networking.x-k8s.io\",
however, an implementation may support other types of resources.
\n The Routes selector MUST select a set of objects that are
compatible with the application protocol specified in the
Protocol field. \n Although a client request may technically
match multiple route rules, only one rule may ultimately receive
the request. Matching precedence MUST be determined in order
of the following criteria: \n * The most specific match. For
example, the most specific HTTPRoute match is determined
by the longest matching combination of hostname and path.
* The oldest Route based on creation timestamp. For example,
a Route with a creation timestamp of \"2020-09-08 01:02:03\"
is given precedence over a Route with a creation timestamp
of \"2020-09-08 01:02:04\". * If everything else is equivalent,
the Route appearing first in alphabetical order (namespace/name)
should be given precedence. For example, foo/bar is given
precedence over foo/baz. \n All valid portions of a Route
selected by this field should be supported. Invalid portions
of a Route can be ignored (sometimes that will mean the full
Route). If a portion of a Route transitions from valid to
invalid, support for that portion of the Route should be dropped
to ensure consistency. For example, even if a filter specified
by a Route is invalid, the rest of the Route should still
be supported. \n Support: Core"
properties:
group:
default: networking.x-k8s.io
description: "Group is the group of the route resource to
select. Omitting the value or specifying the empty string
indicates the networking.x-k8s.io API group. For example,
use the following to select an HTTPRoute: \n routes: kind:
HTTPRoute \n Otherwise, if an alternative API group is
desired, specify the desired group: \n routes: group:
acme.io kind: FooRoute \n Support: Core"
maxLength: 253
minLength: 1
type: string
kind:
description: "Kind is the kind of the route resource to
select. \n Kind MUST correspond to kinds of routes that
are compatible with the application protocol specified
in the Listener's Protocol field. \n If an implementation
does not support or recognize this resource type, it SHOULD
set the \"ResolvedRefs\" condition to false for this listener
with the \"InvalidRoutesRef\" reason. \n Support: Core"
type: string
kinds:
description: "Kinds specifies the groups and kinds of Routes
that are allowed to bind to this Gateway Listener. When
unspecified or empty, the kinds of Routes selected are
determined using the Listener protocol. \n A RouteGroupKind
MUST correspond to kinds of Routes that are compatible
with the application protocol specified in the Listener's
Protocol field. If an implementation does not support
or recognize this resource type, it MUST set the \"ResolvedRefs\"
condition to False for this Listener with the \"InvalidRoutesRef\"
reason. \n Support: Core"
items:
description: RouteGroupKind indicates the group and kind
of a Route resource.
properties:
group:
default: gateway.networking.k8s.io
description: Group is the group of the Route.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: Kind is the kind of the Route.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
required:
- kind
type: object
maxItems: 8
type: array
namespaces:
default:
from: Same
description: "Namespaces indicates in which namespaces Routes
should be selected for this Gateway. This is restricted
description: "Namespaces indicates namespaces from which
Routes may be attached to this Listener. This is restricted
to the namespace of this Gateway by default. \n Support:
Core"
properties:
@@ -285,156 +261,180 @@ spec:
type: object
type: object
type: object
selector:
description: "Selector specifies a set of route labels used
for selecting routes to associate with the Gateway. If
this Selector is defined, only routes matching the Selector
are associated with the Gateway. An empty Selector matches
all routes. \n Support: Core"
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
required:
- kind
type: object
hostname:
description: "Hostname specifies the virtual hostname to match
for protocol types that define this concept. When unspecified,
all hostnames are matched. This field is ignored for protocols
that don't require hostname based matching. \n Implementations
MUST apply Hostname matching appropriately for each of the
following protocols: \n * TLS: The Listener Hostname MUST
match the SNI. * HTTP: The Listener Hostname MUST match the
Host header of the request. * HTTPS: The Listener Hostname
SHOULD match at both the TLS and HTTP protocol layers as
described above. If an implementation does not ensure that
both the SNI and Host header match the Listener hostname,
\ it MUST clearly document that. \n For HTTPRoute and TLSRoute
resources, there is an interaction with the `spec.hostnames`
array. When both listener and route specify hostnames, there
MUST be an intersection between the values for a Route to
be accepted. For more information, refer to the Route specific
Hostnames documentation. \n Support: Core"
maxLength: 253
minLength: 1
pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
name:
description: "Name is the name of the Listener. \n Support:
Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
port:
description: "Port is the network port. Multiple listeners may
use the same port, subject to the Listener compatibility rules.
\n Support: Core"
format: int32
maximum: 65535
minimum: 1
type: integer
protocol:
description: "Protocol specifies the network protocol this listener
expects to receive. \n Support: Core"
maxLength: 255
minLength: 1
pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
type: string
tls:
description: "TLS is the TLS configuration for the Listener.
This field is required if the Protocol field is \"HTTPS\"
or \"TLS\" and ignored otherwise. \n The association of SNIs
to Certificate defined in GatewayTLSConfig is defined based
on the Hostname field for this listener. \n The GatewayClass
or \"TLS\". It is invalid to set this field if the Protocol
field is \"HTTP\", \"TCP\", or \"UDP\". \n The association
of SNIs to Certificate defined in GatewayTLSConfig is defined
based on the Hostname field for this listener. \n The GatewayClass
MUST use the longest matching SNI out of all available certificates
for any TLS handshake. \n Support: Core"
properties:
certificateRef:
description: "CertificateRef is a reference to a Kubernetes
object that contains a TLS certificate and private key.
This certificate is used to establish a TLS handshake
for requests that match the hostname of the associated
listener. The referenced object MUST reside in the same
namespace as Gateway. \n This field is required when mode
is set to \"Terminate\" (default) and optional otherwise.
\n CertificateRef can reference a standard Kubernetes
resource, i.e. Secret, or an implementation-specific custom
resource. \n Support: Core (Kubernetes Secrets) \n Support:
Implementation-specific (Other resource types)"
properties:
group:
description: Group is the group of the referent.
maxLength: 253
minLength: 1
type: string
kind:
description: Kind is kind of the referent.
maxLength: 253
minLength: 1
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
certificateRefs:
description: "CertificateRefs contains a series of references
to Kubernetes objects that contains TLS certificates and
private keys. These certificates are used to establish
a TLS handshake for requests that match the hostname of
the associated listener. \n A single CertificateRef to
a Kubernetes Secret has \"Core\" support. Implementations
MAY choose to support attaching multiple certificates
to a Listener, but this behavior is implementation-specific.
\n References to a resource in different namespace are
invalid UNLESS there is a ReferencePolicy in the target
namespace that allows the certificate to be attached.
If a ReferencePolicy does not allow this reference, the
\"ResolvedRefs\" condition MUST be set to False for this
listener with the \"InvalidCertificateRef\" reason. \n
This field is required to have at least one element when
the mode is set to \"Terminate\" (default) and is optional
otherwise. \n CertificateRefs can reference to standard
Kubernetes resources, i.e. Secret, or implementation-specific
custom resources. \n Support: Core - A single reference
to a Kubernetes Secret \n Support: Implementation-specific
(More than one reference or other resource types)"
items:
description: "SecretObjectReference identifies an API
object including its namespace, defaulting to Secret.
\n The API object must be valid in the cluster; the
Group and Kind must be registered in the cluster for
this reference to be valid. \n References to objects
with invalid Group and Kind are not valid, and must
be rejected by the implementation, with appropriate
Conditions set on the containing object."
properties:
group:
default: ""
description: Group is the group of the referent. For
example, "networking.k8s.io". When unspecified (empty
string), core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Secret
description: Kind is kind of the referent. For example
"HTTPRoute" or "Service".
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace of the backend.
When unspecified, the local namespace is inferred.
\n Note that when a namespace is specified, a ReferencePolicy
object is required in the referent namespace to
allow that namespace's owner to accept the reference.
See the ReferencePolicy documentation for details.
\n Support: Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- name
type: object
maxItems: 64
type: array
mode:
default: Terminate
description: "Mode defines the TLS behavior for the TLS
session initiated by the client. There are two possible
modes: - Terminate: The TLS session between the downstream
modes: \n - Terminate: The TLS session between the downstream
client and the Gateway is terminated at the Gateway.
This mode requires certificateRef to be set. - Passthrough:
The TLS session is NOT terminated by the Gateway. This
\ implies that the Gateway can't decipher the TLS stream
except for the ClientHello message of the TLS protocol.
\ CertificateRef field is ignored in this mode. \n Support:
Core"
This mode requires certificateRefs to be set and contain
at least one element. - Passthrough: The TLS session is
NOT terminated by the Gateway. This implies that the
Gateway can't decipher the TLS stream except for the
ClientHello message of the TLS protocol. CertificateRefs
field is ignored in this mode. \n Support: Core"
enum:
- Terminate
- Passthrough
type: string
options:
additionalProperties:
description: AnnotationValue is the value of an annotation
in Gateway API. This is used for validation of maps
such as TLS options. This roughly matches Kubernetes
annotation validation, although the length validation
in that case is based on the entire size of the annotations
struct.
maxLength: 4096
minLength: 0
type: string
description: "Options are a list of key/value pairs to give
extended options to the provider. \n There variation among
providers as to how ciphersuites are expressed. If there
is a common subset for expressing ciphers then it will
make sense to loft that as a core API construct. \n Support:
Implementation-specific"
type: object
routeOverride:
default:
certificate: Deny
description: "RouteOverride dictates if TLS settings can
be configured via Routes or not. \n CertificateRef must
be defined even if `routeOverride.certificate` is set
to 'Allow' as it will be used as the default certificate
for the listener. \n Support: Core"
properties:
certificate:
default: Deny
description: "Certificate dictates if TLS certificates
can be configured via Routes. If set to 'Allow', a
TLS certificate for a hostname defined in a Route
takes precedence over the certificate defined in Gateway.
\n Support: Core"
enum:
- Allow
- Deny
type: string
description: "Options are a list of key/value pairs to enable
extended TLS configuration for each implementation. For
example, configuring the minimum TLS version or supported
cipher suites. \n A set of common keys MAY be defined
by the API in the future. To avoid any ambiguity, implementation-specific
definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`.
Un-prefixed names are reserved for key names defined by
Gateway API. \n Support: Implementation-specific"
maxProperties: 16
type: object
type: object
required:
- name
- port
- protocol
- routes
type: object
maxItems: 64
minItems: 1
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
required:
- gatewayClassName
- listeners
@@ -445,24 +445,25 @@ spec:
- lastTransitionTime: "1970-01-01T00:00:00Z"
message: Waiting for controller
reason: NotReconciled
status: "False"
status: Unknown
type: Scheduled
description: Status defines the current state of Gateway.
properties:
addresses:
description: "Addresses lists the IP addresses that have actually
been bound to the Gateway. These addresses may differ from the addresses
description: Addresses lists the IP addresses that have actually been
bound to the Gateway. These addresses may differ from the addresses
in the Spec, e.g. if the Gateway automatically assigns an address
from a reserved pool. \n These addresses should all be of type \"IPAddress\"."
from a reserved pool.
items:
description: GatewayAddress describes an address that can be bound
to a Gateway.
properties:
type:
default: IPAddress
description: "Type of the address. \n Support: Extended"
description: Type of the address.
enum:
- IPAddress
- Hostname
- NamedAddress
type: string
value:
@@ -482,7 +483,7 @@ spec:
- lastTransitionTime: "1970-01-01T00:00:00Z"
message: Waiting for controller
reason: NotReconciled
status: "False"
status: Unknown
type: Scheduled
description: "Conditions describe the current conditions of the Gateway.
\n Implementations should prefer to express Gateway conditions using
@@ -568,6 +569,11 @@ spec:
items:
description: ListenerStatus is the status associated with a Listener.
properties:
attachedRoutes:
description: AttachedRoutes represents the total number of Routes
that have been successfully attached to this Listener.
format: int32
type: integer
conditions:
description: Conditions describe the current condition of this
listener.
@@ -647,34 +653,58 @@ spec:
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
hostname:
description: Hostname is the Listener hostname value for which
this message is reporting the status.
name:
description: Name is the name of the Listener that this status
corresponds to.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
port:
description: Port is the unique Listener port value for which
this message is reporting the status.
format: int32
maximum: 65535
minimum: 1
type: integer
protocol:
description: Protocol is the Listener protocol value for which
this message is reporting the status.
type: string
supportedKinds:
description: "SupportedKinds is the list indicating the Kinds
supported by this listener. This MUST represent the kinds
an implementation supports for that Listener configuration.
\n If kinds are specified in Spec that are not supported,
they MUST NOT appear in this list and an implementation MUST
set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\"
reason. If both valid and invalid Route kinds are specified,
the implementation MUST reference the valid Route kinds that
have been specified."
items:
description: RouteGroupKind indicates the group and kind of
a Route resource.
properties:
group:
default: gateway.networking.k8s.io
description: Group is the group of the Route.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: Kind is the kind of the Route.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
required:
- kind
type: object
maxItems: 8
type: array
required:
- attachedRoutes
- conditions
- port
- protocol
- name
- supportedKinds
type: object
maxItems: 64
type: array
x-kubernetes-list-map-keys:
- port
- name
x-kubernetes-list-type: map
type: object
required:
- spec
type: object
served: true
storage: true

80
bitnami/contour-operator/crds/crd-gatewayclass.yaml
View File

@@ -1,13 +1,13 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.5.0
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891
creationTimestamp: null
name: gatewayclasses.networking.x-k8s.io
name: gatewayclasses.gateway.networking.k8s.io
spec:
group: networking.x-k8s.io
group: gateway.networking.k8s.io
names:
categories:
- gateway-api
@@ -20,18 +20,32 @@ spec:
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.controller
- jsonPath: .spec.controllerName
name: Controller
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
- jsonPath: .spec.description
name: Description
priority: 1
type: string
name: v1alpha2
schema:
openAPIV3Schema:
description: "GatewayClass describes a class of Gateways available to the
user for creating Gateway resources. \n GatewayClass is a Cluster level
resource."
user for creating Gateway resources. \n It is recommended that this resource
be used as a template for Gateways. This means that a Gateway is based on
the state of the GatewayClass at the time it was created and changes to
the GatewayClass or associated parameters are not propagated down to existing
Gateways. This recommendation is intended to limit the blast radius of changes
to GatewayClass or associated parameters. If implementations choose to propagate
GatewayClass changes to existing Gateways, that MUST be clearly documented
by the implementation. \n Whenever one or more Gateways are using a GatewayClass,
implementations MUST add the `gateway-exists-finalizer.gateway.networking.k8s.io`
finalizer on the associated GatewayClass. This ensures that a GatewayClass
associated with a Gateway is not deleted while in use. \n GatewayClass is
a Cluster level resource."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -48,14 +62,18 @@ spec:
spec:
description: Spec defines the desired state of GatewayClass.
properties:
controller:
description: "Controller is a domain/path string that indicates the
controller that is managing Gateways of this class. \n Example:
\"acme.io/gateway-controller\". \n This field is not mutable and
cannot be empty. \n The format of this field is DOMAIN \"/\" PATH,
where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
\n Support: Core"
controllerName:
description: "ControllerName is the name of the controller that is
managing Gateways of this class. The value of this field MUST be
a domain prefixed path. \n Example: \"example.net/gateway-controller\".
\n This field is not mutable and cannot be empty. \n Support: Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
description:
description: Description helps describe a GatewayClass with more details.
maxLength: 64
type: string
parametersRef:
description: "ParametersRef is a reference to a resource that contains
@@ -70,12 +88,13 @@ spec:
group:
description: Group is the group of the referent.
maxLength: 253
minLength: 1
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
description: Kind is kind of the referent.
maxLength: 253
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
@@ -84,18 +103,11 @@ spec:
type: string
namespace:
description: Namespace is the namespace of the referent. This
field is required when scope is set to "Namespace" and ignored
when scope is set to "Cluster".
maxLength: 253
field is required when referring to a Namespace-scoped resource
and MUST be unset when referring to a Cluster-scoped resource.
maxLength: 63
minLength: 1
type: string
scope:
default: Cluster
description: Scope represents if the referent is a Cluster or
Namespace scoped resource. This may be set to "Cluster" or "Namespace".
enum:
- Cluster
- Namespace
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- group
@@ -103,7 +115,7 @@ spec:
- name
type: object
required:
- controller
- controllerName
type: object
status:
default:
@@ -111,8 +123,8 @@ spec:
- lastTransitionTime: "1970-01-01T00:00:00Z"
message: Waiting for controller
reason: Waiting
status: "False"
type: Admitted
status: Unknown
type: Accepted
description: Status defines the current state of GatewayClass.
properties:
conditions:
@@ -120,8 +132,8 @@ spec:
- lastTransitionTime: "1970-01-01T00:00:00Z"
message: Waiting for controller
reason: Waiting
status: "False"
type: Admitted
status: Unknown
type: Accepted
description: "Conditions is the current status from the controller
for this GatewayClass. \n Controllers should prefer to publish conditions
using values of GatewayClassConditionType for the type of each Condition."
@@ -198,6 +210,8 @@ spec:
- type
x-kubernetes-list-type: map
type: object
required:
- spec
type: object
served: true
storage: true

94
bitnami/contour-operator/crds/crd-httpproxy.yaml
View File

@@ -1,9 +1,9 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: httpproxies.projectcontour.io
spec:
@@ -332,6 +332,12 @@ spec:
description: RequestHashPolicy contains configuration
for an individual hash policy on a request attribute.
properties:
hashSourceIP:
description: HashSourceIP should be set to true when
request source IP hash based load balancing is desired.
It must be the only hash option field set, otherwise
this request hash policy object will be ignored.
type: boolean
headerHashOptions:
description: HeaderHashOptions should be set when
request header hash based load balancing is desired.
@@ -661,6 +667,56 @@ spec:
type: object
type: array
type: object
requestRedirectPolicy:
description: RequestRedirectPolicy defines an HTTP redirection.
properties:
hostname:
description: Hostname is the precise hostname to be used
in the value of the `Location` header in the response.
When empty, the hostname of the request is used. No wildcards
are allowed.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
description: "Path allows for redirection to a different
path from the original on the request. The path must start
with a leading slash. \n Note: Only one of Path or Prefix
can be defined."
pattern: ^\/.*$
type: string
port:
description: Port is the port to be used in the value of
the `Location` header in the response. When empty, port
(if specified) of the request is used.
format: int32
maximum: 65535
minimum: 1
type: integer
prefix:
description: "Prefix defines the value to swap the matched
prefix or path with. The prefix must start with a leading
slash. \n Note: Only one of Path or Prefix can be defined."
pattern: ^\/.*$
type: string
scheme:
description: Scheme is the scheme to be used in the value
of the `Location` header in the response. When empty,
the scheme of the request is used.
enum:
- http
- https
type: string
statusCode:
default: 302
description: StatusCode is the HTTP status code to be used
in response.
enum:
- 301
- 302
type: integer
type: object
responseHeadersPolicy:
description: The policy for managing response headers during
proxying. Rewriting the 'Host' header is not supported.
@@ -937,7 +993,6 @@ spec:
- name
- port
type: object
minItems: 1
type: array
timeoutPolicy:
description: The timeout policy for this route.
@@ -959,8 +1014,6 @@ spec:
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
type: string
type: object
required:
- services
type: object
type: array
tcpproxy:
@@ -1036,6 +1089,12 @@ spec:
description: RequestHashPolicy contains configuration for
an individual hash policy on a request attribute.
properties:
hashSourceIP:
description: HashSourceIP should be set to true when
request source IP hash based load balancing is desired.
It must be the only hash option field set, otherwise
this request hash policy object will be ignored.
type: boolean
headerHashOptions:
description: HeaderHashOptions should be set when request
header hash based load balancing is desired. It must
@@ -1323,6 +1382,26 @@ spec:
no timeout.
pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$
type: string
withRequestBody:
description: WithRequestBody specifies configuration for sending
the client request's body to authorization server.
properties:
allowPartialMessage:
description: If AllowPartialMessage is true, then Envoy
will buffer the body until MaxRequestBytes are reached.
type: boolean
maxRequestBytes:
default: 1024
description: MaxRequestBytes sets the maximum size of
message body ExtAuthz filter will hold in-memory.
format: int32
minimum: 1
type: integer
packAsBytes:
description: If PackAsBytes is true, the body sent to
Authorization Server is in raw bytes.
type: boolean
type: object
required:
- extensionRef
type: object
@@ -1383,7 +1462,7 @@ spec:
description: The fully qualified domain name of the root of the
ingress tree all leaves of the DAG rooted at this object relate
to the fqdn.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
rateLimitPolicy:
description: The policy for rate limiting on the virtual host.
@@ -1669,6 +1748,9 @@ spec:
type: object
type: object
status:
default:
currentStatus: NotReconciled
description: Waiting for controller
description: Status is a container for computed information about the
HTTPProxy.
properties:

1535
bitnami/contour-operator/crds/crd-httproute.yaml
View File

File diff suppressed because it is too large Load Diff

458
bitnami/contour-operator/crds/crd-tcproute.yaml
View File

@@ -1,13 +1,13 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.5.0
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891
creationTimestamp: null
name: tcproutes.networking.x-k8s.io
name: tcproutes.gateway.networking.k8s.io
spec:
group: networking.x-k8s.io
group: gateway.networking.k8s.io
names:
categories:
- gateway-api
@@ -21,10 +21,12 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
name: v1alpha2
schema:
openAPIV3Schema:
description: TCPRoute is the Schema for the TCPRoute resource.
description: TCPRoute provides a way to route TCP requests. When combined
with a Gateway listener, it can be used to forward connections on the port
specified by the listener to a set of backends specified by the TCPRoute.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -41,130 +43,160 @@ spec:
spec:
description: Spec defines the desired state of TCPRoute.
properties:
gateways:
default:
allow: SameNamespace
description: Gateways defines which Gateways can use this Route.
properties:
allow:
default: SameNamespace
description: 'Allow indicates which Gateways will be allowed to
use this route. Possible values are: * All: Gateways in any
namespace can use this route. * FromList: Only Gateways specified
in GatewayRefs may use this route. * SameNamespace: Only Gateways
in the same namespace may use this route.'
enum:
- All
- FromList
- SameNamespace
type: string
gatewayRefs:
description: GatewayRefs must be specified when Allow is set to
"FromList". In that case, only Gateways referenced in this list
will be allowed to use this route. This field is ignored for
other values of "Allow".
items:
description: GatewayReference identifies a Gateway in a specified
namespace.
properties:
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace is the namespace of the referent.
maxLength: 253
minLength: 1
type: string
required:
- name
- namespace
type: object
type: array
type: object
parentRefs:
description: "ParentRefs references the resources (usually Gateways)
that a Route wants to be attached to. Note that the referenced parent
resource needs to allow this for the attachment to be complete.
For Gateways, that means the Gateway needs to allow attachment from
Routes of this kind and namespace. \n The only kind of parent resource
with \"Core\" support is Gateway. This API may be extended in the
future to support additional kinds of parent resources such as one
of the route kinds. \n It is invalid to reference an identical parent
more than once. It is valid to reference multiple distinct sections
within the same parent resource, such as 2 Listeners within a Gateway.
\n It is possible to separately reference multiple distinct objects
that may be collapsed by an implementation. For example, some implementations
may choose to merge compatible Gateway Listeners together. If that
is the case, the list of routes attached to those resources should
also be merged."
items:
description: "ParentRef identifies an API object (usually a Gateway)
that can be considered a parent of this resource (usually a route).
The only kind of parent resource with \"Core\" support is Gateway.
This API may be extended in the future to support additional kinds
of parent resources, such as HTTPRoute. \n The API object must
be valid in the cluster; the Group and Kind must be registered
in the cluster for this reference to be valid. \n References to
objects with invalid Group and Kind are not valid, and must be
rejected by the implementation, with appropriate Conditions set
on the containing object."
properties:
group:
default: gateway.networking.k8s.io
description: "Group is the group of the referent. \n Support:
Core"
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
description: "Kind is kind of the referent. \n Support: Core
(Gateway) Support: Custom (Other Resources)"
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: "Name is the name of the referent. \n Support:
Core"
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace of the referent. When
unspecified (or empty string), this refers to the local namespace
of the Route. \n Support: Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
sectionName:
description: "SectionName is the name of a section within the
target resource. In the following resources, SectionName is
interpreted as the following: \n * Gateway: Listener Name
\n Implementations MAY choose to support attaching Routes
to other resources. If that is the case, they MUST clearly
document how SectionName is interpreted. \n When unspecified
(empty string), this will reference the entire resource. For
the purpose of status, an attachment is considered successful
if at least one section in the parent resource accepts it.
For example, Gateway listeners can restrict which Routes can
attach to them by Route kind, namespace, or hostname. If 1
of 2 Gateway listeners accept attachment from the referencing
Route, the Route MUST be considered successfully attached.
If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway. \n
Support: Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- name
type: object
maxItems: 32
type: array
rules:
description: Rules are a list of TCP matchers and actions.
items:
description: TCPRouteRule is the configuration for a given rule.
properties:
forwardTo:
description: ForwardTo defines the backend(s) where matching
requests should be sent.
backendRefs:
description: "BackendRefs defines the backend(s) where matching
requests should be sent. If unspecified or invalid (refers
to a non-existent resource or a Service with no endpoints),
the underlying implementation MUST actively reject connection
attempts to this backend. Connection rejections must respect
weight; if an invalid backend is requested to have 80% of
connections, then 80% of connections must be rejected instead.
\n Support: Core for Kubernetes Service Support: Custom for
any other resource \n Support for weight: Extended"
items:
description: RouteForwardTo defines how a Route should forward
a request.
description: "BackendRef defines how a Route should forward
a request to a Kubernetes resource. \n Note that when a
namespace is specified, a ReferencePolicy object is required
in the referent namespace to allow that namespace's owner
to accept the reference. See the ReferencePolicy documentation
for details."
properties:
backendRef:
description: "BackendRef is a reference to a backend to
forward matched requests to. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
maxLength: 253
minLength: 1
type: string
kind:
description: Kind is kind of the referent.
maxLength: 253
minLength: 1
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
group:
default: ""
description: Group is the group of the referent. For example,
"networking.k8s.io". When unspecified (empty string),
core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: Kind is kind of the referent. For example
"HTTPRoute" or "Service".
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace of the backend.
When unspecified, the local namespace is inferred. \n
Note that when a namespace is specified, a ReferencePolicy
object is required in the referent namespace to allow
that namespace's owner to accept the reference. See
the ReferencePolicy documentation for details. \n Support:
Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: "Port specifies the destination port number
to use for the backend referenced by the ServiceName
or BackendRef field. If unspecified, the destination
port in the request is used when forwarding to a backendRef
or serviceName. \n Support: Core"
description: Port specifies the destination port number
to use for this resource. Port is required when the
referent is a Kubernetes Service. For other resources,
destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
serviceName:
description: "ServiceName refers to the name of the Service
to forward matched requests to. When specified, this
takes the place of BackendRef. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n The protocol
to use is defined using AppProtocol field (introduced
in Kubernetes 1.18) in the Service resource. In the
absence of the AppProtocol field a `networking.x-k8s.io/app-protocol`
annotation on the BackendPolicy resource may be used
to define the protocol. If the AppProtocol field is
available, this annotation should not be used. The AppProtocol
field, when populated, takes precedence over the annotation
in the BackendPolicy resource. For custom backends,
it is encouraged to add a semantically-equivalent field
in the Custom Resource Definition. \n Support: Core"
maxLength: 253
type: string
weight:
default: 1
description: "Weight specifies the proportion of HTTP
requests forwarded to the backend referenced by the
ServiceName or BackendRef field. This is computed as
weight/(sum of all weights in this ForwardTo list).
description: "Weight specifies the proportion of requests
forwarded to the referenced backend. This is computed
as weight/(sum of all weights in this BackendRefs list).
For non-zero values, there may be some epsilon from
the exact proportion defined here depending on the precision
an implementation supports. Weight is not a percentage
@@ -173,78 +205,18 @@ spec:
greater than 0, 100% of the traffic is forwarded to
that backend. If weight is set to 0, no traffic should
be forwarded for this entry. If unspecified, weight
defaults to 1. \n Support: Extended"
defaults to 1. \n Support for this field varies based
on the context where used."
format: int32
maximum: 1000000
minimum: 0
type: integer
required:
- name
type: object
maxItems: 16
minItems: 1
type: array
matches:
description: "Matches define conditions used for matching the
rule against incoming TCP connections. Each match is independent,
i.e. this rule will be matched if **any** one of the matches
is satisfied. If unspecified (i.e. empty), this Rule will
match all requests for the associated Listener. \n Each client
request MUST map to a maximum of one route rule. If a request
matches multiple rules, matching precedence MUST be determined
in order of the following criteria, continuing on ties: \n
* The most specific match specified by ExtensionRef. Each
implementation that supports ExtensionRef may have different
ways of determining the specificity of the referenced extension.
\n If ties still exist across multiple Routes, matching precedence
MUST be determined in order of the following criteria, continuing
on ties: \n * The oldest Route based on creation timestamp.
For example, a Route with a creation timestamp of \"2020-09-08
01:02:03\" is given precedence over a Route with a creation
timestamp of \"2020-09-08 01:02:04\". * The Route appearing
first in alphabetical order by \"<namespace>/<name>\". For
example, foo/bar is given precedence over foo/baz. \n If
ties still exist within the Route that has been given precedence,
matching precedence MUST be granted to the first matching
rule meeting the above criteria."
items:
description: TCPRouteMatch defines the predicate used to match
connections to a given action.
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific
extension to the \"match\" behavior. For example, resource
\"mytcproutematcher\" in group \"networking.acme.io\".
If the referent cannot be found, the rule is not included
in the route. The controller should raise the \"ResolvedRefs\"
condition on the Gateway with the \"DegradedRoutes\"
reason. The gateway status for this route should be
updated with a condition that describes the error more
specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
maxLength: 253
minLength: 1
type: string
kind:
description: Kind is kind of the referent.
maxLength: 253
minLength: 1
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
type: object
maxItems: 8
type: array
required:
- forwardTo
type: object
maxItems: 16
minItems: 1
@@ -255,27 +227,40 @@ spec:
status:
description: Status defines the current state of TCPRoute.
properties:
gateways:
description: "Gateways is a list of Gateways that are associated with
the route, and the status of the route with respect to each Gateway.
When a Gateway selects this route, the controller that manages the
Gateway must add an entry to this list when the controller first
sees the route and should update the entry as appropriate when the
route is modified. \n A maximum of 100 Gateways will be represented
in this list. If this list is full, there may be additional Gateways
using this Route that are not included in the list. An empty list
means the route has not been admitted by any Gateway."
parents:
description: "Parents is a list of parent resources (usually Gateways)
that are associated with the route, and the status of the route
with respect to each parent. When this route attaches to a parent,
the controller that manages the parent must add an entry to this
list when the controller first sees the route and should update
the entry as appropriate when the route or gateway is modified.
\n Note that parent references that cannot be resolved by an implementation
of this API will not be added to this list. Implementations of this
API can only populate Route status for the Gateways/parent resources
they are responsible for. \n A maximum of 32 Gateways will be represented
in this list. An empty list means the route has not been attached
to any Gateway."
items:
description: RouteGatewayStatus describes the status of a route
with respect to an associated Gateway.
description: RouteParentStatus describes the status of a route with
respect to an associated Parent.
properties:
conditions:
description: Conditions describes the status of the route with
respect to the Gateway. The "Admitted" condition must always
be specified by controllers to indicate whether the route
has been admitted or rejected by the Gateway, and why. Note
that the route's availability is also subject to the Gateway's
own status conditions and listener status.
description: "Conditions describes the status of the route with
respect to the Gateway. Note that the route's availability
is also subject to the Gateway's own status conditions and
listener status. \n If the Route's ParentRef specifies an
existing Gateway that supports Routes of this kind AND that
Gateway's controller has sufficient access, then that Gateway's
controller MUST set the \"Accepted\" condition on the Route,
to indicate whether the route has been accepted or rejected
by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
if at least one of the Route's rules is implemented by the
Gateway. \n There are a number of cases where the \"Accepted\"
condition may not be set due to lack of controller visibility,
that includes when: \n * The Route refers to a non-existent
parent. * The Route is of a type that the controller does
not support. * The Route is in a namespace the the controller
does not have access to."
items:
description: "Condition contains details for one aspect of
the current state of this API Resource. --- This struct
@@ -348,45 +333,90 @@ spec:
- type
type: object
maxItems: 8
minItems: 1
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
gatewayRef:
description: GatewayRef is a reference to a Gateway object that
is associated with the route.
controllerName:
description: "ControllerName is a domain/path string that indicates
the name of the controller that wrote this status. This corresponds
with the controllerName field on GatewayClass. \n Example:
\"example.net/gateway-controller\". \n The format of this
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
parentRef:
description: ParentRef corresponds with a ParentRef in the spec
that this RouteParentStatus struct describes the status of.
properties:
controller:
description: "Controller is a domain/path string that indicates
the controller implementing the Gateway. This corresponds
with the controller field on GatewayClass. \n Example:
\"acme.io/gateway-controller\". \n The format of this
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are
valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
group:
default: gateway.networking.k8s.io
description: "Group is the group of the referent. \n Support:
Core"
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
description: "Kind is kind of the referent. \n Support:
Core (Gateway) Support: Custom (Other Resources)"
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
description: "Name is the name of the referent. \n Support:
Core"
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace is the namespace of the referent.
description: "Namespace is the namespace of the referent.
When unspecified (or empty string), this refers to the
local namespace of the Route. \n Support: Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
sectionName:
description: "SectionName is the name of a section within
the target resource. In the following resources, SectionName
is interpreted as the following: \n * Gateway: Listener
Name \n Implementations MAY choose to support attaching
Routes to other resources. If that is the case, they MUST
clearly document how SectionName is interpreted. \n When
unspecified (empty string), this will reference the entire
resource. For the purpose of status, an attachment is
considered successful if at least one section in the parent
resource accepts it. For example, Gateway listeners can
restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept
attachment from the referencing Route, the Route MUST
be considered successfully attached. If no Gateway listeners
accept attachment from this Route, the Route MUST be considered
detached from the Gateway. \n Support: Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- name
- namespace
type: object
required:
- gatewayRef
- controllerName
- parentRef
type: object
maxItems: 100
maxItems: 32
type: array
required:
- gateways
- parents
type: object
required:
- spec
type: object
served: true
storage: true

4
bitnami/contour-operator/crds/crd-tlscertificatedelegation.yaml
View File

@@ -1,9 +1,9 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.0
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: tlscertificatedelegations.projectcontour.io
spec:

533
bitnami/contour-operator/crds/crd-tlsroute.yaml
View File

@@ -1,13 +1,13 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.5.0
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891
creationTimestamp: null
name: tlsroutes.networking.x-k8s.io
name: tlsroutes.gateway.networking.k8s.io
spec:
group: networking.x-k8s.io
group: gateway.networking.k8s.io
names:
categories:
- gateway-api
@@ -21,7 +21,7 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
name: v1alpha2
schema:
openAPIV3Schema:
description: "The TLSRoute resource is similar to TCPRoute, but can be configured
@@ -45,130 +45,207 @@ spec:
spec:
description: Spec defines the desired state of TLSRoute.
properties:
gateways:
default:
allow: SameNamespace
description: Gateways defines which Gateways can use this Route.
properties:
allow:
default: SameNamespace
description: 'Allow indicates which Gateways will be allowed to
use this route. Possible values are: * All: Gateways in any
namespace can use this route. * FromList: Only Gateways specified
in GatewayRefs may use this route. * SameNamespace: Only Gateways
in the same namespace may use this route.'
enum:
- All
- FromList
- SameNamespace
type: string
gatewayRefs:
description: GatewayRefs must be specified when Allow is set to
"FromList". In that case, only Gateways referenced in this list
will be allowed to use this route. This field is ignored for
other values of "Allow".
items:
description: GatewayReference identifies a Gateway in a specified
namespace.
properties:
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace is the namespace of the referent.
maxLength: 253
minLength: 1
type: string
required:
- name
- namespace
type: object
type: array
type: object
hostnames:
description: "Hostnames defines a set of SNI names that should match
against the SNI attribute of TLS ClientHello message in TLS handshake.
This matches the RFC 1123 definition of a hostname with 2 notable
exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066.
2. A hostname may be prefixed with a wildcard label (`*.`). The
wildcard label must appear by itself as the first label. \n If
a hostname is specified by both the Listener and TLSRoute, there
must be at least one intersecting hostname for the TLSRoute to be
attached to the Listener. For example: \n * A Listener with `test.example.com`
as the hostname matches TLSRoutes that have either not specified
any hostnames, or have specified at least one of `test.example.com`
or `*.example.com`. * A Listener with `*.example.com` as the hostname
matches TLSRoutes that have either not specified any hostnames
or have specified at least one hostname that matches the Listener
hostname. For example, `test.example.com` and `*.example.com`
would both match. On the other hand, `example.com` and `test.example.net`
would not match. \n If both the Listener and TLSRoute have specified
hostnames, any TLSRoute hostnames that do not match the Listener
hostname MUST be ignored. For example, if a Listener specified `*.example.com`,
and the TLSRoute specified `test.example.com` and `test.example.net`,
`test.example.net` must not be considered for a match. \n If both
the Listener and TLSRoute have specified hostnames, and none match
with the criteria above, then the TLSRoute is not accepted. The
implementation must raise an 'Accepted' Condition with a status
of `False` in the corresponding RouteParentStatus. \n Support: Core"
items:
description: "Hostname is the fully qualified domain name of a network
host. This matches the RFC 1123 definition of a hostname with
2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
may be prefixed with a wildcard label (`*.`). The wildcard label
must appear by itself as the first label. \n Hostname can be \"precise\"
which is a domain name without the terminating dot of a network
host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
name prefixed with a single wildcard label (e.g. `*.example.com`).
\n Note that as per RFC1035 and RFC1123, a *label* must consist
of lower case alphanumeric characters or '-', and must start and
end with an alphanumeric character. No other punctuation is allowed."
maxLength: 253
minLength: 1
pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
maxItems: 16
type: array
parentRefs:
description: "ParentRefs references the resources (usually Gateways)
that a Route wants to be attached to. Note that the referenced parent
resource needs to allow this for the attachment to be complete.
For Gateways, that means the Gateway needs to allow attachment from
Routes of this kind and namespace. \n The only kind of parent resource
with \"Core\" support is Gateway. This API may be extended in the
future to support additional kinds of parent resources such as one
of the route kinds. \n It is invalid to reference an identical parent
more than once. It is valid to reference multiple distinct sections
within the same parent resource, such as 2 Listeners within a Gateway.
\n It is possible to separately reference multiple distinct objects
that may be collapsed by an implementation. For example, some implementations
may choose to merge compatible Gateway Listeners together. If that
is the case, the list of routes attached to those resources should
also be merged."
items:
description: "ParentRef identifies an API object (usually a Gateway)
that can be considered a parent of this resource (usually a route).
The only kind of parent resource with \"Core\" support is Gateway.
This API may be extended in the future to support additional kinds
of parent resources, such as HTTPRoute. \n The API object must
be valid in the cluster; the Group and Kind must be registered
in the cluster for this reference to be valid. \n References to
objects with invalid Group and Kind are not valid, and must be
rejected by the implementation, with appropriate Conditions set
on the containing object."
properties:
group:
default: gateway.networking.k8s.io
description: "Group is the group of the referent. \n Support:
Core"
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
description: "Kind is kind of the referent. \n Support: Core
(Gateway) Support: Custom (Other Resources)"
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: "Name is the name of the referent. \n Support:
Core"
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace of the referent. When
unspecified (or empty string), this refers to the local namespace
of the Route. \n Support: Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
sectionName:
description: "SectionName is the name of a section within the
target resource. In the following resources, SectionName is
interpreted as the following: \n * Gateway: Listener Name
\n Implementations MAY choose to support attaching Routes
to other resources. If that is the case, they MUST clearly
document how SectionName is interpreted. \n When unspecified
(empty string), this will reference the entire resource. For
the purpose of status, an attachment is considered successful
if at least one section in the parent resource accepts it.
For example, Gateway listeners can restrict which Routes can
attach to them by Route kind, namespace, or hostname. If 1
of 2 Gateway listeners accept attachment from the referencing
Route, the Route MUST be considered successfully attached.
If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway. \n
Support: Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- name
type: object
maxItems: 32
type: array
rules:
description: Rules are a list of TLS matchers and actions.
items:
description: TLSRouteRule is the configuration for a given rule.
properties:
forwardTo:
description: ForwardTo defines the backend(s) where matching
requests should be sent.
backendRefs:
description: "BackendRefs defines the backend(s) where matching
requests should be sent. If unspecified or invalid (refers
to a non-existent resource or a Service with no endpoints),
the rule performs no forwarding; if no filters are specified
that would result in a response being sent, the underlying
implementation must actively reject request attempts to this
backend, by rejecting the connection or returning a 503 status
code. Request rejections must respect weight; if an invalid
backend is requested to have 80% of requests, then 80% of
requests must be rejected instead. \n Support: Core for Kubernetes
Service Support: Custom for any other resource \n Support
for weight: Extended"
items:
description: RouteForwardTo defines how a Route should forward
a request.
description: "BackendRef defines how a Route should forward
a request to a Kubernetes resource. \n Note that when a
namespace is specified, a ReferencePolicy object is required
in the referent namespace to allow that namespace's owner
to accept the reference. See the ReferencePolicy documentation
for details."
properties:
backendRef:
description: "BackendRef is a reference to a backend to
forward matched requests to. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
maxLength: 253
minLength: 1
type: string
kind:
description: Kind is kind of the referent.
maxLength: 253
minLength: 1
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
group:
default: ""
description: Group is the group of the referent. For example,
"networking.k8s.io". When unspecified (empty string),
core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: Kind is kind of the referent. For example
"HTTPRoute" or "Service".
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace of the backend.
When unspecified, the local namespace is inferred. \n
Note that when a namespace is specified, a ReferencePolicy
object is required in the referent namespace to allow
that namespace's owner to accept the reference. See
the ReferencePolicy documentation for details. \n Support:
Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: "Port specifies the destination port number
to use for the backend referenced by the ServiceName
or BackendRef field. If unspecified, the destination
port in the request is used when forwarding to a backendRef
or serviceName. \n Support: Core"
description: Port specifies the destination port number
to use for this resource. Port is required when the
referent is a Kubernetes Service. For other resources,
destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
serviceName:
description: "ServiceName refers to the name of the Service
to forward matched requests to. When specified, this
takes the place of BackendRef. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n The protocol
to use is defined using AppProtocol field (introduced
in Kubernetes 1.18) in the Service resource. In the
absence of the AppProtocol field a `networking.x-k8s.io/app-protocol`
annotation on the BackendPolicy resource may be used
to define the protocol. If the AppProtocol field is
available, this annotation should not be used. The AppProtocol
field, when populated, takes precedence over the annotation
in the BackendPolicy resource. For custom backends,
it is encouraged to add a semantically-equivalent field
in the Custom Resource Definition. \n Support: Core"
maxLength: 253
type: string
weight:
default: 1
description: "Weight specifies the proportion of HTTP
requests forwarded to the backend referenced by the
ServiceName or BackendRef field. This is computed as
weight/(sum of all weights in this ForwardTo list).
description: "Weight specifies the proportion of requests
forwarded to the referenced backend. This is computed
as weight/(sum of all weights in this BackendRefs list).
For non-zero values, there may be some epsilon from
the exact proportion defined here depending on the precision
an implementation supports. Weight is not a percentage
@@ -177,110 +254,18 @@ spec:
greater than 0, 100% of the traffic is forwarded to
that backend. If weight is set to 0, no traffic should
be forwarded for this entry. If unspecified, weight
defaults to 1. \n Support: Extended"
defaults to 1. \n Support for this field varies based
on the context where used."
format: int32
maximum: 1000000
minimum: 0
type: integer
required:
- name
type: object
maxItems: 16
minItems: 1
type: array
matches:
description: "Matches define conditions used for matching the
rule against incoming TLS connections. Each match is independent,
i.e. this rule will be matched if **any** one of the matches
is satisfied. If unspecified (i.e. empty), this Rule will
match all requests for the associated Listener. \n Each client
request MUST map to a maximum of one route rule. If a request
matches multiple rules, matching precedence MUST be determined
in order of the following criteria, continuing on ties: \n
* The longest matching SNI. * The longest matching precise
SNI (without a wildcard). This means that \"b.example.com\"
should be given precedence over \"*.example.com\". * The most
specific match specified by ExtensionRef. Each implementation
\ that supports ExtensionRef may have different ways of determining
the specificity of the referenced extension. \n If ties
still exist across multiple Routes, matching precedence MUST
be determined in order of the following criteria, continuing
on ties: \n * The oldest Route based on creation timestamp.
For example, a Route with a creation timestamp of \"2020-09-08
01:02:03\" is given precedence over a Route with a creation
timestamp of \"2020-09-08 01:02:04\". * The Route appearing
first in alphabetical order by \"<namespace>/<name>\". For
example, foo/bar is given precedence over foo/baz. \n If
ties still exist within the Route that has been given precedence,
matching precedence MUST be granted to the first matching
rule meeting the above criteria."
items:
description: TLSRouteMatch defines the predicate used to match
connections to a given action.
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific
extension to the \"match\" behavior. For example, resource
\"mytlsroutematcher\" in group \"networking.acme.io\".
If the referent cannot be found, the rule is not included
in the route. The controller should raise the \"ResolvedRefs\"
condition on the Gateway with the \"DegradedRoutes\"
reason. The gateway status for this route should be
updated with a condition that describes the error more
specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
maxLength: 253
minLength: 1
type: string
kind:
description: Kind is kind of the referent.
maxLength: 253
minLength: 1
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
snis:
description: "SNIs defines a set of SNI names that should
match against the SNI attribute of TLS ClientHello message
in TLS handshake. \n SNI can be \"precise\" which is
a domain name without the terminating dot of a network
host (e.g. \"foo.example.com\") or \"wildcard\", which
is a domain name prefixed with a single wildcard label
(e.g. `*.example.com`). The wildcard character `*` must
appear by itself as the first DNS label and matches
only a single label. You cannot have a wildcard label
by itself (e.g. Host == `*`). \n Requests will be matched
against the Host field in the following order: \n 1.
If SNI is precise, the request matches this rule if
the SNI in ClientHello is equal to one of the defined
SNIs. 2. If SNI is a wildcard, then the request matches
this rule if the SNI is to equal to the suffix (removing
the first label) of the wildcard rule. 3. If SNIs
is unspecified, all requests associated with the gateway
TLS listener will match. This can be used to define
a default backend for a TLS listener. \n Support:
Core"
items:
description: Hostname is used to specify a hostname
that should be matched.
maxLength: 253
minLength: 1
type: string
maxItems: 16
type: array
type: object
maxItems: 8
type: array
required:
- forwardTo
type: object
maxItems: 16
minItems: 1
@@ -291,27 +276,40 @@ spec:
status:
description: Status defines the current state of TLSRoute.
properties:
gateways:
description: "Gateways is a list of Gateways that are associated with
the route, and the status of the route with respect to each Gateway.
When a Gateway selects this route, the controller that manages the
Gateway must add an entry to this list when the controller first
sees the route and should update the entry as appropriate when the
route is modified. \n A maximum of 100 Gateways will be represented
in this list. If this list is full, there may be additional Gateways
using this Route that are not included in the list. An empty list
means the route has not been admitted by any Gateway."
parents:
description: "Parents is a list of parent resources (usually Gateways)
that are associated with the route, and the status of the route
with respect to each parent. When this route attaches to a parent,
the controller that manages the parent must add an entry to this
list when the controller first sees the route and should update
the entry as appropriate when the route or gateway is modified.
\n Note that parent references that cannot be resolved by an implementation
of this API will not be added to this list. Implementations of this
API can only populate Route status for the Gateways/parent resources
they are responsible for. \n A maximum of 32 Gateways will be represented
in this list. An empty list means the route has not been attached
to any Gateway."
items:
description: RouteGatewayStatus describes the status of a route
with respect to an associated Gateway.
description: RouteParentStatus describes the status of a route with
respect to an associated Parent.
properties:
conditions:
description: Conditions describes the status of the route with
respect to the Gateway. The "Admitted" condition must always
be specified by controllers to indicate whether the route
has been admitted or rejected by the Gateway, and why. Note
that the route's availability is also subject to the Gateway's
own status conditions and listener status.
description: "Conditions describes the status of the route with
respect to the Gateway. Note that the route's availability
is also subject to the Gateway's own status conditions and
listener status. \n If the Route's ParentRef specifies an
existing Gateway that supports Routes of this kind AND that
Gateway's controller has sufficient access, then that Gateway's
controller MUST set the \"Accepted\" condition on the Route,
to indicate whether the route has been accepted or rejected
by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
if at least one of the Route's rules is implemented by the
Gateway. \n There are a number of cases where the \"Accepted\"
condition may not be set due to lack of controller visibility,
that includes when: \n * The Route refers to a non-existent
parent. * The Route is of a type that the controller does
not support. * The Route is in a namespace the the controller
does not have access to."
items:
description: "Condition contains details for one aspect of
the current state of this API Resource. --- This struct
@@ -384,45 +382,90 @@ spec:
- type
type: object
maxItems: 8
minItems: 1
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
gatewayRef:
description: GatewayRef is a reference to a Gateway object that
is associated with the route.
controllerName:
description: "ControllerName is a domain/path string that indicates
the name of the controller that wrote this status. This corresponds
with the controllerName field on GatewayClass. \n Example:
\"example.net/gateway-controller\". \n The format of this
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
parentRef:
description: ParentRef corresponds with a ParentRef in the spec
that this RouteParentStatus struct describes the status of.
properties:
controller:
description: "Controller is a domain/path string that indicates
the controller implementing the Gateway. This corresponds
with the controller field on GatewayClass. \n Example:
\"acme.io/gateway-controller\". \n The format of this
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are
valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
group:
default: gateway.networking.k8s.io
description: "Group is the group of the referent. \n Support:
Core"
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
description: "Kind is kind of the referent. \n Support:
Core (Gateway) Support: Custom (Other Resources)"
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
description: "Name is the name of the referent. \n Support:
Core"
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace is the namespace of the referent.
description: "Namespace is the namespace of the referent.
When unspecified (or empty string), this refers to the
local namespace of the Route. \n Support: Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
sectionName:
description: "SectionName is the name of a section within
the target resource. In the following resources, SectionName
is interpreted as the following: \n * Gateway: Listener
Name \n Implementations MAY choose to support attaching
Routes to other resources. If that is the case, they MUST
clearly document how SectionName is interpreted. \n When
unspecified (empty string), this will reference the entire
resource. For the purpose of status, an attachment is
considered successful if at least one section in the parent
resource accepts it. For example, Gateway listeners can
restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept
attachment from the referencing Route, the Route MUST
be considered successfully attached. If no Gateway listeners
accept attachment from this Route, the Route MUST be considered
detached from the Gateway. \n Support: Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- name
- namespace
type: object
required:
- gatewayRef
- controllerName
- parentRef
type: object
maxItems: 100
maxItems: 32
type: array
required:
- gateways
- parents
type: object
required:
- spec
type: object
served: true
storage: true

459
bitnami/contour-operator/crds/crd-udproute.yaml
View File

@@ -1,13 +1,13 @@
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.19.1/config/crd
# CRDs source: https://github.com/projectcontour/contour-operator/tree/v1.20.1/config/crd
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.5.0
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/891
creationTimestamp: null
name: udproutes.networking.x-k8s.io
name: udproutes.gateway.networking.k8s.io
spec:
group: networking.x-k8s.io
group: gateway.networking.k8s.io
names:
categories:
- gateway-api
@@ -21,11 +21,12 @@ spec:
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
name: v1alpha2
schema:
openAPIV3Schema:
description: UDPRoute is a resource that specifies how a Gateway should forward
UDP traffic.
description: UDPRoute provides a way to route UDP traffic. When combined with
a Gateway listener, it can be used to forward traffic on the port specified
by the listener to a set of backends specified by the UDPRoute.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -42,130 +43,160 @@ spec:
spec:
description: Spec defines the desired state of UDPRoute.
properties:
gateways:
default:
allow: SameNamespace
description: Gateways defines which Gateways can use this Route.
properties:
allow:
default: SameNamespace
description: 'Allow indicates which Gateways will be allowed to
use this route. Possible values are: * All: Gateways in any
namespace can use this route. * FromList: Only Gateways specified
in GatewayRefs may use this route. * SameNamespace: Only Gateways
in the same namespace may use this route.'
enum:
- All
- FromList
- SameNamespace
type: string
gatewayRefs:
description: GatewayRefs must be specified when Allow is set to
"FromList". In that case, only Gateways referenced in this list
will be allowed to use this route. This field is ignored for
other values of "Allow".
items:
description: GatewayReference identifies a Gateway in a specified
namespace.
properties:
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace is the namespace of the referent.
maxLength: 253
minLength: 1
type: string
required:
- name
- namespace
type: object
type: array
type: object
parentRefs:
description: "ParentRefs references the resources (usually Gateways)
that a Route wants to be attached to. Note that the referenced parent
resource needs to allow this for the attachment to be complete.
For Gateways, that means the Gateway needs to allow attachment from
Routes of this kind and namespace. \n The only kind of parent resource
with \"Core\" support is Gateway. This API may be extended in the
future to support additional kinds of parent resources such as one
of the route kinds. \n It is invalid to reference an identical parent
more than once. It is valid to reference multiple distinct sections
within the same parent resource, such as 2 Listeners within a Gateway.
\n It is possible to separately reference multiple distinct objects
that may be collapsed by an implementation. For example, some implementations
may choose to merge compatible Gateway Listeners together. If that
is the case, the list of routes attached to those resources should
also be merged."
items:
description: "ParentRef identifies an API object (usually a Gateway)
that can be considered a parent of this resource (usually a route).
The only kind of parent resource with \"Core\" support is Gateway.
This API may be extended in the future to support additional kinds
of parent resources, such as HTTPRoute. \n The API object must
be valid in the cluster; the Group and Kind must be registered
in the cluster for this reference to be valid. \n References to
objects with invalid Group and Kind are not valid, and must be
rejected by the implementation, with appropriate Conditions set
on the containing object."
properties:
group:
default: gateway.networking.k8s.io
description: "Group is the group of the referent. \n Support:
Core"
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
description: "Kind is kind of the referent. \n Support: Core
(Gateway) Support: Custom (Other Resources)"
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: "Name is the name of the referent. \n Support:
Core"
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace of the referent. When
unspecified (or empty string), this refers to the local namespace
of the Route. \n Support: Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
sectionName:
description: "SectionName is the name of a section within the
target resource. In the following resources, SectionName is
interpreted as the following: \n * Gateway: Listener Name
\n Implementations MAY choose to support attaching Routes
to other resources. If that is the case, they MUST clearly
document how SectionName is interpreted. \n When unspecified
(empty string), this will reference the entire resource. For
the purpose of status, an attachment is considered successful
if at least one section in the parent resource accepts it.
For example, Gateway listeners can restrict which Routes can
attach to them by Route kind, namespace, or hostname. If 1
of 2 Gateway listeners accept attachment from the referencing
Route, the Route MUST be considered successfully attached.
If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway. \n
Support: Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- name
type: object
maxItems: 32
type: array
rules:
description: Rules are a list of UDP matchers and actions.
items:
description: UDPRouteRule is the configuration for a given rule.
properties:
forwardTo:
description: ForwardTo defines the backend(s) where matching
requests should be sent.
backendRefs:
description: "BackendRefs defines the backend(s) where matching
requests should be sent. If unspecified or invalid (refers
to a non-existent resource or a Service with no endpoints),
the underlying implementation MUST actively reject connection
attempts to this backend. Packet drops must respect weight;
if an invalid backend is requested to have 80% of the packets,
then 80% of packets must be dropped instead. \n Support: Core
for Kubernetes Service Support: Custom for any other resource
\n Support for weight: Extended"
items:
description: RouteForwardTo defines how a Route should forward
a request.
description: "BackendRef defines how a Route should forward
a request to a Kubernetes resource. \n Note that when a
namespace is specified, a ReferencePolicy object is required
in the referent namespace to allow that namespace's owner
to accept the reference. See the ReferencePolicy documentation
for details."
properties:
backendRef:
description: "BackendRef is a reference to a backend to
forward matched requests to. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
maxLength: 253
minLength: 1
type: string
kind:
description: Kind is kind of the referent.
maxLength: 253
minLength: 1
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
group:
default: ""
description: Group is the group of the referent. For example,
"networking.k8s.io". When unspecified (empty string),
core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
description: Kind is kind of the referent. For example
"HTTPRoute" or "Service".
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: "Namespace is the namespace of the backend.
When unspecified, the local namespace is inferred. \n
Note that when a namespace is specified, a ReferencePolicy
object is required in the referent namespace to allow
that namespace's owner to accept the reference. See
the ReferencePolicy documentation for details. \n Support:
Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
description: "Port specifies the destination port number
to use for the backend referenced by the ServiceName
or BackendRef field. If unspecified, the destination
port in the request is used when forwarding to a backendRef
or serviceName. \n Support: Core"
description: Port specifies the destination port number
to use for this resource. Port is required when the
referent is a Kubernetes Service. For other resources,
destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
serviceName:
description: "ServiceName refers to the name of the Service
to forward matched requests to. When specified, this
takes the place of BackendRef. If both BackendRef and
ServiceName are specified, ServiceName will be given
precedence. \n If the referent cannot be found, the
rule is not included in the route. The controller should
raise the \"ResolvedRefs\" condition on the Gateway
with the \"DegradedRoutes\" reason. The gateway status
for this route should be updated with a condition that
describes the error more specifically. \n The protocol
to use is defined using AppProtocol field (introduced
in Kubernetes 1.18) in the Service resource. In the
absence of the AppProtocol field a `networking.x-k8s.io/app-protocol`
annotation on the BackendPolicy resource may be used
to define the protocol. If the AppProtocol field is
available, this annotation should not be used. The AppProtocol
field, when populated, takes precedence over the annotation
in the BackendPolicy resource. For custom backends,
it is encouraged to add a semantically-equivalent field
in the Custom Resource Definition. \n Support: Core"
maxLength: 253
type: string
weight:
default: 1
description: "Weight specifies the proportion of HTTP
requests forwarded to the backend referenced by the
ServiceName or BackendRef field. This is computed as
weight/(sum of all weights in this ForwardTo list).
description: "Weight specifies the proportion of requests
forwarded to the referenced backend. This is computed
as weight/(sum of all weights in this BackendRefs list).
For non-zero values, there may be some epsilon from
the exact proportion defined here depending on the precision
an implementation supports. Weight is not a percentage
@@ -174,78 +205,18 @@ spec:
greater than 0, 100% of the traffic is forwarded to
that backend. If weight is set to 0, no traffic should
be forwarded for this entry. If unspecified, weight
defaults to 1. \n Support: Extended"
defaults to 1. \n Support for this field varies based
on the context where used."
format: int32
maximum: 1000000
minimum: 0
type: integer
required:
- name
type: object
maxItems: 16
minItems: 1
type: array
matches:
description: "Matches define conditions used for matching the
rule against incoming UDP connections. Each match is independent,
i.e. this rule will be matched if **any** one of the matches
is satisfied. If unspecified (i.e. empty), this Rule will
match all requests for the associated Listener. \n Each client
request MUST map to a maximum of one route rule. If a request
matches multiple rules, matching precedence MUST be determined
in order of the following criteria, continuing on ties: \n
* The most specific match specified by ExtensionRef. Each
implementation that supports ExtensionRef may have different
ways of determining the specificity of the referenced extension.
\n If ties still exist across multiple Routes, matching precedence
MUST be determined in order of the following criteria, continuing
on ties: \n * The oldest Route based on creation timestamp.
For example, a Route with a creation timestamp of \"2020-09-08
01:02:03\" is given precedence over a Route with a creation
timestamp of \"2020-09-08 01:02:04\". * The Route appearing
first in alphabetical order by \"<namespace>/<name>\". For
example, foo/bar is given precedence over foo/baz. \n If
ties still exist within the Route that has been given precedence,
matching precedence MUST be granted to the first matching
rule meeting the above criteria."
items:
description: UDPRouteMatch defines the predicate used to match
packets to a given action.
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific
extension to the \"match\" behavior. For example, resource
\"myudproutematcher\" in group \"networking.acme.io\".
If the referent cannot be found, the rule is not included
in the route. The controller should raise the \"ResolvedRefs\"
condition on the Gateway with the \"DegradedRoutes\"
reason. The gateway status for this route should be
updated with a condition that describes the error more
specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
maxLength: 253
minLength: 1
type: string
kind:
description: Kind is kind of the referent.
maxLength: 253
minLength: 1
type: string
name:
description: Name is the name of the referent.
maxLength: 253
minLength: 1
type: string
required:
- group
- kind
- name
type: object
type: object
maxItems: 8
type: array
required:
- forwardTo
type: object
maxItems: 16
minItems: 1
@@ -256,27 +227,40 @@ spec:
status:
description: Status defines the current state of UDPRoute.
properties:
gateways:
description: "Gateways is a list of Gateways that are associated with
the route, and the status of the route with respect to each Gateway.
When a Gateway selects this route, the controller that manages the
Gateway must add an entry to this list when the controller first
sees the route and should update the entry as appropriate when the
route is modified. \n A maximum of 100 Gateways will be represented
in this list. If this list is full, there may be additional Gateways
using this Route that are not included in the list. An empty list
means the route has not been admitted by any Gateway."
parents:
description: "Parents is a list of parent resources (usually Gateways)
that are associated with the route, and the status of the route
with respect to each parent. When this route attaches to a parent,
the controller that manages the parent must add an entry to this
list when the controller first sees the route and should update
the entry as appropriate when the route or gateway is modified.
\n Note that parent references that cannot be resolved by an implementation
of this API will not be added to this list. Implementations of this
API can only populate Route status for the Gateways/parent resources
they are responsible for. \n A maximum of 32 Gateways will be represented
in this list. An empty list means the route has not been attached
to any Gateway."
items:
description: RouteGatewayStatus describes the status of a route
with respect to an associated Gateway.
description: RouteParentStatus describes the status of a route with
respect to an associated Parent.
properties:
conditions:
description: Conditions describes the status of the route with
respect to the Gateway. The "Admitted" condition must always
be specified by controllers to indicate whether the route
has been admitted or rejected by the Gateway, and why. Note
that the route's availability is also subject to the Gateway's
own status conditions and listener status.
description: "Conditions describes the status of the route with
respect to the Gateway. Note that the route's availability
is also subject to the Gateway's own status conditions and
listener status. \n If the Route's ParentRef specifies an
existing Gateway that supports Routes of this kind AND that
Gateway's controller has sufficient access, then that Gateway's
controller MUST set the \"Accepted\" condition on the Route,
to indicate whether the route has been accepted or rejected
by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
if at least one of the Route's rules is implemented by the
Gateway. \n There are a number of cases where the \"Accepted\"
condition may not be set due to lack of controller visibility,
that includes when: \n * The Route refers to a non-existent
parent. * The Route is of a type that the controller does
not support. * The Route is in a namespace the the controller
does not have access to."
items:
description: "Condition contains details for one aspect of
the current state of this API Resource. --- This struct
@@ -349,45 +333,90 @@ spec:
- type
type: object
maxItems: 8
minItems: 1
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
gatewayRef:
description: GatewayRef is a reference to a Gateway object that
is associated with the route.
controllerName:
description: "ControllerName is a domain/path string that indicates
the name of the controller that wrote this status. This corresponds
with the controllerName field on GatewayClass. \n Example:
\"example.net/gateway-controller\". \n The format of this
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
parentRef:
description: ParentRef corresponds with a ParentRef in the spec
that this RouteParentStatus struct describes the status of.
properties:
controller:
description: "Controller is a domain/path string that indicates
the controller implementing the Gateway. This corresponds
with the controller field on GatewayClass. \n Example:
\"acme.io/gateway-controller\". \n The format of this
field is DOMAIN \"/\" PATH, where DOMAIN and PATH are
valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names)."
group:
default: gateway.networking.k8s.io
description: "Group is the group of the referent. \n Support:
Core"
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
description: "Kind is kind of the referent. \n Support:
Core (Gateway) Support: Custom (Other Resources)"
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
description: Name is the name of the referent.
description: "Name is the name of the referent. \n Support:
Core"
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace is the namespace of the referent.
description: "Namespace is the namespace of the referent.
When unspecified (or empty string), this refers to the
local namespace of the Route. \n Support: Core"
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
sectionName:
description: "SectionName is the name of a section within
the target resource. In the following resources, SectionName
is interpreted as the following: \n * Gateway: Listener
Name \n Implementations MAY choose to support attaching
Routes to other resources. If that is the case, they MUST
clearly document how SectionName is interpreted. \n When
unspecified (empty string), this will reference the entire
resource. For the purpose of status, an attachment is
considered successful if at least one section in the parent
resource accepts it. For example, Gateway listeners can
restrict which Routes can attach to them by Route kind,
namespace, or hostname. If 1 of 2 Gateway listeners accept
attachment from the referencing Route, the Route MUST
be considered successfully attached. If no Gateway listeners
accept attachment from this Route, the Route MUST be considered
detached from the Gateway. \n Support: Core"
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- name
- namespace
type: object
required:
- gatewayRef
- controllerName
- parentRef
type: object
maxItems: 100
maxItems: 32
type: array
required:
- gateways
- parents
type: object
required:
- spec
type: object
served: true
storage: true

73
bitnami/contour-operator/templates/clusterrole.yaml
View File

@@ -32,6 +32,14 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
@@ -96,6 +104,30 @@ rules:
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
- gateways
- httproutes
- referencepolicies
- tlsroutes
verbs:
- get
- list
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
- gateways/status
- httproutes/status
- tlsroutes/status
verbs:
- create
- get
- update
- apiGroups:
- networking.k8s.io
resources:
@@ -113,47 +145,6 @@ rules:
- create
- get
- update
- apiGroups:
- networking.x-k8s.io
resources:
- backendpolicies
- gatewayclasses
- gateways
- httproutes
- tlsroutes
verbs:
- get
- list
- update
- watch
- apiGroups:
- networking.x-k8s.io
resources:
- backendpolicies/status
- gatewayclasses/status
- gateways/status
- httproutes/status
- tlsroutes/status
verbs:
- create
- get
- update
- apiGroups:
- networking.x-k8s.io
resources:
- tcproutes
- udproutes
verbs:
- get
- list
- watch
- apiGroups:
- networking.x-k8s.io
resources:
- tcproutes/status
- udproutes/status
verbs:
- update
- apiGroups:
- operator.projectcontour.io
resources:

6
bitnami/contour-operator/values.yaml
View File

@@ -53,7 +53,7 @@ extraDeploy: []
image:
registry: docker.io
repository: bitnami/contour-operator
tag: 1.19.1-scratch-r5
tag: 1.20.1-scratch-r0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -78,7 +78,7 @@ image:
contourImage:
registry: docker.io
repository: bitnami/contour
tag: 1.19.1-debian-10-r70
tag: 1.20.1-debian-10-r19
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-contourImage-private-registry/
@@ -98,7 +98,7 @@ contourImage:
envoyImage:
registry: docker.io
repository: bitnami/envoy
tag: 1.19.1-debian-10-r141
tag: 1.21.1-debian-10-r20
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-envoyImage-private-registry/