diff --git a/.ci-operator.yaml b/.ci-operator.yaml
index 3189dd712..844f0d26a 100644
--- a/.ci-operator.yaml
+++ b/.ci-operator.yaml
@@ -1,4 +1,4 @@
 build_root_image:
   name: release
   namespace: openshift
-  tag: rhel-8-release-golang-1.19-openshift-4.13
+  tag: rhel-8-release-golang-1.20-openshift-4.14
diff --git a/.mvn/extensions.xml b/.mvn/extensions.xml
index 90787cbb2..1f3636409 100644
--- a/.mvn/extensions.xml
+++ b/.mvn/extensions.xml
@@ -2,6 +2,6 @@
   <extension>
     <groupId>io.jenkins.tools.incrementals</groupId>
     <artifactId>git-changelist-maven-extension</artifactId>
-    <version>1.6</version>
+    <version>1.7</version>
   </extension>
 </extensions>
diff --git a/go.mod b/go.mod
index 53d792ab2..41c0a601c 100644
--- a/go.mod
+++ b/go.mod
@@ -1,13 +1,13 @@
 module github.com/openshift/jenkins-sync-plugin
 
-go 1.19
+go 1.20
 
 require (
-	github.com/openshift/api v0.0.0-20230705144233-e28cd4dd28a8
-	github.com/openshift/client-go v0.0.0-20230705133330-7f808ad59404
-	k8s.io/api v0.27.3
-	k8s.io/apimachinery v0.27.3
-	k8s.io/client-go v1.5.2
+	github.com/openshift/api v0.0.0-20230810152202-3e3f07aadec4
+	github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb
+	k8s.io/api v0.27.4
+	k8s.io/apimachinery v0.27.4
+	k8s.io/client-go v0.27.4
 )
 
 require (
@@ -51,8 +51,8 @@ require (
 )
 
 replace (
-	k8s.io/api => k8s.io/api v0.27.3
-	k8s.io/apimachinery => k8s.io/apimachinery v0.27.3
-	k8s.io/client-go => k8s.io/client-go v0.27.3
+	k8s.io/api => k8s.io/api v0.27.4
+	k8s.io/apimachinery => k8s.io/apimachinery v0.27.4
+	k8s.io/client-go => k8s.io/client-go v0.27.4
 
 )
diff --git a/go.sum b/go.sum
index 726c21197..2ed890bfb 100644
--- a/go.sum
+++ b/go.sum
@@ -157,15 +157,15 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=
 github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
-github.com/openshift/api v0.0.0-20230705144233-e28cd4dd28a8 h1:ZLMYbvXXYPgytju27PdVQPSMU55oAySGGIWhaDU7LX8=
-github.com/openshift/api v0.0.0-20230705144233-e28cd4dd28a8/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs=
-github.com/openshift/client-go v0.0.0-20230705133330-7f808ad59404 h1:7Q/RkeK4UHpB25nu7z03tSFlWgWjcnAUbjwI1Ud22H4=
-github.com/openshift/client-go v0.0.0-20230705133330-7f808ad59404/go.mod h1:8Hq3t7Ba02Z0sjDGtTCARPXylxbOyzFrbwiqb1ViWMA=
+github.com/openshift/api v0.0.0-20230810152202-3e3f07aadec4 h1:chbtq8B4wIVbgpKzeRcAiqG+FMmmFAsJQ6NHDAYeIuc=
+github.com/openshift/api v0.0.0-20230810152202-3e3f07aadec4/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs=
+github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb h1:laYRaVm1tMdTLkZERvj9muJDvUtYo2HjRoo4Xu55EfM=
+github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb/go.mod h1:eCLby3OeidJ9+8GcvvGROU6hsCv2XAPQw8EO7d8NbQA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
@@ -465,12 +465,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y=
-k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg=
-k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM=
-k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
-k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8=
-k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48=
+k8s.io/api v0.27.4 h1:0pCo/AN9hONazBKlNUdhQymmnfLRbSZjd5H5H3f0bSs=
+k8s.io/api v0.27.4/go.mod h1:O3smaaX15NfxjzILfiln1D8Z3+gEYpjEpiNA/1EVK1Y=
+k8s.io/apimachinery v0.27.4 h1:CdxflD4AF61yewuid0fLl6bM4a3q04jWel0IlP+aYjs=
+k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E=
+k8s.io/client-go v0.27.4 h1:vj2YTtSJ6J4KxaC88P4pMPEQECWMY8gqPqsTgUKzvjk=
+k8s.io/client-go v0.27.4/go.mod h1:ragcly7lUlN0SRPk5/ZkGnDjPknzb37TICq07WhI6Xc=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg=
diff --git a/pom.xml b/pom.xml
index 785f390af..e86c0b58d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -115,7 +115,7 @@
         <dependency>
             <groupId>org.csanchez.jenkins.plugins</groupId>
             <artifactId>kubernetes</artifactId>
-            <version>3937.vd7b_82db_e347b_</version>
+            <version>3923.v294a_d4250b_91</version>
         </dependency>
     </dependencies>
 
@@ -125,7 +125,7 @@
             <dependency>
                 <groupId>io.jenkins.tools.bom</groupId>
                 <artifactId>bom-2.401.x</artifactId>
-                <version>2220.vea_cea_f1a_35e4</version>
+                <version>2244.vd60654536b_96</version>
                 <type>pom</type>
             </dependency>
             <!-- https://mvnrepository.com/artifact/io.jenkins.plugins/snakeyaml-api -->
@@ -144,7 +144,13 @@
             <dependency>
                 <groupId>io.jenkins.plugins</groupId>
                 <artifactId>ionicons-api</artifactId>
-                <version>56.v1b_1c8c49374e</version>
+                <version>57.v70787cec562e</version>
+            </dependency>
+            <!-- https://mvnrepository.com/artifact/org.jenkins-ci.plugins/jackson2-api -->
+            <dependency>
+                <groupId>org.jenkins-ci.plugins</groupId>
+                <artifactId>jackson2-api</artifactId>
+                <version>2.15.2-350.v0c2f3f8fc595</version>
             </dependency>
         </dependencies>
     </dependencyManagement>
@@ -265,6 +271,7 @@
                                 </goals>
                                 <configuration>
                                     <rules>
+                                        <banDuplicatePomDependencyVersions />
                                         <dependencyConvergence />
                                         <requireReleaseDeps>
                                             <message>No Snapshots Allowed!</message>
diff --git a/vendor/github.com/openshift/api/route/v1/generated.pb.go b/vendor/github.com/openshift/api/route/v1/generated.pb.go
index 203b647e1..2adcd1cc8 100644
--- a/vendor/github.com/openshift/api/route/v1/generated.pb.go
+++ b/vendor/github.com/openshift/api/route/v1/generated.pb.go
@@ -86,10 +86,122 @@ func (m *Route) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_Route proto.InternalMessageInfo
 
+func (m *RouteHTTPHeader) Reset()      { *m = RouteHTTPHeader{} }
+func (*RouteHTTPHeader) ProtoMessage() {}
+func (*RouteHTTPHeader) Descriptor() ([]byte, []int) {
+	return fileDescriptor_373b8fa7ff738721, []int{2}
+}
+func (m *RouteHTTPHeader) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RouteHTTPHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *RouteHTTPHeader) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RouteHTTPHeader.Merge(m, src)
+}
+func (m *RouteHTTPHeader) XXX_Size() int {
+	return m.Size()
+}
+func (m *RouteHTTPHeader) XXX_DiscardUnknown() {
+	xxx_messageInfo_RouteHTTPHeader.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RouteHTTPHeader proto.InternalMessageInfo
+
+func (m *RouteHTTPHeaderActionUnion) Reset()      { *m = RouteHTTPHeaderActionUnion{} }
+func (*RouteHTTPHeaderActionUnion) ProtoMessage() {}
+func (*RouteHTTPHeaderActionUnion) Descriptor() ([]byte, []int) {
+	return fileDescriptor_373b8fa7ff738721, []int{3}
+}
+func (m *RouteHTTPHeaderActionUnion) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RouteHTTPHeaderActionUnion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *RouteHTTPHeaderActionUnion) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RouteHTTPHeaderActionUnion.Merge(m, src)
+}
+func (m *RouteHTTPHeaderActionUnion) XXX_Size() int {
+	return m.Size()
+}
+func (m *RouteHTTPHeaderActionUnion) XXX_DiscardUnknown() {
+	xxx_messageInfo_RouteHTTPHeaderActionUnion.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RouteHTTPHeaderActionUnion proto.InternalMessageInfo
+
+func (m *RouteHTTPHeaderActions) Reset()      { *m = RouteHTTPHeaderActions{} }
+func (*RouteHTTPHeaderActions) ProtoMessage() {}
+func (*RouteHTTPHeaderActions) Descriptor() ([]byte, []int) {
+	return fileDescriptor_373b8fa7ff738721, []int{4}
+}
+func (m *RouteHTTPHeaderActions) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RouteHTTPHeaderActions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *RouteHTTPHeaderActions) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RouteHTTPHeaderActions.Merge(m, src)
+}
+func (m *RouteHTTPHeaderActions) XXX_Size() int {
+	return m.Size()
+}
+func (m *RouteHTTPHeaderActions) XXX_DiscardUnknown() {
+	xxx_messageInfo_RouteHTTPHeaderActions.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RouteHTTPHeaderActions proto.InternalMessageInfo
+
+func (m *RouteHTTPHeaders) Reset()      { *m = RouteHTTPHeaders{} }
+func (*RouteHTTPHeaders) ProtoMessage() {}
+func (*RouteHTTPHeaders) Descriptor() ([]byte, []int) {
+	return fileDescriptor_373b8fa7ff738721, []int{5}
+}
+func (m *RouteHTTPHeaders) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RouteHTTPHeaders) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *RouteHTTPHeaders) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RouteHTTPHeaders.Merge(m, src)
+}
+func (m *RouteHTTPHeaders) XXX_Size() int {
+	return m.Size()
+}
+func (m *RouteHTTPHeaders) XXX_DiscardUnknown() {
+	xxx_messageInfo_RouteHTTPHeaders.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RouteHTTPHeaders proto.InternalMessageInfo
+
 func (m *RouteIngress) Reset()      { *m = RouteIngress{} }
 func (*RouteIngress) ProtoMessage() {}
 func (*RouteIngress) Descriptor() ([]byte, []int) {
-	return fileDescriptor_373b8fa7ff738721, []int{2}
+	return fileDescriptor_373b8fa7ff738721, []int{6}
 }
 func (m *RouteIngress) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -117,7 +229,7 @@ var xxx_messageInfo_RouteIngress proto.InternalMessageInfo
 func (m *RouteIngressCondition) Reset()      { *m = RouteIngressCondition{} }
 func (*RouteIngressCondition) ProtoMessage() {}
 func (*RouteIngressCondition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_373b8fa7ff738721, []int{3}
+	return fileDescriptor_373b8fa7ff738721, []int{7}
 }
 func (m *RouteIngressCondition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -145,7 +257,7 @@ var xxx_messageInfo_RouteIngressCondition proto.InternalMessageInfo
 func (m *RouteList) Reset()      { *m = RouteList{} }
 func (*RouteList) ProtoMessage() {}
 func (*RouteList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_373b8fa7ff738721, []int{4}
+	return fileDescriptor_373b8fa7ff738721, []int{8}
 }
 func (m *RouteList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -173,7 +285,7 @@ var xxx_messageInfo_RouteList proto.InternalMessageInfo
 func (m *RoutePort) Reset()      { *m = RoutePort{} }
 func (*RoutePort) ProtoMessage() {}
 func (*RoutePort) Descriptor() ([]byte, []int) {
-	return fileDescriptor_373b8fa7ff738721, []int{5}
+	return fileDescriptor_373b8fa7ff738721, []int{9}
 }
 func (m *RoutePort) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -198,10 +310,38 @@ func (m *RoutePort) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_RoutePort proto.InternalMessageInfo
 
+func (m *RouteSetHTTPHeader) Reset()      { *m = RouteSetHTTPHeader{} }
+func (*RouteSetHTTPHeader) ProtoMessage() {}
+func (*RouteSetHTTPHeader) Descriptor() ([]byte, []int) {
+	return fileDescriptor_373b8fa7ff738721, []int{10}
+}
+func (m *RouteSetHTTPHeader) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *RouteSetHTTPHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *RouteSetHTTPHeader) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_RouteSetHTTPHeader.Merge(m, src)
+}
+func (m *RouteSetHTTPHeader) XXX_Size() int {
+	return m.Size()
+}
+func (m *RouteSetHTTPHeader) XXX_DiscardUnknown() {
+	xxx_messageInfo_RouteSetHTTPHeader.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_RouteSetHTTPHeader proto.InternalMessageInfo
+
 func (m *RouteSpec) Reset()      { *m = RouteSpec{} }
 func (*RouteSpec) ProtoMessage() {}
 func (*RouteSpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_373b8fa7ff738721, []int{6}
+	return fileDescriptor_373b8fa7ff738721, []int{11}
 }
 func (m *RouteSpec) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -229,7 +369,7 @@ var xxx_messageInfo_RouteSpec proto.InternalMessageInfo
 func (m *RouteStatus) Reset()      { *m = RouteStatus{} }
 func (*RouteStatus) ProtoMessage() {}
 func (*RouteStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_373b8fa7ff738721, []int{7}
+	return fileDescriptor_373b8fa7ff738721, []int{12}
 }
 func (m *RouteStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -257,7 +397,7 @@ var xxx_messageInfo_RouteStatus proto.InternalMessageInfo
 func (m *RouteTargetReference) Reset()      { *m = RouteTargetReference{} }
 func (*RouteTargetReference) ProtoMessage() {}
 func (*RouteTargetReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_373b8fa7ff738721, []int{8}
+	return fileDescriptor_373b8fa7ff738721, []int{13}
 }
 func (m *RouteTargetReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -285,7 +425,7 @@ var xxx_messageInfo_RouteTargetReference proto.InternalMessageInfo
 func (m *RouterShard) Reset()      { *m = RouterShard{} }
 func (*RouterShard) ProtoMessage() {}
 func (*RouterShard) Descriptor() ([]byte, []int) {
-	return fileDescriptor_373b8fa7ff738721, []int{9}
+	return fileDescriptor_373b8fa7ff738721, []int{14}
 }
 func (m *RouterShard) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -313,7 +453,7 @@ var xxx_messageInfo_RouterShard proto.InternalMessageInfo
 func (m *TLSConfig) Reset()      { *m = TLSConfig{} }
 func (*TLSConfig) ProtoMessage() {}
 func (*TLSConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_373b8fa7ff738721, []int{10}
+	return fileDescriptor_373b8fa7ff738721, []int{15}
 }
 func (m *TLSConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -341,10 +481,15 @@ var xxx_messageInfo_TLSConfig proto.InternalMessageInfo
 func init() {
 	proto.RegisterType((*LocalObjectReference)(nil), "github.com.openshift.api.route.v1.LocalObjectReference")
 	proto.RegisterType((*Route)(nil), "github.com.openshift.api.route.v1.Route")
+	proto.RegisterType((*RouteHTTPHeader)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeader")
+	proto.RegisterType((*RouteHTTPHeaderActionUnion)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaderActionUnion")
+	proto.RegisterType((*RouteHTTPHeaderActions)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaderActions")
+	proto.RegisterType((*RouteHTTPHeaders)(nil), "github.com.openshift.api.route.v1.RouteHTTPHeaders")
 	proto.RegisterType((*RouteIngress)(nil), "github.com.openshift.api.route.v1.RouteIngress")
 	proto.RegisterType((*RouteIngressCondition)(nil), "github.com.openshift.api.route.v1.RouteIngressCondition")
 	proto.RegisterType((*RouteList)(nil), "github.com.openshift.api.route.v1.RouteList")
 	proto.RegisterType((*RoutePort)(nil), "github.com.openshift.api.route.v1.RoutePort")
+	proto.RegisterType((*RouteSetHTTPHeader)(nil), "github.com.openshift.api.route.v1.RouteSetHTTPHeader")
 	proto.RegisterType((*RouteSpec)(nil), "github.com.openshift.api.route.v1.RouteSpec")
 	proto.RegisterType((*RouteStatus)(nil), "github.com.openshift.api.route.v1.RouteStatus")
 	proto.RegisterType((*RouteTargetReference)(nil), "github.com.openshift.api.route.v1.RouteTargetReference")
@@ -357,83 +502,96 @@ func init() {
 }
 
 var fileDescriptor_373b8fa7ff738721 = []byte{
-	// 1216 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x57, 0xcf, 0x8f, 0x13, 0xb7,
-	0x17, 0xdf, 0x49, 0xb2, 0x3f, 0xe2, 0x00, 0xdf, 0x2f, 0x06, 0x4a, 0xa0, 0x22, 0x81, 0x39, 0x54,
-	0x50, 0xd1, 0x99, 0xee, 0x96, 0xb6, 0x48, 0x55, 0x0f, 0xcc, 0x82, 0xe8, 0x42, 0x58, 0x90, 0x13,
-	0x15, 0x15, 0x71, 0xa8, 0x77, 0xc6, 0x99, 0xb8, 0x9b, 0xd8, 0x53, 0xdb, 0x01, 0xf6, 0x52, 0x21,
-	0x55, 0xea, 0x99, 0xfe, 0x37, 0xbd, 0xf7, 0xc2, 0x91, 0x23, 0xa7, 0xa8, 0xa4, 0xea, 0xa9, 0xff,
-	0xc1, 0x9e, 0x2a, 0x7b, 0x9c, 0x99, 0x49, 0x36, 0x81, 0xd0, 0xde, 0xe2, 0xf7, 0xde, 0xe7, 0xf3,
-	0x7e, 0xfa, 0x79, 0x02, 0x36, 0x63, 0xaa, 0x7a, 0xc3, 0x3d, 0x2f, 0xe4, 0x03, 0x9f, 0x27, 0x84,
-	0xc9, 0x1e, 0xed, 0x2a, 0x1f, 0x27, 0xd4, 0x17, 0x7c, 0xa8, 0x88, 0xff, 0x64, 0xd3, 0x8f, 0x09,
-	0x23, 0x02, 0x2b, 0x12, 0x79, 0x89, 0xe0, 0x8a, 0xc3, 0x4b, 0x39, 0xc4, 0xcb, 0x20, 0x1e, 0x4e,
-	0xa8, 0x67, 0x20, 0xde, 0x93, 0xcd, 0xf3, 0x9f, 0x14, 0x58, 0x63, 0x1e, 0x73, 0xdf, 0x20, 0xf7,
-	0x86, 0x5d, 0x73, 0x32, 0x07, 0xf3, 0x2b, 0x65, 0x3c, 0xef, 0xee, 0x5f, 0x97, 0x1e, 0xe5, 0xc6,
-	0x6d, 0xc8, 0xc5, 0x3c, 0xaf, 0xe7, 0xaf, 0xe5, 0x36, 0x03, 0x1c, 0xf6, 0x28, 0x23, 0xe2, 0xc0,
-	0x4f, 0xf6, 0x63, 0x2d, 0x90, 0xfe, 0x80, 0x28, 0x3c, 0x0f, 0xf5, 0xc5, 0x22, 0x94, 0x18, 0x32,
-	0x45, 0x07, 0xc4, 0x97, 0x61, 0x8f, 0x0c, 0xf0, 0x11, 0xdc, 0x67, 0x8b, 0x70, 0x43, 0x45, 0xfb,
-	0x3e, 0x65, 0x4a, 0x2a, 0x31, 0x0b, 0x72, 0xaf, 0x83, 0xd3, 0x2d, 0x1e, 0xe2, 0xfe, 0xfd, 0xbd,
-	0x1f, 0x48, 0xa8, 0x10, 0xe9, 0x12, 0x41, 0x58, 0x48, 0xe0, 0x45, 0x50, 0x61, 0x78, 0x40, 0xea,
-	0xce, 0x45, 0xe7, 0x72, 0x35, 0x38, 0xf6, 0x72, 0xd4, 0x5c, 0x19, 0x8f, 0x9a, 0x95, 0x5d, 0x3c,
-	0x20, 0xc8, 0x68, 0xdc, 0x5f, 0x4b, 0x60, 0x15, 0xe9, 0xe2, 0xc1, 0xef, 0xc1, 0x86, 0xce, 0x25,
-	0xc2, 0x0a, 0x1b, 0xfb, 0xda, 0xd6, 0xa7, 0x5e, 0x1a, 0x8b, 0x57, 0x8c, 0xc5, 0x4b, 0xf6, 0x63,
-	0x2d, 0x90, 0x9e, 0xb6, 0xf6, 0x9e, 0x6c, 0x7a, 0xa9, 0xd3, 0x7b, 0x44, 0xe1, 0x00, 0x5a, 0x0f,
-	0x20, 0x97, 0xa1, 0x8c, 0x15, 0xee, 0x82, 0x8a, 0x4c, 0x48, 0x58, 0x2f, 0x19, 0xf6, 0xab, 0xde,
-	0x3b, 0xbb, 0xe9, 0x99, 0xc8, 0xda, 0x09, 0x09, 0xf3, 0xd8, 0xf5, 0x09, 0x19, 0x1e, 0xf8, 0x2d,
-	0x58, 0x93, 0x0a, 0xab, 0xa1, 0xac, 0x97, 0x0d, 0xa3, 0xb7, 0x34, 0xa3, 0x41, 0x05, 0x27, 0x2c,
-	0xe7, 0x5a, 0x7a, 0x46, 0x96, 0xcd, 0xfd, 0xb9, 0x0c, 0x8e, 0x19, 0xbb, 0x1d, 0x16, 0x0b, 0x22,
-	0xa5, 0x2e, 0x63, 0x8f, 0x4b, 0x35, 0x5b, 0xc6, 0x6f, 0xb8, 0x54, 0xc8, 0x68, 0xe0, 0x16, 0x00,
-	0xc6, 0x85, 0xd0, 0xa5, 0x35, 0x09, 0x56, 0xf3, 0x62, 0xa0, 0x4c, 0x83, 0x0a, 0x56, 0xb0, 0x0f,
-	0x40, 0xc8, 0x59, 0x44, 0x15, 0xe5, 0x4c, 0xa7, 0x50, 0xbe, 0x5c, 0xdb, 0xba, 0xbe, 0x6c, 0x0a,
-	0x36, 0xb4, 0xed, 0x09, 0x41, 0xee, 0x2d, 0x13, 0x49, 0x54, 0xe0, 0x87, 0x1d, 0x70, 0xe2, 0x29,
-	0xed, 0x47, 0x21, 0x16, 0xd1, 0x03, 0xde, 0xa7, 0xe1, 0x41, 0xbd, 0x62, 0xa2, 0xbc, 0x6a, 0x71,
-	0x27, 0x1e, 0x4e, 0x69, 0x0f, 0x47, 0x4d, 0x38, 0x2d, 0xe9, 0x1c, 0x24, 0x04, 0xcd, 0x70, 0xc0,
-	0xef, 0xc0, 0xd9, 0x34, 0xa3, 0x6d, 0xcc, 0x38, 0xa3, 0x21, 0xee, 0xeb, 0xa2, 0x98, 0x99, 0x5b,
-	0x35, 0xf4, 0x4d, 0x4b, 0x7f, 0x16, 0xcd, 0x37, 0x43, 0x8b, 0xf0, 0xee, 0xdf, 0x25, 0x70, 0x66,
-	0x6e, 0xaa, 0xf0, 0x6b, 0x50, 0x51, 0x07, 0xc9, 0x64, 0xaa, 0xaf, 0x4c, 0xda, 0xa1, 0x03, 0x3c,
-	0x1c, 0x35, 0xcf, 0xcd, 0x05, 0x99, 0xe8, 0x0d, 0x0c, 0xb6, 0xb2, 0xb1, 0x49, 0xfb, 0x74, 0x6d,
-	0x7a, 0x0c, 0x0e, 0x47, 0xcd, 0x39, 0x5b, 0xc1, 0xcb, 0x98, 0xa6, 0x87, 0x05, 0x7e, 0x04, 0xd6,
-	0x04, 0xc1, 0x92, 0x33, 0x33, 0x84, 0xd5, 0x7c, 0xa8, 0x90, 0x91, 0x22, 0xab, 0x85, 0x57, 0xc0,
-	0xfa, 0x80, 0x48, 0x89, 0x63, 0x62, 0x0b, 0xff, 0x3f, 0x6b, 0xb8, 0x7e, 0x2f, 0x15, 0xa3, 0x89,
-	0x1e, 0x0a, 0x00, 0xfb, 0x58, 0xaa, 0x8e, 0xc0, 0x4c, 0xa6, 0xc1, 0x53, 0x5b, 0xcf, 0xda, 0xd6,
-	0xc7, 0xcb, 0xdd, 0x49, 0x8d, 0x08, 0x3e, 0x18, 0x8f, 0x9a, 0xb0, 0x75, 0x84, 0x09, 0xcd, 0x61,
-	0x77, 0x7f, 0x73, 0x40, 0xd5, 0x14, 0xae, 0x45, 0xa5, 0x82, 0x8f, 0x8f, 0xec, 0x02, 0x6f, 0x39,
-	0xbf, 0x1a, 0x6d, 0x36, 0xc1, 0xff, 0x6d, 0x76, 0x1b, 0x13, 0x49, 0x61, 0x0f, 0xdc, 0x03, 0xab,
-	0x54, 0x91, 0x81, 0xae, 0xbf, 0x9e, 0xf9, 0xcb, 0xcb, 0xce, 0x7c, 0x70, 0xdc, 0x92, 0xae, 0xee,
-	0x68, 0x38, 0x4a, 0x59, 0xdc, 0x1f, 0x6d, 0xe4, 0x0f, 0xb8, 0x50, 0x30, 0x02, 0x40, 0x61, 0x11,
-	0x13, 0xa5, 0x4f, 0xef, 0xdc, 0x63, 0x7a, 0xa7, 0x7a, 0xe9, 0x4e, 0xf5, 0x76, 0x98, 0xba, 0x2f,
-	0xda, 0x4a, 0x50, 0x16, 0xe7, 0x97, 0xa9, 0x93, 0x71, 0xa1, 0x02, 0xaf, 0xfb, 0x7b, 0xc5, 0xfa,
-	0xd4, 0xdb, 0x68, 0x89, 0xf5, 0xe0, 0x83, 0xaa, 0x1c, 0xee, 0x45, 0x7c, 0x80, 0x29, 0xab, 0x6f,
-	0x18, 0xb3, 0x93, 0xd6, 0xac, 0xda, 0x9e, 0x28, 0x50, 0x6e, 0xa3, 0x29, 0x13, 0xac, 0x7a, 0x76,
-	0x42, 0x33, 0xca, 0x07, 0x58, 0xf5, 0x90, 0xd1, 0xc0, 0x36, 0x28, 0x29, 0x6e, 0x17, 0xdf, 0x97,
-	0xcb, 0x56, 0x30, 0x4d, 0x27, 0x7b, 0x1f, 0x02, 0x60, 0x89, 0x4b, 0x1d, 0x8e, 0x4a, 0x8a, 0xc3,
-	0xe7, 0x0e, 0x38, 0x89, 0xfb, 0x8a, 0x08, 0x86, 0x15, 0x09, 0x70, 0xb8, 0x4f, 0x58, 0x24, 0xeb,
-	0x15, 0xd3, 0xa6, 0x7f, 0xed, 0xe4, 0x9c, 0x75, 0x72, 0xf2, 0xc6, 0x2c, 0x33, 0x3a, 0xea, 0x0c,
-	0xde, 0x01, 0x95, 0x44, 0xb7, 0x6e, 0xf5, 0xfd, 0x1e, 0x09, 0xdd, 0x96, 0x60, 0xc3, 0xd4, 0x48,
-	0x37, 0xcb, 0x70, 0xc0, 0xdb, 0xa0, 0xac, 0xfa, 0xb2, 0xbe, 0xb6, 0x34, 0x55, 0xa7, 0xd5, 0xde,
-	0xe6, 0xac, 0x4b, 0xe3, 0x60, 0x7d, 0x3c, 0x6a, 0x96, 0x3b, 0xad, 0x36, 0xd2, 0x0c, 0x73, 0x96,
-	0xe7, 0xfa, 0x7f, 0x5f, 0x9e, 0x2e, 0x05, 0xb5, 0xc2, 0x73, 0x04, 0x1f, 0x81, 0x75, 0x9a, 0x6e,
-	0xad, 0xba, 0x63, 0x2a, 0xee, 0xbf, 0xe7, 0x63, 0x90, 0xaf, 0x14, 0x2b, 0x40, 0x13, 0x42, 0xf7,
-	0x27, 0x70, 0x7a, 0x5e, 0x6f, 0xf4, 0x9c, 0xed, 0x53, 0x16, 0xcd, 0x8e, 0xee, 0x5d, 0xca, 0x22,
-	0x64, 0x34, 0xd9, 0x27, 0x44, 0x69, 0xd1, 0x27, 0x04, 0x74, 0xc1, 0xda, 0x53, 0x42, 0xe3, 0x9e,
-	0x32, 0xd3, 0xb8, 0x1a, 0x00, 0xbd, 0xfd, 0x1e, 0x1a, 0x09, 0xb2, 0x1a, 0x97, 0xdb, 0x54, 0x45,
-	0xbb, 0x87, 0x45, 0x64, 0xee, 0x83, 0xfe, 0xb1, 0x9b, 0x7f, 0x9c, 0xe4, 0xf7, 0x61, 0xa2, 0x40,
-	0xb9, 0x8d, 0x06, 0x44, 0x4c, 0xb6, 0x87, 0xdd, 0x2e, 0x7d, 0x66, 0x43, 0xc9, 0x00, 0x37, 0x77,
-	0xdb, 0xa9, 0x02, 0xe5, 0x36, 0xee, 0x5f, 0x15, 0x50, 0xcd, 0xba, 0x09, 0xef, 0x82, 0x9a, 0x22,
-	0x62, 0x40, 0x19, 0xd6, 0x0b, 0x6f, 0xe6, 0xe1, 0xa8, 0x75, 0x72, 0x95, 0xee, 0x5c, 0xa7, 0xd5,
-	0x2e, 0x48, 0x4c, 0xe7, 0x8a, 0x68, 0xf8, 0x39, 0xa8, 0x85, 0x44, 0x28, 0xda, 0xa5, 0x21, 0x56,
-	0x93, 0xc2, 0x9c, 0x9a, 0x90, 0x6d, 0xe7, 0x2a, 0x54, 0xb4, 0x83, 0x17, 0x40, 0x79, 0x9f, 0x1c,
-	0xd8, 0x57, 0xa2, 0x66, 0xcd, 0xcb, 0x77, 0xc9, 0x01, 0xd2, 0x72, 0xf8, 0x15, 0x38, 0x1e, 0xe2,
-	0x02, 0xd8, 0xbe, 0x12, 0x67, 0xac, 0xe1, 0xf1, 0xed, 0x1b, 0x45, 0xe6, 0x69, 0x5b, 0xf8, 0x18,
-	0xd4, 0x23, 0x22, 0x95, 0x8d, 0x70, 0xca, 0xd4, 0xbe, 0xc3, 0x17, 0x2d, 0x4f, 0xfd, 0xe6, 0x02,
-	0x3b, 0xb4, 0x90, 0x01, 0xbe, 0x70, 0xc0, 0x05, 0xca, 0x24, 0x09, 0x87, 0x82, 0xdc, 0x8a, 0x62,
-	0x52, 0xa8, 0x8e, 0xbd, 0x0d, 0x6b, 0xc6, 0xc7, 0x1d, 0xeb, 0xe3, 0xc2, 0xce, 0xdb, 0x8c, 0x0f,
-	0x47, 0xcd, 0x4b, 0x6f, 0x35, 0x30, 0x15, 0x7f, 0xbb, 0x43, 0xf8, 0x8b, 0x03, 0x4e, 0x91, 0x67,
-	0x66, 0x77, 0xf4, 0x8b, 0xc9, 0xae, 0x2f, 0xbd, 0x0f, 0xe7, 0x7d, 0x2f, 0x07, 0x1f, 0xda, 0x0c,
-	0x4e, 0xdd, 0x3a, 0xca, 0x8d, 0xe6, 0x39, 0x0c, 0x6e, 0xbf, 0x7c, 0xd3, 0x58, 0x79, 0xf5, 0xa6,
-	0xb1, 0xf2, 0xfa, 0x4d, 0x63, 0xe5, 0xf9, 0xb8, 0xe1, 0xbc, 0x1c, 0x37, 0x9c, 0x57, 0xe3, 0x86,
-	0xf3, 0x7a, 0xdc, 0x70, 0xfe, 0x18, 0x37, 0x9c, 0x17, 0x7f, 0x36, 0x56, 0x1e, 0x5d, 0x7a, 0xe7,
-	0x7f, 0x9d, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0xa2, 0x48, 0x48, 0xf0, 0x0f, 0x0d, 0x00, 0x00,
+	// 1420 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x58, 0xdd, 0x6e, 0x13, 0xc7,
+	0x17, 0xcf, 0xc6, 0x76, 0x1c, 0x8f, 0xf9, 0x1c, 0xbe, 0x4c, 0x24, 0x6c, 0xd8, 0xbf, 0xf4, 0x17,
+	0x54, 0x74, 0xdd, 0x04, 0x68, 0x41, 0x15, 0x17, 0x6c, 0x40, 0x10, 0x30, 0x21, 0x1a, 0xbb, 0xa0,
+	0x22, 0x2a, 0x75, 0xb2, 0x3b, 0xb6, 0xa7, 0xb1, 0x67, 0x97, 0x99, 0x71, 0x20, 0x37, 0x15, 0x6a,
+	0x5f, 0x80, 0xde, 0xf6, 0x15, 0xaa, 0xde, 0xf7, 0x11, 0xb8, 0xe4, 0x92, 0xde, 0x58, 0x8d, 0x7b,
+	0xd9, 0x37, 0xc8, 0x55, 0x35, 0xb3, 0xe3, 0xdd, 0xb5, 0x63, 0x13, 0x07, 0xf5, 0xce, 0x7b, 0xce,
+	0xf9, 0xfd, 0xce, 0xc7, 0x9c, 0x39, 0x67, 0x12, 0xb0, 0xdc, 0xa2, 0xb2, 0xdd, 0xdb, 0x74, 0xbc,
+	0xa0, 0x5b, 0x0d, 0x42, 0xc2, 0x44, 0x9b, 0x36, 0x65, 0x15, 0x87, 0xb4, 0xca, 0x83, 0x9e, 0x24,
+	0xd5, 0xed, 0xe5, 0x6a, 0x8b, 0x30, 0xc2, 0xb1, 0x24, 0xbe, 0x13, 0xf2, 0x40, 0x06, 0xf0, 0x52,
+	0x02, 0x71, 0x62, 0x88, 0x83, 0x43, 0xea, 0x68, 0x88, 0xb3, 0xbd, 0xbc, 0xf4, 0x79, 0x8a, 0xb5,
+	0x15, 0xb4, 0x82, 0xaa, 0x46, 0x6e, 0xf6, 0x9a, 0xfa, 0x4b, 0x7f, 0xe8, 0x5f, 0x11, 0xe3, 0x92,
+	0xbd, 0x75, 0x53, 0x38, 0x34, 0xd0, 0x6e, 0xbd, 0x80, 0x4f, 0xf2, 0xba, 0x74, 0x3d, 0xb1, 0xe9,
+	0x62, 0xaf, 0x4d, 0x19, 0xe1, 0x3b, 0xd5, 0x70, 0xab, 0xa5, 0x04, 0xa2, 0xda, 0x25, 0x12, 0x4f,
+	0x42, 0x7d, 0x39, 0x0d, 0xc5, 0x7b, 0x4c, 0xd2, 0x2e, 0xa9, 0x0a, 0xaf, 0x4d, 0xba, 0x78, 0x1f,
+	0xee, 0xda, 0x34, 0x5c, 0x4f, 0xd2, 0x4e, 0x95, 0x32, 0x29, 0x24, 0x1f, 0x07, 0xd9, 0x37, 0xc1,
+	0xe9, 0x5a, 0xe0, 0xe1, 0xce, 0x93, 0xcd, 0x1f, 0x88, 0x27, 0x11, 0x69, 0x12, 0x4e, 0x98, 0x47,
+	0xe0, 0x45, 0x90, 0x65, 0xb8, 0x4b, 0x4a, 0xd6, 0x45, 0xeb, 0x72, 0xc1, 0x3d, 0xf2, 0xae, 0x5f,
+	0x99, 0x1b, 0xf4, 0x2b, 0xd9, 0x75, 0xdc, 0x25, 0x48, 0x6b, 0xec, 0x5f, 0xe6, 0x41, 0x0e, 0xa9,
+	0xe2, 0xc1, 0xef, 0xc1, 0xa2, 0xca, 0xc5, 0xc7, 0x12, 0x6b, 0xfb, 0xe2, 0xca, 0x17, 0x4e, 0x14,
+	0x8b, 0x93, 0x8e, 0xc5, 0x09, 0xb7, 0x5a, 0x4a, 0x20, 0x1c, 0x65, 0xed, 0x6c, 0x2f, 0x3b, 0x91,
+	0xd3, 0xc7, 0x44, 0x62, 0x17, 0x1a, 0x0f, 0x20, 0x91, 0xa1, 0x98, 0x15, 0xae, 0x83, 0xac, 0x08,
+	0x89, 0x57, 0x9a, 0xd7, 0xec, 0x57, 0x9d, 0x03, 0x4f, 0xd3, 0xd1, 0x91, 0xd5, 0x43, 0xe2, 0x25,
+	0xb1, 0xab, 0x2f, 0xa4, 0x79, 0xe0, 0x53, 0xb0, 0x20, 0x24, 0x96, 0x3d, 0x51, 0xca, 0x68, 0x46,
+	0x67, 0x66, 0x46, 0x8d, 0x72, 0x8f, 0x19, 0xce, 0x85, 0xe8, 0x1b, 0x19, 0x36, 0xfb, 0x57, 0x0b,
+	0x1c, 0xd7, 0x76, 0x0f, 0x1a, 0x8d, 0x8d, 0x07, 0x04, 0xfb, 0x84, 0x1f, 0x5c, 0x49, 0x48, 0xc0,
+	0x02, 0xf6, 0x24, 0x0d, 0x98, 0xc9, 0xef, 0xf6, 0xac, 0xd1, 0x24, 0x5e, 0xee, 0x68, 0xfc, 0x37,
+	0x8c, 0x06, 0x2c, 0x09, 0x2e, 0x12, 0x22, 0x43, 0x6e, 0xff, 0x6e, 0x81, 0xa5, 0xe9, 0x30, 0x78,
+	0x1b, 0x64, 0xe5, 0x4e, 0x38, 0x8c, 0xf3, 0xca, 0x30, 0xce, 0xc6, 0x4e, 0x48, 0xf6, 0xfa, 0x95,
+	0xf3, 0x13, 0x91, 0x4a, 0x89, 0x34, 0x0c, 0x6e, 0x80, 0x8c, 0x20, 0xd2, 0x64, 0x70, 0x63, 0xe6,
+	0x7a, 0x12, 0x99, 0x70, 0xba, 0xf9, 0x41, 0xbf, 0x92, 0xa9, 0x13, 0x89, 0x14, 0x95, 0xfd, 0xa7,
+	0x05, 0xce, 0x4e, 0xf4, 0x2a, 0x54, 0xc7, 0x71, 0x22, 0xc2, 0x80, 0x09, 0x15, 0x6f, 0xe6, 0x72,
+	0x71, 0x65, 0xe5, 0xf0, 0x35, 0x73, 0x4f, 0x98, 0x1c, 0x17, 0x91, 0xe1, 0x42, 0x31, 0x2b, 0xfc,
+	0x0e, 0xe4, 0x39, 0x79, 0xd9, 0x23, 0x42, 0xa5, 0xf4, 0xa9, 0x0e, 0x8e, 0x1b, 0x07, 0x79, 0x14,
+	0x51, 0xa1, 0x21, 0xa7, 0xfd, 0x1a, 0x9c, 0x18, 0x33, 0x16, 0xd0, 0x07, 0xf9, 0xe8, 0xa4, 0x84,
+	0xb9, 0x45, 0xb7, 0x3e, 0xb5, 0x0f, 0x44, 0xe2, 0xd9, 0x08, 0xd0, 0x90, 0xda, 0xfe, 0x39, 0x03,
+	0x8e, 0x68, 0xd0, 0x1a, 0x6b, 0x71, 0x22, 0x84, 0xea, 0xcf, 0x76, 0x20, 0xe4, 0x78, 0x7f, 0x3e,
+	0x08, 0x84, 0x44, 0x5a, 0x03, 0x57, 0x00, 0xd0, 0xfe, 0xb8, 0xea, 0x59, 0x7d, 0xc2, 0x85, 0xe4,
+	0xbe, 0xa2, 0x58, 0x83, 0x52, 0x56, 0xb0, 0x03, 0x80, 0x17, 0x30, 0x9f, 0x46, 0xf9, 0x64, 0x74,
+	0x09, 0x6f, 0xce, 0x9a, 0x8f, 0x09, 0x6d, 0x75, 0x48, 0x90, 0x78, 0x8b, 0x45, 0x02, 0xa5, 0xf8,
+	0x61, 0x03, 0x1c, 0x7b, 0x45, 0x3b, 0xbe, 0x87, 0xb9, 0xbf, 0x11, 0x74, 0xa8, 0xb7, 0x53, 0xca,
+	0xea, 0x28, 0xaf, 0x1a, 0xdc, 0xb1, 0x67, 0x23, 0xda, 0xbd, 0x7e, 0x05, 0x8e, 0x4a, 0x74, 0x23,
+	0x8f, 0x71, 0xc0, 0x6f, 0xc1, 0xb9, 0x28, 0xa3, 0x55, 0xcc, 0x02, 0x46, 0x3d, 0xdc, 0x51, 0x45,
+	0xd1, 0x97, 0x39, 0xa7, 0xe9, 0x2b, 0x86, 0xfe, 0x1c, 0x9a, 0x6c, 0x86, 0xa6, 0xe1, 0xed, 0x7f,
+	0xe6, 0xc1, 0x99, 0x89, 0xa9, 0xce, 0x74, 0x0d, 0xc7, 0x41, 0xa9, 0x6b, 0x58, 0x8b, 0x27, 0x5b,
+	0x74, 0x4e, 0xd7, 0x47, 0x27, 0xd5, 0x5e, 0xbf, 0x32, 0x61, 0x71, 0x39, 0x31, 0xd3, 0xe8, 0x3c,
+	0x83, 0xff, 0x07, 0x0b, 0x9c, 0x60, 0x11, 0x30, 0x3d, 0x27, 0x0b, 0xc9, 0x68, 0x41, 0x5a, 0x8a,
+	0x8c, 0x16, 0x5e, 0x01, 0xf9, 0x2e, 0x11, 0x02, 0xb7, 0x88, 0x29, 0x7c, 0xdc, 0x7f, 0x8f, 0x23,
+	0x31, 0x1a, 0xea, 0x21, 0x07, 0xb0, 0x83, 0x85, 0x6c, 0x70, 0xcc, 0x44, 0x14, 0x3c, 0x35, 0xf5,
+	0x2c, 0xae, 0x7c, 0x36, 0xdb, 0xda, 0x50, 0x08, 0xf7, 0xec, 0xa0, 0x5f, 0x81, 0xb5, 0x7d, 0x4c,
+	0x68, 0x02, 0xbb, 0xfd, 0x87, 0x05, 0x0a, 0xba, 0x70, 0x35, 0x2a, 0x24, 0x7c, 0xb1, 0x6f, 0x5d,
+	0x39, 0xb3, 0xf9, 0x55, 0x68, 0xbd, 0xac, 0xe2, 0xc1, 0x31, 0x94, 0xa4, 0x56, 0xd5, 0x63, 0x90,
+	0xa3, 0x92, 0x74, 0x85, 0x19, 0x1b, 0x97, 0x67, 0xed, 0x79, 0xf7, 0xa8, 0x21, 0xcd, 0xad, 0x29,
+	0x38, 0x8a, 0x58, 0xec, 0x97, 0x26, 0xf2, 0x8d, 0x80, 0x4b, 0xe8, 0x03, 0x20, 0x31, 0x6f, 0x11,
+	0xa9, 0xbe, 0x0e, 0x5c, 0xb5, 0x6a, 0xed, 0x3b, 0xd1, 0xda, 0x77, 0xd6, 0x98, 0x7c, 0xc2, 0xeb,
+	0x92, 0x53, 0xd6, 0x4a, 0x2e, 0x53, 0x23, 0xe6, 0x42, 0x29, 0x5e, 0xfb, 0x16, 0x80, 0xfb, 0x67,
+	0x33, 0xfc, 0x1f, 0xc8, 0x6d, 0xe3, 0x4e, 0x6f, 0xd8, 0x98, 0x71, 0xb4, 0x4f, 0x95, 0x10, 0x45,
+	0x3a, 0xfb, 0xb7, 0x9c, 0x09, 0x57, 0xed, 0xda, 0x19, 0x26, 0x4b, 0x15, 0x14, 0x44, 0x6f, 0xd3,
+	0x0f, 0xba, 0x98, 0xb2, 0xd2, 0xa2, 0x36, 0x3b, 0x69, 0xcc, 0x0a, 0xf5, 0xa1, 0x02, 0x25, 0x36,
+	0x8a, 0x32, 0xc4, 0xb2, 0x6d, 0x9a, 0x3b, 0xa6, 0xdc, 0xc0, 0xb2, 0x8d, 0xb4, 0x06, 0xd6, 0xc1,
+	0xbc, 0x0c, 0xcc, 0x5a, 0xff, 0x6a, 0xd6, 0xe2, 0x47, 0x95, 0x88, 0x5f, 0x3f, 0x2e, 0x30, 0xc4,
+	0xf3, 0x8d, 0x00, 0xcd, 0xcb, 0x00, 0xbe, 0xb1, 0xc0, 0x49, 0xdc, 0x91, 0x84, 0x33, 0x2c, 0x89,
+	0x8b, 0xbd, 0x2d, 0xc2, 0x7c, 0x51, 0xca, 0xea, 0x13, 0xfe, 0x64, 0x27, 0xe7, 0x8d, 0x93, 0x93,
+	0x77, 0xc6, 0x99, 0xd1, 0x7e, 0x67, 0xf0, 0x21, 0xc8, 0x86, 0xea, 0xd4, 0x73, 0x87, 0x7b, 0x02,
+	0xa9, 0x13, 0x75, 0x17, 0x75, 0x8d, 0xd4, 0x39, 0x6b, 0x0e, 0x78, 0x1f, 0x64, 0x64, 0x47, 0x94,
+	0x16, 0x66, 0xa6, 0x6a, 0xd4, 0xea, 0xab, 0x01, 0x6b, 0xd2, 0x56, 0xb4, 0xa2, 0x1b, 0xb5, 0x3a,
+	0x52, 0x0c, 0x13, 0xe6, 0x6e, 0xfe, 0x3f, 0x98, 0xbb, 0x4d, 0x50, 0x6c, 0x4b, 0x19, 0x9a, 0xbd,
+	0x58, 0x2a, 0xe8, 0x30, 0xaf, 0x1d, 0x7e, 0x19, 0x0a, 0xf7, 0xf8, 0xa0, 0x5f, 0x29, 0xa6, 0x04,
+	0x28, 0x4d, 0x6c, 0x53, 0x50, 0x4c, 0x3d, 0xea, 0xe0, 0x73, 0x90, 0xa7, 0xd1, 0x60, 0x35, 0x6f,
+	0x8a, 0xea, 0x21, 0xf7, 0x55, 0x32, 0xf5, 0x8c, 0x00, 0x0d, 0x09, 0xed, 0x1f, 0xc1, 0xe9, 0x49,
+	0x3d, 0xa0, 0xfa, 0x79, 0x8b, 0x32, 0x7f, 0xfc, 0x8a, 0x3c, 0xa2, 0xcc, 0x47, 0x5a, 0x13, 0x3f,
+	0x1f, 0xe7, 0xa7, 0x3e, 0x1f, 0x6d, 0xb0, 0xf0, 0x8a, 0xd0, 0x56, 0x5b, 0xea, 0xae, 0xcf, 0xb9,
+	0x40, 0x0d, 0xe8, 0x67, 0x5a, 0x82, 0x8c, 0xc6, 0x0e, 0x4c, 0xaa, 0xbc, 0xde, 0xc6, 0xdc, 0xd7,
+	0xf7, 0x4e, 0xfd, 0x58, 0x4f, 0x1e, 0xa6, 0xc9, 0xbd, 0x1b, 0x2a, 0x50, 0x62, 0xa3, 0x00, 0x3e,
+	0x13, 0xf5, 0x5e, 0xb3, 0x49, 0x5f, 0x9b, 0x50, 0x62, 0xc0, 0xdd, 0xf5, 0x7a, 0xa4, 0x40, 0x89,
+	0x8d, 0xbd, 0x9b, 0x05, 0x85, 0xb8, 0x6b, 0xe0, 0x23, 0x50, 0x94, 0x84, 0x77, 0x29, 0xc3, 0xfa,
+	0x99, 0x3b, 0xba, 0xdb, 0x8a, 0x8d, 0x44, 0xa5, 0x3a, 0xa4, 0x51, 0xab, 0xa7, 0x24, 0xba, 0x43,
+	0xd2, 0x68, 0x78, 0x03, 0x14, 0x3d, 0xc2, 0x25, 0x6d, 0x52, 0x0f, 0xcb, 0x61, 0x61, 0x4e, 0x0d,
+	0xc9, 0x56, 0x13, 0x15, 0x4a, 0xdb, 0xc1, 0x0b, 0x20, 0xb3, 0x45, 0x76, 0xcc, 0x22, 0x2b, 0x1a,
+	0xf3, 0xcc, 0x23, 0xb2, 0x83, 0x94, 0x1c, 0x7e, 0x0d, 0x8e, 0x7a, 0x38, 0x05, 0x36, 0x8b, 0xec,
+	0x8c, 0x31, 0x3c, 0xba, 0x7a, 0x27, 0xcd, 0x3c, 0x6a, 0x0b, 0x5f, 0x80, 0x92, 0x4f, 0x84, 0x34,
+	0x11, 0x8e, 0x98, 0x9a, 0xa7, 0xc2, 0x45, 0xc3, 0x53, 0xba, 0x3b, 0xc5, 0x0e, 0x4d, 0x65, 0x80,
+	0x6f, 0x2d, 0x70, 0x81, 0x32, 0x41, 0xbc, 0x1e, 0x27, 0xf7, 0xfc, 0x16, 0x49, 0x55, 0xc7, 0xdc,
+	0xba, 0x05, 0xed, 0xe3, 0xa1, 0xf1, 0x71, 0x61, 0xed, 0x63, 0xc6, 0x7b, 0xfd, 0xca, 0xa5, 0x8f,
+	0x1a, 0xe8, 0x8a, 0x7f, 0xdc, 0x21, 0xfc, 0xc9, 0x02, 0xa7, 0xc8, 0x6b, 0x3d, 0xa3, 0x3a, 0xe9,
+	0x64, 0xf3, 0x33, 0xcf, 0xdd, 0x49, 0x7f, 0x75, 0xba, 0xe7, 0x06, 0xfd, 0xca, 0xa9, 0x7b, 0xfb,
+	0x79, 0xd1, 0x24, 0x67, 0xee, 0xfd, 0x77, 0xbb, 0xe5, 0xb9, 0xf7, 0xbb, 0xe5, 0xb9, 0x0f, 0xbb,
+	0xe5, 0xb9, 0x37, 0x83, 0xb2, 0xf5, 0x6e, 0x50, 0xb6, 0xde, 0x0f, 0xca, 0xd6, 0x87, 0x41, 0xd9,
+	0xfa, 0x6b, 0x50, 0xb6, 0xde, 0xfe, 0x5d, 0x9e, 0x7b, 0x7e, 0xe9, 0xc0, 0xff, 0x16, 0xfc, 0x1b,
+	0x00, 0x00, 0xff, 0xff, 0x62, 0x5d, 0xac, 0x2e, 0x51, 0x10, 0x00, 0x00,
 }
 
 func (m *LocalObjectReference) Marshal() (dAtA []byte, err error) {
@@ -517,6 +675,168 @@ func (m *Route) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *RouteHTTPHeader) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RouteHTTPHeader) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RouteHTTPHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.Action.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *RouteHTTPHeaderActionUnion) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RouteHTTPHeaderActionUnion) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RouteHTTPHeaderActionUnion) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.Set != nil {
+		{
+			size, err := m.Set.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x12
+	}
+	i -= len(m.Type)
+	copy(dAtA[i:], m.Type)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Type)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *RouteHTTPHeaderActions) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RouteHTTPHeaderActions) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RouteHTTPHeaderActions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if len(m.Request) > 0 {
+		for iNdEx := len(m.Request) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Request[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x12
+		}
+	}
+	if len(m.Response) > 0 {
+		for iNdEx := len(m.Response) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Response[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *RouteHTTPHeaders) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RouteHTTPHeaders) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RouteHTTPHeaders) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	{
+		size, err := m.Actions.MarshalToSizedBuffer(dAtA[:i])
+		if err != nil {
+			return 0, err
+		}
+		i -= size
+		i = encodeVarintGenerated(dAtA, i, uint64(size))
+	}
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func (m *RouteIngress) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -709,7 +1029,7 @@ func (m *RoutePort) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
-func (m *RouteSpec) Marshal() (dAtA []byte, err error) {
+func (m *RouteSetHTTPHeader) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -719,33 +1039,73 @@ func (m *RouteSpec) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *RouteSpec) MarshalTo(dAtA []byte) (int, error) {
+func (m *RouteSetHTTPHeader) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *RouteSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *RouteSetHTTPHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
 	_ = l
-	i -= len(m.Subdomain)
-	copy(dAtA[i:], m.Subdomain)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Subdomain)))
-	i--
-	dAtA[i] = 0x42
-	i -= len(m.WildcardPolicy)
-	copy(dAtA[i:], m.WildcardPolicy)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.WildcardPolicy)))
+	i -= len(m.Value)
+	copy(dAtA[i:], m.Value)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Value)))
 	i--
-	dAtA[i] = 0x3a
-	if m.TLS != nil {
-		{
-			size, err := m.TLS.MarshalToSizedBuffer(dAtA[:i])
-			if err != nil {
-				return 0, err
-			}
-			i -= size
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
+func (m *RouteSpec) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *RouteSpec) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *RouteSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.HTTPHeaders != nil {
+		{
+			size, err := m.HTTPHeaders.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
+		}
+		i--
+		dAtA[i] = 0x4a
+	}
+	i -= len(m.Subdomain)
+	copy(dAtA[i:], m.Subdomain)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Subdomain)))
+	i--
+	dAtA[i] = 0x42
+	i -= len(m.WildcardPolicy)
+	copy(dAtA[i:], m.WildcardPolicy)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.WildcardPolicy)))
+	i--
+	dAtA[i] = 0x3a
+	if m.TLS != nil {
+		{
+			size, err := m.TLS.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
 			i = encodeVarintGenerated(dAtA, i, uint64(size))
 		}
 		i--
@@ -928,16 +1288,18 @@ func (m *TLSConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
-	{
-		size, err := m.ExternalCertificate.MarshalToSizedBuffer(dAtA[:i])
-		if err != nil {
-			return 0, err
+	if m.ExternalCertificate != nil {
+		{
+			size, err := m.ExternalCertificate.MarshalToSizedBuffer(dAtA[:i])
+			if err != nil {
+				return 0, err
+			}
+			i -= size
+			i = encodeVarintGenerated(dAtA, i, uint64(size))
 		}
-		i -= size
-		i = encodeVarintGenerated(dAtA, i, uint64(size))
+		i--
+		dAtA[i] = 0x3a
 	}
-	i--
-	dAtA[i] = 0x3a
 	i -= len(m.InsecureEdgeTerminationPolicy)
 	copy(dAtA[i:], m.InsecureEdgeTerminationPolicy)
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.InsecureEdgeTerminationPolicy)))
@@ -1008,6 +1370,66 @@ func (m *Route) Size() (n int) {
 	return n
 }
 
+func (m *RouteHTTPHeader) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = m.Action.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
+func (m *RouteHTTPHeaderActionUnion) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Type)
+	n += 1 + l + sovGenerated(uint64(l))
+	if m.Set != nil {
+		l = m.Set.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
+	return n
+}
+
+func (m *RouteHTTPHeaderActions) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Response) > 0 {
+		for _, e := range m.Response {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	if len(m.Request) > 0 {
+		for _, e := range m.Request {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
+	return n
+}
+
+func (m *RouteHTTPHeaders) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = m.Actions.Size()
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
 func (m *RouteIngress) Size() (n int) {
 	if m == nil {
 		return 0
@@ -1080,6 +1502,17 @@ func (m *RoutePort) Size() (n int) {
 	return n
 }
 
+func (m *RouteSetHTTPHeader) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Value)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
 func (m *RouteSpec) Size() (n int) {
 	if m == nil {
 		return 0
@@ -1110,6 +1543,10 @@ func (m *RouteSpec) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = len(m.Subdomain)
 	n += 1 + l + sovGenerated(uint64(l))
+	if m.HTTPHeaders != nil {
+		l = m.HTTPHeaders.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -1175,8 +1612,10 @@ func (m *TLSConfig) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = len(m.InsecureEdgeTerminationPolicy)
 	n += 1 + l + sovGenerated(uint64(l))
-	l = m.ExternalCertificate.Size()
-	n += 1 + l + sovGenerated(uint64(l))
+	if m.ExternalCertificate != nil {
+		l = m.ExternalCertificate.Size()
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -1208,6 +1647,59 @@ func (this *Route) String() string {
 	}, "")
 	return s
 }
+func (this *RouteHTTPHeader) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RouteHTTPHeader{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Action:` + strings.Replace(strings.Replace(this.Action.String(), "RouteHTTPHeaderActionUnion", "RouteHTTPHeaderActionUnion", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RouteHTTPHeaderActionUnion) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RouteHTTPHeaderActionUnion{`,
+		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
+		`Set:` + strings.Replace(this.Set.String(), "RouteSetHTTPHeader", "RouteSetHTTPHeader", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RouteHTTPHeaderActions) String() string {
+	if this == nil {
+		return "nil"
+	}
+	repeatedStringForResponse := "[]RouteHTTPHeader{"
+	for _, f := range this.Response {
+		repeatedStringForResponse += strings.Replace(strings.Replace(f.String(), "RouteHTTPHeader", "RouteHTTPHeader", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForResponse += "}"
+	repeatedStringForRequest := "[]RouteHTTPHeader{"
+	for _, f := range this.Request {
+		repeatedStringForRequest += strings.Replace(strings.Replace(f.String(), "RouteHTTPHeader", "RouteHTTPHeader", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForRequest += "}"
+	s := strings.Join([]string{`&RouteHTTPHeaderActions{`,
+		`Response:` + repeatedStringForResponse + `,`,
+		`Request:` + repeatedStringForRequest + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func (this *RouteHTTPHeaders) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RouteHTTPHeaders{`,
+		`Actions:` + strings.Replace(strings.Replace(this.Actions.String(), "RouteHTTPHeaderActions", "RouteHTTPHeaderActions", 1), `&`, ``, 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *RouteIngress) String() string {
 	if this == nil {
 		return "nil"
@@ -1267,6 +1759,16 @@ func (this *RoutePort) String() string {
 	}, "")
 	return s
 }
+func (this *RouteSetHTTPHeader) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&RouteSetHTTPHeader{`,
+		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *RouteSpec) String() string {
 	if this == nil {
 		return "nil"
@@ -1285,6 +1787,7 @@ func (this *RouteSpec) String() string {
 		`TLS:` + strings.Replace(this.TLS.String(), "TLSConfig", "TLSConfig", 1) + `,`,
 		`WildcardPolicy:` + fmt.Sprintf("%v", this.WildcardPolicy) + `,`,
 		`Subdomain:` + fmt.Sprintf("%v", this.Subdomain) + `,`,
+		`HTTPHeaders:` + strings.Replace(this.HTTPHeaders.String(), "RouteHTTPHeaders", "RouteHTTPHeaders", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -1331,27 +1834,373 @@ func (this *TLSConfig) String() string {
 	if this == nil {
 		return "nil"
 	}
-	s := strings.Join([]string{`&TLSConfig{`,
-		`Termination:` + fmt.Sprintf("%v", this.Termination) + `,`,
-		`Certificate:` + fmt.Sprintf("%v", this.Certificate) + `,`,
-		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
-		`CACertificate:` + fmt.Sprintf("%v", this.CACertificate) + `,`,
-		`DestinationCACertificate:` + fmt.Sprintf("%v", this.DestinationCACertificate) + `,`,
-		`InsecureEdgeTerminationPolicy:` + fmt.Sprintf("%v", this.InsecureEdgeTerminationPolicy) + `,`,
-		`ExternalCertificate:` + strings.Replace(strings.Replace(this.ExternalCertificate.String(), "LocalObjectReference", "LocalObjectReference", 1), `&`, ``, 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
-func valueToStringGenerated(v interface{}) string {
-	rv := reflect.ValueOf(v)
-	if rv.IsNil() {
-		return "nil"
+	s := strings.Join([]string{`&TLSConfig{`,
+		`Termination:` + fmt.Sprintf("%v", this.Termination) + `,`,
+		`Certificate:` + fmt.Sprintf("%v", this.Certificate) + `,`,
+		`Key:` + fmt.Sprintf("%v", this.Key) + `,`,
+		`CACertificate:` + fmt.Sprintf("%v", this.CACertificate) + `,`,
+		`DestinationCACertificate:` + fmt.Sprintf("%v", this.DestinationCACertificate) + `,`,
+		`InsecureEdgeTerminationPolicy:` + fmt.Sprintf("%v", this.InsecureEdgeTerminationPolicy) + `,`,
+		`ExternalCertificate:` + strings.Replace(this.ExternalCertificate.String(), "LocalObjectReference", "LocalObjectReference", 1) + `,`,
+		`}`,
+	}, "")
+	return s
+}
+func valueToStringGenerated(v interface{}) string {
+	rv := reflect.ValueOf(v)
+	if rv.IsNil() {
+		return "nil"
+	}
+	pv := reflect.Indirect(rv).Interface()
+	return fmt.Sprintf("*%v", pv)
+}
+func (m *LocalObjectReference) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: LocalObjectReference: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: LocalObjectReference: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *Route) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: Route: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: Route: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RouteHTTPHeader) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RouteHTTPHeader: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RouteHTTPHeader: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if err := m.Action.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
 	}
-	pv := reflect.Indirect(rv).Interface()
-	return fmt.Sprintf("*%v", pv)
+	return nil
 }
-func (m *LocalObjectReference) Unmarshal(dAtA []byte) error {
+func (m *RouteHTTPHeaderActionUnion) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1374,15 +2223,15 @@ func (m *LocalObjectReference) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: LocalObjectReference: wiretype end group for non-group")
+			return fmt.Errorf("proto: RouteHTTPHeaderActionUnion: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: LocalObjectReference: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RouteHTTPHeaderActionUnion: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -1410,7 +2259,43 @@ func (m *LocalObjectReference) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.Name = string(dAtA[iNdEx:postIndex])
+			m.Type = RouteHTTPHeaderActionType(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Set", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.Set == nil {
+				m.Set = &RouteSetHTTPHeader{}
+			}
+			if err := m.Set.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
@@ -1433,7 +2318,7 @@ func (m *LocalObjectReference) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *Route) Unmarshal(dAtA []byte) error {
+func (m *RouteHTTPHeaderActions) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
 	for iNdEx < l {
@@ -1456,15 +2341,15 @@ func (m *Route) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: Route: wiretype end group for non-group")
+			return fmt.Errorf("proto: RouteHTTPHeaderActions: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: Route: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: RouteHTTPHeaderActions: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Response", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1491,13 +2376,14 @@ func (m *Route) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Response = append(m.Response, RouteHTTPHeader{})
+			if err := m.Response[len(m.Response)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Request", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1524,13 +2410,64 @@ func (m *Route) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			m.Request = append(m.Request, RouteHTTPHeader{})
+			if err := m.Request[len(m.Request)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
-		case 3:
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *RouteHTTPHeaders) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RouteHTTPHeaders: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RouteHTTPHeaders: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field Actions", wireType)
 			}
 			var msglen int
 			for shift := uint(0); ; shift += 7 {
@@ -1557,7 +2494,7 @@ func (m *Route) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			if err := m.Status.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+			if err := m.Actions.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
 			iNdEx = postIndex
@@ -2208,6 +3145,88 @@ func (m *RoutePort) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *RouteSetHTTPHeader) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: RouteSetHTTPHeader: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: RouteSetHTTPHeader: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Value = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *RouteSpec) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -2504,6 +3523,42 @@ func (m *RouteSpec) Unmarshal(dAtA []byte) error {
 			}
 			m.Subdomain = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field HTTPHeaders", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.HTTPHeaders == nil {
+				m.HTTPHeaders = &RouteHTTPHeaders{}
+			}
+			if err := m.HTTPHeaders.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -3107,6 +4162,9 @@ func (m *TLSConfig) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
+			if m.ExternalCertificate == nil {
+				m.ExternalCertificate = &LocalObjectReference{}
+			}
 			if err := m.ExternalCertificate.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
 				return err
 			}
diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto
index 93d78bf19..d31fa5222 100644
--- a/vendor/github.com/openshift/api/route/v1/generated.proto
+++ b/vendor/github.com/openshift/api/route/v1/generated.proto
@@ -57,6 +57,7 @@ message Route {
   optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
 
   // spec is the desired state of the route
+  // +kubebuilder:validation:XValidation:rule="!has(self.tls) || self.tls.termination != 'passthrough' || !has(self.httpHeaders)",message="header actions are not permitted when tls termination is passthrough."
   optional RouteSpec spec = 2;
 
   // status is the current state of the route
@@ -64,6 +65,131 @@ message Route {
   optional RouteStatus status = 3;
 }
 
+// RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+message RouteHTTPHeader {
+  // name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header
+  // name as defined in RFC 2616 section 4.2.
+  // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`".
+  // The following header names are reserved and may not be modified via this API:
+  // Strict-Transport-Security, Proxy, Cookie, Set-Cookie.
+  // It must be no more than 255 characters in length.
+  // Header name must be unique.
+  // +kubebuilder:validation:Required
+  // +kubebuilder:validation:MinLength=1
+  // +kubebuilder:validation:MaxLength=255
+  // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$"
+  // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions"
+  // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions"
+  // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions"
+  // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions"
+  optional string name = 1;
+
+  // action specifies actions to perform on headers, such as setting or deleting headers.
+  // +kubebuilder:validation:Required
+  optional RouteHTTPHeaderActionUnion action = 2;
+}
+
+// RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.
+// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ?  has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise"
+// +union
+message RouteHTTPHeaderActionUnion {
+  // type defines the type of the action to be applied on the header.
+  // Possible values are Set or Delete.
+  // Set allows you to set HTTP request and response headers.
+  // Delete allows you to delete HTTP request and response headers.
+  // +unionDiscriminator
+  // +kubebuilder:validation:Enum:=Set;Delete
+  // +kubebuilder:validation:Required
+  optional string type = 1;
+
+  // set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does.
+  // This field is required when type is Set and forbidden otherwise.
+  // +optional
+  // +unionMember
+  optional RouteSetHTTPHeader set = 2;
+}
+
+// RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.
+message RouteHTTPHeaderActions {
+  // response is a list of HTTP response headers to modify.
+  // Currently, actions may define to either `Set` or `Delete` headers values.
+  // Actions defined here will modify the response headers of all requests made through a route.
+  // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route.
+  // Route actions will be executed before IngressController actions for response headers.
+  // Actions are applied in sequence as defined in this list.
+  // A maximum of 20 response header actions may be configured.
+  // You can use this field to specify HTTP response headers that should be set or deleted
+  // when forwarding responses from your application to the client.
+  // Sample fetchers allowed are "res.hdr" and "ssl_c_der".
+  // Converters allowed are "lower" and "base64".
+  // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+  // Note: This field cannot be used if your route uses TLS passthrough.
+  // + ---
+  // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa.
+  // +listType=map
+  // +listMapKey=name
+  // +optional
+  // +kubebuilder:validation:MaxItems=20
+  // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64."
+  repeated RouteHTTPHeader response = 1;
+
+  // request is a list of HTTP request headers to modify.
+  // Currently, actions may define to either `Set` or `Delete` headers values.
+  // Actions defined here will modify the request headers of all requests made through a route.
+  // These actions are applied to a specific Route defined within a cluster i.e. connections made through a route.
+  // Currently, actions may define to either `Set` or `Delete` headers values.
+  // Route actions will be executed after IngressController actions for request headers.
+  // Actions are applied in sequence as defined in this list.
+  // A maximum of 20 request header actions may be configured.
+  // You can use this field to specify HTTP request headers that should be set or deleted
+  // when forwarding connections from the client to your application.
+  // Sample fetchers allowed are "req.hdr" and "ssl_c_der".
+  // Converters allowed are "lower" and "base64".
+  // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+  // Any request header configuration applied directly via a Route resource using this API
+  // will override header configuration for a header of the same name applied via
+  // spec.httpHeaders.actions on the IngressController or route annotation.
+  // Note: This field cannot be used if your route uses TLS passthrough.
+  // + ---
+  // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa.
+  // +listType=map
+  // +listMapKey=name
+  // +optional
+  // +kubebuilder:validation:MaxItems=20
+  // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64."
+  repeated RouteHTTPHeader request = 2;
+}
+
+// RouteHTTPHeaders defines policy for HTTP headers.
+message RouteHTTPHeaders {
+  // actions specifies options for modifying headers and their values.
+  // Note that this option only applies to cleartext HTTP connections
+  // and to secure HTTP connections for which the ingress controller
+  // terminates encryption (that is, edge-terminated or reencrypt
+  // connections).  Headers cannot be modified for TLS passthrough
+  // connections.
+  // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions.
+  // `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header"
+  // route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies.
+  // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after
+  // the actions specified in the IngressController's spec.httpHeaders.actions field.
+  // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be
+  // executed after the actions specified in the Route's spec.httpHeaders.actions field.
+  // The headers set via this API will not appear in access logs.
+  // Any actions defined here are applied after any actions related to the following other fields:
+  // cache-control, spec.clientTLS,
+  // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId,
+  // and spec.httpHeaders.headerNameCaseAdjustments.
+  // The following header names are reserved and may not be modified via this API:
+  // Strict-Transport-Security, Proxy, Cookie, Set-Cookie.
+  // Note that the total size of all net added headers *after* interpolating dynamic values
+  // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the
+  // IngressController. Please refer to the documentation
+  // for that API field for more details.
+  // +optional
+  optional RouteHTTPHeaderActions actions = 1;
+}
+
 // RouteIngress holds information about the places where a route is exposed.
 message RouteIngress {
   // Host is the host string under which the route is exposed; this value is required
@@ -126,6 +252,25 @@ message RoutePort {
   optional k8s.io.apimachinery.pkg.util.intstr.IntOrString targetPort = 1;
 }
 
+// RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.
+message RouteSetHTTPHeader {
+  // value specifies a header value.
+  // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in
+  // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and
+  // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.
+  // The value of this field must be no more than 16384 characters in length.
+  // Note that the total size of all net added headers *after* interpolating dynamic values
+  // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the
+  // IngressController.
+  // + ---
+  // + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit.
+  // + See <https://www.geekersdigest.com/max-http-request-header-size-server-comparison/>.
+  // +kubebuilder:validation:Required
+  // +kubebuilder:validation:MinLength=1
+  // +kubebuilder:validation:MaxLength=16384
+  optional string value = 1;
+}
+
 // RouteSpec describes the hostname or path the route exposes, any security information,
 // and one to four backends (services) the route points to. Requests are distributed
 // among the backends depending on the weights assigned to each backend. When using
@@ -202,6 +347,11 @@ message RouteSpec {
   // +kubebuilder:validation:Enum=None;Subdomain;""
   // +kubebuilder:default=None
   optional string wildcardPolicy = 7;
+
+  // httpHeaders defines policy for HTTP headers.
+  //
+  // +optional
+  optional RouteHTTPHeaders httpHeaders = 9;
 }
 
 // RouteStatus provides relevant info about the status of a route, including which routers
@@ -262,6 +412,7 @@ message TLSConfig {
   // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination
   // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend
   //
+  // Note: passthrough termination is incompatible with httpHeader actions
   // +kubebuilder:validation:Enum=edge;reencrypt;passthrough
   optional string termination = 1;
 
diff --git a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml
index 7e5ebd227..13461f666 100644
--- a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml
@@ -82,6 +82,130 @@ spec:
                   type: string
                   maxLength: 253
                   pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
+                httpHeaders:
+                  description: httpHeaders defines policy for HTTP headers.
+                  type: object
+                  properties:
+                    actions:
+                      description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.'
+                      type: object
+                      properties:
+                        request:
+                          description: 'request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.'
+                          type: array
+                          maxItems: 20
+                          items:
+                            description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+                            type: object
+                            required:
+                              - action
+                              - name
+                            properties:
+                              action:
+                                description: action specifies actions to perform on headers, such as setting or deleting headers.
+                                type: object
+                                required:
+                                  - type
+                                properties:
+                                  set:
+                                    description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.'
+                                    type: object
+                                    required:
+                                      - value
+                                    properties:
+                                      value:
+                                        description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+                                        type: string
+                                        maxLength: 16384
+                                        minLength: 1
+                                  type:
+                                    description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+                                    type: string
+                                    enum:
+                                      - Set
+                                      - Delete
+                                x-kubernetes-validations:
+                                  - rule: 'has(self.type) && self.type == ''Set'' ?  has(self.set) : !has(self.set)'
+                                    message: set is required when type is Set, and forbidden otherwise
+                              name:
+                                description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.'
+                                type: string
+                                maxLength: 255
+                                minLength: 1
+                                pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$
+                                x-kubernetes-validations:
+                                  - rule: self.lowerAscii() != 'strict-transport-security'
+                                    message: strict-transport-security header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'proxy'
+                                    message: proxy header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'cookie'
+                                    message: cookie header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'set-cookie'
+                                    message: set-cookie header may not be modified via header actions
+                          x-kubernetes-list-map-keys:
+                            - name
+                          x-kubernetes-list-type: map
+                          x-kubernetes-validations:
+                            - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))
+                              message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64.
+                        response:
+                          description: 'response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.'
+                          type: array
+                          maxItems: 20
+                          items:
+                            description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+                            type: object
+                            required:
+                              - action
+                              - name
+                            properties:
+                              action:
+                                description: action specifies actions to perform on headers, such as setting or deleting headers.
+                                type: object
+                                required:
+                                  - type
+                                properties:
+                                  set:
+                                    description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.'
+                                    type: object
+                                    required:
+                                      - value
+                                    properties:
+                                      value:
+                                        description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+                                        type: string
+                                        maxLength: 16384
+                                        minLength: 1
+                                  type:
+                                    description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+                                    type: string
+                                    enum:
+                                      - Set
+                                      - Delete
+                                x-kubernetes-validations:
+                                  - rule: 'has(self.type) && self.type == ''Set'' ?  has(self.set) : !has(self.set)'
+                                    message: set is required when type is Set, and forbidden otherwise
+                              name:
+                                description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.'
+                                type: string
+                                maxLength: 255
+                                minLength: 1
+                                pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$
+                                x-kubernetes-validations:
+                                  - rule: self.lowerAscii() != 'strict-transport-security'
+                                    message: strict-transport-security header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'proxy'
+                                    message: proxy header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'cookie'
+                                    message: cookie header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'set-cookie'
+                                    message: set-cookie header may not be modified via header actions
+                          x-kubernetes-list-map-keys:
+                            - name
+                          x-kubernetes-list-type: map
+                          x-kubernetes-validations:
+                            - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))
+                              message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64.
                 path:
                   description: path that the router watches for, to route traffic for to the service. Optional
                   type: string
@@ -138,17 +262,17 @@ spec:
                       description: key provides key file contents
                       type: string
                     termination:
-                      description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend"
+                      description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend \n Note: passthrough termination is incompatible with httpHeader actions"
                       type: string
                       enum:
                         - edge
                         - reencrypt
                         - passthrough
                   x-kubernetes-validations:
-                    - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) : true'
-                      message: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow'
                     - rule: '!(has(self.certificate) && has(self.externalCertificate))'
                       message: cannot have both spec.tls.certificate and spec.tls.externalCertificate
+                    - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) : true'
+                      message: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow'
                 to:
                   description: to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.
                   type: object
@@ -182,6 +306,9 @@ spec:
                     - None
                     - Subdomain
                     - ""
+              x-kubernetes-validations:
+                - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || !has(self.httpHeaders)'
+                  message: header actions are not permitted when tls termination is passthrough.
             status:
               description: status is the current state of the route
               type: object
diff --git a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml
index d9b016564..87b617cac 100644
--- a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml
@@ -82,6 +82,130 @@ spec:
                   type: string
                   maxLength: 253
                   pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
+                httpHeaders:
+                  description: httpHeaders defines policy for HTTP headers.
+                  type: object
+                  properties:
+                    actions:
+                      description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.'
+                      type: object
+                      properties:
+                        request:
+                          description: 'request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.'
+                          type: array
+                          maxItems: 20
+                          items:
+                            description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+                            type: object
+                            required:
+                              - action
+                              - name
+                            properties:
+                              action:
+                                description: action specifies actions to perform on headers, such as setting or deleting headers.
+                                type: object
+                                required:
+                                  - type
+                                properties:
+                                  set:
+                                    description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.'
+                                    type: object
+                                    required:
+                                      - value
+                                    properties:
+                                      value:
+                                        description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+                                        type: string
+                                        maxLength: 16384
+                                        minLength: 1
+                                  type:
+                                    description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+                                    type: string
+                                    enum:
+                                      - Set
+                                      - Delete
+                                x-kubernetes-validations:
+                                  - rule: 'has(self.type) && self.type == ''Set'' ?  has(self.set) : !has(self.set)'
+                                    message: set is required when type is Set, and forbidden otherwise
+                              name:
+                                description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.'
+                                type: string
+                                maxLength: 255
+                                minLength: 1
+                                pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$
+                                x-kubernetes-validations:
+                                  - rule: self.lowerAscii() != 'strict-transport-security'
+                                    message: strict-transport-security header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'proxy'
+                                    message: proxy header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'cookie'
+                                    message: cookie header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'set-cookie'
+                                    message: set-cookie header may not be modified via header actions
+                          x-kubernetes-list-map-keys:
+                            - name
+                          x-kubernetes-list-type: map
+                          x-kubernetes-validations:
+                            - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))
+                              message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64.
+                        response:
+                          description: 'response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.'
+                          type: array
+                          maxItems: 20
+                          items:
+                            description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+                            type: object
+                            required:
+                              - action
+                              - name
+                            properties:
+                              action:
+                                description: action specifies actions to perform on headers, such as setting or deleting headers.
+                                type: object
+                                required:
+                                  - type
+                                properties:
+                                  set:
+                                    description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.'
+                                    type: object
+                                    required:
+                                      - value
+                                    properties:
+                                      value:
+                                        description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+                                        type: string
+                                        maxLength: 16384
+                                        minLength: 1
+                                  type:
+                                    description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+                                    type: string
+                                    enum:
+                                      - Set
+                                      - Delete
+                                x-kubernetes-validations:
+                                  - rule: 'has(self.type) && self.type == ''Set'' ?  has(self.set) : !has(self.set)'
+                                    message: set is required when type is Set, and forbidden otherwise
+                              name:
+                                description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.'
+                                type: string
+                                maxLength: 255
+                                minLength: 1
+                                pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$
+                                x-kubernetes-validations:
+                                  - rule: self.lowerAscii() != 'strict-transport-security'
+                                    message: strict-transport-security header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'proxy'
+                                    message: proxy header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'cookie'
+                                    message: cookie header may not be modified via header actions
+                                  - rule: self.lowerAscii() != 'set-cookie'
+                                    message: set-cookie header may not be modified via header actions
+                          x-kubernetes-list-map-keys:
+                            - name
+                          x-kubernetes-list-type: map
+                          x-kubernetes-validations:
+                            - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))
+                              message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64.
                 path:
                   description: path that the router watches for, to route traffic for to the service. Optional
                   type: string
@@ -138,17 +262,17 @@ spec:
                       description: key provides key file contents
                       type: string
                     termination:
-                      description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend"
+                      description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend \n Note: passthrough termination is incompatible with httpHeader actions"
                       type: string
                       enum:
                         - edge
                         - reencrypt
                         - passthrough
                   x-kubernetes-validations:
-                    - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) : true'
-                      message: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow'
                     - rule: '!(has(self.certificate) && has(self.externalCertificate))'
                       message: cannot have both spec.tls.certificate and spec.tls.externalCertificate
+                    - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) : true'
+                      message: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow'
                 to:
                   description: to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.
                   type: object
@@ -182,6 +306,9 @@ spec:
                     - None
                     - Subdomain
                     - ""
+              x-kubernetes-validations:
+                - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || !has(self.httpHeaders)'
+                  message: header actions are not permitted when tls termination is passthrough.
             status:
               description: status is the current state of the route
               type: object
diff --git a/vendor/github.com/openshift/api/route/v1/route.crd.yaml b/vendor/github.com/openshift/api/route/v1/route.crd.yaml
index d4a7dfcf8..cda46fc33 100644
--- a/vendor/github.com/openshift/api/route/v1/route.crd.yaml
+++ b/vendor/github.com/openshift/api/route/v1/route.crd.yaml
@@ -101,6 +101,130 @@ spec:
                   maxLength: 253
                   pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
                   type: string
+                httpHeaders:
+                  description: httpHeaders defines policy for HTTP headers.
+                  properties:
+                    actions:
+                      description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.'
+                      properties:
+                        request:
+                          description: 'request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.'
+                          items:
+                            description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+                            properties:
+                              action:
+                                description: action specifies actions to perform on headers, such as setting or deleting headers.
+                                properties:
+                                  set:
+                                    description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.'
+                                    properties:
+                                      value:
+                                        description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+                                        maxLength: 16384
+                                        minLength: 1
+                                        type: string
+                                    required:
+                                      - value
+                                    type: object
+                                  type:
+                                    description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+                                    enum:
+                                      - Set
+                                      - Delete
+                                    type: string
+                                required:
+                                  - type
+                                type: object
+                                x-kubernetes-validations:
+                                  - message: set is required when type is Set, and forbidden otherwise
+                                    rule: 'has(self.type) && self.type == ''Set'' ?  has(self.set) : !has(self.set)'
+                              name:
+                                description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.'
+                                maxLength: 255
+                                minLength: 1
+                                pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$
+                                type: string
+                                x-kubernetes-validations:
+                                  - message: strict-transport-security header may not be modified via header actions
+                                    rule: self.lowerAscii() != 'strict-transport-security'
+                                  - message: proxy header may not be modified via header actions
+                                    rule: self.lowerAscii() != 'proxy'
+                                  - message: cookie header may not be modified via header actions
+                                    rule: self.lowerAscii() != 'cookie'
+                                  - message: set-cookie header may not be modified via header actions
+                                    rule: self.lowerAscii() != 'set-cookie'
+                            required:
+                              - action
+                              - name
+                            type: object
+                          maxItems: 20
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - name
+                          x-kubernetes-list-type: map
+                          x-kubernetes-validations:
+                            - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64.
+                              rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))
+                        response:
+                          description: 'response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used if your route uses TLS passthrough.'
+                          items:
+                            description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+                            properties:
+                              action:
+                                description: action specifies actions to perform on headers, such as setting or deleting headers.
+                                properties:
+                                  set:
+                                    description: 'set defines the HTTP header that should be set: added if it doesn''t exist or replaced if it does. This field is required when type is Set and forbidden otherwise.'
+                                    properties:
+                                      value:
+                                        description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.
+                                        maxLength: 16384
+                                        minLength: 1
+                                        type: string
+                                    required:
+                                      - value
+                                    type: object
+                                  type:
+                                    description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.
+                                    enum:
+                                      - Set
+                                      - Delete
+                                    type: string
+                                required:
+                                  - type
+                                type: object
+                                x-kubernetes-validations:
+                                  - message: set is required when type is Set, and forbidden otherwise
+                                    rule: 'has(self.type) && self.type == ''Set'' ?  has(self.set) : !has(self.set)'
+                              name:
+                                description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.'
+                                maxLength: 255
+                                minLength: 1
+                                pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$
+                                type: string
+                                x-kubernetes-validations:
+                                  - message: strict-transport-security header may not be modified via header actions
+                                    rule: self.lowerAscii() != 'strict-transport-security'
+                                  - message: proxy header may not be modified via header actions
+                                    rule: self.lowerAscii() != 'proxy'
+                                  - message: cookie header may not be modified via header actions
+                                    rule: self.lowerAscii() != 'cookie'
+                                  - message: set-cookie header may not be modified via header actions
+                                    rule: self.lowerAscii() != 'set-cookie'
+                            required:
+                              - action
+                              - name
+                            type: object
+                          maxItems: 20
+                          type: array
+                          x-kubernetes-list-map-keys:
+                            - name
+                          x-kubernetes-list-type: map
+                          x-kubernetes-validations:
+                            - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64.
+                              rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))
+                      type: object
+                  type: object
                 path:
                   description: path that the router watches for, to route traffic for to the service. Optional
                   pattern: ^/
@@ -174,7 +298,7 @@ spec:
                       description: key provides key file contents
                       type: string
                     termination:
-                      description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend"
+                      description: "termination indicates termination type. \n * edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend \n Note: passthrough termination is incompatible with httpHeader actions"
                       enum:
                         - edge
                         - reencrypt
@@ -222,6 +346,9 @@ spec:
               required:
                 - to
               type: object
+              x-kubernetes-validations:
+                - message: header actions are not permitted when tls termination is passthrough.
+                  rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || !has(self.httpHeaders)'
             status:
               description: status is the current state of the route
               properties:
diff --git a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml
index 0031afdb5..d1e476673 100644
--- a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml
+++ b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml
@@ -82,3 +82,594 @@ tests:
           termination: passthrough
           insecureEdgeTerminationPolicy: None
         wildcardPolicy: None
+  - name: Should be able to create a Route with valid actions
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-actions
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: X-Frame-Options
+              action:
+                type: Set
+                set:
+                  value: DENY
+            - name: X-Cache-Info
+              action:
+                type: Set
+                set:
+                  value: "not cacheable; meta data too large"
+            - name: X-XSS-Protection
+              action:
+                type: Delete
+            - name: X-Source
+              action:
+                type: Set
+                set:
+                  value: "%[res.hdr(X-Value),lower]"         
+            request:
+            - name: Content-Location
+              action:
+                type: Set
+                set:
+                  value: /my-first-blog-post
+            - name: X-SSL-Client-Cert 
+              action:
+                type: Set
+                set:
+                  value: "%{+Q}[ssl_c_der,base64]"
+            - name:   Content-Language
+              action:
+                type: Delete
+            - name: X-Target
+              action:
+                type: Set
+                set:
+                  value: "%[req.hdr(host),lower]"
+            - name: X-Conditional
+              action:
+                type: Set
+                set:
+                  value: "%[req.hdr(Host)] if foo"
+            - name: X-Condition
+              action:
+                type: Set
+                set:
+                  value: "%[req.hdr(Host)]\ if\ foo"
+    expected: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-actions
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+          weight: 100
+        wildcardPolicy: None      
+        httpHeaders:
+          actions:
+            response:
+            - name: X-Frame-Options
+              action:
+                type: Set
+                set:
+                  value: DENY
+            - name: X-Cache-Info
+              action:
+                type: Set
+                set:
+                  value: "not cacheable; meta data too large"
+            - name: X-XSS-Protection
+              action:
+                type: Delete
+            - name: X-Source
+              action:
+                type: Set
+                set:
+                  value: "%[res.hdr(X-Value),lower]"        
+            request:
+            - name: Content-Location
+              action:
+                type: Set
+                set:
+                  value: /my-first-blog-post
+            - name: X-SSL-Client-Cert 
+              action:
+                type: Set
+                set:
+                  value: "%{+Q}[ssl_c_der,base64]"
+            - name:   Content-Language
+              action:
+                type: Delete
+            - name: X-Target
+              action:
+                type: Set
+                set:
+                  value: "%[req.hdr(host),lower]"
+            - name: X-Conditional
+              action:
+                type: Set
+                set:
+                  value: "%[req.hdr(Host)] if foo"
+            - name: X-Condition
+              action:
+                type: Set
+                set:
+                  value: "%[req.hdr(Host)]\ if\ foo"
+  - name: "Should not allow response header actions if tls termination is set to passthrough"
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-passthrough
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: passthrough
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: X-Frame-Options
+              action:
+                type: Set
+                set:
+                  value: DENY    
+            - name: X-XSS-Protection
+              action:
+                type: Delete
+    expectedError: "header actions are not permitted when tls termination is passthrough."
+  - name: "Should not allow request header actions if tls termination is set to passthrough"
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-passthrough
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: passthrough
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            request:
+            - name: Content-Location
+              action:
+                type: Set
+                set:
+                  value: /my-first-blog-post
+            - name: X-SSL-Client-Cert 
+              action:
+                type: Set
+                set:
+                  value: "%{+Q}[ssl_c_der,base64]"
+            - name:   Content-Language
+              action:
+                type: Delete
+            - name: X-Target
+              action:
+                type: Set
+                set:
+                  value: "%[req.hdr(host),lower]"
+    expectedError: "header actions are not permitted when tls termination is passthrough."
+  - name: Should not allow to set/delete HSTS header.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-hsts
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: X-Frame-Options
+              action:
+                type: Set
+                set:
+                  value: DENY
+            - name: Strict-Transport-Security
+              action:
+                type: Delete
+            request:
+            - name: Content-Location
+              action:
+                type: Set
+                set:
+                  value: /my-first-blog-post
+            - name:   Content-Language
+              action:
+                type: Delete
+    expectedError: "strict-transport-security header may not be modified via header actions"
+  - name: Should not allow to set proxy request header.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        name: hello-openshift-edge-proxy
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            request:
+            - name: Proxy
+              action:
+                type: Set
+                set: 
+                  value: example.xyz
+    expectedError: "proxy header may not be modified via header actions"
+  - name: Should not allow to set cookie header.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        name: hello-openshift-edge-proxy
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            request:
+            - name: Cookie
+              action:
+                type: Set
+                set: 
+                  value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1"
+    expectedError: "cookie header may not be modified via header actions"
+  - name: Should not allow to set set-cookie header.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        name: hello-openshift-edge-proxy
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: Set-Cookie
+              action:
+                type: Set
+                set: 
+                  value: "sessionId=e8bb43229de9; Domain=foo.example.com"
+    expectedError: "set-cookie header may not be modified via header actions"
+  - name: Should not allow to set/delete dynamic headers with unclosed braces.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-unclosed-braces
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            request:
+            - name: Content-Location
+              action:
+                type: Set
+                set:
+                  value: /my-first-blog-post
+            - name:   Content-Language
+              action:
+                type: Delete
+            - name: expires
+              action:
+                type: Set
+                set:
+                  value: "%[req.hdr(host),lower"
+    expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64."
+  - name: Should not allow to set dynamic response header values with not allowed sample fetchers.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-not-allowed-values
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: X-Target
+              action:
+                type: Set
+                set:
+                  value: "%{+Q}[ssl_c_der1,base64]"
+    expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64."
+  - name: Should not allow to set/delete dynamic response header values with not allowed converters.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-not-allowed-values
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: X-Target
+              action:
+                type: Set
+                set:
+                  value: "%{+Q}[ssl_c_der,bogus]"
+    expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64."
+  - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-not-allowed-values
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: X-Target
+              action:
+                type: Set
+                set:
+                  value: "%[req.hdr(host),lower]"
+    expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64."
+  - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-not-allowed-values
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            request:
+            - name: X-Source
+              action:
+                type: Set
+                set:
+                  value: "%[res.hdr(X-Value),lower]"
+    expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64."
+  - name: Should not allow to set/delete dynamic request header values with not allowed converters.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-not-allowed-values
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            request:
+            - name: X-SSL-Client-Cert 
+              action:
+                type: Set
+                set:
+                  value: "%{+Q}[ssl_c_der,bogus]"
+            - name:   Content-Language
+              action:
+                type: Delete
+    expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64."
+  - name: Should not allow to set dynamic request header values with not allowed sample fetchers.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-not-allowed-values
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            request:
+            - name: X-SSL-Client-Cert 
+              action:
+                type: Set
+                set:
+                  value: "%{+Q}[ssl_c_der1122,base64]"
+            - name:   Content-Language
+              action:
+                type: Delete
+    expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64."
+  - name: Should not allow empty value in request
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-not-allowed-values
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            request:
+            - name: X-SSL-Client-Cert 
+              action:
+                type: Set
+                set:
+                  value:
+    expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, <nil>: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]'
+  - name: Should not allow empty value in response
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-edge-not-allowed-values
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: X-SSL-Client-Cert 
+              action:
+                type: Set
+                set:
+                  value:
+    expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, <nil>: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]'
+  - name: Should be required to specify the set field when the discriminant type is Set.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-actions
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: X-Frame-Options
+              action:
+                type: Set
+    expectedError: "set is required when type is Set, and forbidden otherwise"
+  - name: Should be required to specify the set field when the discriminant type is Set.
+    initial: |
+      apiVersion: route.openshift.io/v1
+      kind: Route
+      metadata:
+        labels:
+          type: sharded
+        name: hello-openshift-actions
+        namespace: hello-openshift
+      spec:
+        subdomain: hello-openshift
+        tls:
+          termination: edge
+        to:
+          kind: Service
+          name: hello-openshift
+        httpHeaders:
+          actions:
+            response:
+            - name: X-Frame-Options
+              action:
+                set:
+                  value: DENY
+    expectedError: 'Route.route.openshift.io "hello-openshift-actions" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, <nil>: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]'
diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go
index 948a72aba..2de728bc0 100644
--- a/vendor/github.com/openshift/api/route/v1/types.go
+++ b/vendor/github.com/openshift/api/route/v1/types.go
@@ -47,6 +47,7 @@ type Route struct {
 	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
 
 	// spec is the desired state of the route
+	// +kubebuilder:validation:XValidation:rule="!has(self.tls) || self.tls.termination != 'passthrough' || !has(self.httpHeaders)",message="header actions are not permitted when tls termination is passthrough."
 	Spec RouteSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
 	// status is the current state of the route
 	// +optional
@@ -145,8 +146,166 @@ type RouteSpec struct {
 	// +kubebuilder:validation:Enum=None;Subdomain;""
 	// +kubebuilder:default=None
 	WildcardPolicy WildcardPolicyType `json:"wildcardPolicy,omitempty" protobuf:"bytes,7,opt,name=wildcardPolicy"`
+
+	// httpHeaders defines policy for HTTP headers.
+	//
+	// +optional
+	HTTPHeaders *RouteHTTPHeaders `json:"httpHeaders,omitempty" protobuf:"bytes,9,opt,name=httpHeaders"`
+}
+
+// RouteHTTPHeaders defines policy for HTTP headers.
+type RouteHTTPHeaders struct {
+	// actions specifies options for modifying headers and their values.
+	// Note that this option only applies to cleartext HTTP connections
+	// and to secure HTTP connections for which the ingress controller
+	// terminates encryption (that is, edge-terminated or reencrypt
+	// connections).  Headers cannot be modified for TLS passthrough
+	// connections.
+	// Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions.
+	// `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header"
+	// route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies.
+	// In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after
+	// the actions specified in the IngressController's spec.httpHeaders.actions field.
+	// In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be
+	// executed after the actions specified in the Route's spec.httpHeaders.actions field.
+	// The headers set via this API will not appear in access logs.
+	// Any actions defined here are applied after any actions related to the following other fields:
+	// cache-control, spec.clientTLS,
+	// spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId,
+	// and spec.httpHeaders.headerNameCaseAdjustments.
+	// The following header names are reserved and may not be modified via this API:
+	// Strict-Transport-Security, Proxy, Cookie, Set-Cookie.
+	// Note that the total size of all net added headers *after* interpolating dynamic values
+	// must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the
+	// IngressController. Please refer to the documentation
+	// for that API field for more details.
+	// +optional
+	Actions RouteHTTPHeaderActions `json:"actions,omitempty" protobuf:"bytes,1,opt,name=actions"`
 }
 
+// RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.
+type RouteHTTPHeaderActions struct {
+	// response is a list of HTTP response headers to modify.
+	// Currently, actions may define to either `Set` or `Delete` headers values.
+	// Actions defined here will modify the response headers of all requests made through a route.
+	// These actions are applied to a specific Route defined within a cluster i.e. connections made through a route.
+	// Route actions will be executed before IngressController actions for response headers.
+	// Actions are applied in sequence as defined in this list.
+	// A maximum of 20 response header actions may be configured.
+	// You can use this field to specify HTTP response headers that should be set or deleted
+	// when forwarding responses from your application to the client.
+	// Sample fetchers allowed are "res.hdr" and "ssl_c_der".
+	// Converters allowed are "lower" and "base64".
+	// Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+	// Note: This field cannot be used if your route uses TLS passthrough.
+	// + ---
+	// + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa.
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	// +kubebuilder:validation:MaxItems=20
+	// +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64."
+	Response []RouteHTTPHeader `json:"response" protobuf:"bytes,1,rep,name=response"`
+	// request is a list of HTTP request headers to modify.
+	// Currently, actions may define to either `Set` or `Delete` headers values.
+	// Actions defined here will modify the request headers of all requests made through a route.
+	// These actions are applied to a specific Route defined within a cluster i.e. connections made through a route.
+	// Currently, actions may define to either `Set` or `Delete` headers values.
+	// Route actions will be executed after IngressController actions for request headers.
+	// Actions are applied in sequence as defined in this list.
+	// A maximum of 20 request header actions may be configured.
+	// You can use this field to specify HTTP request headers that should be set or deleted
+	// when forwarding connections from the client to your application.
+	// Sample fetchers allowed are "req.hdr" and "ssl_c_der".
+	// Converters allowed are "lower" and "base64".
+	// Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".
+	// Any request header configuration applied directly via a Route resource using this API
+	// will override header configuration for a header of the same name applied via
+	// spec.httpHeaders.actions on the IngressController or route annotation.
+	// Note: This field cannot be used if your route uses TLS passthrough.
+	// + ---
+	// + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa.
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	// +kubebuilder:validation:MaxItems=20
+	// +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64."
+	Request []RouteHTTPHeader `json:"request" protobuf:"bytes,2,rep,name=request"`
+}
+
+// RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.
+type RouteHTTPHeader struct {
+	// name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header
+	// name as defined in RFC 2616 section 4.2.
+	// The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`".
+	// The following header names are reserved and may not be modified via this API:
+	// Strict-Transport-Security, Proxy, Cookie, Set-Cookie.
+	// It must be no more than 255 characters in length.
+	// Header name must be unique.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=255
+	// +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$"
+	// +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions"
+	// +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions"
+	// +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions"
+	// +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions"
+	Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
+
+	// action specifies actions to perform on headers, such as setting or deleting headers.
+	// +kubebuilder:validation:Required
+	Action RouteHTTPHeaderActionUnion `json:"action" protobuf:"bytes,2,opt,name=action"`
+}
+
+// RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.
+// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ?  has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise"
+// +union
+type RouteHTTPHeaderActionUnion struct {
+	// type defines the type of the action to be applied on the header.
+	// Possible values are Set or Delete.
+	// Set allows you to set HTTP request and response headers.
+	// Delete allows you to delete HTTP request and response headers.
+	// +unionDiscriminator
+	// +kubebuilder:validation:Enum:=Set;Delete
+	// +kubebuilder:validation:Required
+	Type RouteHTTPHeaderActionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RouteHTTPHeaderActionType"`
+
+	// set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does.
+	// This field is required when type is Set and forbidden otherwise.
+	// +optional
+	// +unionMember
+	Set *RouteSetHTTPHeader `json:"set,omitempty" protobuf:"bytes,2,opt,name=set"`
+}
+
+// RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.
+type RouteSetHTTPHeader struct {
+	// value specifies a header value.
+	// Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in
+	// http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and
+	// otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.
+	// The value of this field must be no more than 16384 characters in length.
+	// Note that the total size of all net added headers *after* interpolating dynamic values
+	// must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the
+	// IngressController.
+	// + ---
+	// + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit.
+	// + See <https://www.geekersdigest.com/max-http-request-header-size-server-comparison/>.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=16384
+	Value string `json:"value" protobuf:"bytes,1,opt,name=value"`
+}
+
+// RouteHTTPHeaderActionType defines actions that can be performed on HTTP headers.
+type RouteHTTPHeaderActionType string
+
+const (
+	// Set specifies that an HTTP header should be set.
+	Set RouteHTTPHeaderActionType = "Set"
+	// Delete specifies that an HTTP header should be deleted.
+	Delete RouteHTTPHeaderActionType = "Delete"
+)
+
 // RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service'
 // kind is allowed. Use 'weight' field to emphasize one over others.
 type RouteTargetReference struct {
@@ -256,6 +415,7 @@ type TLSConfig struct {
 	// * passthrough - Traffic is sent straight to the destination without the router providing TLS termination
 	// * reencrypt - TLS termination is done by the router and https is used to communicate with the backend
 	//
+	// Note: passthrough termination is incompatible with httpHeader actions
 	// +kubebuilder:validation:Enum=edge;reencrypt;passthrough
 	Termination TLSTerminationType `json:"termination" protobuf:"bytes,1,opt,name=termination,casttype=TLSTerminationType"`
 
@@ -294,7 +454,7 @@ type TLSConfig struct {
 	//
 	// +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade
 	// +optional
-	ExternalCertificate LocalObjectReference `json:"externalCertificate,omitempty" protobuf:"bytes,7,opt,name=externalCertificate"`
+	ExternalCertificate *LocalObjectReference `json:"externalCertificate,omitempty" protobuf:"bytes,7,opt,name=externalCertificate"`
 }
 
 // LocalObjectReference contains enough information to let you locate the
diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go
index bdb19ad7a..23a2edd42 100644
--- a/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/route/v1/zz_generated.deepcopy.go
@@ -53,6 +53,91 @@ func (in *Route) DeepCopyObject() runtime.Object {
 	return nil
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RouteHTTPHeader) DeepCopyInto(out *RouteHTTPHeader) {
+	*out = *in
+	in.Action.DeepCopyInto(&out.Action)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeader.
+func (in *RouteHTTPHeader) DeepCopy() *RouteHTTPHeader {
+	if in == nil {
+		return nil
+	}
+	out := new(RouteHTTPHeader)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RouteHTTPHeaderActionUnion) DeepCopyInto(out *RouteHTTPHeaderActionUnion) {
+	*out = *in
+	if in.Set != nil {
+		in, out := &in.Set, &out.Set
+		*out = new(RouteSetHTTPHeader)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaderActionUnion.
+func (in *RouteHTTPHeaderActionUnion) DeepCopy() *RouteHTTPHeaderActionUnion {
+	if in == nil {
+		return nil
+	}
+	out := new(RouteHTTPHeaderActionUnion)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RouteHTTPHeaderActions) DeepCopyInto(out *RouteHTTPHeaderActions) {
+	*out = *in
+	if in.Response != nil {
+		in, out := &in.Response, &out.Response
+		*out = make([]RouteHTTPHeader, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.Request != nil {
+		in, out := &in.Request, &out.Request
+		*out = make([]RouteHTTPHeader, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaderActions.
+func (in *RouteHTTPHeaderActions) DeepCopy() *RouteHTTPHeaderActions {
+	if in == nil {
+		return nil
+	}
+	out := new(RouteHTTPHeaderActions)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RouteHTTPHeaders) DeepCopyInto(out *RouteHTTPHeaders) {
+	*out = *in
+	in.Actions.DeepCopyInto(&out.Actions)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteHTTPHeaders.
+func (in *RouteHTTPHeaders) DeepCopy() *RouteHTTPHeaders {
+	if in == nil {
+		return nil
+	}
+	out := new(RouteHTTPHeaders)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RouteIngress) DeepCopyInto(out *RouteIngress) {
 	*out = *in
@@ -146,6 +231,22 @@ func (in *RoutePort) DeepCopy() *RoutePort {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RouteSetHTTPHeader) DeepCopyInto(out *RouteSetHTTPHeader) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteSetHTTPHeader.
+func (in *RouteSetHTTPHeader) DeepCopy() *RouteSetHTTPHeader {
+	if in == nil {
+		return nil
+	}
+	out := new(RouteSetHTTPHeader)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *RouteSpec) DeepCopyInto(out *RouteSpec) {
 	*out = *in
@@ -165,7 +266,12 @@ func (in *RouteSpec) DeepCopyInto(out *RouteSpec) {
 	if in.TLS != nil {
 		in, out := &in.TLS, &out.TLS
 		*out = new(TLSConfig)
-		**out = **in
+		(*in).DeepCopyInto(*out)
+	}
+	if in.HTTPHeaders != nil {
+		in, out := &in.HTTPHeaders, &out.HTTPHeaders
+		*out = new(RouteHTTPHeaders)
+		(*in).DeepCopyInto(*out)
 	}
 	return
 }
@@ -243,7 +349,11 @@ func (in *RouterShard) DeepCopy() *RouterShard {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TLSConfig) DeepCopyInto(out *TLSConfig) {
 	*out = *in
-	out.ExternalCertificate = in.ExternalCertificate
+	if in.ExternalCertificate != nil {
+		in, out := &in.ExternalCertificate, &out.ExternalCertificate
+		*out = new(LocalObjectReference)
+		**out = **in
+	}
 	return
 }
 
diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go
index 621b5d69b..8d4958717 100644
--- a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go
@@ -31,6 +31,45 @@ func (Route) SwaggerDoc() map[string]string {
 	return map_Route
 }
 
+var map_RouteHTTPHeader = map[string]string{
+	"":       "RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.",
+	"name":   "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.",
+	"action": "action specifies actions to perform on headers, such as setting or deleting headers.",
+}
+
+func (RouteHTTPHeader) SwaggerDoc() map[string]string {
+	return map_RouteHTTPHeader
+}
+
+var map_RouteHTTPHeaderActionUnion = map[string]string{
+	"":     "RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.",
+	"type": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.",
+	"set":  "set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. This field is required when type is Set and forbidden otherwise.",
+}
+
+func (RouteHTTPHeaderActionUnion) SwaggerDoc() map[string]string {
+	return map_RouteHTTPHeaderActionUnion
+}
+
+var map_RouteHTTPHeaderActions = map[string]string{
+	"":         "RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.",
+	"response": "response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Note: This field cannot be used if your route uses TLS passthrough. ",
+	"request":  "request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough. ",
+}
+
+func (RouteHTTPHeaderActions) SwaggerDoc() map[string]string {
+	return map_RouteHTTPHeaderActions
+}
+
+var map_RouteHTTPHeaders = map[string]string{
+	"":        "RouteHTTPHeaders defines policy for HTTP headers.",
+	"actions": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections).  Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.",
+}
+
+func (RouteHTTPHeaders) SwaggerDoc() map[string]string {
+	return map_RouteHTTPHeaders
+}
+
 var map_RouteIngress = map[string]string{
 	"":                        "RouteIngress holds information about the places where a route is exposed.",
 	"host":                    "Host is the host string under which the route is exposed; this value is required",
@@ -76,6 +115,15 @@ func (RoutePort) SwaggerDoc() map[string]string {
 	return map_RoutePort
 }
 
+var map_RouteSetHTTPHeader = map[string]string{
+	"":      "RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.",
+	"value": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. ",
+}
+
+func (RouteSetHTTPHeader) SwaggerDoc() map[string]string {
+	return map_RouteSetHTTPHeader
+}
+
 var map_RouteSpec = map[string]string{
 	"":                  "RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.\n\nThe `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.",
 	"host":              "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.",
@@ -86,6 +134,7 @@ var map_RouteSpec = map[string]string{
 	"port":              "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.",
 	"tls":               "The tls field provides the ability to configure certificates and termination for the route.",
 	"wildcardPolicy":    "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.",
+	"httpHeaders":       "httpHeaders defines policy for HTTP headers.",
 }
 
 func (RouteSpec) SwaggerDoc() map[string]string {
@@ -124,7 +173,7 @@ func (RouterShard) SwaggerDoc() map[string]string {
 
 var map_TLSConfig = map[string]string{
 	"":                              "TLSConfig defines config used to secure a route and provide termination",
-	"termination":                   "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend",
+	"termination":                   "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions",
 	"certificate":                   "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.",
 	"key":                           "key provides key file contents",
 	"caCertificate":                 "caCertificate provides the cert authority certificate contents",
diff --git a/vendor/github.com/openshift/client-go/route/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/route/applyconfigurations/internal/internal.go
index cc97c71ff..38acf6dc7 100644
--- a/vendor/github.com/openshift/client-go/route/applyconfigurations/internal/internal.go
+++ b/vendor/github.com/openshift/client-go/route/applyconfigurations/internal/internal.go
@@ -23,6 +23,13 @@ func Parser() *typed.Parser {
 var parserOnce sync.Once
 var parser *typed.Parser
 var schemaYAML = typed.YAMLObject(`types:
+- name: com.github.openshift.api.route.v1.LocalObjectReference
+  map:
+    fields:
+    - name: name
+      type:
+        scalar: string
+    elementRelationship: atomic
 - name: com.github.openshift.api.route.v1.Route
   map:
     fields:
@@ -44,6 +51,58 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: com.github.openshift.api.route.v1.RouteStatus
       default: {}
+- name: com.github.openshift.api.route.v1.RouteHTTPHeader
+  map:
+    fields:
+    - name: action
+      type:
+        namedType: com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion
+      default: {}
+    - name: name
+      type:
+        scalar: string
+      default: ""
+- name: com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion
+  map:
+    fields:
+    - name: set
+      type:
+        namedType: com.github.openshift.api.route.v1.RouteSetHTTPHeader
+    - name: type
+      type:
+        scalar: string
+      default: ""
+    unions:
+    - discriminator: type
+      fields:
+      - fieldName: set
+        discriminatorValue: Set
+- name: com.github.openshift.api.route.v1.RouteHTTPHeaderActions
+  map:
+    fields:
+    - name: request
+      type:
+        list:
+          elementType:
+            namedType: com.github.openshift.api.route.v1.RouteHTTPHeader
+          elementRelationship: associative
+          keys:
+          - name
+    - name: response
+      type:
+        list:
+          elementType:
+            namedType: com.github.openshift.api.route.v1.RouteHTTPHeader
+          elementRelationship: associative
+          keys:
+          - name
+- name: com.github.openshift.api.route.v1.RouteHTTPHeaders
+  map:
+    fields:
+    - name: actions
+      type:
+        namedType: com.github.openshift.api.route.v1.RouteHTTPHeaderActions
+      default: {}
 - name: com.github.openshift.api.route.v1.RouteIngress
   map:
     fields:
@@ -92,6 +151,13 @@ var schemaYAML = typed.YAMLObject(`types:
       type:
         namedType: io.k8s.apimachinery.pkg.util.intstr.IntOrString
       default: {}
+- name: com.github.openshift.api.route.v1.RouteSetHTTPHeader
+  map:
+    fields:
+    - name: value
+      type:
+        scalar: string
+      default: ""
 - name: com.github.openshift.api.route.v1.RouteSpec
   map:
     fields:
@@ -104,6 +170,9 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: host
       type:
         scalar: string
+    - name: httpHeaders
+      type:
+        namedType: com.github.openshift.api.route.v1.RouteHTTPHeaders
     - name: path
       type:
         scalar: string
@@ -158,6 +227,9 @@ var schemaYAML = typed.YAMLObject(`types:
     - name: destinationCACertificate
       type:
         scalar: string
+    - name: externalCertificate
+      type:
+        namedType: com.github.openshift.api.route.v1.LocalObjectReference
     - name: insecureEdgeTerminationPolicy
       type:
         scalar: string
diff --git a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/localobjectreference.go b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/localobjectreference.go
new file mode 100644
index 000000000..da17405b0
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/localobjectreference.go
@@ -0,0 +1,23 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// LocalObjectReferenceApplyConfiguration represents an declarative configuration of the LocalObjectReference type for use
+// with apply.
+type LocalObjectReferenceApplyConfiguration struct {
+	Name *string `json:"name,omitempty"`
+}
+
+// LocalObjectReferenceApplyConfiguration constructs an declarative configuration of the LocalObjectReference type for use with
+// apply.
+func LocalObjectReference() *LocalObjectReferenceApplyConfiguration {
+	return &LocalObjectReferenceApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *LocalObjectReferenceApplyConfiguration) WithName(value string) *LocalObjectReferenceApplyConfiguration {
+	b.Name = &value
+	return b
+}
diff --git a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheader.go b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheader.go
new file mode 100644
index 000000000..f06203cab
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheader.go
@@ -0,0 +1,32 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// RouteHTTPHeaderApplyConfiguration represents an declarative configuration of the RouteHTTPHeader type for use
+// with apply.
+type RouteHTTPHeaderApplyConfiguration struct {
+	Name   *string                                       `json:"name,omitempty"`
+	Action *RouteHTTPHeaderActionUnionApplyConfiguration `json:"action,omitempty"`
+}
+
+// RouteHTTPHeaderApplyConfiguration constructs an declarative configuration of the RouteHTTPHeader type for use with
+// apply.
+func RouteHTTPHeader() *RouteHTTPHeaderApplyConfiguration {
+	return &RouteHTTPHeaderApplyConfiguration{}
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *RouteHTTPHeaderApplyConfiguration) WithName(value string) *RouteHTTPHeaderApplyConfiguration {
+	b.Name = &value
+	return b
+}
+
+// WithAction sets the Action field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Action field is set to the value of the last call.
+func (b *RouteHTTPHeaderApplyConfiguration) WithAction(value *RouteHTTPHeaderActionUnionApplyConfiguration) *RouteHTTPHeaderApplyConfiguration {
+	b.Action = value
+	return b
+}
diff --git a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheaderactions.go b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheaderactions.go
new file mode 100644
index 000000000..ef7fa5812
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheaderactions.go
@@ -0,0 +1,42 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// RouteHTTPHeaderActionsApplyConfiguration represents an declarative configuration of the RouteHTTPHeaderActions type for use
+// with apply.
+type RouteHTTPHeaderActionsApplyConfiguration struct {
+	Response []RouteHTTPHeaderApplyConfiguration `json:"response,omitempty"`
+	Request  []RouteHTTPHeaderApplyConfiguration `json:"request,omitempty"`
+}
+
+// RouteHTTPHeaderActionsApplyConfiguration constructs an declarative configuration of the RouteHTTPHeaderActions type for use with
+// apply.
+func RouteHTTPHeaderActions() *RouteHTTPHeaderActionsApplyConfiguration {
+	return &RouteHTTPHeaderActionsApplyConfiguration{}
+}
+
+// WithResponse adds the given value to the Response field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Response field.
+func (b *RouteHTTPHeaderActionsApplyConfiguration) WithResponse(values ...*RouteHTTPHeaderApplyConfiguration) *RouteHTTPHeaderActionsApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithResponse")
+		}
+		b.Response = append(b.Response, *values[i])
+	}
+	return b
+}
+
+// WithRequest adds the given value to the Request field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Request field.
+func (b *RouteHTTPHeaderActionsApplyConfiguration) WithRequest(values ...*RouteHTTPHeaderApplyConfiguration) *RouteHTTPHeaderActionsApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithRequest")
+		}
+		b.Request = append(b.Request, *values[i])
+	}
+	return b
+}
diff --git a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheaderactionunion.go b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheaderactionunion.go
new file mode 100644
index 000000000..b786c07dc
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheaderactionunion.go
@@ -0,0 +1,36 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	v1 "github.com/openshift/api/route/v1"
+)
+
+// RouteHTTPHeaderActionUnionApplyConfiguration represents an declarative configuration of the RouteHTTPHeaderActionUnion type for use
+// with apply.
+type RouteHTTPHeaderActionUnionApplyConfiguration struct {
+	Type *v1.RouteHTTPHeaderActionType         `json:"type,omitempty"`
+	Set  *RouteSetHTTPHeaderApplyConfiguration `json:"set,omitempty"`
+}
+
+// RouteHTTPHeaderActionUnionApplyConfiguration constructs an declarative configuration of the RouteHTTPHeaderActionUnion type for use with
+// apply.
+func RouteHTTPHeaderActionUnion() *RouteHTTPHeaderActionUnionApplyConfiguration {
+	return &RouteHTTPHeaderActionUnionApplyConfiguration{}
+}
+
+// WithType sets the Type field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Type field is set to the value of the last call.
+func (b *RouteHTTPHeaderActionUnionApplyConfiguration) WithType(value v1.RouteHTTPHeaderActionType) *RouteHTTPHeaderActionUnionApplyConfiguration {
+	b.Type = &value
+	return b
+}
+
+// WithSet sets the Set field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Set field is set to the value of the last call.
+func (b *RouteHTTPHeaderActionUnionApplyConfiguration) WithSet(value *RouteSetHTTPHeaderApplyConfiguration) *RouteHTTPHeaderActionUnionApplyConfiguration {
+	b.Set = value
+	return b
+}
diff --git a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheaders.go b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheaders.go
new file mode 100644
index 000000000..e112230c8
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routehttpheaders.go
@@ -0,0 +1,23 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// RouteHTTPHeadersApplyConfiguration represents an declarative configuration of the RouteHTTPHeaders type for use
+// with apply.
+type RouteHTTPHeadersApplyConfiguration struct {
+	Actions *RouteHTTPHeaderActionsApplyConfiguration `json:"actions,omitempty"`
+}
+
+// RouteHTTPHeadersApplyConfiguration constructs an declarative configuration of the RouteHTTPHeaders type for use with
+// apply.
+func RouteHTTPHeaders() *RouteHTTPHeadersApplyConfiguration {
+	return &RouteHTTPHeadersApplyConfiguration{}
+}
+
+// WithActions sets the Actions field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Actions field is set to the value of the last call.
+func (b *RouteHTTPHeadersApplyConfiguration) WithActions(value *RouteHTTPHeaderActionsApplyConfiguration) *RouteHTTPHeadersApplyConfiguration {
+	b.Actions = value
+	return b
+}
diff --git a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routesethttpheader.go b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routesethttpheader.go
new file mode 100644
index 000000000..4c0952c79
--- /dev/null
+++ b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routesethttpheader.go
@@ -0,0 +1,23 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+// RouteSetHTTPHeaderApplyConfiguration represents an declarative configuration of the RouteSetHTTPHeader type for use
+// with apply.
+type RouteSetHTTPHeaderApplyConfiguration struct {
+	Value *string `json:"value,omitempty"`
+}
+
+// RouteSetHTTPHeaderApplyConfiguration constructs an declarative configuration of the RouteSetHTTPHeader type for use with
+// apply.
+func RouteSetHTTPHeader() *RouteSetHTTPHeaderApplyConfiguration {
+	return &RouteSetHTTPHeaderApplyConfiguration{}
+}
+
+// WithValue sets the Value field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Value field is set to the value of the last call.
+func (b *RouteSetHTTPHeaderApplyConfiguration) WithValue(value string) *RouteSetHTTPHeaderApplyConfiguration {
+	b.Value = &value
+	return b
+}
diff --git a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routespec.go b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routespec.go
index 8034bace0..c6dcacfb2 100644
--- a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routespec.go
+++ b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/routespec.go
@@ -17,6 +17,7 @@ type RouteSpecApplyConfiguration struct {
 	Port              *RoutePortApplyConfiguration             `json:"port,omitempty"`
 	TLS               *TLSConfigApplyConfiguration             `json:"tls,omitempty"`
 	WildcardPolicy    *routev1.WildcardPolicyType              `json:"wildcardPolicy,omitempty"`
+	HTTPHeaders       *RouteHTTPHeadersApplyConfiguration      `json:"httpHeaders,omitempty"`
 }
 
 // RouteSpecApplyConfiguration constructs an declarative configuration of the RouteSpec type for use with
@@ -93,3 +94,11 @@ func (b *RouteSpecApplyConfiguration) WithWildcardPolicy(value routev1.WildcardP
 	b.WildcardPolicy = &value
 	return b
 }
+
+// WithHTTPHeaders sets the HTTPHeaders field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the HTTPHeaders field is set to the value of the last call.
+func (b *RouteSpecApplyConfiguration) WithHTTPHeaders(value *RouteHTTPHeadersApplyConfiguration) *RouteSpecApplyConfiguration {
+	b.HTTPHeaders = value
+	return b
+}
diff --git a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/tlsconfig.go b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/tlsconfig.go
index 5188a3921..9f5f4449c 100644
--- a/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/tlsconfig.go
+++ b/vendor/github.com/openshift/client-go/route/applyconfigurations/route/v1/tlsconfig.go
@@ -9,12 +9,13 @@ import (
 // TLSConfigApplyConfiguration represents an declarative configuration of the TLSConfig type for use
 // with apply.
 type TLSConfigApplyConfiguration struct {
-	Termination                   *v1.TLSTerminationType                `json:"termination,omitempty"`
-	Certificate                   *string                               `json:"certificate,omitempty"`
-	Key                           *string                               `json:"key,omitempty"`
-	CACertificate                 *string                               `json:"caCertificate,omitempty"`
-	DestinationCACertificate      *string                               `json:"destinationCACertificate,omitempty"`
-	InsecureEdgeTerminationPolicy *v1.InsecureEdgeTerminationPolicyType `json:"insecureEdgeTerminationPolicy,omitempty"`
+	Termination                   *v1.TLSTerminationType                  `json:"termination,omitempty"`
+	Certificate                   *string                                 `json:"certificate,omitempty"`
+	Key                           *string                                 `json:"key,omitempty"`
+	CACertificate                 *string                                 `json:"caCertificate,omitempty"`
+	DestinationCACertificate      *string                                 `json:"destinationCACertificate,omitempty"`
+	InsecureEdgeTerminationPolicy *v1.InsecureEdgeTerminationPolicyType   `json:"insecureEdgeTerminationPolicy,omitempty"`
+	ExternalCertificate           *LocalObjectReferenceApplyConfiguration `json:"externalCertificate,omitempty"`
 }
 
 // TLSConfigApplyConfiguration constructs an declarative configuration of the TLSConfig type for use with
@@ -70,3 +71,11 @@ func (b *TLSConfigApplyConfiguration) WithInsecureEdgeTerminationPolicy(value v1
 	b.InsecureEdgeTerminationPolicy = &value
 	return b
 }
+
+// WithExternalCertificate sets the ExternalCertificate field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ExternalCertificate field is set to the value of the last call.
+func (b *TLSConfigApplyConfiguration) WithExternalCertificate(value *LocalObjectReferenceApplyConfiguration) *TLSConfigApplyConfiguration {
+	b.ExternalCertificate = value
+	return b
+}
diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go
index 90bf487e3..62eb27afc 100644
--- a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go
+++ b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go
@@ -231,7 +231,7 @@ func (c *fromUnstructuredContext) pushKey(key string) {
 
 }
 
-// FromUnstructuredWIthValidation converts an object from map[string]interface{} representation into a concrete type.
+// FromUnstructuredWithValidation converts an object from map[string]interface{} representation into a concrete type.
 // It uses encoding/json/Unmarshaler if object implements it or reflection if not.
 // It takes a validationDirective that indicates how to behave when it encounters unknown fields.
 func (c *unstructuredConverter) FromUnstructuredWithValidation(u map[string]interface{}, obj interface{}, returnUnknownFields bool) error {
@@ -465,7 +465,7 @@ func sliceFromUnstructured(sv, dv reflect.Value, ctx *fromUnstructuredContext) e
 			}
 			dv.SetBytes(data)
 		} else {
-			dv.Set(reflect.Zero(dt))
+			dv.Set(reflect.MakeSlice(dt, 0, 0))
 		}
 		return nil
 	}
diff --git a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go
index 51864d70f..0dd13c626 100644
--- a/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go
+++ b/vendor/k8s.io/apimachinery/pkg/util/wait/loop.go
@@ -27,9 +27,11 @@ import (
 // the provided timer until the provided context is cancelled, the condition returns
 // true, or the condition returns an error. If sliding is true, the period is computed
 // after condition runs. If it is false then period includes the runtime for condition.
-// If immediate is false the first delay happens before any call to condition. The
-// returned error is the error returned by the last condition or the context error if
-// the context was terminated.
+// If immediate is false the first delay happens before any call to condition, if
+// immediate is true the condition will be invoked before waiting and guarantees that
+// the condition is invoked at least once, regardless of whether the context has been
+// cancelled. The returned error is the error returned by the last condition or the
+// context error if the context was terminated.
 //
 // This is the common loop construct for all polling in the wait package.
 func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding bool, condition ConditionWithContextFunc) error {
@@ -38,8 +40,17 @@ func loopConditionUntilContext(ctx context.Context, t Timer, immediate, sliding
 	var timeCh <-chan time.Time
 	doneCh := ctx.Done()
 
+	// if immediate is true the condition is
+	// guaranteed to be executed at least once,
 	// if we haven't requested immediate execution, delay once
-	if !immediate {
+	if immediate {
+		if ok, err := func() (bool, error) {
+			defer runtime.HandleCrash()
+			return condition(ctx)
+		}(); err != nil || ok {
+			return err
+		}
+	} else {
 		timeCh = t.C()
 		select {
 		case <-doneCh:
diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go
index 4be1dfe49..37b023ef2 100644
--- a/vendor/k8s.io/client-go/util/cert/cert.go
+++ b/vendor/k8s.io/client-go/util/cert/cert.go
@@ -25,6 +25,7 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
+	"math"
 	"math/big"
 	"net"
 	"os"
@@ -57,8 +58,14 @@ type AltNames struct {
 // NewSelfSignedCACert creates a CA certificate
 func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) {
 	now := time.Now()
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
+	if err != nil {
+		return nil, err
+	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))
 	tmpl := x509.Certificate{
-		SerialNumber: new(big.Int).SetInt64(0),
+		SerialNumber: serial,
 		Subject: pkix.Name{
 			CommonName:   cfg.CommonName,
 			Organization: cfg.Organization,
@@ -116,9 +123,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
 	if err != nil {
 		return nil, nil, err
 	}
-
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
+	if err != nil {
+		return nil, nil, err
+	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))
 	caTemplate := x509.Certificate{
-		SerialNumber: big.NewInt(1),
+		SerialNumber: serial,
 		Subject: pkix.Name{
 			CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()),
 		},
@@ -144,9 +156,14 @@ func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, a
 	if err != nil {
 		return nil, nil, err
 	}
-
+	// returns a uniform random value in [0, max-1), then add 1 to serial to make it a uniform random value in [1, max).
+	serial, err = cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64-1))
+	if err != nil {
+		return nil, nil, err
+	}
+	serial = new(big.Int).Add(serial, big.NewInt(1))
 	template := x509.Certificate{
-		SerialNumber: big.NewInt(2),
+		SerialNumber: serial,
 		Subject: pkix.Name{
 			CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
 		},
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ef82816d3..ea2797a46 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -73,7 +73,7 @@ github.com/modern-go/reflect2
 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
 ## explicit
 github.com/munnerz/goautoneg
-# github.com/openshift/api v0.0.0-20230705144233-e28cd4dd28a8
+# github.com/openshift/api v0.0.0-20230810152202-3e3f07aadec4
 ## explicit; go 1.20
 github.com/openshift/api/apps/v1
 github.com/openshift/api/build/v1
@@ -84,7 +84,7 @@ github.com/openshift/api/pkg/serialization
 github.com/openshift/api/project/v1
 github.com/openshift/api/route/v1
 github.com/openshift/api/template/v1
-# github.com/openshift/client-go v0.0.0-20230705133330-7f808ad59404
+# github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb
 ## explicit; go 1.20
 github.com/openshift/client-go/apps/applyconfigurations/apps/v1
 github.com/openshift/client-go/apps/applyconfigurations/internal
@@ -199,7 +199,7 @@ gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
-# k8s.io/api v0.27.3 => k8s.io/api v0.27.3
+# k8s.io/api v0.27.4 => k8s.io/api v0.27.4
 ## explicit; go 1.20
 k8s.io/api/admissionregistration/v1
 k8s.io/api/admissionregistration/v1alpha1
@@ -253,7 +253,7 @@ k8s.io/api/scheduling/v1beta1
 k8s.io/api/storage/v1
 k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
-# k8s.io/apimachinery v0.27.3 => k8s.io/apimachinery v0.27.3
+# k8s.io/apimachinery v0.27.4 => k8s.io/apimachinery v0.27.4
 ## explicit; go 1.20
 k8s.io/apimachinery/pkg/api/equality
 k8s.io/apimachinery/pkg/api/errors
@@ -295,7 +295,7 @@ k8s.io/apimachinery/pkg/util/yaml
 k8s.io/apimachinery/pkg/version
 k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/client-go v1.5.2 => k8s.io/client-go v0.27.3
+# k8s.io/client-go v0.27.4 => k8s.io/client-go v0.27.4
 ## explicit; go 1.20
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
@@ -466,6 +466,6 @@ sigs.k8s.io/structured-merge-diff/v4/value
 # sigs.k8s.io/yaml v1.3.0
 ## explicit; go 1.12
 sigs.k8s.io/yaml
-# k8s.io/api => k8s.io/api v0.27.3
-# k8s.io/apimachinery => k8s.io/apimachinery v0.27.3
-# k8s.io/client-go => k8s.io/client-go v0.27.3
+# k8s.io/api => k8s.io/api v0.27.4
+# k8s.io/apimachinery => k8s.io/apimachinery v0.27.4
+# k8s.io/client-go => k8s.io/client-go v0.27.4